[build] Work around distros that use -fcf-protection=full by default

Some patched versions of gcc (observed with gcc 9.3.0 on Ubuntu 20.04)
enable -fcf-protection=full by default.  This breaks code that is not
explicitly written to expect the use of this flag.  The breakage
occurs only at runtime if the affected code (such as setjmp()) happens
to execute, and is therefore a particularly pernicious class of bug to
be introduced into working code by a broken compiler.

Work around these broken patched versions of gcc by detecting support
for -fcf-protection and explicitly setting -fcf-protection=none if
found.

If any Ubuntu maintainers are listening: PLEASE STOP DOING THIS.  It's
extremely unhelpful to have to keep working around breakages that you
introduce by modifying the compiler's default behaviour.  Do what Red
Hat does instead: set your preferred CFLAGS within the package build
system rather than by patching the compiler to behave in violation of
its own documentation.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
index b3fa045278e221f5a02e460fc8f9de6960aefff8..bade2da3f9ce34e7e14ee95e5d039a4f1f2b78a8 100644 (file)
--- a/src/Makefile.housekeeping
+++ b/src/Makefile.housekeeping
@@ -401,6 +401,16 @@ WORKAROUND_CFLAGS += $(PIE_FLAGS) $(PIE_FLAGS2)
 endif
 endif
 
+# Some widespread patched versions of gcc include -fcf-protection=full
+# by default.
+#
+ifeq ($(CCTYPE),gcc)
+CFP_TEST = $(CC) -fcf-protection=none -x c -c /dev/null -o /dev/null \
+                >/dev/null 2>&1
+CFP_FLAGS := $(shell $(CFP_TEST) && $(ECHO) '-fcf-protection=none')
+WORKAROUND_CFLAGS += $(CFP_FLAGS)
+endif
+
 ###############################################################################
 #
 # Source file handling