[PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX

[Sandra Loosemore]

On 04/03/2015 01:34 PM, Joseph Myers wrote:
> On Tue, 31 Mar 2015, Ilya Enkovich wrote:
>
>> +library.  It also passes '-z bndplt' to a linker in case it supports this
>> +option (which is checked on libmpx configuration).  Note that old versions
>> +of linker may ignore option.  Gold linker doesn't support '-z bndplt'
>> +option.  With no '-z bndplt' support in linker all calls to dynamic libraries
>> +lose passed bounds reducing overall protection level.  It's highly
>> +recommended to use linker with '-z bndplt' support.  In case such linker
>> +is not available it is adviced to always use @option{-static-libmpxwrappers}
>> +for better protection level or use @option{-static} to completely avoid
>> +external calls to dynamic libraries.  MPX-based instrumentation
>
> Use @samp{-z bndplt} rather than '' quoting (but Sandra may have further
> advice on the substance of this documentation).

To tell the truth, I can't figure out what this means from a user 
perspective.  How does a user know whether the linker option is being 
ignored, or if they have a new enough linker?  If the linker available 
at configuration time doesn't support the option, does that mean the 
option will never be passed and users will never know that there are 
gaping holes in the pointer bounds checking?

My suggestion would be to pass the option unconditionally and make the 
documentation say something like

It also passes @option{-z bndplt} to the linker.  LD version xxx or 
later is required to use this feature.  If no linker support for 
@option{-z bndplt} is available, you should link with 
@option{-static-libmpxwrappers} or @option{-static} instead; otherwise 
calls to dynamic libraries lose bounds checking protection.

... where you need to fill in "version xxx" appropriately.

-Sandra