[06/30] meson: tweak hardening options for Windows

Message ID	20221209112409.184703-7-pbonzini@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Paolo Bonzini <pbonzini@redhat.com> To: qemu-devel@nongnu.org Subject: [PATCH 06/30] meson: tweak hardening options for Windows Date: Fri, 9 Dec 2022 12:23:45 +0100 Message-Id: <20221209112409.184703-7-pbonzini@redhat.com> In-Reply-To: <20221209112409.184703-1-pbonzini@redhat.com> References: <20221209112409.184703-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Series	Meson changes for QEMU 8.0 \| expand [for-8.0,00/30] Meson changes for QEMU 8.0 [01/30] configure: remove useless write_c_skeleton [02/30] configure: remove dead function [03/30] configure: remove useless test [04/30] configure: preserve qemu-ga variables [05/30] configure: remove backwards-compatibility and obsolete options [06/30] meson: tweak hardening options for Windows [07/30] meson: support meson 0.64 -Doptimization=plain [08/30] meson: require 0.63.0 [09/30] meson: use prefer_static option [10/30] meson: remove static_kwargs [11/30] meson: cleanup dummy-cpus.c rules [12/30] modinfo: lookup compile_commands.json by object [13/30] configure: remove backwards-compatibility code [14/30] configure: test all warnings [15/30] meson: cleanup compiler detection [16/30] build: move glib detection and workarounds to meson [17/30] configure: remove pkg-config functions [18/30] configure, meson: move --enable-modules to Meson [19/30] configure, meson: move --enable-debug-info to Meson [20/30] meson: prepare move of QEMU_CFLAGS to meson [21/30] build: move sanitizer tests to meson [22/30] build: move SafeStack tests to meson [23/30] build: move coroutine backend selection to meson [24/30] build: move stack protector flag selection to meson [25/30] build: move warning flag selection to meson [26/30] build: move remaining compiler flag tests to meson [27/30] build: move compiler version check to meson [28/30] docs: update build system docs [29/30] configure: do not rerun the tests with -Werror [30/30] meson: always log qemu-iotests verbosely

Message ID

20221209112409.184703-7-pbonzini@redhat.com

State

New

Headers

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PATCH 06/30] meson: tweak hardening options for Windows
Date: Fri,  9 Dec 2022 12:23:45 +0100
Message-Id: <20221209112409.184703-7-pbonzini@redhat.com>
In-Reply-To: <20221209112409.184703-1-pbonzini@redhat.com>
References: <20221209112409.184703-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Series

Meson changes for QEMU 8.0 | expand

Commit Message

Paolo Bonzini Dec. 9, 2022, 11:23 a.m. UTC

-Wl,--dynamicbase has been enabled for DLLs upstream for roughly 2
years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
also by some distros including Debian for 6 years even
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365), so
just enable it unconditionally.

Also add -Wl,--high-entropy-va.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 meson.build | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

Comments

Marc-André Lureau Dec. 12, 2022, 8:18 a.m. UTC | #1

Hi

On Fri, Dec 9, 2022 at 3:36 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> -Wl,--dynamicbase has been enabled for DLLs upstream for roughly 2
> years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
> also by some distros including Debian for 6 years even
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365), so
> just enable it unconditionally.
>
> Also add -Wl,--high-entropy-va.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  meson.build | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/meson.build b/meson.build
> index 5c6b5a1c757f..d61c7a82f112 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -193,10 +193,7 @@ qemu_ldflags += cc.get_supported_link_arguments('-Wl,-z,relro', '-Wl,-z,now')
>
>  if targetos == 'windows'
>    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--no-seh', '-Wl,--nxcompat')
> -  # Disable ASLR for debug builds to allow debugging with gdb
> -  if get_option('optimization') == '0'
> -    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase')
> -  endif
> +  qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')

What about the comment for disabling ASLR on debug builds?

I wonder if we really have to add those flags ourself. Imho, we can
leave them to the compiler default or distrib.. I bet most of the deps
don't use those flags explicitly either.

Paolo Bonzini Dec. 12, 2022, 8:52 a.m. UTC | #2

On 12/12/22 09:18, Marc-André Lureau wrote:
>> -  # Disable ASLR for debug builds to allow debugging with gdb
>> -  if get_option('optimization') == '0'
>> -    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase')
>> -  endif
>> +  qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')
>
> What about the comment for disabling ASLR on debug builds?

The problem with that line is that it _enables_ ASLR for debug builds, 
and nobody has complained about gdb since last April...  And nobody has 
complained to Debian or other distros that have enabled the flag for 
years now.

I'll clarify the commit message.

> I wonder if we really have to add those flags ourself. Imho, we can
> leave them to the compiler default or distrib.. I bet most of the deps
> don't use those flags explicitly either.

I think so, at least Firefox does.  In general QEMU tries to do more 
build-time hardening than the average pacakge.

Paolo

Daniel P. Berrangé Dec. 16, 2022, 2:42 p.m. UTC | #3

On Fri, Dec 09, 2022 at 12:23:45PM +0100, Paolo Bonzini wrote:
> -Wl,--dynamicbase has been enabled for DLLs upstream for roughly 2
> years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
> also by some distros including Debian for 6 years even
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365), so
> just enable it unconditionally.
> 
> Also add -Wl,--high-entropy-va.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  meson.build | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel

diff --git a/meson.build b/meson.build
index 5c6b5a1c757f..d61c7a82f112 100644
--- a/meson.build
+++ b/meson.build
@@ -193,10 +193,7 @@  qemu_ldflags += cc.get_supported_link_arguments('-Wl,-z,relro', '-Wl,-z,now')
 
 if targetos == 'windows'
   qemu_ldflags += cc.get_supported_link_arguments('-Wl,--no-seh', '-Wl,--nxcompat')
-  # Disable ASLR for debug builds to allow debugging with gdb
-  if get_option('optimization') == '0'
-    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase')
-  endif
+  qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')
 endif
 
 if get_option('gprof')

[06/30] meson: tweak hardening options for Windows

Commit Message

Comments

Patch