From 25dacc5c19e73f96382bd343c9e13d07f4014bb5 Mon Sep 17 00:00:00 2001 From: wenshelx Date: Wed, 22 Aug 2018 17:03:10 +0800 Subject: [PATCH] security: Enable '-fpie, -pie' options To be sure hypervisor and DM are position independent and executable. Tracked-On: #1122 Signed-off-by: wenshelx Acked-by: Geoffroy Van Cutsem --- devicemodel/Makefile | 2 ++ hypervisor/arch/x86/Kconfig | 2 +- tools/acrn-manager/Makefile | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/devicemodel/Makefile b/devicemodel/Makefile index 4f40e717b..780714701 100644 --- a/devicemodel/Makefile +++ b/devicemodel/Makefile @@ -18,6 +18,7 @@ CFLAGS += -Wall -ffunction-sections CFLAGS += -Werror CFLAGS += -O2 -D_FORTIFY_SOURCE=2 CFLAGS += -Wformat -Wformat-security -fno-strict-aliasing +CFLAGS += -fpie CFLAGS += -I$(BASEDIR)/include CFLAGS += -I$(BASEDIR)/include/public @@ -43,6 +44,7 @@ endif LDFLAGS += -Wl,-z,noexecstack LDFLAGS += -Wl,-z,relro,-z,now +LDFLAGS += -pie LDFLAGS += -L$(TOOLS_OUT) LIBS = -lrt diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig index ba7d6adbc..ddc74ee30 100644 --- a/hypervisor/arch/x86/Kconfig +++ b/hypervisor/arch/x86/Kconfig @@ -142,4 +142,4 @@ config MTRR_ENABLED config RELOC bool "Enable relocation" - default n + default y diff --git a/tools/acrn-manager/Makefile b/tools/acrn-manager/Makefile index ac55c3c60..5dc83cc9f 100644 --- a/tools/acrn-manager/Makefile +++ b/tools/acrn-manager/Makefile @@ -5,6 +5,7 @@ CFLAGS := -Wall CFLAGS += -I../../devicemodel/include CFLAGS += -I../../devicemodel/include/public CFLAGS += -I../../hypervisor/include +CFLAGS += -fpie ifeq ($(RELEASE),0) CFLAGS += -g -DMNGR_DEBUG @@ -13,6 +14,7 @@ endif LDFLAGS := -L$(OUT_DIR) LDFLAGS += -lacrn-mngr LDFLAGS += -lpthread +LDFLAGS += -pie .PHONY: all all: $(OUT_DIR)/libacrn-mngr.a $(OUT_DIR)/acrn_mngr.h $(OUT_DIR)/acrnctl $(OUT_DIR)/acrnd