From cd1064b16f6b51ad20021bc45404e0c8eef4a299 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Tue, 28 Sep 2021 15:52:30 +0200 Subject: [PATCH] packaging: Configure QEMU with --enable-pie We explicitely set the Postion Independant Executlable (PIE) options in the extra CFLAGS and LDFLAGS that are passed to the QEMU configure script for all archs. This means that these options are used pretty much everywhere, including when building the sample plugins under the test directory. These cannot be linked with -pie and break the build, as experienced recently on ARM (see PR #2732). This only broke on ARM because other archs are configured with --disable-tcg : this disables plugins which are built by default otherwise. The --enable-pie option is all that is needed. The QEMU build system knows which binaries should be created as PIE, e.g. the important bits like QEMU and virtiofsd, and which ones should not, e.g. the sample plugins that aren't used in production. Rely on --enable-pie only, for all archs. This allows to drop the workaround that was put in place in PR #2732. Fixes: #2757 Signed-off-by: Greg Kurz --- .../packaging/scripts/configure-hypervisor.sh | 30 +++---------------- 1 file changed, 4 insertions(+), 26 deletions(-) diff --git a/tools/packaging/scripts/configure-hypervisor.sh b/tools/packaging/scripts/configure-hypervisor.sh index da0d1ee02b..3a6bfd1b78 100755 --- a/tools/packaging/scripts/configure-hypervisor.sh +++ b/tools/packaging/scripts/configure-hypervisor.sh @@ -434,12 +434,10 @@ generate_qemu_options() { qemu_options+=(arch:"--target-list=${arch}-softmmu") fi - # aarch64 need to explictly set --enable-pie - if [ -z "${static}" ] && [ "${arch}" = "aarch64" ]; then - qemu_options+=(arch:"--enable-pie") - # pie is conflict with plugins build for qemu 6.1.0 - [ "${qemu_version}" == "6.1.0" ] && qemu_options+=(arch:"--disable-plugins") - fi + # SECURITY: Create binary as a Position Independant Executable, + # and take advantage of ASLR, making ROP attacks much harder to perform. + # (https://wiki.debian.org/Hardening) + [ -z "${static}" ] && qemu_options+=(arch:"--enable-pie") _qemu_cflags="" @@ -465,16 +463,6 @@ generate_qemu_options() { # (such as argument and buffer overflows checks). _qemu_cflags+=" -D_FORTIFY_SOURCE=2" - # SECURITY: Create binary as a Position Independant Executable, - # and take advantage of ASLR, making ROP attacks much harder to perform. - # (https://wiki.debian.org/Hardening) - case "$arch" in - aarch64) _qemu_cflags+=" -fPIE" ;; - x86_64) _qemu_cflags+=" -fPIE" ;; - ppc64le) _qemu_cflags+=" -fPIE" ;; - s390x) _qemu_cflags+=" -fPIE" ;; - esac - # Set compile options qemu_options+=(functionality,security,speed,size:"--extra-cflags=\"${_qemu_cflags}\"") @@ -482,16 +470,6 @@ generate_qemu_options() { _qemu_ldflags="" - # SECURITY: Link binary as a Position Independant Executable, - # and take advantage of ASLR, making ROP attacks much harder to perform. - # (https://wiki.debian.org/Hardening) - case "$arch" in - aarch64) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;; - x86_64) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;; - ppc64le) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;; - s390x) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;; - esac - # SECURITY: Disallow executing code on the stack. _qemu_ldflags+=" -z noexecstack"