diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2022-11-02 13:03:51 +0100 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2023-01-06 00:51:02 +0100 |
| commit | 2d73fa74728dccde5cc29c4e56b4d781e4ead7c4 (patch) | |
| tree | 6904662af1dcdd86b7296730c812803e4a2e4e61 /meson.build | |
| parent | 10229ec3b0ff77c4894cefa312c21e65a761dcde (diff) | |
meson: tweak hardening options for Windows
meson.build has been enabling ASLR _only_ for debug builds since
commit d2147e04f95f ("configure: move Windows flags detection to meson",
2022-05-07); instead it was supposed to disable it for debug builds.
However, the flag has been enabled for DLLs upstream for roughly 2
years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
also by some distros including Debian for 6 years even
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365).
Enable it unconditionally; we can fix the reversed logic of commit
d2147e04f95f later if there are any reports, but for now just
enable the hardening.
Also add -Wl,--high-entropy-va, which also controls ASLR.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'meson.build')
| -rw-r--r-- | meson.build | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/meson.build b/meson.build index 3f31db5963..b45814c65c 100644 --- a/meson.build +++ b/meson.build @@ -193,10 +193,7 @@ qemu_ldflags += cc.get_supported_link_arguments('-Wl,-z,relro', '-Wl,-z,now') if targetos == 'windows' qemu_ldflags += cc.get_supported_link_arguments('-Wl,--no-seh', '-Wl,--nxcompat') - # Disable ASLR for debug builds to allow debugging with gdb - if get_option('optimization') == '0' - qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase') - endif + qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va') endif if get_option('gprof') |