* [PATCH] Add compiler defenses flags
@ 2023-07-17 13:19 Mateusz Grzonka
2023-09-01 16:16 ` Jes Sorensen
0 siblings, 1 reply; 2+ messages in thread
From: Mateusz Grzonka @ 2023-07-17 13:19 UTC (permalink / raw)
To: linux-raid; +Cc: jes
It is essential to avoid buffer overflows and similar bugs as much as
possible.
According to Intel rules we are obligated to verify certain
compiler flags, so it will be much easier if they are added to the
Makefile.
Add gcc flags for prevention of buffer overflows, format string vulnerabilities,
stack protection to prevent stack overwrites and aslr enablement through -fPIE.
Also make the flags configurable.
The changes were verified on gcc versions 7.5, 8.3, 9.2, 10 and 12.2.
Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
---
Makefile | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/Makefile b/Makefile
index 5eac1a4e..b3aa36f6 100644
--- a/Makefile
+++ b/Makefile
@@ -30,7 +30,7 @@
# define "CXFLAGS" to give extra flags to CC.
# e.g. make CXFLAGS=-O to optimise
-CXFLAGS ?=-O2
+CXFLAGS ?=-O2 -D_FORTIFY_SOURCE=2
TCC = tcc
UCLIBC_GCC = $(shell for nm in i386-uclibc-linux-gcc i386-uclibc-gcc; do which $$nm > /dev/null && { echo $$nm ; exit; } ; done; echo false No uclibc found )
#DIET_GCC = diet gcc
@@ -50,14 +50,30 @@ ifeq ($(origin CC),default)
CC := $(CROSS_COMPILE)gcc
endif
CXFLAGS ?= -ggdb
-CWFLAGS = -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter
+CWFLAGS ?= -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds
ifdef WARN_UNUSED
-CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3
+CWFLAGS += -Wp -O3
endif
-FALLTHROUGH := $(shell gcc -v --help 2>&1 | grep "implicit-fallthrough" | wc -l)
-ifneq "$(FALLTHROUGH)" "0"
-CWFLAGS += -Wimplicit-fallthrough=0
+ifeq ($(origin FALLTHROUGH), undefined)
+ FALLTHROUGH := $(shell gcc -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l)
+ ifneq "$(FALLTHROUGH)" "0"
+ CWFLAGS += -Wimplicit-fallthrough=0
+ endif
+endif
+
+ifeq ($(origin FORMATOVERFLOW), undefined)
+ FORMATOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l)
+ ifneq "$(FORMATOVERFLOW)" "0"
+ CWFLAGS += -Wformat-overflow
+ endif
+endif
+
+ifeq ($(origin STRINGOPOVERFLOW), undefined)
+ STRINGOPOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l)
+ ifneq "$(STRINGOPOVERFLOW)" "0"
+ CWFLAGS += -Wstringop-overflow
+ endif
endif
ifdef DEBIAN
@@ -116,10 +132,12 @@ CFLAGS += -DUSE_PTHREADS
MON_LDFLAGS += -pthread
endif
+LDFLAGS = -Wl,-z,now,-z,noexecstack
+
# If you want a static binary, you might uncomment these
-# LDFLAGS = -static
+# LDFLAGS += -static
# STRIP = -s
-LDLIBS = -ldl
+LDLIBS = -ldl -pie
# To explicitly disable libudev, set -DNO_LIBUDEV in CXFLAGS
ifeq (, $(findstring -DNO_LIBUDEV, $(CXFLAGS)))
@@ -209,14 +227,13 @@ mdadm.Os : $(SRCS) $(INCL)
$(CC) -o mdadm.Os $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -Os $(SRCS) $(LDLIBS)
mdadm.O2 : $(SRCS) $(INCL) mdmon.O2
- $(CC) -o mdadm.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -O2 -D_FORTIFY_SOURCE=2 $(SRCS) $(LDLIBS)
+ $(CC) -o mdadm.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -O2 $(SRCS) $(LDLIBS)
mdmon.O2 : $(MON_SRCS) $(INCL) mdmon.h
- $(CC) -o mdmon.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -DHAVE_STDINT_H -O2 -D_FORTIFY_SOURCE=2 $(MON_SRCS) $(LDLIBS)
+ $(CC) -o mdmon.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -DHAVE_STDINT_H -O2 $(MON_SRCS) $(LDLIBS)
-# use '-z now' to guarantee no dynamic linker interactions with the monitor thread
mdmon : $(MON_OBJS) | check_rundir
- $(CC) $(CFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -Wl,-z,now -o mdmon $(MON_OBJS) $(LDLIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -o mdmon $(MON_OBJS) $(LDLIBS)
msg.o: msg.c msg.h
test_stripe : restripe.c xmalloc.o mdadm.h
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] Add compiler defenses flags
2023-07-17 13:19 [PATCH] Add compiler defenses flags Mateusz Grzonka
@ 2023-09-01 16:16 ` Jes Sorensen
0 siblings, 0 replies; 2+ messages in thread
From: Jes Sorensen @ 2023-09-01 16:16 UTC (permalink / raw)
To: Mateusz Grzonka, linux-raid; +Cc: Mariusz Tkaczyk
On 7/17/23 09:19, Mateusz Grzonka wrote:
> It is essential to avoid buffer overflows and similar bugs as much as
> possible.
>
> According to Intel rules we are obligated to verify certain
> compiler flags, so it will be much easier if they are added to the
> Makefile.
>
> Add gcc flags for prevention of buffer overflows, format string vulnerabilities,
> stack protection to prevent stack overwrites and aslr enablement through -fPIE.
> Also make the flags configurable.
>
> The changes were verified on gcc versions 7.5, 8.3, 9.2, 10 and 12.2.
>
> Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
Seems reasonable and fairly broad testing, so applied!
Thanks,
Jes
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-01 16:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-17 13:19 [PATCH] Add compiler defenses flags Mateusz Grzonka
2023-09-01 16:16 ` Jes Sorensen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).