[Qemu-devel] [PATCH v2 1.0] configure: build position independent executables across the board, by default

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH v2 1.0] configure: build position independent executables across the board, by default
@ 2011-11-14 14:44 Avi Kivity
  2011-11-14 15:08 ` Anthony Liguori
  0 siblings, 1 reply; 2+ messages in thread
From: Avi Kivity @ 2011-11-14 14:44 UTC (permalink / raw)
  To: Anthony Liguori, qemu-devel, Blue Swirl; +Cc: Paul Moore

Change the default to building PIE (position independent executables); instead
of restricting the option to user-only targets, apply it to all targets.

In addition, set the relocation sections to read-only (relro) when available;
this reduces the attack surface by disallowing changes to relocation tables
at runtime.

While PIE reduces performance and relro increases load time, it greatly
improves security, with the potential to reduce a code execution vulnerability
to a self denial of service.

Signed-off-by: Avi Kivity <avi@redhat.com>
---

v2: improves description to include relro

While we are past the feature freeze, I feel this deserves an exception.  I'd
much rather see "CVE-2012-wxyz QEMU Self denial of service" than
"CVE-2012-wxyz QEMU code execution".  The fact that the option is available
for user targets implies that it is compatible with TCG, and some light testing
agrees.

 configure |   35 +++++++++++++++++------------------
 1 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/configure b/configure
index 6c77fbb..7436361 100755
--- a/configure
+++ b/configure
@@ -172,7 +172,7 @@ aix="no"
 blobs="yes"
 pkgversion=""
 check_utests=""
-user_pie="no"
+pie="yes"
 zero_malloc=""
 trace_backend="nop"
 trace_file="trace"
@@ -701,9 +701,9 @@ for opt do
   ;;
   --disable-guest-base) guest_base="no"
   ;;
-  --enable-user-pie) user_pie="yes"
+  --enable-pie) pie="yes"
   ;;
-  --disable-user-pie) user_pie="no"
+  --disable-pie) pie="no"
   ;;
   --enable-uname-release=*) uname_release="$optarg"
   ;;
@@ -1031,8 +1031,8 @@ echo "  --disable-bsd-user       disable all BSD usermode emulation targets"
 echo "  --enable-guest-base      enable GUEST_BASE support for usermode"
 echo "                           emulation targets"
 echo "  --disable-guest-base     disable GUEST_BASE support"
-echo "  --enable-user-pie        build usermode emulation targets as PIE"
-echo "  --disable-user-pie       do not build usermode emulation targets as PIE"
+echo "  --enable-pie             build Position Independent Executables"
+echo "  --disable-pie            do not build Position Independent Executables"
 echo "  --fmod-lib               path to FMOD library"
 echo "  --fmod-inc               path to FMOD includes"
 echo "  --oss-lib                path to OSS library"
@@ -1099,6 +1099,17 @@ for flag in $gcc_flags; do
     fi
 done
 
+if test "$pie" = "yes" ; then
+  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
+  LDFLAGS="-Wl,-pie $LDFLAGS"
+  cat > $TMPC << EOF
+int main(void) { return 0; }
+EOF
+  if compile_prog "-fPIE -DPIE" "-Wl,-pie -Wl,-z,relro -Wl,-z,now"; then
+    LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
+  fi
+fi
+
 #
 # Solaris specific configure tool chain decisions
 #
@@ -2765,7 +2776,7 @@ echo "Documentation     $docs"
 echo "uname -r          $uname_release"
 echo "NPTL support      $nptl"
 echo "GUEST_BASE        $guest_base"
-echo "PIE user targets  $user_pie"
+echo "PIE               $pie"
 echo "vde support       $vde"
 echo "Linux AIO support $linux_aio"
 echo "ATTR/XATTR support $attr"
@@ -3225,9 +3236,6 @@ for d in libdis libdis-user; do
     symlink $source_path/Makefile.dis $d/Makefile
     echo > $d/config.mak
 done
-if test "$static" = "no" -a "$user_pie" = "yes" ; then
-  echo "QEMU_CFLAGS+=-fpie" > libdis-user/config.mak
-fi
 
 for target in $target_list; do
 target_dir="$target"
@@ -3646,12 +3654,6 @@ if test "$target_softmmu" = "yes" ; then
   esac
 fi
 
-if test "$target_user_only" = "yes" -a "$static" = "no" -a \
-	"$user_pie" = "yes" ; then
-  cflags="-fpie $cflags"
-  ldflags="-pie $ldflags"
-fi
-
 if test "$target_softmmu" = "yes" -a \( \
         "$TARGET_ARCH" = "microblaze" -o \
         "$TARGET_ARCH" = "cris" \) ; then
@@ -3775,9 +3777,6 @@ d=libuser
 mkdir -p $d
 mkdir -p $d/trace
 symlink $source_path/Makefile.user $d/Makefile
-if test "$static" = "no" -a "$user_pie" = "yes" ; then
-  echo "QEMU_CFLAGS+=-fpie" > $d/config.mak
-fi
 
 if test "$docs" = "yes" ; then
   mkdir -p QMP
-- 
1.7.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] [PATCH v2 1.0] configure: build position independent executables across the board, by default
  2011-11-14 14:44 [Qemu-devel] [PATCH v2 1.0] configure: build position independent executables across the board, by default Avi Kivity
@ 2011-11-14 15:08 ` Anthony Liguori
  0 siblings, 0 replies; 2+ messages in thread
From: Anthony Liguori @ 2011-11-14 15:08 UTC (permalink / raw)
  To: Avi Kivity; +Cc: Blue Swirl, Paul Moore, qemu-devel

On 11/14/2011 08:44 AM, Avi Kivity wrote:
> Change the default to building PIE (position independent executables); instead
> of restricting the option to user-only targets, apply it to all targets.
>
> In addition, set the relocation sections to read-only (relro) when available;
> this reduces the attack surface by disallowing changes to relocation tables
> at runtime.
>
> While PIE reduces performance and relro increases load time, it greatly
> improves security, with the potential to reduce a code execution vulnerability
> to a self denial of service.
>
> Signed-off-by: Avi Kivity<avi@redhat.com>
> ---
>
> v2: improves description to include relro
>
> While we are past the feature freeze, I feel this deserves an exception.

I'm inclined to agree.  I don't want to put this in -rc2 since there's not 
enough time to test it, but I'll start testing it tomorrow and we can try to do 
it by -rc3.

Regards,

Anthony Liguori

> I'd
> much rather see "CVE-2012-wxyz QEMU Self denial of service" than
> "CVE-2012-wxyz QEMU code execution".  The fact that the option is available
> for user targets implies that it is compatible with TCG, and some light testing
> agrees.
>
>   configure |   35 +++++++++++++++++------------------
>   1 files changed, 17 insertions(+), 18 deletions(-)
>
> diff --git a/configure b/configure
> index 6c77fbb..7436361 100755
> --- a/configure
> +++ b/configure
> @@ -172,7 +172,7 @@ aix="no"
>   blobs="yes"
>   pkgversion=""
>   check_utests=""
> -user_pie="no"
> +pie="yes"
>   zero_malloc=""
>   trace_backend="nop"
>   trace_file="trace"
> @@ -701,9 +701,9 @@ for opt do
>     ;;
>     --disable-guest-base) guest_base="no"
>     ;;
> -  --enable-user-pie) user_pie="yes"
> +  --enable-pie) pie="yes"
>     ;;
> -  --disable-user-pie) user_pie="no"
> +  --disable-pie) pie="no"
>     ;;
>     --enable-uname-release=*) uname_release="$optarg"
>     ;;
> @@ -1031,8 +1031,8 @@ echo "  --disable-bsd-user       disable all BSD usermode emulation targets"
>   echo "  --enable-guest-base      enable GUEST_BASE support for usermode"
>   echo "                           emulation targets"
>   echo "  --disable-guest-base     disable GUEST_BASE support"
> -echo "  --enable-user-pie        build usermode emulation targets as PIE"
> -echo "  --disable-user-pie       do not build usermode emulation targets as PIE"
> +echo "  --enable-pie             build Position Independent Executables"
> +echo "  --disable-pie            do not build Position Independent Executables"
>   echo "  --fmod-lib               path to FMOD library"
>   echo "  --fmod-inc               path to FMOD includes"
>   echo "  --oss-lib                path to OSS library"
> @@ -1099,6 +1099,17 @@ for flag in $gcc_flags; do
>       fi
>   done
>
> +if test "$pie" = "yes" ; then
> +  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
> +  LDFLAGS="-Wl,-pie $LDFLAGS"
> +  cat>  $TMPC<<  EOF
> +int main(void) { return 0; }
> +EOF
> +  if compile_prog "-fPIE -DPIE" "-Wl,-pie -Wl,-z,relro -Wl,-z,now"; then
> +    LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
> +  fi
> +fi
> +
>   #
>   # Solaris specific configure tool chain decisions
>   #
> @@ -2765,7 +2776,7 @@ echo "Documentation     $docs"
>   echo "uname -r          $uname_release"
>   echo "NPTL support      $nptl"
>   echo "GUEST_BASE        $guest_base"
> -echo "PIE user targets  $user_pie"
> +echo "PIE               $pie"
>   echo "vde support       $vde"
>   echo "Linux AIO support $linux_aio"
>   echo "ATTR/XATTR support $attr"
> @@ -3225,9 +3236,6 @@ for d in libdis libdis-user; do
>       symlink $source_path/Makefile.dis $d/Makefile
>       echo>  $d/config.mak
>   done
> -if test "$static" = "no" -a "$user_pie" = "yes" ; then
> -  echo "QEMU_CFLAGS+=-fpie">  libdis-user/config.mak
> -fi
>
>   for target in $target_list; do
>   target_dir="$target"
> @@ -3646,12 +3654,6 @@ if test "$target_softmmu" = "yes" ; then
>     esac
>   fi
>
> -if test "$target_user_only" = "yes" -a "$static" = "no" -a \
> -	"$user_pie" = "yes" ; then
> -  cflags="-fpie $cflags"
> -  ldflags="-pie $ldflags"
> -fi
> -
>   if test "$target_softmmu" = "yes" -a \( \
>           "$TARGET_ARCH" = "microblaze" -o \
>           "$TARGET_ARCH" = "cris" \) ; then
> @@ -3775,9 +3777,6 @@ d=libuser
>   mkdir -p $d
>   mkdir -p $d/trace
>   symlink $source_path/Makefile.user $d/Makefile
> -if test "$static" = "no" -a "$user_pie" = "yes" ; then
> -  echo "QEMU_CFLAGS+=-fpie">  $d/config.mak
> -fi
>
>   if test "$docs" = "yes" ; then
>     mkdir -p QMP

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-11-14 15:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-14 14:44 [Qemu-devel] [PATCH v2 1.0] configure: build position independent executables across the board, by default Avi Kivity
2011-11-14 15:08 ` Anthony Liguori

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).