On 18/12/2019 04.19, Richard Henderson wrote: > There is nothing about these options that is related to PIE. > Nor is there anything that specifically ties them to each other. > Use them unconditionally. > > Signed-off-by: Richard Henderson <richard.hender...@linaro.org> > --- > configure | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/configure b/configure > index 972ce7396f..f8981eec15 100755 > --- a/configure > +++ b/configure > @@ -2034,9 +2034,6 @@ if test "$pie" != "no" ; then > QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" > LDFLAGS="-pie $LDFLAGS" > pie="yes" > - if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then > - LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" > - fi > else > if test "$pie" = "yes"; then > error_exit "PIE not available due to missing toolchain support" > @@ -2047,6 +2044,16 @@ if test "$pie" != "no" ; then > fi > fi > > +# Detect support for DT_BIND_NOW. > +if compile_prog "" "-Wl,-z,now" ; then > + LDFLAGS="-Wl,-z,now $LDFLAGS" > +fi > + > +# Detect support for PT_GNU_RELRO. > +if compile_prog "" "-Wl,-z,relro" ; then > + LDFLAGS="-Wl,-z,relro $LDFLAGS" > +fi
Looking at https://mudongliang.github.io/2016/07/11/relro-a-not-so-well-known-memory-corruption-mitigation-technique.html the idea of specifying these two options together was likely to get "Full RELRO" instead of only "Partial RELRO". Thus, does it make sense to have "-Wl,-z,now" without "-Wl,-z,relro" in QEMU? Or should this rather check whether both are possible, then use both, otherwise just try to use "relro" alone? Thomas
