Meson: Fix broken backends with "Full RELRO"

author Fred Morcos <fred.morcos@open-xchange.com>

Mon, 9 Oct 2023 10:44:57 +0000 (12:44 +0200)

committer Fred Morcos <fred.morcos@open-xchange.com>

Wed, 20 Mar 2024 12:28:51 +0000 (13:28 +0100)
author Fred Morcos <fred.morcos@open-xchange.com>
Mon, 9 Oct 2023 10:44:57 +0000 (12:44 +0200)
committer Fred Morcos <fred.morcos@open-xchange.com>
Wed, 20 Mar 2024 12:28:51 +0000 (13:28 +0100)
diff --git a/meson/hardening/meson.build b/meson/hardening/meson.build

index dd4e8dd17a99bfe7433e6f49f81a134a754751c2..2a0bc15bad1f6b30c009eea9ec09637c73d3b4cf 100644 (file)
--- a/meson/hardening/meson.build
+++ b/meson/hardening/meson.build
@@ -1,5 +1,4 @@
  opt_hardening = get_option('hardening')
-
  if opt_hardening.enabled() or opt_hardening.auto()
    hardening_features = []
  
@@ -25,7 +24,26 @@ if opt_hardening.enabled() or opt_hardening.auto()
        if opt_hardening.auto()
          warning(name + ' is disabled or not supported')
        else
-        error('Failing because ' + name + ' is not supported but hardening was explicitly requested')
+        error('Failing because ' + name + ' is not supported but hardening was requested')
+      endif
+    endif
+  endforeach
+endif
+
+opt_full_hardening = get_option('hardening-full')
+if opt_full_hardening.enabled() or opt_full_hardening.auto()
+  full_hardening_features = []
+  subdir('relro-full')          # Full RELRO
+
+  foreach feature: full_hardening_features
+    available = feature[0]
+    name = feature[1]
+
+    if not available
+      if opt_full_hardening.auto()
+        warning(name + ' is disabled or not supported')
+      else
+        error('Failing because ' + name + ' is not supported but full hardening was requested')
        endif
      endif
    endforeach
diff --git a/meson/hardening/relro-full/meson.build b/meson/hardening/relro-full/meson.build

new file mode 100644 (file)

index 0000000..0118d33
--- /dev/null
+++ b/meson/hardening/relro-full/meson.build
@@ -0,0 +1,16 @@
+have_full_relro = true
+full_variants = [
+  # '-Wl,-z,defs',
+  '-Wl,-z,ibt,-z,shstk',
+]
+
+foreach variant: full_variants
+  if cxx.has_link_argument(variant)
+    full_hardening_features += [[true, 'Full RELRO (' + variant + ')']]
+    add_project_link_arguments(variant, language: ['c', 'cpp'])
+  else
+    have_full_relro = false
+  endif
+endforeach
+
+summary('Full RELRO', have_full_relro, bool_yn: true, section: 'Hardening')
diff --git a/meson_options.txt b/meson_options.txt

index aa766dd7b65eca871b321ed23708b9f7fa98d5df..02cc9778da22f7aa80e0dd10cfc7d593099a931a 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,5 +1,6 @@
  option('lua', type: 'combo', choices: ['auto', 'luajit', 'lua'], value: 'auto', description: 'Lua implementation to use')
  option('hardening', type: 'feature', value: 'auto', description: 'Compiler security checks')
+option('hardening-full', type: 'feature', value: 'auto', description: 'Compiler security checks with a performance penalty')
  option('fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level')
  option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG')
  option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')
author	Fred Morcos <fred.morcos@open-xchange.com>
	Mon, 9 Oct 2023 10:44:57 +0000 (12:44 +0200)
committer	Fred Morcos <fred.morcos@open-xchange.com>
	Wed, 20 Mar 2024 12:28:51 +0000 (13:28 +0100)
meson/hardening/meson.build		patch \| blob \| blame \| history
meson/hardening/relro-full/meson.build	[new file with mode: 0644]	patch \| blob
meson_options.txt		patch \| blob \| blame \| history