Skip to content

Commit 1b9a3b3

Browse files
lyan3lijinxia
lyan3
authored and
lijinxia
committed
tools: acrn-manager: update Makefile
Update the Makefiel to sync the compiler options with devicemode and enable options to harden software. Tracked-On: #1122 Signed-off-by: Yan, Like <like.yan@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
1 parent 227a8c4 commit 1b9a3b3

File tree

1 file changed

+39
-7
lines changed

1 file changed

+39
-7
lines changed

tools/acrn-manager/Makefile

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,51 @@
1+
T := $(CURDIR)
2+
OUT_DIR ?= $(shell mkdir -p $(T)/build;cd $(T)/build;pwd)
3+
CC ?= gcc
14

2-
OUT_DIR ?= .
5+
CFLAGS := -g -O0 -std=gnu11
6+
CFLAGS += -D_GNU_SOURCE
7+
CFLAGS += -DNO_OPENSSL
8+
CFLAGS += -m64
9+
CFLAGS += -Wall -ffunction-sections
10+
CFLAGS += -Werror
11+
CFLAGS += -O2 -D_FORTIFY_SOURCE=2
12+
CFLAGS += -Wformat -Wformat-security -fno-strict-aliasing
13+
CFLAGS += -fpie -fpic
14+
#FIXME: remove me. work-around for system() calls, which will be removed
15+
CFLAGS += -Wno-format-truncation -Wno-unused-result
316

4-
CFLAGS := -Wall
517
CFLAGS += -I../../devicemodel/include
618
CFLAGS += -I../../devicemodel/include/public
719
CFLAGS += -I../../hypervisor/include
8-
CFLAGS += -fpie
20+
21+
GCC_MAJOR=$(shell echo __GNUC__ | $(CC) -E -x c - | tail -n 1)
22+
GCC_MINOR=$(shell echo __GNUC_MINOR__ | $(CC) -E -x c - | tail -n 1)
23+
24+
#enable stack overflow check
25+
STACK_PROTECTOR := 1
26+
27+
ifdef STACK_PROTECTOR
28+
ifeq (true, $(shell [ $(GCC_MAJOR) -gt 4 ] && echo true))
29+
CFLAGS += -fstack-protector-strong
30+
else
31+
ifeq (true, $(shell [ $(GCC_MAJOR) -eq 4 ] && [ $(GCC_MINOR) -ge 9 ] && echo true))
32+
CFLAGS += -fstack-protector-strong
33+
else
34+
CFLAGS += -fstack-protector
35+
endif
36+
endif
37+
endif
938

1039
ifeq ($(RELEASE),0)
1140
CFLAGS += -g -DMNGR_DEBUG
1241
endif
1342

14-
LDFLAGS := -L$(OUT_DIR)
15-
LDFLAGS += -lacrn-mngr
16-
LDFLAGS += -lpthread
43+
LDFLAGS := -Wl,-z,noexecstack
44+
LDFLAGS += -Wl,-z,relro,-z,now
1745
LDFLAGS += -pie
46+
LDFLAGS += -L$(OUT_DIR)
47+
LDFLAGS += -lpthread
48+
LDFLAGS += -lacrn-mngr
1849

1950
.PHONY: all
2051
all: $(OUT_DIR)/libacrn-mngr.a $(OUT_DIR)/acrn_mngr.h $(OUT_DIR)/acrnctl $(OUT_DIR)/acrnd
@@ -42,11 +73,12 @@ clean:
4273
rm -f $(OUT_DIR)/acrnctl
4374
rm -f $(OUT_DIR)/acrn_mngr.o
4475
rm -f $(OUT_DIR)/libacrn-mngr.a
76+
rm -f $(OUT_DIR)/acrnd
4577
ifneq ($(OUT_DIR),.)
4678
rm -f $(OUT_DIR)/acrn_mngr.h
4779
rm -f $(OUT_DIR)/acrnd.service
80+
rm -rf $(OUT_DIR)
4881
endif
49-
rm -f $(OUT_DIR)/acrnd
5082

5183
.PHONY: install
5284
install: $(OUT_DIR)/acrnctl $(OUT_DIR)/acrn_mngr.h $(OUT_DIR)/libacrn-mngr.a

0 commit comments

Comments
 (0)