Add hardening build options

This commit enables hardened-specific checks and codegen, inspired by GCC 14's -fhardened command line switch and LLVM/libc++'s hardened modes. We enable (depending on compiler capabilities): * -ftrivial-auto-var-init=pattern; * -fstack-protector-strong; * -fstack-clash-protection; * -fcf-protection=full or /CETCOMPAT; * -D_FORTIFY_SOURCE=3 or 2 on Glibc, depending on the Glibc version, provided that some optimization level is enabled (release build or optimized debug build); * on libstdc++, -D_GLIBCXX_ASSERTIONS; * on libc++, -D_LIBCPP_HARDENING_MODE set to _LIBCPP_HARDENING_MODE_EXTENSIVE in debug and to _LIBCPP_HARDENING_MODE_FAST in release (_DEBUG is too slow); * -Wl,-z,relro,-z,now. This aligns us 100% with -fhardened (we already pass -fPIE and -pie anyhow). Some Linux distributions already ship GCC/Clang with some of these options enabled by default. The check for Intel CET has been amended to always test if the compiler supports the corresponding flag; and, if so, enable the feature. Before, it was behind a configure option and the test only checked if the compiler had CET support automatically active (the test didn't pass -fcf-protection to the compiler). The check for -fstack-protector-strong has been made general (rather than QNX-specific). We don't support QNX < 7 anyhow. Finally, the qt_config_linker_supports_flag_test test has been amended to also support MSVC. All of the hardening options are enabled by default. [ChangeLog][Build System] Qt builds by default in "hardened mode", meaning that a series of security-related compiler options are automatically enabled. In the unlikely case in which these options constitute an unacceptable performance hit, it is possible to disable individual hardening options when configuring Qt. Change-Id: I2c026b0438010ad10d5e7b1136fedf4ae3af8822 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
author: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> 2024-03-06 16:22:12 +0100
committer: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> 2024-03-19 02:52:43 +0100
commit: 9ff1e6d80bbd5b44b9ec4c0a837d9a4c962698e4 (patch)
tree: 1f56b9784ffd0a5bcc0bc7e7bbf2e962155f0b02 /cmake/QtInternalTargets.cmake
parent: a89a916377f774ea55b43afc56cb89070097883f (diff)
1 files changed, 40 insertions, 6 deletions
diff --git a/cmake/QtInternalTargets.cmake b/cmake/QtInternalTargets.cmake
index bdba1b5be1..885665b7ed 100644
--- a/cmake/QtInternalTargets.cmake
+++ b/cmake/QtInternalTargets.cmake
@@ -316,18 +316,52 @@ if (GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "9.2")
     target_compile_options(PlatformCommonInternal INTERFACE $<$<COMPILE_LANGUAGE:CXX>:-Wsuggest-override>)
 endif()
 
+# Hardening options
 if(QT_FEATURE_intelcet)
     if(MSVC)
-        qt_internal_platform_link_options(PlatformCommonInternal INTERFACE
-            -CETCOMPAT
-        )
+        qt_internal_platform_link_options(PlatformCommonInternal INTERFACE -CETCOMPAT)
     else()
-        target_compile_options(PlatformCommonInternal INTERFACE
-            -fcf-protection=full
-        )
+        target_compile_options(PlatformCommonInternal INTERFACE -fcf-protection=full)
+    endif()
+endif()
+
+if(QT_FEATURE_glibc_fortify_source)
+    set(is_optimized_build "$<OR:$<NOT:$<CONFIG:Debug>>,$<BOOL:${QT_FEATURE_optimize_debug}>>")
+    # Some compilers may define _FORTIFY_SOURCE by default when optimizing, remove it
+    # before defining our own
+    target_compile_options(PlatformCommonInternal BEFORE INTERFACE "$<${is_optimized_build}:-U_FORTIFY_SOURCE>")
+    if(TEST_glibc_234)
+        target_compile_options(PlatformCommonInternal INTERFACE "$<${is_optimized_build}:-D_FORTIFY_SOURCE=3>")
+    else()
+        target_compile_options(PlatformCommonInternal INTERFACE "$<${is_optimized_build}:-D_FORTIFY_SOURCE=2>")
     endif()
 endif()
 
+if(QT_FEATURE_trivial_auto_var_init_pattern)
+    target_compile_options(PlatformCommonInternal INTERFACE -ftrivial-auto-var-init=pattern)
+endif()
+
+if(QT_FEATURE_stack_protector)
+    target_compile_options(PlatformCommonInternal INTERFACE -fstack-protector-strong)
+endif()
+
+if(QT_FEATURE_stack_clash_protection)
+    target_compile_options(PlatformCommonInternal INTERFACE -fstack-clash-protection)
+endif()
+
+if(QT_FEATURE_libstdcpp_assertions)
+    target_compile_definitions(PlatformCommonInternal INTERFACE _GLIBCXX_ASSERTIONS)
+endif()
+
+if(QT_FEATURE_libcpp_hardening)
+    target_compile_definitions(PlatformCommonInternal INTERFACE -D_LIBCPP_HARDENING_MODE="$<IF:$<CONFIG:Debug>,_LIBCPP_HARDENING_MODE_EXTENSIVE,_LIBCPP_HARDENING_MODE_FAST>")
+endif()
+
+if(QT_FEATURE_relro_now_linker)
+    qt_internal_platform_link_options(PlatformCommonInternal INTERFACE "-Wl,-z,relro,-z,now")
+endif()
+
+
 if(QT_FEATURE_force_asserts)
     target_compile_definitions(PlatformCommonInternal INTERFACE QT_FORCE_ASSERTS)
 endif()
author	Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>	2024-03-06 16:22:12 +0100
committer	Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>	2024-03-19 02:52:43 +0100
commit	9ff1e6d80bbd5b44b9ec4c0a837d9a4c962698e4 (patch)
tree	1f56b9784ffd0a5bcc0bc7e7bbf2e962155f0b02 /cmake/QtInternalTargets.cmake
parent	a89a916377f774ea55b43afc56cb89070097883f (diff)