[PATCH kvmtool 4/5] Makefile: Mark stack as not executable

From: Martin Radev <martin.b.radev@gmail.com>
To: kvm@vger.kernel.org, will@kernel.org,
	julien.thierry.kdev@gmail.com, andre.przywara@arm.com,
	alexandru.elisei@arm.com
Cc: Martin Radev <martin.b.radev@gmail.com>
Subject: [PATCH kvmtool 4/5] Makefile: Mark stack as not executable
Date: Fri,  4 Mar 2022 01:10:49 +0200	[thread overview]
Message-ID: <20220303231050.2146621-5-martin.b.radev@gmail.com> (raw)
In-Reply-To: <20220303231050.2146621-1-martin.b.radev@gmail.com>

This patch modifies CFLAGS to mark the stack explicitly
as not executable.

Signed-off-by: Martin Radev <martin.b.radev@gmail.com>
---
 Makefile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index f251147..09ef282 100644
--- a/Makefile
+++ b/Makefile
@@ -380,8 +380,11 @@ DEFINES	+= -D_GNU_SOURCE
 DEFINES	+= -DKVMTOOLS_VERSION='"$(KVMTOOLS_VERSION)"'
 DEFINES	+= -DBUILD_ARCH='"$(ARCH)"'
 
+# The stack doesn't need to be executable
+SECURITY_HARDENINGS := -z noexecstack
+
 KVM_INCLUDE := include
-CFLAGS	+= $(CPPFLAGS) $(DEFINES) -I$(KVM_INCLUDE) -I$(ARCH_INCLUDE) -O2 -fno-strict-aliasing -g
+CFLAGS	+= $(CPPFLAGS) $(DEFINES) $(SECURITY_HARDENINGS) -I$(KVM_INCLUDE) -I$(ARCH_INCLUDE) -O2 -fno-strict-aliasing -g
 
 WARNINGS += -Wall
 WARNINGS += -Wformat=2
@@ -582,4 +585,4 @@ ifneq ($(MAKECMDGOALS),clean)
 
 KVMTOOLS-VERSION-FILE:
 	@$(SHELL_PATH) util/KVMTOOLS-VERSION-GEN $(OUTPUT)
-endif
\ No newline at end of file
+endif
-- 
2.25.1

