meson: tweak hardening options for Windows

meson.build has been enabling ASLR _only_ for debug builds since
commit d2147e04f95f ("configure: move Windows flags detection to meson",
2022-05-07); instead it was supposed to disable it for debug builds.

However, the flag has been enabled for DLLs upstream for roughly 2
years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
also by some distros including Debian for 6 years even
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365).

Enable it unconditionally; we can fix the reversed logic of commit
d2147e04f95f later if there are any reports, but for now just
enable the hardening.

Also add -Wl,--high-entropy-va, which also controls ASLR.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/meson.build b/meson.build
index 3f31db5..b45814c 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -193,10 +193,7 @@ qemu_ldflags += cc.get_supported_link_arguments('-Wl,-z,relro', '-Wl,-z,now')
 
 if targetos == 'windows'
   qemu_ldflags += cc.get_supported_link_arguments('-Wl,--no-seh', '-Wl,--nxcompat')
-  # Disable ASLR for debug builds to allow debugging with gdb
-  if get_option('optimization') == '0'
-    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase')
-  endif
+  qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')
 endif
 
 if get_option('gprof')