From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31634 invoked by alias); 31 Jul 2014 20:07:37 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 31596 invoked by uid 89); 31 Jul 2014 20:07:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.6 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 X-HELO: smtp.gentoo.org Received: from smtp.gentoo.org (HELO smtp.gentoo.org) (140.211.166.183) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 31 Jul 2014 20:07:16 +0000 Received: from laptop1.gw.ume.nu (ip1-67.bon.riksnet.se [77.110.8.67]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: zorry) by smtp.gentoo.org (Postfix) with ESMTPSA id 23D343401AB for ; Thu, 31 Jul 2014 20:07:14 +0000 (UTC) From: Magnus Granberg To: gcc-patches@gcc.gnu.org Subject: [PATCH][1-3] New configure options that make the compiler use -fPIE and -pie as default option Date: Thu, 31 Jul 2014 20:32:00 -0000 Message-ID: <4827012.p4mTkPPu1h@laptop1.gw.ume.nu> User-Agent: KMail/4.13.2 (Linux/3.13.9-hardened; KDE/4.13.2; x86_64; ; ) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart2320523.oMskhoW8hL" Content-Transfer-Encoding: 7Bit X-IsSubscribed: yes X-SW-Source: 2014-07/txt/msg02232.txt.bz2 This is a multi-part message in MIME format. --nextPart2320523.oMskhoW8hL Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Content-length: 1822 Hi This patchset will add a new configure options --enable-default-pie. With the new option enable will make it pass -fPIE and -pie from the gcc and g++ frontend. Have only add the support for two targets but should work on more targes. In configure.ac we add the new option. We can't compile the compiler or the crt stuff with -fPIE it will brake the PCH and the crtbegin and crtend files. The disabling is done in the Makefiles. The needed spec is added to DRIVER_SELF_SPECS. We disable all the profiling test for the linking will fail. Tested on x86_64 linux (Gentoo). More and more Linux/gnu distributions compile binary with PIE with this you could allmost compile all binary with PIE as we do on Gentoo Hardened. This patches have bin posted before on the list. https://gcc.gnu.org/ml/gcc-patches/2013-11/msg01515.html /Magnus Granberg Changlog 2014-07-31 Magnus Granberg /gcc * config/gnu-user.h: Define PIE_DRIVER_SELF_SPECS for PIE as default and GNU_DRIVER_SELF_SPECS. * config/i386/gnu-user-common.h: Define DRIVER_SELF_SPECS * configure.ac: Add new option that enable PIE as default. * configure, config.in: Rebuild. * Makefile.in: Disable PIE when building the compiler. * doc/install.texi: Add the new configure option default PIE. * doc/invoke.texi: Add note for the new configure option default PIE. * testsuite/gcc/default-pie.c: New test for new configure option --enale-default-pie * testsuite/gcc.dg/other/anon5.C: Add skip test as it fail to link on effective_target default_pie. * testsuite/lib/target-supports.exp (check_profiling_available): We can't use profiling on effective target default_pie. (check_effective_target_pie): Add check_effective_target_default_pie. /libgcc * Makefile.in: Disable PIE when building the crtbegin/end files. ---- --nextPart2320523.oMskhoW8hL Content-Disposition: attachment; filename="gcc410_default_pie_main.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="UTF-8"; name="gcc410_default_pie_main.patch" Content-length: 5424 --- a/gcc/config/gnu-user.h 2013-08-20 10:31:40.000000000 +0200 +++ b/gcc/config/gnu-user.h 2013-10-23 22:01:42.337238981 +0200 @@ -126,3 +126,17 @@ see the files COPYING3 and COPYING.RUNTI LD_STATIC_OPTION " --whole-archive -ltsan --no-whole-archive " \ LD_DYNAMIC_OPTION "}}%{!static-libtsan:-ltsan}" #endif + +/* We use this to make the compiler use -fPIE as default and link + with -pie. */ +#ifdef ENABLE_DEFAULT_PIE +#define PIE_DRIVER_SELF_SPECS \ +"%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE| \ + shared|static|nostdlib|nodefaultlibs|nostartfiles:;:-fPIE -pie}" +#else +#define PIE_DRIVER_SELF_SPECS "" +#endif + +#ifndef GNU_DRIVER_SELF_SPECS +#define GNU_DRIVER_SELF_SPECS PIE_DRIVER_SELF_SPECS +#endif --- a/gcc/config/i386/gnu-user-common.h 2013-01-10 21:38:27.000000000 +0100 +++ b/gcc/config/i386/gnu-user-common.h 2013-10-23 17:37:45.432767049 +0200 @@ -70,3 +70,8 @@ along with GCC; see the file COPYING3. /* Static stack checking is supported by means of probes. */ #define STACK_CHECK_STATIC_BUILTIN 1 + +/* Use GNU_DRIVER_SELF_SPECS. */ +#ifndef DRIVER_SELF_SPECS +#define DRIVER_SELF_SPECS GNU_DRIVER_SELF_SPECS +#endif --- a/gcc/configure.ac 2014-04-28 16:01:40.000000000 +0200 +++ b/gcc/configure.ac 2014-05-08 02:42:30.900883247 +0200 @@ -5671,6 +5671,36 @@ if test x"${LINKER_HASH_STYLE}" != x; th [The linker hash style]) fi +# Check whether --enable-default-pie was given and target have the support. +AC_ARG_ENABLE(default-pie, +[AS_HELP_STRING([--enable-default-pie], + [enable Position Independent Executable as default])], +enable_default_pie=$enableval, +enable_default_pie=no) +if test x$enable_default_pie = xyes; then + AC_MSG_CHECKING(if $target supports default PIE) + enable_default_pie=no + case $target in + i?86*-*-linux* | x86_64*-*-linux*) + saved_LDFLAGS="$LDFLAGS" + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -fPIE -pie" + AC_TRY_LINK(,,[enable_default_pie=yes],) + LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" + ;; + *) + ;; + esac + AC_MSG_RESULT($enable_default_pie) +fi +if test x$enable_default_pie == xyes ; then + AC_DEFINE(ENABLE_DEFAULT_PIE, 1, + [Define if your target supports default PIE and it is enabled.]) +fi +AC_SUBST([enable_default_pie]) + # Configure the subdirectories # AC_CONFIG_SUBDIRS($subdirs) --- a/gcc/Makefile.in 2013-10-02 21:52:27.000000000 +0200 +++ b/gcc/Makefile.in 2013-10-24 17:46:22.055357122 +0200 @@ -968,14 +968,23 @@ CONTEXT_H = context.h # cross compiler which does not use the native headers and libraries. INTERNAL_CFLAGS = -DIN_GCC $(PICFLAG) @CROSS@ +# We don't want to compile the compiler with -fPIE, it make PCH fail. +enable_default_pie = @enable_default_pie@ +ifeq ($(enable_default_pie),yes) +NOPIE_CFLAGS = -fno-PIE +else +NOPIE_CFLAGS= +endif + # This is the variable actually used when we compile. If you change this, # you probably want to update BUILD_CFLAGS in configure.ac -ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \ +ALL_CFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@ # The C++ version. -ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ - $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@ +ALL_CXXFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ + $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \ + $(WARN_CXXFLAGS) @DEFS@ # Likewise. Put INCLUDES at the beginning: this way, if some autoconf macro # puts -I options in CPPFLAGS, our include files in the srcdir will always @@ -1831,6 +1831,7 @@ libgcc.mvars: config.status Makefile spe echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars + echo enable_default_pie = '$(enable_default_pie)' >> tmp-libgcc.mvars mv tmp-libgcc.mvars libgcc.mvars @@ -3536,6 +3536,9 @@ site.exp: ./config.status Makefile @if test "@enable_lto@" = "yes" ; then \ echo "set ENABLE_LTO 1" >> ./site.tmp; \ fi + @if test "@enable_default_pie@" = "yes" ; then \ + echo "set ENABLE_DEFAULT_PIE 1" >> ./site.tmp; \ + fi # If newlib has been configured, we need to pass -B to gcc so it can find # newlib's crt0.o if it exists. This will cause a "path prefix not used" # message if it doesn't, but the testsuite is supposed to ignore the message - --- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 +++ b/libgcc/Makefile.in 2012-06-29 00:15:04.534016511 +0200 @@ -279,11 +279,17 @@ override CFLAGS := $(filter-out -fprofil INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@ +#Don't use -fPIE when compiling crtbegin/end. +ifeq ($(enable_default_pie),yes) +NOPIE_CFLAGS = -fno-PIE +else +NOPIE_CFLAGS= +endif # Options to use when compiling crtbegin/end. CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ -finhibit-size-directive -fno-inline -fno-exceptions \ -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ - -fno-stack-protector \ + -fno-stack-protector $(NOPIE_CFLAGS) \ $(INHIBIT_LIBC_CFLAGS) # Extra flags to use when compiling crt{begin,end}.o. --nextPart2320523.oMskhoW8hL Content-Disposition: attachment; filename="gcc410_default_pie_testsuite.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="UTF-8"; name="gcc410_default_pie_testsuite.patch" Content-length: 2499 --- a/gcc/testsuite/gcc.dg/default-pie.c 2013-11-09 21:07:16.741479728 +0100 +++ b/gcc/testsuite/gcc.dg/default-pie.c 2013-11-09 21:05:07.801479218 +0100 @@ -0,0 +1,12 @@ +/* { dg-do compile { target *-*-linux* *-*-gnu* } } */ +/* { dg-require-effective-target default_pie } */ +/* { dg-options "-O2" } */ +int foo (void); + +int +main (void) +{ + return foo (); +} + +/* { dg-final { scan-assembler "foo@PLT" } } */ --- a/gcc/testsuite/gcc.dg/tree-ssa/ssa-store-ccp-3.c 2012-03-14 17:33:37.000000000 +0100 +++ b/gcc/testsuite/gcc.dg/tree-ssa/ssa-store-ccp-3.c 2014-07-29 00:55:17.421086416 +0200 @@ -2,6 +2,9 @@ /* Skipped on MIPS GNU/Linux target because __PIC__ can be defined for executables as well as shared libraries. */ /* { dg-skip-if "" { *-*-darwin* hppa*64*-*-* mips*-*-linux* *-*-mingw* } { "*" } { "" } } */ +/* Skipped on default_pie targets because __PIC__ is + defined for executables. */ +/* { dg-skip-if "" { default_pie } { "*" } { "" } } */ /* { dg-options "-O2 -fno-common -fdump-tree-optimized" } */ const int conststaticvariable; --- a/gcc/testsuite/g++.dg/other/anon5.C 2012-11-10 15:34:42.000000000 +0100 +++ b/gcc/testsuite/g++.dg/other/anon5.C 2013-11-09 14:49:52.281390127 +0100 @@ -1,5 +1,6 @@ // PR c++/34094 // { dg-do link { target { ! { *-*-darwin* *-*-hpux* *-*-solaris2.* } } } } +// { dg-skip-if "" { default_pie } { "*" } { "" } } // { dg-options "-g" } // Ignore additional message on powerpc-ibm-aix // { dg-prune-output "obtain more information" } */ --- a/gcc/testsuite/lib/target-supports.exp 2013-10-01 11:18:30.000000000 +0200 +++ b/gcc/testsuite/lib/target-supports.exp 2013-10-25 22:01:46.743388469 +0200 @@ -474,6 +474,11 @@ proc check_profiling_available { test_wh } } + # Profiling don't work with default -fPIE -pie. + if { [check_effective_target_default_pie] } { + return 0 + } + # Support for -p on solaris2 relies on mcrt1.o which comes with the # vendor compiler. We cannot reliably predict the directory where the # vendor compiler (and thus mcrt1.o) is installed so we can't @@ -856,6 +856,14 @@ proc check_effective_target_pie { } { return 0 } +# Return 1 if -pie, -fPIE are default enable, 0 otherwise. + +proc check_effective_target_default_pie { } { + global ENABLE_DEFAULT_PIE + return [info exists ENABLE_DEFAULT_PIE] + return 0 +} + # Return true if the target supports -mpaired-single (as used on MIPS). proc check_effective_target_mpaired_single { } { --nextPart2320523.oMskhoW8hL Content-Disposition: attachment; filename="gcc410_default_pie_doc.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="UTF-8"; name="gcc410_default_pie_doc.patch" Content-length: 1999 --- a/gcc/doc/install.texi 2013-10-01 19:29:40.000000000 +0200 +++ b/gcc/doc/install.texi 2013-11-17 16:13:20.474144921 +0100 @@ -1455,6 +1455,10 @@ do a @samp{make -C gcc gnatlib_and_tools Specify that the run-time libraries for stack smashing protection should not be built. +@item --enable-default-pie +Turn on @option{-fPIE} and @option{-pie} by default if supported. +Currently supported targets are i?86-*-linux* and x86-64-*-linux*. + @item --disable-libquadmath Specify that the GCC quad-precision math library should not be built. On some systems, the library is required to be linkable when building --- a/gcc/doc/invoke.texi 2013-10-03 19:13:50.000000000 +0200 +++ b/gcc/doc/invoke.texi 2013-11-17 21:30:02.784220111 +0100 @@ -10535,6 +10535,12 @@ For predictable results, you must also s used for compilation (@option{-fpie}, @option{-fPIE}, or model suboptions) when you specify this linker option. +NOTE: With configure --enable-default-pie this option is enabled by default +for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, +@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, +@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -rdynamic @opindex rdynamic Pass the flag @option{-export-dynamic} to the ELF linker, on targets @@ -22476,6 +22476,12 @@ used during linking. @code{__pie__} and @code{__PIE__}. The macros have the value 1 for @option{-fpie} and 2 for @option{-fPIE}. +NOTE: With configure --enable-default-pie this option is enabled by default +for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, +@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, +@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -fno-jump-tables @opindex fno-jump-tables Do not use jump tables for switch statements even where it would be --nextPart2320523.oMskhoW8hL--