public inbox for glibc-cvs@sourceware.org help / color / mirror / Atom feed
From: Siddhesh Poyarekar <siddhesh@sourceware.org> To: glibc-cvs@sourceware.org Subject: [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie Date: Mon, 6 Dec 2021 05:13:44 +0000 (GMT) [thread overview] Message-ID: <20211206051344.7A462385840A@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee14129be819bbe2d64a8e5c738cc13c47058296 commit ee14129be819bbe2d64a8e5c738cc13c47058296 Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Mon Dec 6 10:43:18 2021 +0530 Replace --enable-static-pie with --disable-default-pie Build glibc programs and tests as PIE by default and enable static-pie automatically if the architecture and toolchain supports it. Also add a new configuration option --disable-default-pie to prevent building programs as PIE. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Diff: --- INSTALL | 18 +++++++------- Makeconfig | 21 +++++++++++------ NEWS | 10 ++++++++ config.make.in | 3 --- configure | 56 +++++++++++++++++++++----------------------- configure.ac | 43 ++++++++++++++++------------------ manual/install.texi | 16 ++++++------- scripts/build-many-glibcs.py | 12 +++++----- sysdeps/sparc/Makefile | 1 + 9 files changed, 93 insertions(+), 87 deletions(-) diff --git a/INSTALL b/INSTALL index 02dcf6b1ca..3f89df2b81 100644 --- a/INSTALL +++ b/INSTALL @@ -111,16 +111,14 @@ if 'CFLAGS' is specified it must enable optimization. For example: systems support shared libraries; you need ELF support and (currently) the GNU linker. -'--enable-static-pie' - Enable static position independent executable (static PIE) support. - Static PIE is similar to static executable, but can be loaded at - any address without help from a dynamic linker. All static - programs as well as static tests are built as static PIE, except - for those marked with no-pie. The resulting glibc can be used with - the GCC option, -static-pie, which is available with GCC 8 or - above, to create static PIE. This option also implies that glibc - programs and tests are created as dynamic position independent - executables (PIE) by default. +'--disable-default-pie' + Don't build glibc programs and tests in the testsuite as position + independent executables (PIE). By default, glibc programs and tests + are created as position independent executables. If the toolchain + and architecture supports it, static executable are built as static + PIE and the resulting glibc can be used with the GCC option, + -static-pie, which is available with GCC 8 or above, to create + static PIE. '--enable-cet' '--enable-cet=permissive' diff --git a/Makeconfig b/Makeconfig index 3fa2f13003..775bf12b65 100644 --- a/Makeconfig +++ b/Makeconfig @@ -1,4 +1,5 @@ # Copyright (C) 1991-2021 Free Software Foundation, Inc. +# Copyright (C) The GNU Toolchain Authors. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS) LDFLAGS-rtld += $(hashstyle-LDFLAGS) endif -ifeq (yes,$(enable-static-pie)) +ifeq (no,$(build-pie-default)) +pie-default = $(no-pie-ccflag) +else # build-pie-default pic-default = -DPIC # Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE. pie-default = $(pie-ccflag) + +ifeq (yes,$(enable-static-pie)) ifeq (yes,$(have-static-pie)) -default-pie-ldflag = -static-pie +static-pie-ldflag = -static-pie else # Static PIE can't have dynamic relocations in read-only segments since # static PIE is mapped into memory by kernel. --eh-frame-hdr is needed # for PIE to support exception. -default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text -endif -endif +static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text +endif # have-static-pie +endif # enable-static-pie +endif # build-pie-default # If lazy relocations are disabled, add the -z now flag. Use # LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to @@ -444,7 +450,7 @@ endif # Command for statically linking programs with the C library. ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ - $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \ + $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) @@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default)) +link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc) +link-printers-tests = $(+link-pie-printers-tests) else # not build-pie-default -+link-before-inputs = -nostdlib -nostartfiles \ ++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \ @@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC endif # This can be changed by a sysdep makefile pie-ccflag = -fpie +no-pie-ccflag = -fno-pie # This one should always stay like this unless there is a very good reason. PIE-ccflag = -fPIE ifeq (yes,$(build-profile)) diff --git a/NEWS b/NEWS index f10971b180..4aecfa4e27 100644 --- a/NEWS +++ b/NEWS @@ -68,6 +68,12 @@ Major new features: to be used by compilers for optimizing usage of 'memcmp' when its return value is only used for its boolean status. +* All programs and tests in glibc are now built as position independent + executables (PIE) by default. Further, if static-pie is available in the + toolchain and the architecture, it is also enabled and static programs also + built as executable. A new option --disable-default-pie has been added to + disable this behavior and get a non-PIE build. + Deprecated and removed features, and other changes affecting compatibility: * The r_version update in the debugger interface makes the glibc binary @@ -80,6 +86,10 @@ Deprecated and removed features, and other changes affecting compatibility: * Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed. +* The --enable-static-pie option is no longer available. The glibc build + configuration script now automatically detects static-pie support in the + toolchain and architecture and enables it if available. + Changes to build and runtime requirements: [Add changes to build and runtime requirements here] diff --git a/config.make.in b/config.make.in index cbf59114b0..e8630a8d0c 100644 --- a/config.make.in +++ b/config.make.in @@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@ # Configuration options. build-shared = @shared@ -build-pic-default= @libc_cv_pic_default@ -build-pie-default= @libc_cv_pie_default@ -cc-pie-default= @libc_cv_cc_pie_default@ build-profile = @profile@ build-static-nss = @static_nss@ cross-compiling = @cross_compiling@ diff --git a/configure b/configure index 2f9adca064..c613422722 100755 --- a/configure +++ b/configure @@ -597,8 +597,6 @@ static_nss profile libc_cv_multidir libc_cv_pie_default -libc_cv_cc_pie_default -libc_cv_pic_default shared static ldd_rewrite_script @@ -767,7 +765,7 @@ with_nonshared_cflags enable_sanity_checks enable_shared enable_profile -enable_static_pie +enable_default_pie enable_timezone_tools enable_hardcoded_path_in_tests enable_hidden_plt @@ -1423,8 +1421,8 @@ Optional Features: in special situations) [default=yes] --enable-shared build shared library [default=yes if GNU ld] --enable-profile build profiled library [default=no] - --enable-static-pie enable static PIE support and use it in the - testsuite [default=no] + --disable-default-pie Do not build glibc programs and tests in the + testsuite as PIE [default=no] --disable-timezone-tools do not install timezone tools [default=install] --enable-hardcoded-path-in-tests @@ -3408,11 +3406,11 @@ else profile=no fi -# Check whether --enable-static-pie was given. -if test "${enable_static_pie+set}" = set; then : - enableval=$enable_static_pie; static_pie=$enableval +# Check whether --enable-default-pie was given. +if test "${enable_default_pie+set}" = set; then : + enableval=$enable_default_pie; default_pie=$enableval else - static_pie=no + default_pie=yes fi # Check whether --enable-timezone-tools was given. @@ -6959,7 +6957,8 @@ rm -f conftest.* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5 $as_echo "$libc_cv_pic_default" >&6; } - +config_vars="$config_vars +build-pic-default = $libc_cv_pic_default" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5 $as_echo_n "checking whether -fPIE is default... " >&6; } @@ -6979,17 +6978,13 @@ rm -f conftest.* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5 $as_echo "$libc_cv_cc_pie_default" >&6; } -libc_cv_pie_default=$libc_cv_cc_pie_default - - - -# Set the `multidir' variable by grabbing the variable from the compiler. -# We do it once and save the result in a generated makefile. -libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` +config_vars="$config_vars +cc-pie-default = $libc_cv_cc_pie_default" +libc_cv_pie_default=$default_pie -if test "$static_pie" = yes; then - # Check target support for static PIE +if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then + # Enable static-pie if available cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef SUPPORT_STATIC_PIE @@ -6997,22 +6992,25 @@ if test "$static_pie" = yes; then #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + libc_cv_static_pie=yes else - as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5 + libc_cv_static_pie=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - # The linker must support --no-dynamic-linker. - if test "$libc_cv_no_dynamic_linker" != yes; then - as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5 - fi - # Default to PIE. - libc_cv_pie_default=yes - $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h + if test "$libc_cv_static_pie" = "yes"; then + $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h + fi fi config_vars="$config_vars -enable-static-pie = $static_pie" +enable-static-pie = $libc_cv_static_pie" +config_vars="$config_vars +build-pie-default = $libc_cv_pie_default" + +# Set the `multidir' variable by grabbing the variable from the compiler. +# We do it once and save the result in a generated makefile. +libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` + diff --git a/configure.ac b/configure.ac index 7eb4239359..356b44aec7 100644 --- a/configure.ac +++ b/configure.ac @@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile], [build profiled library @<:@default=no@:>@]), [profile=$enableval], [profile=no]) -AC_ARG_ENABLE([static-pie], - AS_HELP_STRING([--enable-static-pie], - [enable static PIE support and use it in the testsuite @<:@default=no@:>@]), - [static_pie=$enableval], - [static_pie=no]) +AC_ARG_ENABLE([default-pie], + AS_HELP_STRING([--disable-default-pie], + [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]), + [default_pie=$enableval], + [default_pie=yes]) AC_ARG_ENABLE([timezone-tools], AS_HELP_STRING([--disable-timezone-tools], [do not install timezone tools @<:@default=install@:>@]), @@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then libc_cv_pic_default=no fi rm -f conftest.*]) -AC_SUBST(libc_cv_pic_default) +LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default]) AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default, [libc_cv_cc_pie_default=yes @@ -1852,30 +1852,27 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then libc_cv_cc_pie_default=no fi rm -f conftest.*]) -libc_cv_pie_default=$libc_cv_cc_pie_default -AC_SUBST(libc_cv_cc_pie_default) +LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default]) + +libc_cv_pie_default=$default_pie AC_SUBST(libc_cv_pie_default) +if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then + # Enable static-pie if available + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE +# error static PIE is not supported +#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no]) + if test "$libc_cv_static_pie" = "yes"; then + AC_DEFINE(ENABLE_STATIC_PIE) + fi +fi +LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie]) +LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default]) # Set the `multidir' variable by grabbing the variable from the compiler. # We do it once and save the result in a generated makefile. libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` AC_SUBST(libc_cv_multidir) -if test "$static_pie" = yes; then - # Check target support for static PIE - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE -# error static PIE is not supported -#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE])) - # The linker must support --no-dynamic-linker. - if test "$libc_cv_no_dynamic_linker" != yes; then - AC_MSG_ERROR([linker support for --no-dynamic-linker needed]) - fi - # Default to PIE. - libc_cv_pie_default=yes - AC_DEFINE(ENABLE_STATIC_PIE) -fi -LIBC_CONFIG_VAR([enable-static-pie], [$static_pie]) - AC_SUBST(profile) AC_SUBST(static_nss) diff --git a/manual/install.texi b/manual/install.texi index 46f73b538d..5c4d6fc519 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -141,15 +141,13 @@ Don't build shared libraries even if it is possible. Not all systems support shared libraries; you need ELF support and (currently) the GNU linker. -@item --enable-static-pie -Enable static position independent executable (static PIE) support. -Static PIE is similar to static executable, but can be loaded at any -address without help from a dynamic linker. All static programs as -well as static tests are built as static PIE, except for those marked -with no-pie. The resulting glibc can be used with the GCC option, --static-pie, which is available with GCC 8 or above, to create static -PIE. This option also implies that glibc programs and tests are created -as dynamic position independent executables (PIE) by default. +@item --disable-default-pie +Don't build glibc programs and tests in the testsuite as position independent +executables (PIE). By default, glibc programs and tests are created as +position independent executables. If the toolchain and architecture supports +it, static executable are built as static PIE and the resulting glibc can be +used with the GCC option, -static-pie, which is available with GCC 8 or above, +to create static PIE. @item --enable-cet @itemx --enable-cet=permissive diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py index 6ae2172956..89bd06881f 100755 --- a/scripts/build-many-glibcs.py +++ b/scripts/build-many-glibcs.py @@ -437,15 +437,15 @@ class Context(object): '--disable-experimental-malloc', '--disable-build-nscd', '--disable-nscd']}, - {'variant': 'static-pie', - 'cfg': ['--enable-static-pie']}, - {'variant': 'x32-static-pie', + {'variant': 'no-pie', + 'cfg': ['--disable-default-pie']}, + {'variant': 'x32-no-pie', 'ccopts': '-mx32', - 'cfg': ['--enable-static-pie']}, - {'variant': 'static-pie', + 'cfg': ['--disable-default-pie']}, + {'variant': 'no-pie', 'arch': 'i686', 'ccopts': '-m32 -march=i686', - 'cfg': ['--enable-static-pie']}, + 'cfg': ['--disable-default-pie']}, {'variant': 'disable-multi-arch', 'arch': 'i686', 'ccopts': '-m32 -march=i686', diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile index 1be9a3db2c..12c2c1b085 100644 --- a/sysdeps/sparc/Makefile +++ b/sysdeps/sparc/Makefile @@ -2,6 +2,7 @@ long-double-fcts = yes pie-ccflag = -fPIE +no-pie-ccflag = -fno-PIE ifeq ($(subdir),gmon) sysdep_routines += sparc-mcount
next reply other threads:[~2021-12-06 5:13 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-12-06 5:13 Siddhesh Poyarekar [this message] -- strict thread matches above, loose matches on Subject: below -- 2021-12-08 5:53 Siddhesh Poyarekar 2021-12-08 5:53 Siddhesh Poyarekar 2021-12-07 18:12 Siddhesh Poyarekar 2021-12-07 18:12 Siddhesh Poyarekar 2021-12-07 16:56 Siddhesh Poyarekar 2021-12-06 5:13 Siddhesh Poyarekar 2021-12-06 4:56 Siddhesh Poyarekar
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211206051344.7A462385840A@sourceware.org \ --to=siddhesh@sourceware.org \ --cc=glibc-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).