public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-06 5:13 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-06 5:13 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee14129be819bbe2d64a8e5c738cc13c47058296
commit ee14129be819bbe2d64a8e5c738cc13c47058296
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 6 10:43:18 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent building
programs as PIE.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 18 +++++++-------
Makeconfig | 21 +++++++++++------
NEWS | 10 ++++++++
config.make.in | 3 ---
configure | 56 +++++++++++++++++++++-----------------------
configure.ac | 43 ++++++++++++++++------------------
manual/install.texi | 16 ++++++-------
scripts/build-many-glibcs.py | 12 +++++-----
sysdeps/sparc/Makefile | 1 +
9 files changed, 93 insertions(+), 87 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..3f89df2b81 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,14 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and tests in the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables. If the toolchain
+ and architecture supports it, static executable are built as static
+ PIE and the resulting glibc can be used with the GCC option,
+ -static-pie, which is available with GCC 8 or above, to create
+ static PIE.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..4aecfa4e27 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,12 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and tests in glibc are now built as position independent
+ executables (PIE) by default. Further, if static-pie is available in the
+ toolchain and the architecture, it is also enabled and static programs also
+ built as executable. A new option --disable-default-pie has been added to
+ disable this behavior and get a non-PIE build.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +86,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..c613422722 100755
--- a/configure
+++ b/configure
@@ -597,8 +597,6 @@ static_nss
profile
libc_cv_multidir
libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +765,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1421,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and tests in the
+ testsuite as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3406,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6957,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6978,13 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
+libc_cv_pie_default=$default_pie
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +6992,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..356b44aec7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,27 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+libc_cv_pie_default=$default_pie
AC_SUBST(libc_cv_pie_default)
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..5c4d6fc519 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,13 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and tests in the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables. If the toolchain and architecture supports
+it, static executable are built as static PIE and the resulting glibc can be
+used with the GCC option, -static-pie, which is available with GCC 8 or above,
+to create static PIE.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index 6ae2172956..89bd06881f 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -437,15 +437,15 @@ class Context(object):
'--disable-experimental-malloc',
'--disable-build-nscd',
'--disable-nscd']},
- {'variant': 'static-pie',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'x32-static-pie',
+ {'variant': 'no-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'x32-no-pie',
'ccopts': '-mx32',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'static-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'no-pie',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
- 'cfg': ['--enable-static-pie']},
+ 'cfg': ['--disable-default-pie']},
{'variant': 'disable-multi-arch',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-08 5:53 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-08 5:53 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9978c36cad4b8cbc775283410be36631649b5f46
commit 9978c36cad4b8cbc775283410be36631649b5f46
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed Dec 8 11:21:26 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent
building programs as PIE.
Only the following architectures now have PIE disabled by default
because they do not work at the moment. hppa, ia64, alpha and csky
don't work because the linker is unable to handle a pcrel relocation
generated from PIE objects. The microblaze compiler is currently
failing with an ICE. GNU hurd tries to enable static-pie, which does
not work and hence fails. All these targets have default PIE disabled
at the moment and I have left it to the target maintainers to enable PIE
on their targets.
build-many-glibcs runs clean for all targets. I also tested x86_64 on
Fedora and Ubuntu, to verify that the default build as well as
--disable-default-pie work as expected with both system toolchains.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 18 ++++-----
Makeconfig | 21 +++++++----
NEWS | 13 +++++++
config.h.in | 3 ++
config.make.in | 3 --
configure | 83 ++++++++++++++++++++++++++---------------
configure.ac | 56 +++++++++++++++------------
manual/install.texi | 16 ++++----
scripts/build-many-glibcs.py | 13 ++++---
sysdeps/alpha/configure | 5 +++
sysdeps/alpha/configure.ac | 4 ++
sysdeps/csky/configure | 7 ++++
sysdeps/csky/configure.ac | 5 +++
sysdeps/hppa/configure | 7 ++++
sysdeps/hppa/configure.ac | 5 +++
sysdeps/ia64/configure | 5 +++
sysdeps/ia64/configure.ac | 4 ++
sysdeps/mach/hurd/configure | 6 +++
sysdeps/mach/hurd/configure.ac | 5 +++
sysdeps/microblaze/configure | 8 ++++
sysdeps/microblaze/configure.ac | 7 ++++
sysdeps/sparc/Makefile | 1 +
22 files changed, 205 insertions(+), 90 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..d6d93ec9be 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,14 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables on targets that
+ support it. If the toolchain and architecture support it, static
+ executables are built as static PIE and the resulting glibc can be
+ used with the GCC option, -static-pie, which is available with GCC
+ 8 or above, to create static PIE.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..f808764de9 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,15 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and the testsuite in glibc are now built as position independent
+ executables (PIE) by default on toolchains and architectures that support it.
+ Further, if the toolchain and architecture supports it, even static programs
+ are built as PIE and the resultant glibc can be used to build static PIE
+ executables. A new option --disable-default-pie has been added to disable
+ this behavior and get a non-PIE build. This option replaces
+ --enable-static-pie, which no longer has any effect on the build
+ configuration.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +89,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.h.in b/config.h.in
index 0a6f57b006..acce608373 100644
--- a/config.h.in
+++ b/config.h.in
@@ -265,6 +265,9 @@
/* Build glibc with tunables support. */
#define HAVE_TUNABLES 0
+/* Define if PIE is unsupported. */
+#undef PIE_UNSUPPORTED
+
/* Define if static PIE is supported. */
#undef SUPPORT_STATIC_PIE
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..0d295e2913 100755
--- a/configure
+++ b/configure
@@ -596,9 +596,6 @@ DEFINES
static_nss
profile
libc_cv_multidir
-libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +764,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1420,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and the testsuite as PIE
+ [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3405,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6956,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6977,37 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
-
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build programs as PIE" >&5
+$as_echo_n "checking if we can build programs as PIE... " >&6; }
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ libc_cv_pie_default=yes
+else
+ libc_cv_pie_default=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pie_default" >&5
+$as_echo "$libc_cv_pie_default" >&6; }
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build static PIE programs" >&5
+$as_echo_n "checking if we can build static PIE programs... " >&6; }
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +7015,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_static_pie" >&5
+$as_echo "$libc_cv_static_pie" >&6; }
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..b5f89d0bd5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,38 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
-AC_SUBST(libc_cv_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+AC_MSG_CHECKING(if we can build programs as PIE)
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif]])], [libc_cv_pie_default=yes], [libc_cv_pie_default=no])
+fi
+AC_MSG_RESULT($libc_cv_pie_default)
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
+
+AC_MSG_CHECKING(if we can build static PIE programs)
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+AC_MSG_RESULT($libc_cv_static_pie)
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..1320ac69b3 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,13 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables on targets that support it. If the toolchain
+and architecture support it, static executables are built as static PIE and the
+resulting glibc can be used with the GCC option, -static-pie, which is
+available with GCC 8 or above, to create static PIE.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index 6ae2172956..2f0f435166 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -1,6 +1,7 @@
#!/usr/bin/python3
# Build many configurations of glibc.
# Copyright (C) 2016-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
#
# The GNU C Library is free software; you can redistribute it and/or
@@ -437,15 +438,15 @@ class Context(object):
'--disable-experimental-malloc',
'--disable-build-nscd',
'--disable-nscd']},
- {'variant': 'static-pie',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'x32-static-pie',
+ {'variant': 'no-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'x32-no-pie',
'ccopts': '-mx32',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'static-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'no-pie',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
- 'cfg': ['--enable-static-pie']},
+ 'cfg': ['--disable-default-pie']},
{'variant': 'disable-multi-arch',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
diff --git a/sysdeps/alpha/configure b/sysdeps/alpha/configure
index 464b596527..3d665d96f2 100644
--- a/sysdeps/alpha/configure
+++ b/sysdeps/alpha/configure
@@ -5,4 +5,9 @@
# symbols in a position independent way.
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/alpha/configure.ac b/sysdeps/alpha/configure.ac
index 38e52e71ac..8f9a39ed2e 100644
--- a/sysdeps/alpha/configure.ac
+++ b/sysdeps/alpha/configure.ac
@@ -4,4 +4,8 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
# With required gcc+binutils, we can always access static and hidden
# symbols in a position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+AC_DEFINE(PIE_UNSUPPORTED)
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/csky/configure b/sysdeps/csky/configure
index 19acb084fb..27464eb707 100644
--- a/sysdeps/csky/configure
+++ b/sysdeps/csky/configure
@@ -2,3 +2,10 @@
# Local configure fragment for sysdeps/csky.
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/csky/configure.ac b/sysdeps/csky/configure.ac
index 5656b665da..8e00824909 100644
--- a/sysdeps/csky/configure.ac
+++ b/sysdeps/csky/configure.ac
@@ -2,3 +2,8 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
# Local configure fragment for sysdeps/csky.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure b/sysdeps/hppa/configure
index 2cfe6cbea1..cf5acf966d 100644
--- a/sysdeps/hppa/configure
+++ b/sysdeps/hppa/configure
@@ -30,3 +30,10 @@ $as_echo "$libc_cv_asm_line_sep" >&6; }
cat >>confdefs.h <<_ACEOF
#define ASM_LINE_SEP $libc_cv_asm_line_sep
_ACEOF
+
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure.ac b/sysdeps/hppa/configure.ac
index 1ec417b947..3e1c35bbd9 100644
--- a/sysdeps/hppa/configure.ac
+++ b/sysdeps/hppa/configure.ac
@@ -19,3 +19,8 @@ else
fi
rm -f conftest*])
AC_DEFINE_UNQUOTED(ASM_LINE_SEP, $libc_cv_asm_line_sep)
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure b/sysdeps/ia64/configure
index 1ef70921bc..748cb52601 100644
--- a/sysdeps/ia64/configure
+++ b/sysdeps/ia64/configure
@@ -3,4 +3,9 @@
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure.ac b/sysdeps/ia64/configure.ac
index 3bae9fc5e1..8e5fba32c3 100644
--- a/sysdeps/ia64/configure.ac
+++ b/sysdeps/ia64/configure.ac
@@ -4,4 +4,8 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
dnl It is always possible to access static and hidden symbols in an
dnl position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds fail on binutils 2.37 and earlier, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28672
+AC_DEFINE(PIE_UNSUPPORTED)
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure b/sysdeps/mach/hurd/configure
index 8d0702ad43..3303e5dff8 100644
--- a/sysdeps/mach/hurd/configure
+++ b/sysdeps/mach/hurd/configure
@@ -49,3 +49,9 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# Hurd build needs to be updated to support static pie, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28671
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure.ac b/sysdeps/mach/hurd/configure.ac
index 82d085af33..022c2eff79 100644
--- a/sysdeps/mach/hurd/configure.ac
+++ b/sysdeps/mach/hurd/configure.ac
@@ -29,3 +29,8 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# Hurd build needs to be updated to support static pie, see:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=28671
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure b/sysdeps/microblaze/configure
new file mode 100755
index 0000000000..e6652562d2
--- /dev/null
+++ b/sysdeps/microblaze/configure
@@ -0,0 +1,8 @@
+# This file is generated from configure.ac by Autoconf. DO NOT EDIT!
+ # Local configure fragment for sysdeps/microblaze.
+
+# gcc 11.2.1 and earlier crash with an internal compiler error, see:
+# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103613
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure.ac b/sysdeps/microblaze/configure.ac
new file mode 100644
index 0000000000..1c58f70a7b
--- /dev/null
+++ b/sysdeps/microblaze/configure.ac
@@ -0,0 +1,7 @@
+GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+# Local configure fragment for sysdeps/microblaze.
+
+# gcc 11.2.1 and earlier crash with an internal compiler error, see:
+# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103613
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-08 5:53 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-08 5:53 UTC (permalink / raw)
To: glibc-cvs
The branch 'siddhesh/default-pie' was updated to point to:
9978c36cad... Replace --enable-static-pie with --disable-default-pie
It previously pointed to:
4d51c09b46... Replace --enable-static-pie with --disable-default-pie
Diff:
!!! WARNING: THE FOLLOWING COMMITS ARE NO LONGER ACCESSIBLE (LOST):
-------------------------------------------------------------------
4d51c09... Replace --enable-static-pie with --disable-default-pie
Summary of changes (added commits):
-----------------------------------
9978c36... Replace --enable-static-pie with --disable-default-pie
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-07 18:12 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-07 18:12 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d51c09b466bf288b8c205a7c3b5fe43cc62bde3
commit 4d51c09b466bf288b8c205a7c3b5fe43cc62bde3
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Dec 7 23:41:33 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent
building programs as PIE.
Only the following architectures now have PIE disabled by default
because they do not work at the moment. hppa, ia64, alpha and csky
don't work because the linker is unable to handle a pcrel relocation
generated from PIE objects. The microblaze compiler is currently
failing with an ICE. GNU hurd tries to enable static-pie, which does
not work and hence fails. It could be made to work, but I've left the
enabling for the Hurd maintainer. build-many-glibcs runs clean for all
targets now; following are the failures before disabling PIE for these
targets. I also tested x86_64 on Fedora and Ubuntu, to verify that the
default build as well as --disable-default-pie work as expected with
both system toolchains.
FAIL: glibcs-alpha-linux-gnu check
build/glibcs/alpha-linux-gnu/glibc/math/test-misc.o: in function `do_test':
src/glibc/math/test-misc.c:391:(.text+0x780): relocation truncated to fit: GPREL16 against `.rodata.cst16'
src/glibc/math/test-misc.c:400:(.text+0x87c): relocation truncated to fit: GPREL16 against `.rodata.cst16'
src/glibc/math/test-misc.c:705:(.text+0xda0): relocation truncated to fit: GPREL16 against `.rodata.cst16'
src/glibc/math/test-misc.c:714:(.text+0xe90): relocation truncated to fit: GPREL16 against `.rodata.cst16'
FAIL: glibcs-microblazeel-linux-gnu check
ICE
FAIL: glibcs-csky-linux-gnuabiv2-soft check
build/glibcs/csky-linux-gnuabiv2-soft/glibc/math/test-tgmath2.o: in function `main':
src/glibc/math/../support/test-driver.c:124:(.text.startup+0x24): relocation truncated to fit: R_CKCORE_PCREL_IMM18BY2 against `.text'
FAIL: glibcs-csky-linux-gnuabiv2 check
/tmp/ccaEAi1b.s: Assembler messages:
/tmp/ccaEAi1b.s:409254: Error: pcrel offset for branch to <unknown> too far (0xfffffffffffc44a1)
make[3]: *** [../o-iterator.mk:9: build/glibcs/csky-linux-gnuabiv2/glibc/math/test-tgmath3-fma.o] Error 1
FAIL: glibcs-ia64-linux-gnu build
build/glibcs/ia64-linux-gnu/glibc/libc.a(dl-support.o): in function `_dl_aux_init':
src/glibc/elf/dl-support.c:254:(.text+0x42): relocation truncated to fit: GPREL22 against `.text'
build/glibcs/ia64-linux-gnu/glibc/libc.a(dl-support.o): in function `setup_vdso':
src/glibc/elf/setup-vdso.h:108:(.text+0x1092): relocation truncated to fit: GPREL22 against `.text'
FAIL: glibcs-microblaze-linux-gnu check
ICE
FAIL: glibcs-hppa-linux-gnu check
install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: build/glibcs/hppa-linux-gnu/glibc/nptl/tst-audit-threads.o(.text+0x22a58): cannot reach 0000004f_retNum6056+0, recompile with -ffunction-sections
install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: build/glibcs/hppa-linux-gnu/glibc/nptl/tst-audit-threads.o(.text+0x22a58): cannot handle R_PARISC_PCREL17F for retNum6056
install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: final link failed: bad value
FAIL: glibcs-i686-gnu build
install/compilers/i686-gnu/lib/gcc/i686-glibc-gnu/11.2.1/../../../../i686-glibc-gnu/bin/ld: cannot find build/glibcs/i686-gnu/glibc/csu/rcrt0.o: No such file or directory
collect2: error: ld returned 1 exit status
make[3]: *** [../Rules:269: build/glibcs/i686-gnu/glibc/support/test-run-command] Error 1
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 19 +++++-----
Makeconfig | 21 +++++++----
NEWS | 12 ++++++
config.h.in | 3 ++
config.make.in | 3 --
configure | 83 ++++++++++++++++++++++++++---------------
configure.ac | 56 +++++++++++++++------------
manual/install.texi | 17 ++++-----
scripts/build-many-glibcs.py | 13 ++++---
sysdeps/alpha/configure | 4 ++
sysdeps/alpha/configure.ac | 3 ++
sysdeps/csky/configure | 6 +++
sysdeps/csky/configure.ac | 4 ++
sysdeps/hppa/configure | 6 +++
sysdeps/hppa/configure.ac | 4 ++
sysdeps/ia64/configure | 4 ++
sysdeps/ia64/configure.ac | 3 ++
sysdeps/mach/hurd/configure | 5 +++
sysdeps/mach/hurd/configure.ac | 4 ++
sysdeps/microblaze/configure | 7 ++++
sysdeps/microblaze/configure.ac | 6 +++
sysdeps/sparc/Makefile | 1 +
22 files changed, 194 insertions(+), 90 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..f064654f3b 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,15 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and tests in the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables. If the toolchain
+ and architecture supports it, static executable are built as static
+ PIE and the resulting glibc can be used with the GCC option,
+ -static-pie, which is available with GCC 8 or above, to create
+ static PIE. PIE is not enabled by default on i686 GNU/Hurd, HPPA,
+ IA64, CSKY, Alpha and Microblaze targets.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..ae6f264b38 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,14 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and tests in glibc are now built as position independent
+ executables (PIE) by default on architectures that support it. Further, if
+ static-pie is available in the toolchain and the architecture, it is also
+ enabled and static programs also built as executable. A new option
+ --disable-default-pie has been added to disable this behavior and get a
+ non-PIE build. Default PIE is not supported on GNU Hurd, HPPA, IA64, CSKY,
+ Alpha and Microblaze targets.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +88,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.h.in b/config.h.in
index 0a6f57b006..acce608373 100644
--- a/config.h.in
+++ b/config.h.in
@@ -265,6 +265,9 @@
/* Build glibc with tunables support. */
#define HAVE_TUNABLES 0
+/* Define if PIE is unsupported. */
+#undef PIE_UNSUPPORTED
+
/* Define if static PIE is supported. */
#undef SUPPORT_STATIC_PIE
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..4dce154938 100755
--- a/configure
+++ b/configure
@@ -596,9 +596,6 @@ DEFINES
static_nss
profile
libc_cv_multidir
-libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +764,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1420,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and tests in the
+ testsuite as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3405,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6956,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6977,37 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
-
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build programs as PIE" >&5
+$as_echo_n "checking if we can build programs as PIE... " >&6; }
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ libc_cv_pie_default=yes
+else
+ libc_cv_pie_default=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pie_default" >&5
+$as_echo "$libc_cv_pie_default" >&6; }
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build static PIE programs" >&5
+$as_echo_n "checking if we can build static PIE programs... " >&6; }
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +7015,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_static_pie" >&5
+$as_echo "$libc_cv_static_pie" >&6; }
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..55d3162a4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,38 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
-AC_SUBST(libc_cv_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+AC_MSG_CHECKING(if we can build programs as PIE)
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif]])], [libc_cv_pie_default=yes], [libc_cv_pie_default=no])
+fi
+AC_MSG_RESULT($libc_cv_pie_default)
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
+
+AC_MSG_CHECKING(if we can build static PIE programs)
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+AC_MSG_RESULT($libc_cv_static_pie)
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..cb34ac10a0 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,14 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and tests in the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables. If the toolchain and architecture supports
+it, static executable are built as static PIE and the resulting glibc can be
+used with the GCC option, -static-pie, which is available with GCC 8 or above,
+to create static PIE. PIE is not enabled by default on i686 GNU/Hurd, HPPA,
+IA64, CSKY, Alpha and Microblaze targets.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index 6ae2172956..2f0f435166 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -1,6 +1,7 @@
#!/usr/bin/python3
# Build many configurations of glibc.
# Copyright (C) 2016-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
#
# The GNU C Library is free software; you can redistribute it and/or
@@ -437,15 +438,15 @@ class Context(object):
'--disable-experimental-malloc',
'--disable-build-nscd',
'--disable-nscd']},
- {'variant': 'static-pie',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'x32-static-pie',
+ {'variant': 'no-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'x32-no-pie',
'ccopts': '-mx32',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'static-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'no-pie',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
- 'cfg': ['--enable-static-pie']},
+ 'cfg': ['--disable-default-pie']},
{'variant': 'disable-multi-arch',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
diff --git a/sysdeps/alpha/configure b/sysdeps/alpha/configure
index 464b596527..3ab3de07ca 100644
--- a/sysdeps/alpha/configure
+++ b/sysdeps/alpha/configure
@@ -5,4 +5,8 @@
# symbols in a position independent way.
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/alpha/configure.ac b/sysdeps/alpha/configure.ac
index 38e52e71ac..30f37d8740 100644
--- a/sysdeps/alpha/configure.ac
+++ b/sysdeps/alpha/configure.ac
@@ -4,4 +4,7 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
# With required gcc+binutils, we can always access static and hidden
# symbols in a position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/csky/configure b/sysdeps/csky/configure
index 19acb084fb..08caa633b1 100644
--- a/sysdeps/csky/configure
+++ b/sysdeps/csky/configure
@@ -2,3 +2,9 @@
# Local configure fragment for sysdeps/csky.
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/csky/configure.ac b/sysdeps/csky/configure.ac
index 5656b665da..9613c68338 100644
--- a/sysdeps/csky/configure.ac
+++ b/sysdeps/csky/configure.ac
@@ -2,3 +2,7 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
# Local configure fragment for sysdeps/csky.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure b/sysdeps/hppa/configure
index 2cfe6cbea1..1a0530ef9f 100644
--- a/sysdeps/hppa/configure
+++ b/sysdeps/hppa/configure
@@ -30,3 +30,9 @@ $as_echo "$libc_cv_asm_line_sep" >&6; }
cat >>confdefs.h <<_ACEOF
#define ASM_LINE_SEP $libc_cv_asm_line_sep
_ACEOF
+
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure.ac b/sysdeps/hppa/configure.ac
index 1ec417b947..3aa5cde7ce 100644
--- a/sysdeps/hppa/configure.ac
+++ b/sysdeps/hppa/configure.ac
@@ -19,3 +19,7 @@ else
fi
rm -f conftest*])
AC_DEFINE_UNQUOTED(ASM_LINE_SEP, $libc_cv_asm_line_sep)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure b/sysdeps/ia64/configure
index 1ef70921bc..c13b11d5af 100644
--- a/sysdeps/ia64/configure
+++ b/sysdeps/ia64/configure
@@ -3,4 +3,8 @@
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure.ac b/sysdeps/ia64/configure.ac
index 3bae9fc5e1..8f16c49d4d 100644
--- a/sysdeps/ia64/configure.ac
+++ b/sysdeps/ia64/configure.ac
@@ -4,4 +4,7 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
dnl It is always possible to access static and hidden symbols in an
dnl position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure b/sysdeps/mach/hurd/configure
index 8d0702ad43..1192a5261d 100644
--- a/sysdeps/mach/hurd/configure
+++ b/sysdeps/mach/hurd/configure
@@ -49,3 +49,8 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure.ac b/sysdeps/mach/hurd/configure.ac
index 82d085af33..115d809cec 100644
--- a/sysdeps/mach/hurd/configure.ac
+++ b/sysdeps/mach/hurd/configure.ac
@@ -29,3 +29,7 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure b/sysdeps/microblaze/configure
new file mode 100755
index 0000000000..2805a4568d
--- /dev/null
+++ b/sysdeps/microblaze/configure
@@ -0,0 +1,7 @@
+# This file is generated from configure.ac by Autoconf. DO NOT EDIT!
+ # Local configure fragment for sysdeps/microblaze.
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure.ac b/sysdeps/microblaze/configure.ac
new file mode 100644
index 0000000000..3dce7167db
--- /dev/null
+++ b/sysdeps/microblaze/configure.ac
@@ -0,0 +1,6 @@
+GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+# Local configure fragment for sysdeps/microblaze.
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-07 18:12 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-07 18:12 UTC (permalink / raw)
To: glibc-cvs
The branch 'siddhesh/default-pie' was updated to point to:
4d51c09b46... Replace --enable-static-pie with --disable-default-pie
It previously pointed to:
becfc55bd3... disable pie for alpha too
Diff:
!!! WARNING: THE FOLLOWING COMMITS ARE NO LONGER ACCESSIBLE (LOST):
-------------------------------------------------------------------
becfc55... disable pie for alpha too
9d2078b... Replace --enable-static-pie with --disable-default-pie
Summary of changes (added commits):
-----------------------------------
4d51c09... Replace --enable-static-pie with --disable-default-pie
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-07 16:56 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-07 16:56 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9d2078b356ef18702f4ed15ba572072551771286
commit 9d2078b356ef18702f4ed15ba572072551771286
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Dec 7 13:55:01 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent
building programs as PIE.
Only the following architectures now have PIE disabled by default
because they do not work at the moment. hppa, ia64 and csky don't work
because the linker is unable to handle a pcrel relocation generated from
PIE objects. The microblaze compiler is currently failing with an ICE.
GNU hurd tries to enable static-pie, which does not work and hence
fails. It could be made to work, but I've left the enabling for the
Hurd maintainer. build-many-glibcs runs clean for all targets now;
following are the failures before disabling PIE for these targets. I
also tested x86_64 on Fedora and Ubuntu, to verify that the default
build as well as --disable-default-pie work as expected with both system
toolchains.
FAIL: glibcs-microblazeel-linux-gnu check
ICE
FAIL: glibcs-csky-linux-gnuabiv2-soft check
build-many-2/build/glibcs/csky-linux-gnuabiv2-soft/glibc/math/test-tgmath2.o: in function `main':
build-many-2/src/glibc/math/../support/test-driver.c:124:(.text.startup+0x24): relocation truncated to fit: R_CKCORE_PCREL_IMM18BY2 against `.text'
FAIL: glibcs-csky-linux-gnuabiv2 check
/tmp/ccaEAi1b.s: Assembler messages:
/tmp/ccaEAi1b.s:409254: Error: pcrel offset for branch to <unknown> too far (0xfffffffffffc44a1)
make[3]: *** [../o-iterator.mk:9: build-many-2/build/glibcs/csky-linux-gnuabiv2/glibc/math/test-tgmath3-fma.o] Error 1
FAIL: glibcs-ia64-linux-gnu build
build-many-2/build/glibcs/ia64-linux-gnu/glibc/libc.a(dl-support.o): in function `_dl_aux_init':
build-many-2/src/glibc/elf/dl-support.c:254:(.text+0x42): relocation truncated to fit: GPREL22 against `.text'
build-many-2/build/glibcs/ia64-linux-gnu/glibc/libc.a(dl-support.o): in function `setup_vdso':
build-many-2/src/glibc/elf/setup-vdso.h:108:(.text+0x1092): relocation truncated to fit: GPREL22 against `.text'
FAIL: glibcs-microblaze-linux-gnu check
ICE
FAIL: glibcs-hppa-linux-gnu check
build-many-2/install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: build-many-2/build/glibcs/hppa-linux-gnu/glibc/nptl/tst-audit-threads.o(.text+0x22a58): cannot reach 0000004f_retNum6056+0, recompile with -ffunction-sections
build-many-2/install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: build-many-2/build/glibcs/hppa-linux-gnu/glibc/nptl/tst-audit-threads.o(.text+0x22a58): cannot handle R_PARISC_PCREL17F for retNum6056
build-many-2/install/compilers/hppa-linux-gnu/lib/gcc/hppa-glibc-linux-gnu/11.2.1/../../../../hppa-glibc-linux-gnu/bin/ld: final link failed: bad value
FAIL: glibcs-i686-gnu build
build-many-2/install/compilers/i686-gnu/lib/gcc/i686-glibc-gnu/11.2.1/../../../../i686-glibc-gnu/bin/ld: cannot find build-many-2/build/glibcs/i686-gnu/glibc/csu/rcrt0.o: No such file or directory
collect2: error: ld returned 1 exit status
make[3]: *** [../Rules:269: build-many-2/build/glibcs/i686-gnu/glibc/support/test-run-command] Error 1
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 19 +++++-----
Makeconfig | 21 +++++++----
NEWS | 12 ++++++
config.h.in | 3 ++
config.make.in | 3 --
configure | 83 ++++++++++++++++++++++++++---------------
configure.ac | 56 +++++++++++++++------------
manual/install.texi | 17 ++++-----
scripts/build-many-glibcs.py | 12 +++---
sysdeps/csky/configure | 6 +++
sysdeps/csky/configure.ac | 4 ++
sysdeps/hppa/configure | 6 +++
sysdeps/hppa/configure.ac | 4 ++
sysdeps/ia64/configure | 4 ++
sysdeps/ia64/configure.ac | 3 ++
sysdeps/mach/hurd/configure | 5 +++
sysdeps/mach/hurd/configure.ac | 4 ++
sysdeps/microblaze/configure | 7 ++++
sysdeps/microblaze/configure.ac | 6 +++
sysdeps/sparc/Makefile | 1 +
20 files changed, 186 insertions(+), 90 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..56d2a31dad 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,15 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and tests in the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables. If the toolchain
+ and architecture supports it, static executable are built as static
+ PIE and the resulting glibc can be used with the GCC option,
+ -static-pie, which is available with GCC 8 or above, to create
+ static PIE. PIE is not enabled by default on i686 GNU/Hurd, HPPA,
+ IA64, CSKY and Microblaze targets.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..f12f3ffde4 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,14 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and tests in glibc are now built as position independent
+ executables (PIE) by default on architectures that support it. Further, if
+ static-pie is available in the toolchain and the architecture, it is also
+ enabled and static programs also built as executable. A new option
+ --disable-default-pie has been added to disable this behavior and get a
+ non-PIE build. Default PIE is not supported on GNU Hurd, HPPA, IA64, CSKY
+ and Microblaze targets.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +88,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.h.in b/config.h.in
index 0a6f57b006..acce608373 100644
--- a/config.h.in
+++ b/config.h.in
@@ -265,6 +265,9 @@
/* Build glibc with tunables support. */
#define HAVE_TUNABLES 0
+/* Define if PIE is unsupported. */
+#undef PIE_UNSUPPORTED
+
/* Define if static PIE is supported. */
#undef SUPPORT_STATIC_PIE
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..4dce154938 100755
--- a/configure
+++ b/configure
@@ -596,9 +596,6 @@ DEFINES
static_nss
profile
libc_cv_multidir
-libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +764,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1420,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and tests in the
+ testsuite as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3405,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6956,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6977,37 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
-
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build programs as PIE" >&5
+$as_echo_n "checking if we can build programs as PIE... " >&6; }
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ libc_cv_pie_default=yes
+else
+ libc_cv_pie_default=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pie_default" >&5
+$as_echo "$libc_cv_pie_default" >&6; }
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can build static PIE programs" >&5
+$as_echo_n "checking if we can build static PIE programs... " >&6; }
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +7015,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_static_pie" >&5
+$as_echo "$libc_cv_static_pie" >&6; }
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..55d3162a4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,38 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
-AC_SUBST(libc_cv_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+AC_MSG_CHECKING(if we can build programs as PIE)
+if test "x$default_pie" != xno; then
+ # Disable build-pie-default if target does not support it.
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifdef PIE_UNSUPPORTED
+# error PIE is not supported
+#endif]])], [libc_cv_pie_default=yes], [libc_cv_pie_default=no])
+fi
+AC_MSG_RESULT($libc_cv_pie_default)
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
+
+AC_MSG_CHECKING(if we can build static PIE programs)
+libc_cv_static_pie=$libc_cv_pie_default
+if test "x$libc_cv_pie_default" != xno \
+ -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+AC_MSG_RESULT($libc_cv_static_pie)
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..dff20fefa1 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,14 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and tests in the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables. If the toolchain and architecture supports
+it, static executable are built as static PIE and the resulting glibc can be
+used with the GCC option, -static-pie, which is available with GCC 8 or above,
+to create static PIE. PIE is not enabled by default on i686 GNU/Hurd, HPPA,
+IA64, CSKY and Microblaze targets.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index 6ae2172956..89bd06881f 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -437,15 +437,15 @@ class Context(object):
'--disable-experimental-malloc',
'--disable-build-nscd',
'--disable-nscd']},
- {'variant': 'static-pie',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'x32-static-pie',
+ {'variant': 'no-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'x32-no-pie',
'ccopts': '-mx32',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'static-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'no-pie',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
- 'cfg': ['--enable-static-pie']},
+ 'cfg': ['--disable-default-pie']},
{'variant': 'disable-multi-arch',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
diff --git a/sysdeps/csky/configure b/sysdeps/csky/configure
index 19acb084fb..08caa633b1 100644
--- a/sysdeps/csky/configure
+++ b/sysdeps/csky/configure
@@ -2,3 +2,9 @@
# Local configure fragment for sysdeps/csky.
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/csky/configure.ac b/sysdeps/csky/configure.ac
index 5656b665da..9613c68338 100644
--- a/sysdeps/csky/configure.ac
+++ b/sysdeps/csky/configure.ac
@@ -2,3 +2,7 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
# Local configure fragment for sysdeps/csky.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure b/sysdeps/hppa/configure
index 2cfe6cbea1..1a0530ef9f 100644
--- a/sysdeps/hppa/configure
+++ b/sysdeps/hppa/configure
@@ -30,3 +30,9 @@ $as_echo "$libc_cv_asm_line_sep" >&6; }
cat >>confdefs.h <<_ACEOF
#define ASM_LINE_SEP $libc_cv_asm_line_sep
_ACEOF
+
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/hppa/configure.ac b/sysdeps/hppa/configure.ac
index 1ec417b947..3aa5cde7ce 100644
--- a/sysdeps/hppa/configure.ac
+++ b/sysdeps/hppa/configure.ac
@@ -19,3 +19,7 @@ else
fi
rm -f conftest*])
AC_DEFINE_UNQUOTED(ASM_LINE_SEP, $libc_cv_asm_line_sep)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure b/sysdeps/ia64/configure
index 1ef70921bc..c13b11d5af 100644
--- a/sysdeps/ia64/configure
+++ b/sysdeps/ia64/configure
@@ -3,4 +3,8 @@
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/ia64/configure.ac b/sysdeps/ia64/configure.ac
index 3bae9fc5e1..8f16c49d4d 100644
--- a/sysdeps/ia64/configure.ac
+++ b/sysdeps/ia64/configure.ac
@@ -4,4 +4,7 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
dnl It is always possible to access static and hidden symbols in an
dnl position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure b/sysdeps/mach/hurd/configure
index 8d0702ad43..1192a5261d 100644
--- a/sysdeps/mach/hurd/configure
+++ b/sysdeps/mach/hurd/configure
@@ -49,3 +49,8 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/mach/hurd/configure.ac b/sysdeps/mach/hurd/configure.ac
index 82d085af33..115d809cec 100644
--- a/sysdeps/mach/hurd/configure.ac
+++ b/sysdeps/mach/hurd/configure.ac
@@ -29,3 +29,7 @@ fi
# Hurd has libpthread as a separate library.
pthread_in_libc=no
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure b/sysdeps/microblaze/configure
new file mode 100755
index 0000000000..2805a4568d
--- /dev/null
+++ b/sysdeps/microblaze/configure
@@ -0,0 +1,7 @@
+# This file is generated from configure.ac by Autoconf. DO NOT EDIT!
+ # Local configure fragment for sysdeps/microblaze.
+
+# PIE builds don't work.
+$as_echo "#define PIE_UNSUPPORTED 1" >>confdefs.h
+
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/microblaze/configure.ac b/sysdeps/microblaze/configure.ac
new file mode 100644
index 0000000000..3dce7167db
--- /dev/null
+++ b/sysdeps/microblaze/configure.ac
@@ -0,0 +1,6 @@
+GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+# Local configure fragment for sysdeps/microblaze.
+
+# PIE builds don't work.
+AC_DEFINE(PIE_UNSUPPORTED)
+# work around problem with autoconf and empty lines at the end of files
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-06 5:13 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-06 5:13 UTC (permalink / raw)
To: glibc-cvs
The branch 'siddhesh/default-pie' was updated to point to:
ee14129be8... Replace --enable-static-pie with --disable-default-pie
It previously pointed to:
3cde9259e3... Replace --enable-static-pie with --disable-default-pie
Diff:
!!! WARNING: THE FOLLOWING COMMITS ARE NO LONGER ACCESSIBLE (LOST):
-------------------------------------------------------------------
3cde925... Replace --enable-static-pie with --disable-default-pie
Summary of changes (added commits):
-----------------------------------
ee14129... Replace --enable-static-pie with --disable-default-pie
^ permalink raw reply [flat|nested] 8+ messages in thread
* [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
@ 2021-12-06 4:56 Siddhesh Poyarekar
0 siblings, 0 replies; 8+ messages in thread
From: Siddhesh Poyarekar @ 2021-12-06 4:56 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3cde9259e3444fd836b9f811e327032e3e284643
commit 3cde9259e3444fd836b9f811e327032e3e284643
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 6 10:22:20 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent building
programs as PIE.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 18 ++++++++--------
Makeconfig | 21 ++++++++++++-------
NEWS | 10 +++++++++
config.make.in | 3 ---
configure | 56 ++++++++++++++++++++++++--------------------------
configure.ac | 43 ++++++++++++++++++--------------------
manual/install.texi | 16 +++++++--------
sysdeps/sparc/Makefile | 1 +
8 files changed, 87 insertions(+), 81 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..3f89df2b81 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,14 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and tests in the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables. If the toolchain
+ and architecture supports it, static executable are built as static
+ PIE and the resulting glibc can be used with the GCC option,
+ -static-pie, which is available with GCC 8 or above, to create
+ static PIE.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..4aecfa4e27 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,12 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and tests in glibc are now built as position independent
+ executables (PIE) by default. Further, if static-pie is available in the
+ toolchain and the architecture, it is also enabled and static programs also
+ built as executable. A new option --disable-default-pie has been added to
+ disable this behavior and get a non-PIE build.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +86,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..c613422722 100755
--- a/configure
+++ b/configure
@@ -597,8 +597,6 @@ static_nss
profile
libc_cv_multidir
libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +765,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1421,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and tests in the
+ testsuite as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3406,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6957,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6978,13 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
+libc_cv_pie_default=$default_pie
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +6992,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..356b44aec7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,27 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+libc_cv_pie_default=$default_pie
AC_SUBST(libc_cv_pie_default)
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..5c4d6fc519 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,13 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and tests in the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables. If the toolchain and architecture supports
+it, static executable are built as static PIE and the resulting glibc can be
+used with the GCC option, -static-pie, which is available with GCC 8 or above,
+to create static PIE.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-12-08 5:53 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 5:13 [glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie Siddhesh Poyarekar
-- strict thread matches above, loose matches on Subject: below --
2021-12-08 5:53 Siddhesh Poyarekar
2021-12-08 5:53 Siddhesh Poyarekar
2021-12-07 18:12 Siddhesh Poyarekar
2021-12-07 18:12 Siddhesh Poyarekar
2021-12-07 16:56 Siddhesh Poyarekar
2021-12-06 5:13 Siddhesh Poyarekar
2021-12-06 4:56 Siddhesh Poyarekar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).