From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id 69D153858427 for ; Fri, 22 Apr 2022 22:43:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 69D153858427 Received: by mail-pl1-x62a.google.com with SMTP id s14so13836361plk.8 for ; Fri, 22 Apr 2022 15:43:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=VEquSCIO4l3sXGyWiuwxB3M7BviNGPEyxXfTCOgTeyY=; b=b7AKnxHyVmrsQzCMoRswyAdqTMJb7IMWuerU3JYXk41ycdGxL5Oj9RdrdiwKgUNNLa LJnILK2lF1tNj2WVogzhwC/OFMnq2Wna9lbU3d1NO8hNmvA1UfM9Sb6kD6sfSL/61Q4S itkiUlTQjo5fu5reO9YmtFzqBgU4JNsqrHAkL9KKSiWoURwc5DFtJh+pEb7Vbq63lmKh e6c9sYEzsnAREOWYPUSVcgi+HiUE5oznWbqB+ELeeefxuIce6EJ5t8fKD+VyXtWO+0HS Xqem36x5tefjE4L9sR+Ng7lEYD0InP5bNS6EDxGwjk6ilYlq5bsBc9IKxg7YXUwTgRSF 9gdQ== X-Gm-Message-State: AOAM5333oHa0en/nfWCdvvjGwwa9g3FHJg9qhESnH3CuwCwU6et9o5sq Bmncwuo1ruOiPIBfUMathYs/Lg== X-Google-Smtp-Source: ABdhPJw4Q/3MHICOjeBew2zEu2yx2jdHn7iW+IoSIB40cJ2s+VwL6lwX37z/6oRnGRYBSCR8ngBESw== X-Received: by 2002:a17:902:dac5:b0:15a:fc5c:10ce with SMTP id q5-20020a170902dac500b0015afc5c10cemr6688954plx.41.1650667436252; Fri, 22 Apr 2022 15:43:56 -0700 (PDT) Received: from google.com ([2620:15c:2ce:200:8f89:e96b:b8b8:a84f]) by smtp.gmail.com with ESMTPSA id t66-20020a628145000000b0050ca37e60eesm3619381pfd.57.2022.04.22.15.43.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 15:43:55 -0700 (PDT) Date: Fri, 22 Apr 2022 15:43:52 -0700 From: Fangrui Song To: "H.J. Lu" Cc: libc-alpha@sourceware.org, Adhemerval Zanella Subject: Re: [PATCH v11 6/7] Add --disable-default-dt-relr Message-ID: <20220422224352.m73xexyf7qomaphr@google.com> References: <20220422190139.2615492-1-hjl.tools@gmail.com> <20220422190139.2615492-7-hjl.tools@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20220422190139.2615492-7-hjl.tools@gmail.com> X-Spam-Status: No, score=-27.3 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2022 22:44:02 -0000 On 2022-04-22, H.J. Lu wrote: >Enable DT_RELR in glibc shared libraries and position independent >executables (PIE) automatically if linker supports -z pack-relative-relocs. > >Also add a new configuration option, --disable-default-dt-relr, to >avoid DT_RELR usage in glibc shared libraries and PIEs. >--- > INSTALL | 6 ++++++ > Makeconfig | 19 +++++++++++++++++++ > Makerules | 2 ++ > configure | 18 ++++++++++++++++++ > configure.ac | 13 +++++++++++++ > elf/Makefile | 4 +++- > manual/install.texi | 5 +++++ > 7 files changed, 66 insertions(+), 1 deletion(-) > >diff --git a/INSTALL b/INSTALL >index b68884ccd6..09c9920a77 100644 >--- a/INSTALL >+++ b/INSTALL >@@ -139,6 +139,12 @@ if 'CFLAGS' is specified it must enable optimization. For example: > used with the GCC option, -static-pie, which is available with GCC > 8 or above, to create static PIE. > >+'--disable-default-dt-relr' >+ Don't enable DT_RELR in glibc shared libraries and position >+ independent executables (PIE). By default, DT_RELR is enabled in >+ glibc shared libraries and position independent executables on >+ targets that support it. >+ > '--enable-cet' > '--enable-cet=permissive' > Enable Intel Control-flow Enforcement Technology (CET) support. >diff --git a/Makeconfig b/Makeconfig >index 0aa5fb0099..b75f28f837 100644 >--- a/Makeconfig >+++ b/Makeconfig >@@ -358,6 +358,23 @@ else > real-static-start-installed-name = $(static-start-installed-name) > endif > >+# Linker option to enable and disable DT-RELR. >+ifeq ($(have-dt-relr),yes) >+dt-relr-ldflag = -Wl,-z,pack-relative-relocs >+no-dt-relr-ldflag = -Wl,-z,nopack-relative-relocs >+else >+dt-relr-ldflag = >+no-dt-relr-ldflag = >+endif >+ >+# Default linker option for DT-RELR. >+ifeq (yes,$(build-dt-relr-default)) >+default-rt-relr-ldflag = $(dt-relr-ldflag) >+else >+default-rt-relr-ldflag = $(no-dt-relr-ldflag) >+endif >+LDFLAGS-rtld += $(default-rt-relr-ldflag) >+ > relro-LDFLAGS = -Wl,-z,relro > LDFLAGS.so += $(relro-LDFLAGS) > LDFLAGS-rtld += $(relro-LDFLAGS) >@@ -413,6 +430,7 @@ link-extra-libs-tests = $(libsupport) > # Command for linking PIE programs with the C library. > ifndef +link-pie > +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ >+ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \ > -Wl,-O1 -nostdlib -nostartfiles \ > $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ > $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ >@@ -445,6 +463,7 @@ endif > ifndef +link-static > +link-static-before-inputs = -nostdlib -nostartfiles -static \ > $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ >+ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \ > $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ > $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ > $(+preinit) $(+prectorT) >diff --git a/Makerules b/Makerules >index 428464f092..7c1da551bf 100644 >--- a/Makerules >+++ b/Makerules >@@ -536,6 +536,7 @@ lib%.so: lib%_pic.a $(+preinit) $(+postinit) $(link-libc-deps) > define build-shlib-helper > $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ > $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ >+ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \ > $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ > $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ > -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ >@@ -595,6 +596,7 @@ endef > define build-module-helper > $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ > $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ >+ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \ > -B$(csu-objpfx) $(load-map-file) \ > $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ > $(link-test-modules-rpath-link) \ >diff --git a/configure b/configure >index 5a730dc5fc..91152a5154 100755 >--- a/configure >+++ b/configure >@@ -767,6 +767,7 @@ enable_sanity_checks > enable_shared > enable_profile > enable_default_pie >+enable_default_dt_relr > enable_timezone_tools > enable_hardcoded_path_in_tests > enable_hidden_plt >@@ -1424,6 +1425,7 @@ Optional Features: > --enable-profile build profiled library [default=no] > --disable-default-pie Do not build glibc programs and the testsuite as PIE > [default=no] >+ --disable-dt-relr Do not enable DT_RELR in glibc [default=no] > --disable-timezone-tools > do not install timezone tools [default=install] > --enable-hardcoded-path-in-tests >@@ -3440,6 +3442,13 @@ else > default_pie=yes > fi > >+# Check whether --enable-default-dt-relr was given. >+if test "${enable_default_dt_relr+set}" = set; then : >+ enableval=$enable_default_dt_relr; default_dt_relr=$enableval >+else >+ default_dt_relr=yes >+fi >+ > # Check whether --enable-timezone-tools was given. > if test "${enable_timezone_tools+set}" = set; then : > enableval=$enable_timezone_tools; enable_timezone_tools=$enableval >@@ -7029,6 +7038,15 @@ fi > config_vars="$config_vars > enable-static-pie = $libc_cv_static_pie" > >+# Disable build-dt-relr-default if linker does not support it or if glibc >+# is configured with --disable-default-dt-relr. >+build_dt_relr_default=$default_dt_relr >+if test "x$build_dt_relr_default" != xno; then >+ build_dt_relr_default=$libc_cv_dt_relr >+fi >+config_vars="$config_vars >+build-dt-relr-default = $build_dt_relr_default" >+ > # Set the `multidir' variable by grabbing the variable from the compiler. > # We do it once and save the result in a generated makefile. > libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` >diff --git a/configure.ac b/configure.ac >index a045f6608e..c4198af9dc 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -197,6 +197,11 @@ AC_ARG_ENABLE([default-pie], > [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]), > [default_pie=$enableval], > [default_pie=yes]) >+AC_ARG_ENABLE([default-dt-relr], >+ AS_HELP_STRING([--disable-dt-relr], >+ [Do not enable DT_RELR in glibc @<:@default=no@:>@]), >+ [default_dt_relr=$enableval], >+ [default_dt_relr=yes]) > AC_ARG_ENABLE([timezone-tools], > AS_HELP_STRING([--disable-timezone-tools], > [do not install timezone tools @<:@default=install@:>@]), >@@ -1825,6 +1830,14 @@ if test "$libc_cv_static_pie" = "yes"; then > fi > LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie]) > >+# Disable build-dt-relr-default if linker does not support it or if glibc >+# is configured with --disable-default-dt-relr. >+build_dt_relr_default=$default_dt_relr >+if test "x$build_dt_relr_default" != xno; then >+ build_dt_relr_default=$libc_cv_dt_relr >+fi >+LIBC_CONFIG_VAR([build-dt-relr-default], [$build_dt_relr_default]) >+ > # Set the `multidir' variable by grabbing the variable from the compiler. > # We do it once and save the result in a generated makefile. > libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` >diff --git a/elf/Makefile b/elf/Makefile >index bd9d03f527..c9f5876119 100644 >--- a/elf/Makefile >+++ b/elf/Makefile >@@ -1648,6 +1648,7 @@ $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so > > $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so > $(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \ >+ $(default-rt-relr-ldflag) \ > -L$(subst :, -L,$(rpath-link)) \ > -Wl,-rpath-link=$(rpath-link) \ > $< -Wl,-F,$(objpfx)filtmod2.so >@@ -2447,7 +2448,7 @@ $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so > # artificial, large note in tst-big-note-lib.o and invalidate the > # test. > $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o >- $(LINK.o) -shared -o $@ $(LDFLAGS.so) $< >+ $(LINK.o) -shared -o $@ $(LDFLAGS.so) $(default-rt-relr-ldflag) $< > > $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so > >@@ -2756,6 +2757,7 @@ $(objpfx)tst-ro-dynamic: $(objpfx)tst-ro-dynamic-mod.so > $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \ > tst-ro-dynamic-mod.map > $(LINK.o) -nostdlib -nostartfiles -shared -o $@ \ >+ $(default-rt-relr-ldflag) \ > -Wl,--script=tst-ro-dynamic-mod.map \ > $(objpfx)tst-ro-dynamic-mod.os > >diff --git a/manual/install.texi b/manual/install.texi >index fcfb6901e4..e446ac66c4 100644 >--- a/manual/install.texi >+++ b/manual/install.texi >@@ -167,6 +167,11 @@ and architecture support it, static executables are built as static PIE and the > resulting glibc can be used with the GCC option, -static-pie, which is > available with GCC 8 or above, to create static PIE. > >+@item --disable-default-dt-relr >+Don't enable DT_RELR in glibc shared libraries and position independent >+executables (PIE). By default, DT_RELR is enabled in glibc shared >+libraries and position independent executables on targets that support it. >+ > @item --enable-cet > @itemx --enable-cet=permissive > Enable Intel Control-flow Enforcement Technology (CET) support. When >-- >2.35.1 > I think the option can be useful to work around possible binutils ld bugs for other ports. The default dt-relr when binutils supports it is nice as it makes the entire glibc testsuite the testsuite for GNU ld support for other ports:) Reviewed-by: Fangrui Song