From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sonata.ens-lyon.org (domu-toccata.ens-lyon.fr [140.77.166.138]) by sourceware.org (Postfix) with ESMTPS id 603C83858419 for ; Sat, 22 Oct 2022 14:06:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 603C83858419 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=ens-lyon.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=bounce.ens-lyon.org Received: from localhost (localhost [127.0.0.1]) by sonata.ens-lyon.org (Postfix) with ESMTP id D0A562012F; Sat, 22 Oct 2022 16:06:14 +0200 (CEST) Received: from sonata.ens-lyon.org ([127.0.0.1]) by localhost (sonata.ens-lyon.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldHH-Vk4kIqu; Sat, 22 Oct 2022 16:06:14 +0200 (CEST) Received: from begin (lfbn-bor-1-376-208.w109-215.abo.wanadoo.fr [109.215.91.208]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by sonata.ens-lyon.org (Postfix) with ESMTPSA id 999C5200EE; Sat, 22 Oct 2022 16:06:14 +0200 (CEST) Received: from samy by begin with local (Exim 4.96) (envelope-from ) id 1omF8g-00HRre-0M; Sat, 22 Oct 2022 16:06:14 +0200 Date: Sat, 22 Oct 2022 16:06:14 +0200 From: Samuel Thibault To: libc-alpha@sourceware.org, glibc@packages.debian.org Subject: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o Message-ID: <20221022140614.rnfd4d4nefjmizzi@begin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: I am not organized User-Agent: NeoMutt/20170609 (1.8.3) X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hello, We're seeing a missing _DYNAMIC symbol here: https://buildd.debian.org/status/fetch.php?pkg=gnupg2&arch=hurd-i386&ver=2.2.40-1&stamp=1666261690&raw=0 which is leaving me completely confused. gcc -I/usr/include -I/usr/include -Wall -Wno-format-zero-length -Wno-pointer-sign -Wpointer-arith -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -pie -static -o gpgv gpgv.o build-packet.o compress.o free-packet.o getkey.o keydb.o keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o rmd160.o openfile.o keyid.o parse-packet.o cpr.o plaintext.o sig-check.o keylist.o pkglue.o ecdh.o verify.o ../kbx/libkeybox.a ../common/libcommon.a ../regexp/libregexp.a ../common/libgpgrl.a -lz -L/usr/lib/i386-gnu -lgcrypt -L/usr/lib/i386-gnu -lgpg-error [...] /usr/bin/ld: /usr/lib/i386-gnu/libcrt.a(dl-reloc-static-pie.o): in function `_dl_relocate_static_pie': (.text+0x31): undefined reference to `_DYNAMIC' So this is static pie (-pie -static), and I'm getting just the same issue with a mere int main(void) {} built with -static -pie. When debugging a bit on Debian Hurd: $ gcc test.o -o test -pie -static -v [...] /usr/lib/gcc/i686-gnu/12/collect2 -plugin /usr/lib/gcc/i686-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/i686-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/ccR0YAaP.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id -m elf_i386 --hash-style=gnu --as-needed -static -o test /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/Scrt1.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crti.o /usr/lib/gcc/i686-gnu/12/crtbeginT.o -L/usr/lib/gcc/i686-gnu/12 -L/usr/lib/gcc/i686-gnu/12/../../../i386-gnu -L/usr/lib/gcc/i686-gnu/12/../../.. -L/lib/i386-gnu -L/usr/lib/i386-gnu test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/i686-gnu/12/crtend.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crtn.o So this is using Scrt1.o, which doesn't surprise me since we're linking with pie. Scrt1.o doesn't define _dl_relocate_static_pie, so I'm not surprised that the link then pulls dl-reloc-static-pie.o from libc.a, which thus requires _DYNAMIC, but that's not defined... Testing this on Debian Linux: $ gcc test.o -o test -pie -static -v [...] /usr/lib/gcc/x86_64-linux-gnu/12/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/ccHeGHCw.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id -m elf_x86_64 --hash-style=gnu --as-needed -static -o test /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/12/crtbeginT.o -L/usr/lib/gcc/x86_64-linux-gnu/12 -L/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/12/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/12/../../.. test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/x86_64-linux-gnu/12/crtend.o /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crtn.o This is using crt1.o rather than Scrt1.o, why? Since crt1.o defines _dl_relocate_static_pie (to a trivial ret), dl-reloc-static-pie.o doesn't get pulled and thus no problem there. But isn't Scrt1.o supposed to be used and _dl_relocate_static_pie supposed to actually do some work? Trying the resulting binary of this source: #include int main(void) { printf("%p\n", printf); } $ ./test 0x4096c0 $ ./test 0x4096c0 so this is actually missing the whole point of using PIE: ASLR. So something looks completely wrong here? Samuel