From: Florian Weimer <fw@deneb.enyo.de>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Joseph Myers <joseph@codesourcery.com>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: PING^N: [PATCH] Add --enable-static-pie to build static PIE [BZ #19574]
Date: Sun, 19 Nov 2017 15:39:00 -0000 [thread overview]
Message-ID: <87bmjyqnve.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <CAMe9rOr5qR-MnP+bEY_3OPdPK1qTnn_7JLi3Xn688E9JWKr1Zw@mail.gmail.com> (H. J. Lu's message of "Sat, 18 Nov 2017 18:40:24 -0800")
* H. J. Lu:
> The GCC driver patch has been checked into GCC 8. Here is the updated
> patch for glibc.
>
> Tested with build-many-glibcs.py. Any objections?
Is the entire text below supposed to go into the commit message? What
about the remaining tasks listed in it?
> Dynamic linker, ld.so, is a standalone program which can be loaded at
> any address. This patch adds a configure option, --enable-static-pie,
> to embed the part of ld.so in static executable to create static position
> independent executable (static PIE). A static PIE is similar to static
> executable, but can be loaded at any address without help from a dynamic
> linker. When --enable-static-pie is used to configure glibc, libc.a is
> built as PIE and all static executables, including tests, are built as
> static PIE. The resulting libc.a can be used together with GCC 8 or
> above to build static PIE with the compiler option, -static-pie. But
> GCC 8 isn't required to build glibc with --enable-static-pie. When an
> older GCC is used to build glibc with --enable-static-pie, proper input
> files are passed to linker to create static executables as static PIE,
> together with "-z text" to prevent dynamic relocations in read-only
> segments, which are allowed in static PIE.
The last sentence is unclear. Is -z text required to use a glibc
compiled by an earlier GCC? What exactly is the problem with dynamic
relocations in read-only segments? Are they allowed or disallowed?
Can we support .data.relro?
> Static PIE can work on all architectures which support PIE, provided:
>
> 1. Target must support accessing of local functions without dynamic
> relocations, which is needed in start.S to call __libc_start_main with
> function addresses of __libc_csu_init, __libc_csu_fini and main.
Are there really ABI concerns for the statically linked case? It
should not be necessary to pass these function pointers.
> All functions in statice PIE are local functions. If PIE start.S
> can't
Typo: “statice”
> 6. __brk works without TLS nor dynamic relocations in read-only section
> so that it can be used by __libc_setup_tls to initializes TLS in static
> PIE.
Note that some kernels have strange address space layouts which
prevent __brk from working reliably.
> NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled
> with -fPIE, regardless if --enable-static-pie is used to configure glibc.
> When glibc is configured with --enable-static-pie, libc.a is compiled
> with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a
> can be used to build both static executable and static PIE. There is no
> need for separate PIE copy of libc.a.
Is there a code size cost to PIE?
> Linker requirements to build glibc with --enable-static-pie:
>
> 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from
> static PIE.
> 2. Linker can create working static PIE. The x86-64 linker needs the
> fix for
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=21782
So binutils 2.29 is the minimum requirement on x86-64?
Can an earlier binutils version be used to build a static library
which is usable for PIE with binutils 2.29+?
> +'--enable-static-pie'
> + Build static executables, including tests, as position independent
> + executable (static PIE) which is similar to static executable, but
> + can be loaded at any address without help from a dynamic linker.
> + The resulting libc.a can be used with the GCC option, -static-pie,
> + which is available with GCC 8 or above, to create static PIE. Only
> + i686, x86-64 and x32 targets are verified to work.
Drop the last sentence, it will be outdated soon.
> diff --git a/Makeconfig b/Makeconfig
The reason for some of the changes are not obvious at all to me, and
the ChangeLog doesn't give an explanation either.
> new file mode 100644
> index 0000000000..aa9302602b
> --- /dev/null
> +++ b/elf/dl-reloc-static-pie.c
Is there anything which inhibits compilation of this file ith the
stack protector? I think this is necessary because
_dl_relocate_static_pie is called so early.
> +extern struct link_map * _dl_get_dl_main_map (void)
> + __attribute__ ((visibility ("hidden")));
This should go into a header file somewhere, so that the declaration
can be checked against the definition.
> diff --git a/elf/dl-support.c b/elf/dl-support.c
> index 235d3a7f46..b9fc1a66fe 100644
> --- a/elf/dl-support.c
> +++ b/elf/dl-support.c
> @@ -385,3 +385,14 @@ _dl_non_dynamic_init (void)
> #ifdef DL_SYSINFO_IMPLEMENTATION
> DL_SYSINFO_IMPLEMENTATION
> #endif
> +
> +#if ENABLE_STATIC_PIE
> +/* Since relocation to hidden _dl_main_map causes relocation overflow on
> + aarch64, a function is used to get the address of _dl_main_map. */
> +
> +struct link_map *
> +_dl_get_dl_main_map (void)
> +{
> + return &_dl_main_map;
> +}
> +#endif
Is this issue really aarch64-specific, or could it affect other
targets?
next prev parent reply other threads:[~2017-11-19 15:39 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-01 12:46 H.J. Lu
2017-11-01 16:04 ` Joseph Myers
2017-11-01 16:06 ` H.J. Lu
2017-11-03 17:57 ` H.J. Lu
2017-11-19 2:40 ` H.J. Lu
2017-11-19 15:39 ` Florian Weimer [this message]
2017-11-19 16:17 ` H.J. Lu
2017-11-19 19:52 ` H.J. Lu
2017-11-20 14:17 ` Joseph Myers
2017-11-23 14:09 ` H.J. Lu
2017-11-20 12:16 ` Szabolcs Nagy
2017-11-23 13:59 ` H.J. Lu
2017-11-24 13:07 ` Szabolcs Nagy
2017-11-24 15:03 ` H.J. Lu
2017-11-24 22:24 ` H.J. Lu
2017-11-30 14:00 ` H.J. Lu
2017-11-30 15:28 ` Joseph Myers
2017-11-30 16:24 ` H.J. Lu
2017-11-30 16:37 ` Joseph Myers
2017-11-30 16:56 ` H.J. Lu
2017-11-30 18:45 ` Carlos O'Donell
2017-11-30 21:45 ` Carlos O'Donell
2017-11-30 22:37 ` Maciej W. Rozycki
[not found] ` <CAMe9rOpDRknZANuSvXAqU_qaXzGRjt=uY5BZLJoE_o9Ke+9yfw@mail.gmail.com>
[not found] ` <alpine.DEB.2.00.1711302308170.31156@tp.orcam.me.uk>
2017-12-01 1:08 ` H.J. Lu
2017-12-01 1:58 ` Maciej W. Rozycki
2017-12-01 4:18 ` H.J. Lu
2017-12-01 9:59 ` Maciej W. Rozycki
2017-12-01 12:27 ` Joseph Myers
2017-12-01 13:35 ` H.J. Lu
2017-12-01 18:24 ` H.J. Lu
2017-12-08 13:14 ` H.J. Lu
2017-12-15 21:19 ` Carlos O'Donell
2017-12-16 2:04 ` H.J. Lu
2017-12-16 3:06 ` Carlos O'Donell
2017-12-18 13:37 ` Joseph Myers
2017-12-19 1:14 ` H.J. Lu
2017-12-15 11:58 H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bmjyqnve.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=hjl.tools@gmail.com \
--cc=joseph@codesourcery.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).