From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D65B22119072A for ; Mon, 11 Jun 2018 09:00:32 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jun 2018 09:00:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,502,1520924400"; d="scan'208";a="46275470" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga007.fm.intel.com with ESMTP; 11 Jun 2018 09:00:32 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 11 Jun 2018 09:00:32 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.87]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.82]) with mapi id 14.03.0319.002; Tue, 12 Jun 2018 00:00:30 +0800 From: "Gao, Liming" To: Ard Biesheuvel CC: "edk2-devel@lists.01.org" , "lersek@redhat.com" , "zenith432@users.sourceforge.net" Thread-Topic: [edk2] [PATCH] BaseTools/tools_def IA32: disable PIE code generation explicitly Thread-Index: AQHUAVfI754kR6w5r0idU+rLVOYwgKRau+9A//9+XgCAAP0xMA== Date: Mon, 11 Jun 2018 16:00:30 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E295948@SHSMSX104.ccr.corp.intel.com> References: <20180611074227.30625-1-ard.biesheuvel@linaro.org> <4A89E2EF3DFEDB4C8BFDE51014F606A14E295663@SHSMSX104.ccr.corp.intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzNhMWJkNGYtNGViZS00OTBkLWJiMjctNjE1MzQyNjRiMTcyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiK0VkNCtHVFEzVWUxOUxkdzVOZWtmMDF2cCtwWXJ5ZDE4N1YzTG5KS2dqN1hUTnRlbWdPRW1jRG1wWVpBMit0bSJ9 dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] BaseTools/tools_def IA32: disable PIE code generation explicitly X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2018 16:00:33 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Ard: Is this option required in GCC49 tool chain? Or, this option is only requ= ired when lto is enabled? Thanks Liming > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ar= d Biesheuvel > Sent: Monday, June 11, 2018 4:53 PM > To: Gao, Liming > Cc: edk2-devel@lists.01.org; lersek@redhat.com; zenith432@users.sourcefor= ge.net > Subject: Re: [edk2] [PATCH] BaseTools/tools_def IA32: disable PIE code ge= neration explicitly >=20 > On 11 June 2018 at 10:38, Gao, Liming wrote: > > Ard: > > Do you mean the default GCC compiler disables PIC and PIE for IA32 ar= ch? But now, some distribution GCC compiler enables PIC > and PIE by default. So, we have to obviously disable PIC and PIE in tools= _def.txt. > > >=20 > Yes. On my x86 Ubuntu 18.04 LTS system: >=20 > $ gcc -v > Using built-in specs. > COLLECT_GCC=3Dgcc > COLLECT_LTO_WRAPPER=3D/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper > OFFLOAD_TARGET_NAMES=3Dnvptx-none > OFFLOAD_TARGET_DEFAULT=3D1 > Target: x86_64-linux-gnu > Configured with: ../src/configure -v --with-pkgversion=3D'Ubuntu > 7.3.0-16ubuntu3' --with-bugurl=3Dfile:///usr/share/doc/gcc-7/README.Bugs > --enable-languages=3Dc,ada,c++,go,brig,d,fortran,objc,obj-c++ > --prefix=3D/usr --with-gcc-major-version-only > --with-as=3D/usr/bin/x86_64-linux-gnu-as > --with-ld=3D/usr/bin/x86_64-linux-gnu-ld --program-suffix=3D-7 > --program-prefix=3Dx86_64-linux-gnu- --enable-shared > --enable-linker-build-id --libexecdir=3D/usr/lib > --without-included-gettext --enable-threads=3Dposix --libdir=3D/usr/lib > --enable-nls --with-sysroot=3D/ --enable-clocale=3Dgnu > --enable-libstdcxx-debug --enable-libstdcxx-time=3Dyes > --with-default-libstdcxx-abi=3Dnew --enable-gnu-unique-object > --disable-vtable-verify --enable-libmpx --enable-plugin > --enable-default-pie --with-system-zlib --with-target-system-zlib > --enable-objc-gc=3Dauto --enable-multiarch --disable-werror > --with-arch-32=3Di686 --with-abi=3Dm64 --with-multilib-list=3Dm32,m64,mx3= 2 > --enable-multilib --with-tune=3Dgeneric > --enable-offload-targets=3Dnvptx-none --without-cuda-driver > --enable-checking=3Drelease --build=3Dx86_64-linux-gnu > --host=3Dx86_64-linux-gnu --target=3Dx86_64-linux-gnu > Thread model: posix > gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3) >=20 >=20 > Notice the '--enable-default-pie' 4 lines from the bottom. >=20 >=20 >=20 > >>-----Original Message----- > >>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > >>Sent: Monday, June 11, 2018 3:42 PM > >>To: edk2-devel@lists.01.org > >>Cc: Zhu, Yonghong ; Gao, Liming > >>; lersek@redhat.com; Shi, Steven > >>; zenith432@users.sourceforge.net; Ard Biesheuvel > >> > >>Subject: [PATCH] BaseTools/tools_def IA32: disable PIE code generation > >>explicitly > >> > >>As a security measure, some distros now build their GCC toolchains with > >>PIE code generation enabled by default, because it is a prerequisite > >>for ASLR to be enabled when running the executable. > >> > >>This typically results in slightly larger code, but it also generates > >>ELF relocations that our tooling cannot deal with, so let's disable it > >>explicitly when using GCC5 for IA32. (Note that this does not apply to > >>X64: it uses PIE code deliberately in some cases, and our tooling does > >>deal with the resuling relocations) > >> > >>Contributed-under: TianoCore Contribution Agreement 1.1 > >>Signed-off-by: Ard Biesheuvel > >>--- > >> BaseTools/Conf/tools_def.template | 6 +++--- > >> 1 file changed, 3 insertions(+), 3 deletions(-) > >> > >>diff --git a/BaseTools/Conf/tools_def.template > >>b/BaseTools/Conf/tools_def.template > >>index 7e9c915755ed..ab57f9c706e3 100755 > >>--- a/BaseTools/Conf/tools_def.template > >>+++ b/BaseTools/Conf/tools_def.template > >>@@ -4670,7 +4670,7 @@ DEFINE GCC49_AARCH64_DLINK2_FLAGS =3D > >>DEF(GCC48_AARCH64_DLINK2_FLAGS) > >> DEFINE GCC49_ARM_ASLDLINK_FLAGS =3D > >>DEF(GCC48_ARM_ASLDLINK_FLAGS) > >> DEFINE GCC49_AARCH64_ASLDLINK_FLAGS =3D > >>DEF(GCC48_AARCH64_ASLDLINK_FLAGS) > >> > >>-DEFINE GCC5_IA32_CC_FLAGS =3D DEF(GCC49_IA32_CC_FLAGS) > >>+DEFINE GCC5_IA32_CC_FLAGS =3D DEF(GCC49_IA32_CC_FLAGS) -fno= -pic > >>-fno-pie > >> DEFINE GCC5_X64_CC_FLAGS =3D DEF(GCC49_X64_CC_FLAGS) > >> DEFINE GCC5_IA32_X64_DLINK_COMMON =3D > >>DEF(GCC49_IA32_X64_DLINK_COMMON) > >> DEFINE GCC5_IA32_X64_ASLDLINK_FLAGS =3D > >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) > >>@@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS =3D > >>DEF(GCC49_AARCH64_DLINK_FLAGS) > >> *_GCC5_IA32_RC_PATH =3D DEF(GCC5_IA32_PREFIX)objcopy > >> > >> *_GCC5_IA32_ASLCC_FLAGS =3D DEF(GCC_ASLCC_FLAGS) -m32 -fno-lt= o > >>-*_GCC5_IA32_ASLDLINK_FLAGS =3D DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) > >>-Wl,-m,elf_i386 > >>+*_GCC5_IA32_ASLDLINK_FLAGS =3D > >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie > >> *_GCC5_IA32_ASM_FLAGS =3D DEF(GCC5_ASM_FLAGS) -m32 - > >>march=3Di386 > >>-*_GCC5_IA32_DLINK2_FLAGS =3D DEF(GCC5_IA32_DLINK2_FLAGS) > >>+*_GCC5_IA32_DLINK2_FLAGS =3D DEF(GCC5_IA32_DLINK2_FLAGS) -no- > >>pie > >> *_GCC5_IA32_RC_FLAGS =3D DEF(GCC_IA32_RC_FLAGS) > >> *_GCC5_IA32_OBJCOPY_FLAGS =3D > >> *_GCC5_IA32_NASM_FLAGS =3D -f elf32 > >>-- > >>2.17.1 > > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel