From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D8D4B211D618F for ; Mon, 11 Jun 2018 18:41:01 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jun 2018 18:41:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,212,1526367600"; d="scan'208";a="236337522" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga005.fm.intel.com with ESMTP; 11 Jun 2018 18:41:00 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 11 Jun 2018 18:41:00 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 11 Jun 2018 18:41:00 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.87]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.116]) with mapi id 14.03.0319.002; Tue, 12 Jun 2018 09:40:58 +0800 From: "Gao, Liming" To: Ard Biesheuvel , "edk2-devel@lists.01.org" CC: "lersek@redhat.com" , "Zhu, Yonghong" Thread-Topic: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly Thread-Index: AQHUAaFZiWsT4VD8F02PaLtf1yjLA6Rb2YZA Date: Tue, 12 Jun 2018 01:40:57 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E295E07@SHSMSX104.ccr.corp.intel.com> References: <20180611162911.3386-1-ard.biesheuvel@linaro.org> In-Reply-To: <20180611162911.3386-1-ard.biesheuvel@linaro.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTA5MmVmNWEtMTVhMy00MmZkLWIzZjktMzNiOTg0MDA2MzhlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoib1RtRTdWZVVqRGl2YmtPQWw0NXpVY0JpXC8rY0hwR040Smp3WUIwTTR2MlhOU2cxcU5XajZqSHd1c1h4djlOSUEifQ== dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2018 01:41:04 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Tuesday, June 12, 2018 12:29 AM > To: edk2-devel@lists.01.org > Cc: lersek@redhat.com; Gao, Liming ; Zhu, Yonghong = ; Ard Biesheuvel > > Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation= explicitly >=20 > As a security measure, some distros now build their GCC toolchains with > PIE code generation enabled by default, because it is a prerequisite > for ASLR to be enabled when running the executable. >=20 > This typically results in slightly larger code, but it also generates > ELF relocations that our tooling cannot deal with, so let's disable it > explicitly when using GCC49 or later for IA32. (Note that this does not > apply to X64: it uses PIE code deliberately in some cases, and our > tooling does deal with the resuling relocations) >=20 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel > Acked-by: Laszlo Ersek > --- > BaseTools/Conf/tools_def.template | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) >=20 > diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def= .template > index 7e9c915755ed..733c6ec71709 100755 > --- a/BaseTools/Conf/tools_def.template > +++ b/BaseTools/Conf/tools_def.template > @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS =3D DEF(GCC47_= AARCH64_DLINK2_FLAGS) > DEFINE GCC48_ARM_ASLDLINK_FLAGS =3D DEF(GCC47_ARM_ASLDLINK_FLAGS) > DEFINE GCC48_AARCH64_ASLDLINK_FLAGS =3D DEF(GCC47_AARCH64_ASLDLINK_FLAG= S) >=20 > -DEFINE GCC49_IA32_CC_FLAGS =3D DEF(GCC48_IA32_CC_FLAGS) > +DEFINE GCC49_IA32_CC_FLAGS =3D DEF(GCC48_IA32_CC_FLAGS) -fno-p= ic -fno-pie > DEFINE GCC49_X64_CC_FLAGS =3D DEF(GCC48_X64_CC_FLAGS) > DEFINE GCC49_IA32_X64_DLINK_COMMON =3D -nostdlib -Wl,-n,-q,--gc-sectio= ns -z common-page-size=3D0x40 > DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =3D DEF(GCC49_IA32_X64_DLINK_COMMON= ) -Wl,--entry,ReferenceAcpiTable -u > ReferenceAcpiTable > @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS =3D DEF(GCC48_AA= RCH64_CC_FLAGS) -Wno-unused-but-s > *_GCC49_IA32_RC_PATH =3D DEF(GCC49_IA32_PREFIX)objcopy >=20 > *_GCC49_IA32_ASLCC_FLAGS =3D DEF(GCC_ASLCC_FLAGS) -m32 > -*_GCC49_IA32_ASLDLINK_FLAGS =3D DEF(GCC49_IA32_X64_ASLDLINK_FLAGS)= -Wl,-m,elf_i386 > +*_GCC49_IA32_ASLDLINK_FLAGS =3D DEF(GCC49_IA32_X64_ASLDLINK_FLAGS)= -Wl,-m,elf_i386 -no-pie > *_GCC49_IA32_ASM_FLAGS =3D DEF(GCC49_ASM_FLAGS) -m32 -march= =3Di386 > *_GCC49_IA32_DLINK_FLAGS =3D DEF(GCC49_IA32_X64_DLINK_FLAGS) -W= l,-m,elf_i386,--oformat=3Delf32-i386 > -*_GCC49_IA32_DLINK2_FLAGS =3D DEF(GCC49_IA32_DLINK2_FLAGS) > +*_GCC49_IA32_DLINK2_FLAGS =3D DEF(GCC49_IA32_DLINK2_FLAGS) -no-p= ie > *_GCC49_IA32_RC_FLAGS =3D DEF(GCC_IA32_RC_FLAGS) > *_GCC49_IA32_OBJCOPY_FLAGS =3D > *_GCC49_IA32_NASM_FLAGS =3D -f elf32 > @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS =3D DEF(GCC49_AA= RCH64_DLINK_FLAGS) > *_GCC5_IA32_RC_PATH =3D DEF(GCC5_IA32_PREFIX)objcopy >=20 > *_GCC5_IA32_ASLCC_FLAGS =3D DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto > -*_GCC5_IA32_ASLDLINK_FLAGS =3D DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -= Wl,-m,elf_i386 > +*_GCC5_IA32_ASLDLINK_FLAGS =3D DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -= Wl,-m,elf_i386 -no-pie > *_GCC5_IA32_ASM_FLAGS =3D DEF(GCC5_ASM_FLAGS) -m32 -march=3Di= 386 > -*_GCC5_IA32_DLINK2_FLAGS =3D DEF(GCC5_IA32_DLINK2_FLAGS) > +*_GCC5_IA32_DLINK2_FLAGS =3D DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie > *_GCC5_IA32_RC_FLAGS =3D DEF(GCC_IA32_RC_FLAGS) > *_GCC5_IA32_OBJCOPY_FLAGS =3D > *_GCC5_IA32_NASM_FLAGS =3D -f elf32 > -- > 2.17.1