From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4001:c06::22e; helo=mail-io0-x22e.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AFCAF2112B1CA for ; Mon, 11 Jun 2018 23:18:55 -0700 (PDT) Received: by mail-io0-x22e.google.com with SMTP id e15-v6so26755578iog.1 for ; Mon, 11 Jun 2018 23:18:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7ZWWx7GCyjKAhnJ/tbxrdouCgk3BceJtyChlt9gnai8=; b=QUd+tRGpnSI4H3tfUSI182znn+apRaZGs4/c4qpJ4mbrZRdhuZ3i/oBIEndA+3m2IS 43Pdx5nn0/EFKBGJL2duWzp6Z1gDSGwortB4gTngLOxn5WJg3eC8NojMekkNSBC4Y+aj 8vdspOQZTH+ayhKuAZTmrunVUiXHfbuyoGiXk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7ZWWx7GCyjKAhnJ/tbxrdouCgk3BceJtyChlt9gnai8=; b=tp6zTjON5RLaqOZNL7FdVbH++oHSilXTnendvgz4MhAYfPGaOYbUbTOOsBdSmvF8yk xUoEfv9VmnZ9Cb6TLWa16FjyTCtnMoVR+vYtwlji0VTcPXJqCYdP5bwLAJjs7cBEnZ1d Q05z/T5AnVFs39Q/fyvKvX4OZd/jiTIY/l8GeVpbprfoRXtWxaJFlKUKoHrAwlA+lHUi FDN1a9fEd/cRpAXEXCpwbGQ81tbjHDTryemg5TaKG9E3CWZBZWv5m9RDNWufuiW+SInj e64eWmQNW46XPeJWY1ETS+GnYs43u55ipMiZP1DlITnV0NbJl6dXCXqQvBDG4k4Hs256 +IbA== X-Gm-Message-State: APt69E1hOeJwiKKFoEpYUARFQGHuPaFSJLubyxH5tAXI7z1c/E0fbaX4 9fM/jtMB+PDGXElBbirukub9mLI7rFiSOsACHELD7w== X-Google-Smtp-Source: ADUXVKIb6qbeJ4zJEUAXNzxdEqF+PScQOiOUV6zvXmyMUCtoKvGkun8hebsfgnDQcF02Hq9NiyRtQkBQt+ImnXqRP/Y= X-Received: by 2002:a6b:dd0b:: with SMTP id f11-v6mr2018007ioc.173.1528784334646; Mon, 11 Jun 2018 23:18:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:bbc7:0:0:0:0:0 with HTTP; Mon, 11 Jun 2018 23:18:53 -0700 (PDT) In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E295E07@SHSMSX104.ccr.corp.intel.com> References: <20180611162911.3386-1-ard.biesheuvel@linaro.org> <4A89E2EF3DFEDB4C8BFDE51014F606A14E295E07@SHSMSX104.ccr.corp.intel.com> From: Ard Biesheuvel Date: Tue, 12 Jun 2018 08:18:53 +0200 Message-ID: To: "Gao, Liming" Cc: "edk2-devel@lists.01.org" , "lersek@redhat.com" , "Zhu, Yonghong" Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2018 06:18:55 -0000 Content-Type: text/plain; charset="UTF-8" On 12 June 2018 at 03:40, Gao, Liming wrote: > Reviewed-by: Liming Gao > Thanks Pushed as c25d3905523a >> -----Original Message----- >> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] >> Sent: Tuesday, June 12, 2018 12:29 AM >> To: edk2-devel@lists.01.org >> Cc: lersek@redhat.com; Gao, Liming ; Zhu, Yonghong ; Ard Biesheuvel >> >> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly >> >> As a security measure, some distros now build their GCC toolchains with >> PIE code generation enabled by default, because it is a prerequisite >> for ASLR to be enabled when running the executable. >> >> This typically results in slightly larger code, but it also generates >> ELF relocations that our tooling cannot deal with, so let's disable it >> explicitly when using GCC49 or later for IA32. (Note that this does not >> apply to X64: it uses PIE code deliberately in some cases, and our >> tooling does deal with the resuling relocations) >> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Ard Biesheuvel >> Acked-by: Laszlo Ersek >> --- >> BaseTools/Conf/tools_def.template | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template >> index 7e9c915755ed..733c6ec71709 100755 >> --- a/BaseTools/Conf/tools_def.template >> +++ b/BaseTools/Conf/tools_def.template >> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS = DEF(GCC47_AARCH64_DLINK2_FLAGS) >> DEFINE GCC48_ARM_ASLDLINK_FLAGS = DEF(GCC47_ARM_ASLDLINK_FLAGS) >> DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = DEF(GCC47_AARCH64_ASLDLINK_FLAGS) >> >> -DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) >> +DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie >> DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) >> DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 >> DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u >> ReferenceAcpiTable >> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s >> *_GCC49_IA32_RC_PATH = DEF(GCC49_IA32_PREFIX)objcopy >> >> *_GCC49_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 >> -*_GCC49_IA32_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 >> +*_GCC49_IA32_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie >> *_GCC49_IA32_ASM_FLAGS = DEF(GCC49_ASM_FLAGS) -m32 -march=i386 >> *_GCC49_IA32_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386 >> -*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS) >> +*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie >> *_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS) >> *_GCC49_IA32_OBJCOPY_FLAGS = >> *_GCC49_IA32_NASM_FLAGS = -f elf32 >> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = DEF(GCC49_AARCH64_DLINK_FLAGS) >> *_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy >> >> *_GCC5_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto >> -*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 >> +*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie >> *_GCC5_IA32_ASM_FLAGS = DEF(GCC5_ASM_FLAGS) -m32 -march=i386 >> -*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) >> +*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie >> *_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS) >> *_GCC5_IA32_OBJCOPY_FLAGS = >> *_GCC5_IA32_NASM_FLAGS = -f elf32 >> -- >> 2.17.1 >