From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4001:c0b::22f; helo=mail-it0-x22f.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8BC30202E53EF for ; Wed, 13 Jun 2018 03:19:20 -0700 (PDT) Received: by mail-it0-x22f.google.com with SMTP id l6-v6so3105251iti.2 for ; Wed, 13 Jun 2018 03:19:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SCqFdTFHmE92IEcqT7uLe4AuwGB81nPA3D+GWy1fvJU=; b=e069OzF4gL1Wv4Dyyz92BzvgbyUGORI6fj2jkl586VmxjM/9MVji1ofdQ7JZ6+SodJ KRXGaDUQtbvHDxOmF9IuCpJHE4d0yWTyERO3BnCdupuaRH8X39rmJC4b0wIZmIijTlxL XYHnu+hizYKR9y8IbmvYPcEOOldW9gfv8U6Z0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SCqFdTFHmE92IEcqT7uLe4AuwGB81nPA3D+GWy1fvJU=; b=EGT+qATyaRFhXNnm2y3SBQZ8EPN71yesMyI3xJDNjH7RC5X/46c3IKX8Ra/9+//s35 Fkt2ws2BrSiE2pqyl+mIjD+P3d1FDICHUVbJStNssTBFTC86wxnrdkAv2k+OkbiM2NZ1 btyVx1Xsqt6s+pb7aakQQlSYvIkjKdBwbdAsbD5vnWrLssoQXvhmsycZ7/T/adPUvFTe XBu1UORjJr5g6hiRabYSqd+lo6vUb81rB9X2cil8YeyAGoX6fjJLj/a8GqWWq/V0vKox 8Zg9AptZjzhCWW7fr7QRbScT9JvULpJWh+gVbp2VuLvi5MwYhD0mRO4vBqofMa2PUTFw WkyA== X-Gm-Message-State: APt69E3zU3zzQx7iIPrrPlylkO9PrcPiWkadTrplnGAT3icf7cwomfu2 lMQI9R0cY05OzOxzeIB3xr+PrmYnW/9YmtaJaKmHvPt9 X-Google-Smtp-Source: ADUXVKINeSHbWCLk0f1exxxcCsj5DqRBYpSfFZea7dZOc+dD6fSKuBTYNMh0nxw/OE5j8b0dru/YZBNHC0BvhX2lYVU= X-Received: by 2002:a24:3105:: with SMTP id y5-v6mr4088472ity.138.1528885159516; Wed, 13 Jun 2018 03:19:19 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:bbc7:0:0:0:0:0 with HTTP; Wed, 13 Jun 2018 03:19:18 -0700 (PDT) In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E296D86@SHSMSX104.ccr.corp.intel.com> References: <20180611162911.3386-1-ard.biesheuvel@linaro.org> <4A89E2EF3DFEDB4C8BFDE51014F606A14E295E07@SHSMSX104.ccr.corp.intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E296D86@SHSMSX104.ccr.corp.intel.com> From: Ard Biesheuvel Date: Wed, 13 Jun 2018 12:19:18 +0200 Message-ID: To: "Gao, Liming" Cc: "edk2-devel@lists.01.org" , "lersek@redhat.com" , "Zhu, Yonghong" Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2018 10:19:20 -0000 Content-Type: text/plain; charset="UTF-8" On 13 June 2018 at 12:16, Gao, Liming wrote: > Ard: > This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option -no-pie" > Do you know any option to disable this error? > Sorry about that. I guess the assumption that this was safe for GCC49 was incorrect after all. Shall I send a patch to move back to setting it for GCC5 only? >>-----Original Message----- >>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] >>Sent: Tuesday, June 12, 2018 2:19 PM >>To: Gao, Liming >>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong >> >>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code >>generation explicitly >> >>On 12 June 2018 at 03:40, Gao, Liming wrote: >>> Reviewed-by: Liming Gao >>> >> >>Thanks >> >>Pushed as c25d3905523a >> >>>> -----Original Message----- >>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] >>>> Sent: Tuesday, June 12, 2018 12:29 AM >>>> To: edk2-devel@lists.01.org >>>> Cc: lersek@redhat.com; Gao, Liming ; Zhu, >>Yonghong ; Ard Biesheuvel >>>> >>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation >>explicitly >>>> >>>> As a security measure, some distros now build their GCC toolchains with >>>> PIE code generation enabled by default, because it is a prerequisite >>>> for ASLR to be enabled when running the executable. >>>> >>>> This typically results in slightly larger code, but it also generates >>>> ELF relocations that our tooling cannot deal with, so let's disable it >>>> explicitly when using GCC49 or later for IA32. (Note that this does not >>>> apply to X64: it uses PIE code deliberately in some cases, and our >>>> tooling does deal with the resuling relocations) >>>> >>>> Contributed-under: TianoCore Contribution Agreement 1.1 >>>> Signed-off-by: Ard Biesheuvel >>>> Acked-by: Laszlo Ersek >>>> --- >>>> BaseTools/Conf/tools_def.template | 10 +++++----- >>>> 1 file changed, 5 insertions(+), 5 deletions(-) >>>> >>>> diff --git a/BaseTools/Conf/tools_def.template >>b/BaseTools/Conf/tools_def.template >>>> index 7e9c915755ed..733c6ec71709 100755 >>>> --- a/BaseTools/Conf/tools_def.template >>>> +++ b/BaseTools/Conf/tools_def.template >>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS = >>DEF(GCC47_AARCH64_DLINK2_FLAGS) >>>> DEFINE GCC48_ARM_ASLDLINK_FLAGS = >>DEF(GCC47_ARM_ASLDLINK_FLAGS) >>>> DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = >>DEF(GCC47_AARCH64_ASLDLINK_FLAGS) >>>> >>>> -DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) >>>> +DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) - >>fno-pic -fno-pie >>>> DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) >>>> DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc- >>sections -z common-page-size=0x40 >>>> DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = >>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u >>>> ReferenceAcpiTable >>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = >>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s >>>> *_GCC49_IA32_RC_PATH = DEF(GCC49_IA32_PREFIX)objcopy >>>> >>>> *_GCC49_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 >>>> -*_GCC49_IA32_ASLDLINK_FLAGS = >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 >>>> +*_GCC49_IA32_ASLDLINK_FLAGS = >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie >>>> *_GCC49_IA32_ASM_FLAGS = DEF(GCC49_ASM_FLAGS) -m32 - >>march=i386 >>>> *_GCC49_IA32_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) >>-Wl,-m,elf_i386,--oformat=elf32-i386 >>>> -*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS) >>>> +*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS) - >>no-pie >>>> *_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS) >>>> *_GCC49_IA32_OBJCOPY_FLAGS = >>>> *_GCC49_IA32_NASM_FLAGS = -f elf32 >>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = >>DEF(GCC49_AARCH64_DLINK_FLAGS) >>>> *_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy >>>> >>>> *_GCC5_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto >>>> -*_GCC5_IA32_ASLDLINK_FLAGS = >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 >>>> +*_GCC5_IA32_ASLDLINK_FLAGS = >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie >>>> *_GCC5_IA32_ASM_FLAGS = DEF(GCC5_ASM_FLAGS) -m32 - >>march=i386 >>>> -*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) >>>> +*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) - >>no-pie >>>> *_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS) >>>> *_GCC5_IA32_OBJCOPY_FLAGS = >>>> *_GCC5_IA32_NASM_FLAGS = -f elf32 >>>> -- >>>> 2.17.1 >>>