From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4001:c06::241; helo=mail-io0-x241.google.com;
 envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-io0-x241.google.com (mail-io0-x241.google.com
 [IPv6:2607:f8b0:4001:c06::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 91AB62118C4F7
 for <edk2-devel@lists.01.org>; Mon, 11 Jun 2018 01:52:39 -0700 (PDT)
Received: by mail-io0-x241.google.com with SMTP id t6-v6so22978542iob.10
 for <edk2-devel@lists.01.org>; Mon, 11 Jun 2018 01:52:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=yPoxC5+pfUD3OeW8NCxbPl/Yz17Ncay8/fmgnmAKxsA=;
 b=O4cIPtGZRAAg+gx29aMV8eZE+2UG9r+F3VKiBNvcDo35QJO7e6kXjlINnYeQptOjF7
 +FlQrQAf/Bn3oHS6NSZA60v9Spuzk6NhpkH0n6iGSYEBtcseiJyqmWwH+2+DEfPiPikX
 megu+ZpnDLMZVfKmYZ6Q3I4wLwtzKvPSHHQ0o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=yPoxC5+pfUD3OeW8NCxbPl/Yz17Ncay8/fmgnmAKxsA=;
 b=MMOeNbcKJd1cc1jkxN34dmhsO1xwSauR8lyjxSYqCg49dP2nHgWppBWOnPw/FAimdL
 IXg3knLh3ex0M6LbUSFTeBiP5fopZWwvavHp8ZSs5JEpnfPg+xrBvdPTTNBztoFqBGOF
 n0ULOlCoPRiUAXFINkoMKicJLuaUHkxFCF1chwz9iqCw4y5cF+52jQuN0i+9NjvwxgAn
 CR1vAi9ohhmvY5NgRAC4/uCMHPtTrpjItooB9qbkUGEyI/aUKYD+IBjn/3i4H42XEsTC
 ZT70wJgj6yoO2pV40c2wI7q3cAFyyG2gqfDUO2mk0gqDI7YnRHYZ9+Zo44UXyUbm1Rgn
 Mshg==
X-Gm-Message-State: APt69E0gzGI1fASZPJXA5gEfzOoN2e444IbTYigHHLFvPVwztid8RAj2
 nFcuM+NnJT49bzQpG7hXBA93rnBcWxGfEw1h5Vh2Mg1kX9A=
X-Google-Smtp-Source: ADUXVKKrmhADZ3oQLKX30mW7N+kqTojSHLYGcAsZ7OqpIgZyECAQPkpeJ+ea11e+NV0VUdI5S4Sn9vmtM6KZpsU8weI=
X-Received: by 2002:a6b:dd0b:: with SMTP id
 f11-v6mr13194104ioc.173.1528707158477; 
 Mon, 11 Jun 2018 01:52:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:bbc7:0:0:0:0:0 with HTTP; Mon, 11 Jun 2018 01:52:38
 -0700 (PDT)
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E295663@SHSMSX104.ccr.corp.intel.com>
References: <20180611074227.30625-1-ard.biesheuvel@linaro.org>
 <4A89E2EF3DFEDB4C8BFDE51014F606A14E295663@SHSMSX104.ccr.corp.intel.com>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Mon, 11 Jun 2018 10:52:38 +0200
Message-ID: <CAKv+Gu_kz-DOK5hdDoiZwwqW57ub-OA2_W8hPLb3GYyG1C5fhg@mail.gmail.com>
To: "Gao, Liming" <liming.gao@intel.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>, "Zhu,
 Yonghong" <yonghong.zhu@intel.com>, 
 "lersek@redhat.com" <lersek@redhat.com>, "Shi, Steven" <steven.shi@intel.com>, 
 "zenith432@users.sourceforge.net" <zenith432@users.sourceforge.net>
Subject: Re: [PATCH] BaseTools/tools_def IA32: disable PIE code generation explicitly
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2018 08:52:39 -0000
Content-Type: text/plain; charset="UTF-8"

On 11 June 2018 at 10:38, Gao, Liming <liming.gao@intel.com> wrote:
> Ard:
>   Do you mean the default GCC compiler disables PIC and PIE for IA32 arch? But now, some distribution GCC compiler enables PIC and PIE by default. So, we have to obviously disable PIC and PIE in tools_def.txt.
>

Yes. On my x86 Ubuntu 18.04 LTS system:

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
7.3.0-16ubuntu3' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++
--prefix=/usr --with-gcc-major-version-only
--with-as=/usr/bin/x86_64-linux-gnu-as
--with-ld=/usr/bin/x86_64-linux-gnu-ld --program-suffix=-7
--program-prefix=x86_64-linux-gnu- --enable-shared
--enable-linker-build-id --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --libdir=/usr/lib
--enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin
--enable-default-pie --with-system-zlib --with-target-system-zlib
--enable-objc-gc=auto --enable-multiarch --disable-werror
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)


Notice the '--enable-default-pie' 4 lines from the bottom.



>>-----Original Message-----
>>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>>Sent: Monday, June 11, 2018 3:42 PM
>>To: edk2-devel@lists.01.org
>>Cc: Zhu, Yonghong <yonghong.zhu@intel.com>; Gao, Liming
>><liming.gao@intel.com>; lersek@redhat.com; Shi, Steven
>><steven.shi@intel.com>; zenith432@users.sourceforge.net; Ard Biesheuvel
>><ard.biesheuvel@linaro.org>
>>Subject: [PATCH] BaseTools/tools_def IA32: disable PIE code generation
>>explicitly
>>
>>As a security measure, some distros now build their GCC toolchains with
>>PIE code generation enabled by default, because it is a prerequisite
>>for ASLR to be enabled when running the executable.
>>
>>This typically results in slightly larger code, but it also generates
>>ELF relocations that our tooling cannot deal with, so let's disable it
>>explicitly when using GCC5 for IA32. (Note that this does not apply to
>>X64: it uses PIE code deliberately in some cases, and our tooling does
>>deal with the resuling relocations)
>>
>>Contributed-under: TianoCore Contribution Agreement 1.1
>>Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>---
>> BaseTools/Conf/tools_def.template | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>>diff --git a/BaseTools/Conf/tools_def.template
>>b/BaseTools/Conf/tools_def.template
>>index 7e9c915755ed..ab57f9c706e3 100755
>>--- a/BaseTools/Conf/tools_def.template
>>+++ b/BaseTools/Conf/tools_def.template
>>@@ -4670,7 +4670,7 @@ DEFINE GCC49_AARCH64_DLINK2_FLAGS    =
>>DEF(GCC48_AARCH64_DLINK2_FLAGS)
>> DEFINE GCC49_ARM_ASLDLINK_FLAGS      =
>>DEF(GCC48_ARM_ASLDLINK_FLAGS)
>> DEFINE GCC49_AARCH64_ASLDLINK_FLAGS  =
>>DEF(GCC48_AARCH64_ASLDLINK_FLAGS)
>>
>>-DEFINE GCC5_IA32_CC_FLAGS            = DEF(GCC49_IA32_CC_FLAGS)
>>+DEFINE GCC5_IA32_CC_FLAGS            = DEF(GCC49_IA32_CC_FLAGS) -fno-pic
>>-fno-pie
>> DEFINE GCC5_X64_CC_FLAGS             = DEF(GCC49_X64_CC_FLAGS)
>> DEFINE GCC5_IA32_X64_DLINK_COMMON    =
>>DEF(GCC49_IA32_X64_DLINK_COMMON)
>> DEFINE GCC5_IA32_X64_ASLDLINK_FLAGS  =
>>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS)
>>@@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =
>>DEF(GCC49_AARCH64_DLINK_FLAGS)
>> *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
>>
>> *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
>>-*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS)
>>-Wl,-m,elf_i386
>>+*_GCC5_IA32_ASLDLINK_FLAGS       =
>>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>> *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -
>>march=i386
>>-*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
>>+*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-
>>pie
>> *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>> *_GCC5_IA32_OBJCOPY_FLAGS        =
>> *_GCC5_IA32_NASM_FLAGS           = -f elf32
>>--
>>2.17.1
>