This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [PATCH] add a configure option for using RELRO by default
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Romain Geissler <romain dot geissler at amadeus dot com>
- Cc: Binutils <binutils at sourceware dot org>, danielmicay <danielmicay at gmail dot com>
- Date: Mon, 28 Sep 2015 15:49:06 -0700
- Subject: Re: [PATCH] add a configure option for using RELRO by default
- Authentication-results: sourceware.org; auth=none
- References: <alpine dot LNX dot 2 dot 10 dot 1509191709291 dot 15470 at ncegcolnx273 dot nce dot amadeus dot net>
On Sat, Sep 19, 2015 at 8:11 AM, Romain Geissler
<romain.geissler@amadeus.com> wrote:
> Hi,
>
> Daniel Micay originally submitted a patch here
> https://sourceware.org/ml/binutils/2015-01/msg00165.html to allow distro
> maintainers to enable relro by default when building binutils. However
> that patch never made it into the repo, since gold patch was missing. I
> have just finished the work made by him by changing gold as well.
>
> Tested without regression both with and without the --enable-default-relro
> flag on a SLES 11 SP1 x64, for both ld and gold.
>
> Ok for the trunk ?
>
> Cheers,
> Romain
>
> 2015-09-18 Romain Geissler <romain.geissler@amadeus.com>
>
> * ld/configure.ac: Add --enable-default-relro switch.
> * ld/emultempl/elf32.em: Handle ENABLE_DEFAULT_RELRO.
> * ld/testsuite/config/default.exp: Disable RELRO.
> * ld/testsuite/ld-bootstrap/bootstrap.exp: Disable RELRO.
> * ld/config.in: Regenerate.
> * ld/configure: Regenerate.
> * gold/configure.ac: Add --enable-default-relro switch.
> * gold/options.cc (General_options::finalize): Disable relro if not set
> explicitly when linking incrementally.
> * gold/options.h (General_options): Handle ENABLE_DEFAULT_RELRO.
> * gold/config.in: Regenerate.
> * gold/configure: Regenerate.
> * gold/Makefile.in: Regenerate.
>
> ---
> gold/ChangeLog | 10 ++++++++++
> gold/Makefile.in | 4 ++--
> gold/config.in | 3 +++
> gold/configure | 12 ++++++++++++
> gold/configure.ac | 7 +++++++
> gold/options.cc | 7 ++++++-
> gold/options.h | 7 ++++++-
> ld/ChangeLog | 9 +++++++++
> ld/config.in | 3 +++
> ld/configure | 16 ++++++++++++++--
> ld/configure.ac | 7 +++++++
> ld/emultempl/elf32.em | 3 +++
> ld/testsuite/config/default.exp | 6 +++---
> ld/testsuite/ld-bootstrap/bootstrap.exp | 8 +++++++-
> 14 files changed, 92 insertions(+), 10 deletions(-)
>
> EOF
> diff --git a/ld/testsuite/config/default.exp b/ld/testsuite/config/default.exp
> index 5b3e29f..5c56b5b 100644
> --- a/ld/testsuite/config/default.exp
> +++ b/ld/testsuite/config/default.exp
> @@ -22,7 +22,7 @@
> #
>
> if ![info exists ld] then {
> - set ld [findfile $base_dir/ld-new $base_dir/ld-new [transform ld]]
> + set ld "[findfile $base_dir/ld-new $base_dir/ld-new [transform ld]] -znorelro"
> }
>
> if ![info exists as] then {
> @@ -60,7 +60,7 @@ if {![file isdirectory tmpdir/ld]} then {
> catch "exec ln -s ld tmpdir/ld/collect-ld" status
> catch "exec ln -s ../../../gas/as-new tmpdir/ld/as" status
> }
> -set gcc_B_opt "-B[pwd]/tmpdir/ld/"
> +set gcc_B_opt "-B[pwd]/tmpdir/ld/ -Wl,-z,norelro"
>
> # load the linker path
> set ld_L_opt ""
> @@ -272,7 +272,7 @@ if ![info exists READELFFLAGS] then {
> }
>
> if ![info exists LD] then {
> - set LD [findfile $base_dir/ld-new ./ld-new [transform ld]]
> + set LD "[findfile $base_dir/ld-new ./ld-new [transform ld]] -znorelro"
> }
>
> if ![info exists LDFLAGS] then {
> diff --git a/ld/testsuite/ld-bootstrap/bootstrap.exp b/ld/testsuite/ld-bootstrap/bootstrap.exp
> index 3b6eb84..2a7ac8f 100644
> --- a/ld/testsuite/ld-bootstrap/bootstrap.exp
> +++ b/ld/testsuite/ld-bootstrap/bootstrap.exp
> @@ -78,7 +78,13 @@ foreach flags $test_flags {
>
> # This test can only be run if we have the ld build directory,
> # since we need the object files.
> - if {$ld != "$objdir/ld-new"} {
> + set ldexe $ld
> + set ldparm [string first " " $ld]
> + if { $ldparm > 0 } then {
> + set ldparm [expr $ldparm - 1]
> + set ldexe [string range $ld 0 $ldparm]
> + }
> + if {$ldexe != "$objdir/ld-new"} {
> untested $testname
> continue
> }
> --
> 2.3.0
>
You can't do this way since not all linkers allow -z relro.
--
H.J.