The summary says it all. This may need static linker support in binutils.
I created hjl/pie/static branch to add a configure option, --enable-static-pie, to built static PIE. It works on i686 and x86-64 with binutils 2.29. Static PIE requires: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 Binutils 2.29 or above are OK for x86-64. But linker status for other targets need to be verified.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 54a6ea8dca4a8007925509e5062dad58ad372503 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54a6ea8dca4a8007925509e5062dad58ad372503 commit 54a6ea8dca4a8007925509e5062dad58ad372503 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=06c90ff31c731f5e9c3d24e760781f18e087c3d6 commit 06c90ff31c731f5e9c3d24e760781f18e087c3d6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Sep 29 01:07:53 2017 -0700 tile: Check SHARED instead PIC for SYSCALL_ERROR_NAME For static PIE code, PIC is defined and SHARED is undefined. We should check SHARED instead PIC for SYSCALL_ERROR_NAME. * sysdeps/unix/sysv/linux/tile/sysdep.h (SYSCALL_ERROR_NAME): Check SHARED instead PIC. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f53e358df7532a9f8e8537914f82ceae020e9c49 commit f53e358df7532a9f8e8537914f82ceae020e9c49 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3242c259949f625970d4cb39260958386eae3a6b commit 3242c259949f625970d4cb39260958386eae3a6b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2596f9a1ef039f01093ab12e722a80ba82d49a34 commit 2596f9a1ef039f01093ab12e722a80ba82d49a34 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f6f3d1b97329b69e7e791d5f9966f5a112aa1d3 commit 5f6f3d1b97329b69e7e791d5f9966f5a112aa1d3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=53518afc4d43e3d99f7db5399d1588f757128857 commit 53518afc4d43e3d99f7db5399d1588f757128857 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2fcb20f193be0c02a71e52959059cb9df7dfc3a9 commit 2fcb20f193be0c02a71e52959059cb9df7dfc3a9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:59:00 2017 -0700 tile: Update elf_machine_load_address for static PIE tile uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/tile/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d4febf8a4f48083bf5cd20ac46f636e24e5497d9 commit d4febf8a4f48083bf5cd20ac46f636e24e5497d9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:57:09 2017 -0700 sparc: Update elf_machine_load_address for static PIE sparc uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/sparc/sparc32/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. * sysdeps/sparc/sparc64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=33c40ab8b1bf1f47b53f8908163e3a2eaa577c35 commit 33c40ab8b1bf1f47b53f8908163e3a2eaa577c35 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=adbdf586e7de0bfc248481249eaaa44e16445466 commit adbdf586e7de0bfc248481249eaaa44e16445466 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97457b7992475cd80cef4d709cd10df205703562 commit 97457b7992475cd80cef4d709cd10df205703562 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:51:41 2017 -0700 powerpc32: Update elf_machine_load_address for static PIE powerpc32 uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7538a7874c483fcf075779152cbca7d51ff1277c commit 7538a7874c483fcf075779152cbca7d51ff1277c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:50:10 2017 -0700 nios2: Update elf_machine_load_address for static PIE nios2 uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/nios2/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ba237e4b9c3456617dc0d9fd2f43b0ca2726f8c4 commit ba237e4b9c3456617dc0d9fd2f43b0ca2726f8c4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:47:20 2017 -0700 microblaze: Update elf_machine_load_address for static PIE microblaze uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/microblaze/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b47111243c4581e1171474672a4c26e2e200b41c commit b47111243c4581e1171474672a4c26e2e200b41c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f44bbea33bae18ce17acee9f09538803c099fad commit 0f44bbea33bae18ce17acee9f09538803c099fad Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:44:46 2017 -0700 ia64: Update elf_machine_load_address for static PIE ia64 uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/ia64/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3994c3090a0026ff9c430c6dc0284133df017b67 commit 3994c3090a0026ff9c430c6dc0284133df017b67 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:42:18 2017 -0700 hppa: Update elf_machine_load_address for static PIE hppa uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/hppa/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec465b0fc04cf2e4020b8ee898b63ba8350b095c commit ec465b0fc04cf2e4020b8ee898b63ba8350b095c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9783b57f4852d8d7f79ff1f4b2d5240f5fa4d6e6 commit 9783b57f4852d8d7f79ff1f4b2d5240f5fa4d6e6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Aug 22 15:37:10 2017 -0700 Don't use hidden visibility in libc.a with PIE on i386 On i386, when multi-arch is enabled, all external functions must be called via PIC PLT in PIE, which requires setting up EBX register, since they may be IFUNC functions. * config.h.in (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New. * include/libc-symbols.h (__hidden_proto_hiddenattr): Add check for PIC and NO_HIDDEN_EXTERN_FUNC_IN_PIE. * sysdeps/i386/configure.ac (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New AC_DEFINE if multi-arch is enabled. * sysdeps/i386/configure: Regenerated. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e4b0d965b31762dee691e663df6e4db339a150dd commit e4b0d965b31762dee691e663df6e4db339a150dd Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, arm, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, arm, hppa, ia64, m68k, microblaze, mips, nios2, powerpc, s390, sh, sparc and tile. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 Binutils 2.29 or above are OK for x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. [BZ #19574] * INSTALL: Regenerated. * Makeconfig (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Add $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * elf/dl-support.c: Include "dynamic-link.h" and don't include "get-dynamic-info.h" for --enable-static-pie. (_dl_relocate_static_pie): New function for --enable-static-pie. (STATIC_PIE_BOOTSTRAP): New for --enable-static-pie. (BOOTSTRAP_MAP): Likewise. (RESOLVE_MAP): Likewise. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/x86_64/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure: Regenerated. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=029e1197a4e0ace7a0ad18a00540d114926a524b commit 029e1197a4e0ace7a0ad18a00540d114926a524b Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Sep 29 01:09:48 2017 -0700 ld.so: Replace (&bootstrap_map) with BOOTSTRAP_MAP (&_dl_main_map) is used instead of (&bootstrap_map) to bootstrap static PIE. Define BOOTSTRAP_MAP with (&_dl_main_map) to avoid hardcode to (&bootstrap_map). * elf/rtld.c (BOOTSTRAP_MAP): New. (RESOLVE_MAP): Replace (&bootstrap_map) with BOOTSTRAP_MAP. * sysdeps/hppa/dl-machine.h (ELF_MACHINE_BEFORE_RTLD_RELOC): Likewise. * sysdeps/ia64/dl-machine.h (ELF_MACHINE_BEFORE_RTLD_RELOC): Likewise. * sysdeps/mips/dl-machine.h (ELF_MACHINE_BEFORE_RTLD_RELOC): Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at cfe0d52782764c4f4d0701985459931b7a579ea8 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cfe0d52782764c4f4d0701985459931b7a579ea8 commit cfe0d52782764c4f4d0701985459931b7a579ea8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d9c5665a6df85479fa9535d912956eefb565739c commit d9c5665a6df85479fa9535d912956eefb565739c Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Sep 29 01:07:53 2017 -0700 tile: Check SHARED instead PIC for SYSCALL_ERROR_NAME For static PIE code, PIC is defined and SHARED is undefined. We should check SHARED instead PIC for SYSCALL_ERROR_NAME. * sysdeps/unix/sysv/linux/tile/sysdep.h (SYSCALL_ERROR_NAME): Check SHARED instead PIC. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79453220daacdf11ec12a44cce831dcd78b92d72 commit 79453220daacdf11ec12a44cce831dcd78b92d72 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e435376ffe41749285ec9f7c2dff0f9beb53becd commit e435376ffe41749285ec9f7c2dff0f9beb53becd Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=871ea1623680c7b236c9a41928638ea3ee0679f0 commit 871ea1623680c7b236c9a41928638ea3ee0679f0 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=86dedca076cb8a64c71209424d2dcc6e76823e76 commit 86dedca076cb8a64c71209424d2dcc6e76823e76 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=82cb35c2e6ecad2a82062aea4834f1684c12bf19 commit 82cb35c2e6ecad2a82062aea4834f1684c12bf19 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4dd595fa8888f31fdfed21c1ece1a4b25f178667 commit 4dd595fa8888f31fdfed21c1ece1a4b25f178667 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:59:00 2017 -0700 tile: Update elf_machine_load_address for static PIE tile uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/tile/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0e7446e61030aca7848c9a0fd75ef4454b616ac3 commit 0e7446e61030aca7848c9a0fd75ef4454b616ac3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:57:09 2017 -0700 sparc: Update elf_machine_load_address for static PIE sparc uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/sparc/sparc32/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. * sysdeps/sparc/sparc64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34c3eb56717ff903808e112e9898cf2fa395dbb7 commit 34c3eb56717ff903808e112e9898cf2fa395dbb7 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b15a9995a23a588a8dc7b3948947c4be3a811176 commit b15a9995a23a588a8dc7b3948947c4be3a811176 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9d68ebe8eb3d2cee5f7d9aae7b3d198a861e4bbf commit 9d68ebe8eb3d2cee5f7d9aae7b3d198a861e4bbf Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:51:41 2017 -0700 powerpc32: Update elf_machine_load_address for static PIE powerpc32 uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e819917600a4a5fd2c751739e1ee42b28f9644d commit 5e819917600a4a5fd2c751739e1ee42b28f9644d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:50:10 2017 -0700 nios2: Update elf_machine_load_address for static PIE nios2 uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/nios2/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=358575f2c530d7dcc680204ccf87e7cf6c071906 commit 358575f2c530d7dcc680204ccf87e7cf6c071906 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:47:20 2017 -0700 microblaze: Update elf_machine_load_address for static PIE microblaze uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/microblaze/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d876d0384e07170a3c3ac1bf49030c817dcb8781 commit d876d0384e07170a3c3ac1bf49030c817dcb8781 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e78ad9e38d4df5210818588bafa861490efa613c commit e78ad9e38d4df5210818588bafa861490efa613c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:44:46 2017 -0700 ia64: Update elf_machine_load_address for static PIE ia64 uses a local label to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/ia64/dl-machine.h (elf_machine_dynamic): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=870ac9f7969d4de7974cf64f8805c05b3c66ea06 commit 870ac9f7969d4de7974cf64f8805c05b3c66ea06 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:42:18 2017 -0700 hppa: Update elf_machine_load_address for static PIE hppa uses _DYNAMIC to compute load address, which works with static PIE. We just need to return 0 if _DYNAMIC is undefined for static executable. * sysdeps/hppa/dl-machine.h (elf_machine_load_address): Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e6c987785f992abbf0e56ac2e48bc90ec235714 commit 5e6c987785f992abbf0e56ac2e48bc90ec235714 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. Return 0 if _DYNAMIC is undefined for static executable. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7f8f74e82dc8427be97211c8383757952b747e3 commit c7f8f74e82dc8427be97211c8383757952b747e3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Aug 22 15:37:10 2017 -0700 Don't use hidden visibility in libc.a with PIE on i386 On i386, when multi-arch is enabled, all external functions must be called via PIC PLT in PIE, which requires setting up EBX register, since they may be IFUNC functions. * config.h.in (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New. * include/libc-symbols.h (__hidden_proto_hiddenattr): Add check for PIC and NO_HIDDEN_EXTERN_FUNC_IN_PIE. * sysdeps/i386/configure.ac (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New AC_DEFINE if multi-arch is enabled. * sysdeps/i386/configure: Regenerated. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9f807af3b78dc14c8d6bfa87d27efa77dc72ec82 commit 9f807af3b78dc14c8d6bfa87d27efa77dc72ec82 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, arm, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, arm, hppa, ia64, m68k, microblaze, mips, nios2, powerpc, s390, sh, sparc and tile. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. [BZ #19574] * INSTALL: Regenerated. * Makeconfig (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Add $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * elf/dl-support.c: Include "dynamic-link.h" and don't include "get-dynamic-info.h" for --enable-static-pie. (_dl_relocate_static_pie): New function for --enable-static-pie. (STATIC_PIE_BOOTSTRAP): New for --enable-static-pie. (BOOTSTRAP_MAP): Likewise. (RESOLVE_MAP): Likewise. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f84d2c7c3988ac6f89d6e3dbde5ffffde4c538f5 commit f84d2c7c3988ac6f89d6e3dbde5ffffde4c538f5 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 06:54:54 2017 -0700 i386: Use "movl main@GOT(%ebx), %eax" in start.S Don't use "leal main@GOTOFF(%ebx), %eax" since main may be in a shared object. Linker will convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. * sysdeps/i386/start.S: Replace "leal main@GOT(%ebx), %eax" with "movl main@GOTOFF(%ebx), %eax". https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=67e8204d4812c54d3e48abb9860f2a1ec7049f46 commit 67e8204d4812c54d3e48abb9860f2a1ec7049f46 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 06:48:11 2017 -0700 Add a test for main () in a shared object Verify that crt1.o can be used with main () in a shared object. * elf/Makefile (tests): Add tst-main1. (modules-names): Add tst-main1mod. ($(objpfx)tst-main1): New. (CRT-tst-main1): Likewise. (LDFLAGS-tst-main1): Likewise. (LDLIBS-tst-main1): Likewise. (tst-main1mod.so-no-z-defs): Likewise. * elf/tst-main1.c: New file. * elf/tst-main1mod.c: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 64d957024bd253920061cc4c75ddf1287e42c17b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=64d957024bd253920061cc4c75ddf1287e42c17b commit 64d957024bd253920061cc4c75ddf1287e42c17b Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 17:35:17 2017 -0700 Fix --enable-static-pie https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8be686b5d2149f04b2328d0b3d1f6fbe40e4e47f commit 8be686b5d2149f04b2328d0b3d1f6fbe40e4e47f Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 17:11:55 2017 -0700 test-math-iscanonical.cc: Replace bool with int Fix GCC 7 compilation error: test-math-iscanonical.cc: In function ‘void check_type()’: test-math-iscanonical.cc:33:11: error: use of an operand of type ‘bool’ in ‘operator++’ is deprecated [-Werror=deprecated] errors++; ^~ * math/test-math-iscanonical.cc (error): Replace bool with int. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7dbd6f4b7e299a6448838ac2d33d2340eddc3f8f commit 7dbd6f4b7e299a6448838ac2d33d2340eddc3f8f Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 16:43:10 2017 -0700 Fix Use $(DEFAULT-LDFLAGS-$(@F)) in +link-static-before-libc https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=26dba541029a992ec3bc28db72c261ca92fff62b commit 26dba541029a992ec3bc28db72c261ca92fff62b Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 16:05:59 2017 -0700 Update dl-reloc-static-pie.c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f429fe0f1c7a5d16dec356cfa4c7bbca39b9f11 commit 6f429fe0f1c7a5d16dec356cfa4c7bbca39b9f11 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 16:04:03 2017 -0700 Add dl-reloc-static-pie.c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=86ffc842702faea44f7b3ebf76fac99bf326fcbc commit 86ffc842702faea44f7b3ebf76fac99bf326fcbc Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8fd5b03471befddc3cdbed00d7db54298660023 commit a8fd5b03471befddc3cdbed00d7db54298660023 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b4a008a2de115f102d1ea4a62f50ac17bda2692c commit b4a008a2de115f102d1ea4a62f50ac17bda2692c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=26980a9466847ff15bff60a9a36498da1c7f5d46 commit 26980a9466847ff15bff60a9a36498da1c7f5d46 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3c6968d9f5b7b47e1099b090239d6d240b8cad52 commit 3c6968d9f5b7b47e1099b090239d6d240b8cad52 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9a98e37b67d6a1ae6eb499b0c9dd23b664a1e165 commit 9a98e37b67d6a1ae6eb499b0c9dd23b664a1e165 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfa19eda45eefa5f6b2845f42ef8146cee30828d commit dfa19eda45eefa5f6b2845f42ef8146cee30828d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=761b339e1530aae4fa43d3b5972d6b6d980ced71 commit 761b339e1530aae4fa43d3b5972d6b6d980ced71 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4209ccbd250c858db5972bad8eef985d0e558d02 commit 4209ccbd250c858db5972bad8eef985d0e558d02 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42b7a7665875ae3e8cabd1ab53379357509d490c commit 42b7a7665875ae3e8cabd1ab53379357509d490c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3b2185725b349597a399116010960520097f255 commit c3b2185725b349597a399116010960520097f255 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Aug 22 15:37:10 2017 -0700 Don't use hidden visibility in libc.a with PIE on i386 On i386, when multi-arch is enabled, all external functions must be called via PIC PLT in PIE, which requires setting up EBX register, since they may be IFUNC functions. * config.h.in (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New. * include/libc-symbols.h (__hidden_proto_hiddenattr): Add check for PIC and NO_HIDDEN_EXTERN_FUNC_IN_PIE. * sysdeps/i386/configure.ac (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New AC_DEFINE if multi-arch is enabled. * sysdeps/i386/configure: Regenerated. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2792d2c0983d9d89569216a4dd5ee5e388c40a40 commit 2792d2c0983d9d89569216a4dd5ee5e388c40a40 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, arm, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, arm, hppa, ia64, m68k, microblaze, mips, nios2, powerpc, s390, sh, sparc and tile. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. [BZ #19574] * INSTALL: Regenerated. * Makeconfig (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Add $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * elf/dl-support.c: Include "dynamic-link.h" and don't include "get-dynamic-info.h" for --enable-static-pie. (_dl_relocate_static_pie): New function for --enable-static-pie. (STATIC_PIE_BOOTSTRAP): New for --enable-static-pie. (BOOTSTRAP_MAP): Likewise. (RESOLVE_MAP): Likewise. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d73532f5636be52b6445be9d0a2eafee5f4ba24 commit 4d73532f5636be52b6445be9d0a2eafee5f4ba24 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 06:54:54 2017 -0700 i386: Use "movl main@GOT(%ebx), %eax" in start.S Don't use "leal main@GOTOFF(%ebx), %eax" since main may be in a shared object. Linker will convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. * sysdeps/i386/start.S: Replace "leal main@GOT(%ebx), %eax" with "movl main@GOTOFF(%ebx), %eax". https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6e0cd13bf81411f222810240328aa03b2313a966 commit 6e0cd13bf81411f222810240328aa03b2313a966 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 06:48:11 2017 -0700 Add a test for main () in a shared object Verify that crt1.o can be used with main () in a shared object. * elf/Makefile (tests): Add tst-main1. (modules-names): Add tst-main1mod. ($(objpfx)tst-main1): New. (CRT-tst-main1): Likewise. (LDFLAGS-tst-main1): Likewise. (LDLIBS-tst-main1): Likewise. (tst-main1mod.so-no-z-defs): Likewise. * elf/tst-main1.c: New file. * elf/tst-main1mod.c: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42bbc3513379917d1760a7f60e347cc91b565fb9 commit 42bbc3513379917d1760a7f60e347cc91b565fb9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 14:35:52 2017 -0700 Revert x86: Allow undefined _DYNAMIC in static executable This code is used in non-PIE static executable and static PIE. It checks if _DYNAMIC is undefined before using it to compute load address. But not all targets can convert access _DYNAMIC via GOT, which needs dynamic relocation, to PC-relative at link-time. * sysdeps/i386/dl-machine.h (elf_machine_load_address): Don't allow undefined _DYNAMIC in PIE libc.a. * sysdeps/x86_64/dl-machine.h (elf_machine_load_address): Likewse. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f3ce7fc4381fa522634755950d36ef870dc594e commit 6f3ce7fc4381fa522634755950d36ef870dc594e Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 15:40:34 2017 -0700 mips: Don't check _DYNAMIC in elf_machine_load_address Since mips can't convert access _DYNAMIC via GOT, which needs dynamic relocation, to PC-relative at link-time, don't check _DYNAMIC in elf_machine_load_address. * sysdeps/mips/dl-machine.h (elf_machine_load_address): Don't check _DYNAMIC. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0bf96e84ef82eba764b729c6946b482d8b8a839f commit 0bf96e84ef82eba764b729c6946b482d8b8a839f Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 15:36:22 2017 -0700 arm: Don't check _DYNAMIC in elf_machine_load_address Since arm can't convert access _DYNAMIC via GOT, which needs dynamic relocation, to PC-relative at link-time, don't check _DYNAMIC in elf_machine_load_address. * sysdeps/arm/dl-machine.h (elf_machine_load_address): Don't check _DYNAMIC. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ff3d69aa407f815c1ddc3623ae045dde55f2b7f commit 4ff3d69aa407f815c1ddc3623ae045dde55f2b7f Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 15:02:19 2017 -0700 Use $(DEFAULT-LDFLAGS-$(@F)) in +link-static-before-libc Use $(LDFLAGS-$(@F)) with tst-tls1-static-non-pie may not be sufficient when static PIE is built by default. Use $(DEFAULT-LDFLAGS-$(@F)) in +link-static-before-libc to make sure that tst-tls1-static-non-pie is always built as non-PIE static executable. * Makeconfig (+link-static-before-libc): Use $(DEFAULT-LDFLAGS-$(@F)). * elf/Makefile (LDFLAGS-tst-tls1-static-non-pie): Renamed to ... (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): This. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at ab0809ccface7f63fd4f0e055c677e77b2d01008 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ab0809ccface7f63fd4f0e055c677e77b2d01008 commit ab0809ccface7f63fd4f0e055c677e77b2d01008 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=642c130061bf0a2e35943a88a63ae90de86abf89 commit 642c130061bf0a2e35943a88a63ae90de86abf89 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8c3c555b62e91fcdb3065805c12053e991553a2d commit 8c3c555b62e91fcdb3065805c12053e991553a2d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b354f7c233d1d859b10e7b086bc145313604222c commit b354f7c233d1d859b10e7b086bc145313604222c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c8ce29efb2808b1ada02b5a0206722476080aa95 commit c8ce29efb2808b1ada02b5a0206722476080aa95 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=749617e6ba915234313d2879d2b8ae267ae90171 commit 749617e6ba915234313d2879d2b8ae267ae90171 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e942ecd67439b7d2c071fad571b30aa9f6dc9652 commit e942ecd67439b7d2c071fad571b30aa9f6dc9652 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=64eac2bc887b9fbc420de6234a88ab8ca23c20a0 commit 64eac2bc887b9fbc420de6234a88ab8ca23c20a0 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ddb52a88b25e2a8b36074930cd1e1cff6b1c8c2 commit 4ddb52a88b25e2a8b36074930cd1e1cff6b1c8c2 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=460ec96cf757b9b3e472cf06398716e8fa8bbe9d commit 460ec96cf757b9b3e472cf06398716e8fa8bbe9d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=658c5c67ee1716a555a3c56edc97eeedea98eb3b commit 658c5c67ee1716a555a3c56edc97eeedea98eb3b Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Aug 22 15:37:10 2017 -0700 Don't use hidden visibility in libc.a with PIE on i386 On i386, when multi-arch is enabled, all external functions must be called via PIC PLT in PIE, which requires setting up EBX register, since they may be IFUNC functions. * config.h.in (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New. * include/libc-symbols.h (__hidden_proto_hiddenattr): Add check for PIC and NO_HIDDEN_EXTERN_FUNC_IN_PIE. * sysdeps/i386/configure.ac (NO_HIDDEN_EXTERN_FUNC_IN_PIE): New AC_DEFINE if multi-arch is enabled. * sysdeps/i386/configure: Regenerated. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=87cef0df3062b7fe6a2b2e52d726ffd6271504e1 commit 87cef0df3062b7fe6a2b2e52d726ffd6271504e1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (all-static-start-installed-names): New. (extra-objs): Use it. (omit-deps): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o. ($(objpfx)$(start-installed-name)): Include $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_main_map): Make it hidden global. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ab38a8b89415d4ca59d46ff5a036859a3918a1e commit 5ab38a8b89415d4ca59d46ff5a036859a3918a1e Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 06:48:11 2017 -0700 Add a test for main () in a shared object Verify that crt1.o can be used with main () in a shared object. * elf/Makefile (tests): Add tst-main1. (modules-names): Add tst-main1mod. ($(objpfx)tst-main1): New. (CRT-tst-main1): Likewise. (LDFLAGS-tst-main1): Likewise. (LDLIBS-tst-main1): Likewise. (tst-main1mod.so-no-z-defs): Likewise. * elf/tst-main1.c: New file. * elf/tst-main1mod.c: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a0b9dd6c93d349722f7266aac8e5f27686b8cbbe commit a0b9dd6c93d349722f7266aac8e5f27686b8cbbe Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Oct 3 15:02:19 2017 -0700 Use $(DEFAULT-LDFLAGS-$(@F)) in +link-static-before-libc Use $(LDFLAGS-$(@F)) with tst-tls1-static-non-pie may not be sufficient when static PIE is built by default. Use $(DEFAULT-LDFLAGS-$(@F)) in +link-static-before-libc to make sure that tst-tls1-static-non-pie is always built as non-PIE static executable and make sure that crt1.o is used with tst-tls1-static-non-pie. * Makeconfig (+link-static-before-libc): Use $(DEFAULT-LDFLAGS-$(@F)). * elf/Makefile (CRT-tst-tls1-static-non-pie): New. (LDFLAGS-tst-tls1-static-non-pie): Renamed to ... (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): This. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at fdcd654de6a9157b8fe5a5d3ebc4010727d885fe (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fdcd654de6a9157b8fe5a5d3ebc4010727d885fe commit fdcd654de6a9157b8fe5a5d3ebc4010727d885fe Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a305cebf497d8ba006dd4dd9a913184cbc6efc4b commit a305cebf497d8ba006dd4dd9a913184cbc6efc4b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=998b75b5a06324473fa13f44384466056792d96b commit 998b75b5a06324473fa13f44384466056792d96b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1b8027262864bf8fccc9e8fc0d7526bd2e27760 commit f1b8027262864bf8fccc9e8fc0d7526bd2e27760 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f4a80fea9d091b58421b2cf0f5b9cee15667bcc1 commit f4a80fea9d091b58421b2cf0f5b9cee15667bcc1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=de133a5edbc640de98dbb75000bbecb06ef54dd3 commit de133a5edbc640de98dbb75000bbecb06ef54dd3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=72eaf5f48e60ab1361958a8d926fec451c1abbd4 commit 72eaf5f48e60ab1361958a8d926fec451c1abbd4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e43e61ddb410f86c65eeff36ef71f284d53e33c commit 4e43e61ddb410f86c65eeff36ef71f284d53e33c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7f3e02e5cdf9bba70381bcb732c1060f61b1dfcd commit 7f3e02e5cdf9bba70381bcb732c1060f61b1dfcd Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd9e7ad5513910c796b610f4abd9a218ee89b477 commit bd9e7ad5513910c796b610f4abd9a218ee89b477 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcfcd615fe4283371172f02ef87db4dbbf2f6e80 commit bcfcd615fe4283371172f02ef87db4dbbf2f6e80 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (all-static-start-installed-names): New. (extra-objs): Use it. (omit-deps): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o. ($(objpfx)$(start-installed-name)): Include $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_main_map): Make it hidden global. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at f587daf25136646a5a2de01c04814c930f0897c7 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f587daf25136646a5a2de01c04814c930f0897c7 commit f587daf25136646a5a2de01c04814c930f0897c7 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ee7525f8edc4907f70e0eb905957e8eca6bd099 commit 3ee7525f8edc4907f70e0eb905957e8eca6bd099 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3969f58b55fb6d7b051b7666bf172515a6291ae2 commit 3969f58b55fb6d7b051b7666bf172515a6291ae2 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b0286374c12aedd127a625a931c8269b2e0a9ae1 commit b0286374c12aedd127a625a931c8269b2e0a9ae1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d32b55506513141311444cdf3e1a1d382e93552a commit d32b55506513141311444cdf3e1a1d382e93552a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ffc326a9bb88a7111327db0bb581cf04feb50ceb commit ffc326a9bb88a7111327db0bb581cf04feb50ceb Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=938f1fb2c52412a395148d9e62aabe5e5e296735 commit 938f1fb2c52412a395148d9e62aabe5e5e296735 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1b8670104f21dbd639ccba92ea838c60d07a24c8 commit 1b8670104f21dbd639ccba92ea838c60d07a24c8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=db977155c5f038581905db2267fe67e435c14bce commit db977155c5f038581905db2267fe67e435c14bce Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4edf60fa32443d077de566e0c67b74a60a2b5c01 commit 4edf60fa32443d077de566e0c67b74a60a2b5c01 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=63696fa1d8b2d152b10540639e2eaa78f48c86c8 commit 63696fa1d8b2d152b10540639e2eaa78f48c86c8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a: https://sourceware.org/bugzilla/show_bug.cgi?id=20179 FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. Don't add gPcrt1.o. (extra-objs): Add static-reloc.o. ($(objpfx)$(start-installed-name)): Include $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_main_map): Make it hidden global. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 1533643281aceac6c0e4fc8c5fc23bb4d8231d84 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1533643281aceac6c0e4fc8c5fc23bb4d8231d84 commit 1533643281aceac6c0e4fc8c5fc23bb4d8231d84 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f01b79354b15c74ceb608b2adba100945462b0d3 commit f01b79354b15c74ceb608b2adba100945462b0d3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8d35ee5c352f1dc8462b52a1736c381c6870f8a commit a8d35ee5c352f1dc8462b52a1736c381c6870f8a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3dcd7e147ff5e5f071d176f725829f290d8a380d commit 3dcd7e147ff5e5f071d176f725829f290d8a380d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9c0188668b358927a11d072cae14931f65e6f29a commit 9c0188668b358927a11d072cae14931f65e6f29a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cb10c792647cb2bb3e9f0d4503ce602671e9d570 commit cb10c792647cb2bb3e9f0d4503ce602671e9d570 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=39abed4674273ced1adce7f85d5ba47ca73d1274 commit 39abed4674273ced1adce7f85d5ba47ca73d1274 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f256161edd3d97736e114ba24e6ecdc091cd143b commit f256161edd3d97736e114ba24e6ecdc091cd143b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6989f9b7be76e467fa00819b059d746e7fe342a6 commit 6989f9b7be76e467fa00819b059d746e7fe342a6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d192dfe91049b1fd9e35470bc33242b42062ac80 commit d192dfe91049b1fd9e35470bc33242b42062ac80 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc4e128babe69ab9f179653ebc24825cc73555ab commit dc4e128babe69ab9f179653ebc24825cc73555ab Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=20179 FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. Don't add gPcrt1.o. (extra-objs): Add static-reloc.o. ($(objpfx)$(start-installed-name)): Include $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 20b5568fd1e0f94ec3358a024f1bdc3acec5c195 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20b5568fd1e0f94ec3358a024f1bdc3acec5c195 commit 20b5568fd1e0f94ec3358a024f1bdc3acec5c195 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ee1f4a17675959c681f088dae9c723d0d362978 commit 5ee1f4a17675959c681f088dae9c723d0d362978 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1b379e22b303026fa7c3216844a19ce7c295bfd1 commit 1b379e22b303026fa7c3216844a19ce7c295bfd1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f575bd427daabbedc086fc1875809835d74e9b5b commit f575bd427daabbedc086fc1875809835d74e9b5b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=edc98938fdbeba433898230d0f2efe6226845d60 commit edc98938fdbeba433898230d0f2efe6226845d60 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2e26361b875d2f85cc114d500c5d1b48a419196d commit 2e26361b875d2f85cc114d500c5d1b48a419196d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7246ed34f825091e423a8218c1d002dc9af18e94 commit 7246ed34f825091e423a8218c1d002dc9af18e94 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=438dea595bf9e131a237876ae4ad1d0403a991fe commit 438dea595bf9e131a237876ae4ad1d0403a991fe Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=be98cea9155a4c9115ec942fc011ec27a90f932d commit be98cea9155a4c9115ec942fc011ec27a90f932d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0eeced450018376c7745e86261333ef262e76057 commit 0eeced450018376c7745e86261333ef262e76057 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fdf9f41fb0018820fb706935a3029e4c4356d1d9 commit fdf9f41fb0018820fb706935a3029e4c4356d1d9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. Don't add gPcrt1.o. (extra-objs): Add static-reloc.o. ($(objpfx)$(start-installed-name)): Include $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at dc2d3821c24149b6bc1a5917ff53c7b35b40f00f (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc2d3821c24149b6bc1a5917ff53c7b35b40f00f commit dc2d3821c24149b6bc1a5917ff53c7b35b40f00f Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4471f6b5a2b44730da97a2eb73935ff6f5e8a141 commit 4471f6b5a2b44730da97a2eb73935ff6f5e8a141 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1f24e41adc3a142b9edfaa47578ff6465fc3eb3b commit 1f24e41adc3a142b9edfaa47578ff6465fc3eb3b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f926b5e40da52f1feeaade253febe6f9ed72d988 commit f926b5e40da52f1feeaade253febe6f9ed72d988 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2fbf3fd6ddd67e90288b03265221c5a4561281de commit 2fbf3fd6ddd67e90288b03265221c5a4561281de Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=232baff98758cbfe280096ebc09a3afa4d77e170 commit 232baff98758cbfe280096ebc09a3afa4d77e170 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1c00a4d60a7a4ac3d6d3e867c953bcf85b187683 commit 1c00a4d60a7a4ac3d6d3e867c953bcf85b187683 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=352de9d08983de9c06b7e74929d1a466cbb20191 commit 352de9d08983de9c06b7e74929d1a466cbb20191 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=035cc1e670fc0aebd48436b1224a9090b26b6510 commit 035cc1e670fc0aebd48436b1224a9090b26b6510 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=852ba327c44fee88d08a5439c3e1a69616b6ea08 commit 852ba327c44fee88d08a5439c3e1a69616b6ea08 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79362976f48e8661db80304decc8d29a9fc08d20 commit 79362976f48e8661db80304decc8d29a9fc08d20 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=75d3ab88fa26a4576c6cbf1610f493caeaf1136c commit 75d3ab88fa26a4576c6cbf1610f493caeaf1136c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Oct 12 05:25:23 2017 -0700 Add a test for profiling static executable The function, main, is added to profiling output of static executable which must link against gcrt1.o. * Makeconfig (+link-static-before-libc): Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). * gmon/Makefile (tests): Add tst-gmon-static. (tests-static): Likewise. (CFLAGS-tst-gmon-static.c): New. (CRT-tst-gmon-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Likewise. (tst-gmon-static-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static.out): Likewise. (clean-tst-gmon-static-data): Likewise. ($(objpfx)tst-gmon-static-gprof.out): Likewise. * gmon/tst-gmon-static-gprof.sh: New file. * gmon/tst-gmon-static.c: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 1798eb01da55411ce2c74ad0241801c03a1b67e6 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1798eb01da55411ce2c74ad0241801c03a1b67e6 commit 1798eb01da55411ce2c74ad0241801c03a1b67e6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=92709e13be16565c049fae273e480bf6080537ac commit 92709e13be16565c049fae273e480bf6080537ac Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02371ebc45799726f0cd61539859a89a5a92f168 commit 02371ebc45799726f0cd61539859a89a5a92f168 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=70223be575626b16969241ea2b869f8d9659f2d4 commit 70223be575626b16969241ea2b869f8d9659f2d4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=99dd76116c3d50007bec9d0e12540de8865a6676 commit 99dd76116c3d50007bec9d0e12540de8865a6676 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=51e266da208f90754a236154479295e9408790dd commit 51e266da208f90754a236154479295e9408790dd Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=62b05f154471fd11e08303e0380e0118873760ab commit 62b05f154471fd11e08303e0380e0118873760ab Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=088b6db3931fe144b34ee206f319069b2eb5fffe commit 088b6db3931fe144b34ee206f319069b2eb5fffe Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5694e48f4572d5c74aad3c6f1bc404f71ee287e9 commit 5694e48f4572d5c74aad3c6f1bc404f71ee287e9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e1664641e0807239bbcccd460e174a558f6c7cbc commit e1664641e0807239bbcccd460e174a558f6c7cbc Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=83e95a0f4d5450816b968d04f846465caa6d511b commit 83e95a0f4d5450816b968d04f846465caa6d511b Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=75d3ab88fa26a4576c6cbf1610f493caeaf1136c commit 75d3ab88fa26a4576c6cbf1610f493caeaf1136c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Oct 12 05:25:23 2017 -0700 Add a test for profiling static executable The function, main, is added to profiling output of static executable which must link against gcrt1.o. * Makeconfig (+link-static-before-libc): Use the first of $(CRT-$(@F)) and $(csu-objpfx)$(static-start-installed-name). * gmon/Makefile (tests): Add tst-gmon-static. (tests-static): Likewise. (CFLAGS-tst-gmon-static.c): New. (CRT-tst-gmon-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Likewise. (tst-gmon-static-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static.out): Likewise. (clean-tst-gmon-static-data): Likewise. ($(objpfx)tst-gmon-static-gprof.out): Likewise. * gmon/tst-gmon-static-gprof.sh: New file. * gmon/tst-gmon-static.c: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 5687269ac5678cd81bec5c499489d2d06b3de370 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5687269ac5678cd81bec5c499489d2d06b3de370 commit 5687269ac5678cd81bec5c499489d2d06b3de370 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ca42267a57d207e3faa43565980caf535c993b79 commit ca42267a57d207e3faa43565980caf535c993b79 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ea9f0adf0fe73ff440492e97cd7879eb7a0faba commit 4ea9f0adf0fe73ff440492e97cd7879eb7a0faba Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=156e571d5b67344287171315ec26b009ee0350a9 commit 156e571d5b67344287171315ec26b009ee0350a9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d703101ae24c4910acb5dc36e56587c75a7ff985 commit d703101ae24c4910acb5dc36e56587c75a7ff985 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cb3725e1c33dca4618ae73d133b05bca13c74cb6 commit cb3725e1c33dca4618ae73d133b05bca13c74cb6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a2542bb2c770fcb3ac15bb57a3a5f041cb371266 commit a2542bb2c770fcb3ac15bb57a3a5f041cb371266 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdd2dfd7aef88ab7c019687adef43c3907630441 commit bdd2dfd7aef88ab7c019687adef43c3907630441 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1eddd1bf12e71339c72425d4769a4ff2ed6c5531 commit 1eddd1bf12e71339c72425d4769a4ff2ed6c5531 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4335ebe65f4b6836f54a4e0e03fc98c7ef057eef commit 4335ebe65f4b6836f54a4e0e03fc98c7ef057eef Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:36:33 2017 -0700 aarch64: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=07dddabe06d9e4cdb08c8ff5cf271c98c446db35 commit 07dddabe06d9e4cdb08c8ff5cf271c98c446db35 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 5604b6622844968ea9a9f6f229eac852b3c21662 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5604b6622844968ea9a9f6f229eac852b3c21662 commit 5604b6622844968ea9a9f6f229eac852b3c21662 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=936d3eb5e6c68e5c7a3513f503d62bfb739ee961 commit 936d3eb5e6c68e5c7a3513f503d62bfb739ee961 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=455873e055731137522786330c9d3f07d77b0360 commit 455873e055731137522786330c9d3f07d77b0360 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=122fb81b591154163443332cb7a47bb1b255a8a1 commit 122fb81b591154163443332cb7a47bb1b255a8a1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:52 2017 -0700 m68k: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/m68k/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f1b549c8286f352464640e7c50d8cb8a0f1608e commit 0f1b549c8286f352464640e7c50d8cb8a0f1608e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=617ffed24038aab4732e4ed2226940aadae9c796 commit 617ffed24038aab4732e4ed2226940aadae9c796 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4725827d1da9ea780a92b8f9b4b6032b4487d02c commit 4725827d1da9ea780a92b8f9b4b6032b4487d02c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bf00010c165ab86e0f8f261a48651bb7c1a39dbf commit bf00010c165ab86e0f8f261a48651bb7c1a39dbf Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=021b64f7d1789d95f271c02e02cd4ebf7f999344 commit 021b64f7d1789d95f271c02e02cd4ebf7f999344 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:46:26 2017 -0700 m68k: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/m68k/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=767b6fecf193b2ba15acca235d03994c765999f5 commit 767b6fecf193b2ba15acca235d03994c765999f5 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 79dd5e20eb6a5ddd4503de356f98e6a5cd7a3ccc (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79dd5e20eb6a5ddd4503de356f98e6a5cd7a3ccc commit 79dd5e20eb6a5ddd4503de356f98e6a5cd7a3ccc Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ac33cf9a74b9a12e368acc65125c7e0896cf427 commit 4ac33cf9a74b9a12e368acc65125c7e0896cf427 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4006465d7049d6f52918ee1065cb19011890a997 commit 4006465d7049d6f52918ee1065cb19011890a997 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60eb65d3213aa35aca10b896fd061d02a30e5eaa commit 60eb65d3213aa35aca10b896fd061d02a30e5eaa Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=034cabd1d6d525ec6edc738458ecb175ed6cae9e commit 034cabd1d6d525ec6edc738458ecb175ed6cae9e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1ca915eedd3b2628abfd45fbde30a4693ee14bb7 commit 1ca915eedd3b2628abfd45fbde30a4693ee14bb7 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=401348d7ab877b5f2f6122e72565e96d9ece0747 commit 401348d7ab877b5f2f6122e72565e96d9ece0747 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7a0b60277ee14e5ecfea590878877384b5034948 commit 7a0b60277ee14e5ecfea590878877384b5034948 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, m68k, s390 and sh. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 26282c7784ad9b005982df008e355682b688fc13 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=26282c7784ad9b005982df008e355682b688fc13 commit 26282c7784ad9b005982df008e355682b688fc13 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fd2dbfaf15b30e4f1add5523dc511035496a9f73 commit fd2dbfaf15b30e4f1add5523dc511035496a9f73 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fb30814d1f7530d284200c8136d06d871738257 commit 6fb30814d1f7530d284200c8136d06d871738257 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f34c50d6a3022ef8b69ef694ce8d808e03aa1616 commit f34c50d6a3022ef8b69ef694ce8d808e03aa1616 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7a946f032ec27bf66db8617bdd4dc6351849e8dc commit 7a946f032ec27bf66db8617bdd4dc6351849e8dc Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c868a9831b5135415d315bfc1154f56f1203bbca commit c868a9831b5135415d315bfc1154f56f1203bbca Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e01ba3e5a9915128d685bdc0f69a0bf3830e2e6b commit e01ba3e5a9915128d685bdc0f69a0bf3830e2e6b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2a6918d561f61a82747378bb6de1249c571fb4f1 commit 2a6918d561f61a82747378bb6de1249c571fb4f1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are mode for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. Pcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. gPcrt1.o is also added to create static PIE with -pg. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `P' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add P$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)P$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at ae2bf5e2f8b932d8aad62d6bfa4486761e7a8b1e (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ae2bf5e2f8b932d8aad62d6bfa4486761e7a8b1e commit ae2bf5e2f8b932d8aad62d6bfa4486761e7a8b1e Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=386c5da2a85db6f7a012a9c6dab38bd076f4baf0 commit 386c5da2a85db6f7a012a9c6dab38bd076f4baf0 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=661a5d9f031b66f5243855a04db4b7c2273872a7 commit 661a5d9f031b66f5243855a04db4b7c2273872a7 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=51df41e2a90d544fa9c4b83aebbf855449cb52f6 commit 51df41e2a90d544fa9c4b83aebbf855449cb52f6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=956d71e8dcc68df9dea334004eda784b53923088 commit 956d71e8dcc68df9dea334004eda784b53923088 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5217534e01bf6bd272d043799c7ade635c1e928a commit 5217534e01bf6bd272d043799c7ade635c1e928a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=201cca38da8a23609c93e8f3986d3a55ba6a842a commit 201cca38da8a23609c93e8f3986d3a55ba6a842a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b2aa8907043bdd8048647be22ab9a339f1934b49 commit b2aa8907043bdd8048647be22ab9a339f1934b49 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. The names of rcrt1.o/grcrt1.o are chosen to be consistent with musl libc and OpenBSD: https://gcc.gnu.org/ml/gcc/2015-06/msg00008.html The corresponding patch for GCC 8 is at https://gcc.gnu.org/ml/gcc-patches/2017-11/msg00247.html Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 462bca4d9c24dd7fc746a82cb2bccad99ca19e9d (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=462bca4d9c24dd7fc746a82cb2bccad99ca19e9d commit 462bca4d9c24dd7fc746a82cb2bccad99ca19e9d Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd010e3269bee4af9798d61f9aac885dc9e644eb commit bd010e3269bee4af9798d61f9aac885dc9e644eb Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1d6ab8fc05cdeee0a9852ace3efbf65470dbb1f6 commit 1d6ab8fc05cdeee0a9852ace3efbf65470dbb1f6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=72e63f872e4c155e24f25852e035a8d4309f60d8 commit 72e63f872e4c155e24f25852e035a8d4309f60d8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=440ab9ce85ceffeb8a883391e43e4123055c11ad commit 440ab9ce85ceffeb8a883391e43e4123055c11ad Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17a0122b6c1a78e3a67ca2101272ed9fa74fa55e commit 17a0122b6c1a78e3a67ca2101272ed9fa74fa55e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5666cc1daa9fcf482a2670ad2af99b09a499cd1a commit 5666cc1daa9fcf482a2670ad2af99b09a499cd1a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11337bccdf52ff2dfcf652f46097895d2c65a76e commit 11337bccdf52ff2dfcf652f46097895d2c65a76e Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in statice PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 9f281c50f56a29e64b0e7ffeab93057768f88a0c (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9f281c50f56a29e64b0e7ffeab93057768f88a0c commit 9f281c50f56a29e64b0e7ffeab93057768f88a0c Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=af03eea93838e16f1491df9e8f752b12d961083d commit af03eea93838e16f1491df9e8f752b12d961083d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ed9bf67c24609aa5ea49ebe4d2d45bcff9ed0103 commit ed9bf67c24609aa5ea49ebe4d2d45bcff9ed0103 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ad1fa48080cd9471e88da4a3d1e071f7d834ba25 commit ad1fa48080cd9471e88da4a3d1e071f7d834ba25 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7fe53ba27ebc80e59db49cbb957ec63b0824b131 commit 7fe53ba27ebc80e59db49cbb957ec63b0824b131 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:11:02 2017 -0700 aarch64: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/aarch64/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1d8332577dd1b81e9ddba1b1f6c63cd54a47141e commit 1d8332577dd1b81e9ddba1b1f6c63cd54a47141e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=41836f74fccde80292d80f1e65aff2cd4ab6289e commit 41836f74fccde80292d80f1e65aff2cd4ab6289e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0379d68b6128b8d87c9c00cff4b824052c8db968 commit 0379d68b6128b8d87c9c00cff4b824052c8db968 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on i686 and x86-64. Build results of build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied are PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-hppa-linux-gnu build PASS: glibcs-i486-linux-gnu build PASS: glibcs-i586-linux-gnu build PASS: glibcs-i686-linux-gnu build PASS: glibcs-i686-linux-gnu-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-s390x-linux-gnu build PASS: glibcs-x86_64-linux-gnu build PASS: glibcs-x86_64-linux-gnu-disable-multi-arch build PASS: glibcs-x86_64-linux-gnu-x32 build FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 6e0a8fd45ef08e042d559d9a96680029cde88856 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6e0a8fd45ef08e042d559d9a96680029cde88856 commit 6e0a8fd45ef08e042d559d9a96680029cde88856 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8691ce18075f22c45c6da756a5494e80641f005b commit 8691ce18075f22c45c6da756a5494e80641f005b Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d3af1968fd2ae24854aea6f128ff6d119f5055f8 commit d3af1968fd2ae24854aea6f128ff6d119f5055f8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f005372bf0db683f787bcc3e5f789eb68459309d commit f005372bf0db683f787bcc3e5f789eb68459309d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:12:28 2017 -0700 hppa: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/hppa/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3c3204624fe5e900a50973c74fc83a4b1a6a37a1 commit 3c3204624fe5e900a50973c74fc83a4b1a6a37a1 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b004017ec0322157b4e6a9a363d1d5bb693b6718 commit b004017ec0322157b4e6a9a363d1d5bb693b6718 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7026a79c1f71f5decd135208503fd4186193ffb8 commit 7026a79c1f71f5decd135208503fd4186193ffb8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. On aarch64, binutils master branch with 2 patches: https://sourceware.org/ml/binutils/2017-11/msg00455.html https://sourceware.org/ml/binutils/2017-11/msg00456.html applied is required. build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have many failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0663b4f5994d0817f786e54ca7a896894045b263 commit 0663b4f5994d0817f786e54ca7a896894045b263 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 951b8ac9a2dd6a4a36b939b1e1f47013740e07d8 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=951b8ac9a2dd6a4a36b939b1e1f47013740e07d8 commit 951b8ac9a2dd6a4a36b939b1e1f47013740e07d8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42ec59f560e64d1eec0c1a9b3768ef8d0a660154 commit 42ec59f560e64d1eec0c1a9b3768ef8d0a660154 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=966d45d91d4647c62d3fccb0f7e684a676fdaced commit 966d45d91d4647c62d3fccb0f7e684a676fdaced Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=12df728c40440a0d8420596dcc4c7625cb8be0dd commit 12df728c40440a0d8420596dcc4c7625cb8be0dd Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eaa885503cf44933e959812ba6b90b600cb854d3 commit eaa885503cf44933e959812ba6b90b600cb854d3 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b3c9432386edbd2f57098daa6a2a63780c9d9d63 commit b3c9432386edbd2f57098daa6a2a63780c9d9d63 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. On aarch64, binutils master branch with 2 patches: https://sourceware.org/ml/binutils/2017-11/msg00455.html https://sourceware.org/ml/binutils/2017-11/msg00456.html applied is required. build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have many failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b08f0b7f94a40fd165b44a06346690f5691e77b commit 3b08f0b7f94a40fd165b44a06346690f5691e77b Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 92506a1b7df0ad79179bf6f35e79bcf0ab733710 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=92506a1b7df0ad79179bf6f35e79bcf0ab733710 commit 92506a1b7df0ad79179bf6f35e79bcf0ab733710 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Nov 30 19:36:46 2017 -0800 ASFLAGS-.o += $(pie-default) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a04696ccaa91e53c6bc5804b08a4f516e814addb commit a04696ccaa91e53c6bc5804b08a4f516e814addb Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c72dd4cf1e5f561298f0fefd626300c6d37284cb commit c72dd4cf1e5f561298f0fefd626300c6d37284cb Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=98fcde69d9e9f553f5a24f8f8c382be0a54ce17a commit 98fcde69d9e9f553f5a24f8f8c382be0a54ce17a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8c673406148bf13c094e923c4a679db2097fa80d commit 8c673406148bf13c094e923c4a679db2097fa80d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fe9e9174f5eaf5d8ab554305fec5f19090e0a807 commit fe9e9174f5eaf5d8ab554305fec5f19090e0a807 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17b9efc6492d3ac072e012dcd20575c7219f206e commit 17b9efc6492d3ac072e012dcd20575c7219f206e Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. On aarch64, binutils master branch with 2 patches: https://sourceware.org/ml/binutils/2017-11/msg00455.html https://sourceware.org/ml/binutils/2017-11/msg00456.html applied is required. build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have many failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-mips64el-linux-gnu-n32 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64el-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64el-linux-gnu-n32-soft build FAIL: glibcs-mips64-linux-gnu-n32 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008 build FAIL: glibcs-mips64-linux-gnu-n32-nan2008-soft build FAIL: glibcs-mips64-linux-gnu-n32-soft build FAIL: glibcs-mipsel-linux-gnu build FAIL: glibcs-mipsel-linux-gnu-nan2008 build FAIL: glibcs-mipsel-linux-gnu-nan2008-soft build FAIL: glibcs-mipsel-linux-gnu-soft build FAIL: glibcs-mips-linux-gnu build FAIL: glibcs-mips-linux-gnu-nan2008 build FAIL: glibcs-mips-linux-gnu-nan2008-soft build FAIL: glibcs-mips-linux-gnu-soft build elf/sln is failed to link due to: crt1.o: relocation R_MIPS_HI16 against `_gp' can not be used when making a shared object; recompile with -fPIC This is caused by linker bug and/or non-PIC code in crt1.o. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (static-start-installed-name): Add the `r' prefix for --enable-static-pie. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5281f53b625703785bb6d0507d25f8ff2d25c031 commit 5281f53b625703785bb6d0507d25f8ff2d25c031 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 1d043a3760ab465e9b364a36eccd4b4a7e1a7fc8 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1d043a3760ab465e9b364a36eccd4b4a7e1a7fc8 commit 1d043a3760ab465e9b364a36eccd4b4a7e1a7fc8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a83f5a663e3917c8d78ecc14f1b209557e34cb00 commit a83f5a663e3917c8d78ecc14f1b209557e34cb00 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fee70a13aeef566d94f1484f04d2169df4cb51ad commit fee70a13aeef566d94f1484f04d2169df4cb51ad Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b58a130b0e4f951eb5c31c7750d93ca5b86678df commit b58a130b0e4f951eb5c31c7750d93ca5b86678df Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e2b24b533b865f71c25ba5259f611add8820a22d commit e2b24b533b865f71c25ba5259f611add8820a22d Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2cdcd22264e365a9d7ad03920d7b1cacab252b4a commit 2cdcd22264e365a9d7ad03920d7b1cacab252b4a Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. On aarch64, binutils master branch with 2 patches: https://sourceware.org/ml/binutils/2017-11/msg00455.html https://sourceware.org/ml/binutils/2017-11/msg00456.html applied is required. build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have many failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5281f53b625703785bb6d0507d25f8ff2d25c031 commit 5281f53b625703785bb6d0507d25f8ff2d25c031 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 47dfe8b069b7828aaea067ccf9577c2b481f0314 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=47dfe8b069b7828aaea067ccf9577c2b481f0314 commit 47dfe8b069b7828aaea067ccf9577c2b481f0314 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a61c1c8622da27fdbb73db34b74155eb2a0de6de commit a61c1c8622da27fdbb73db34b74155eb2a0de6de Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2cf0d784855a7173538d73dffb14fb9688d176dc commit 2cf0d784855a7173538d73dffb14fb9688d176dc Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59b20f3720dd5244d5b6fb78a12de2d0b222f975 commit 59b20f3720dd5244d5b6fb78a12de2d0b222f975 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4551c4abcc32d503d79dd254c8df499d617c3eba commit 4551c4abcc32d503d79dd254c8df499d617c3eba Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=07907d70cdb3736049cd69110ee09d8635f7e83a commit 07907d70cdb3736049cd69110ee09d8635f7e83a Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. On aarch64, binutils master branch with 2 patches: https://sourceware.org/ml/binutils/2017-11/msg00455.html https://sourceware.org/ml/binutils/2017-11/msg00456.html applied is required. build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have many failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: libc.a(sched_yield.o): non-pic code with imm relocation against dynamic symbol `_dl_sysinfo' This is caused by non-PIC version of DO_CALL macro in ia64 sysdep.h. PIE libc.a should use PIC version of DO_CALL, except during startup in static PIE. An ia64 startup.h, similar to i386 startup.h, is needed to handle this. FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14242 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Use the first of $(DEFAULT-LDFLAGS-$(@F)) and $(default-pie-ldflag). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (CFLAGS-tst-gmon-static-pie.c): New. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5281f53b625703785bb6d0507d25f8ff2d25c031 commit 5281f53b625703785bb6d0507d25f8ff2d25c031 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at ed724a3d50d9c9cfd2c2440916902080155df160 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ed724a3d50d9c9cfd2c2440916902080155df160 commit ed724a3d50d9c9cfd2c2440916902080155df160 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=802b11b8ee25b4e598f96769024186e0da589b6c commit 802b11b8ee25b4e598f96769024186e0da589b6c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=47214d68c63c1de5be95a9ff259d57d1aad20455 commit 47214d68c63c1de5be95a9ff259d57d1aad20455 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eaf2eee74677f570a8e0e771122190e1b14f6424 commit eaf2eee74677f570a8e0e771122190e1b14f6424 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e5014efcc6428472de2c912ab1f7c97a2352245a commit e5014efcc6428472de2c912ab1f7c97a2352245a Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=86d8013ccc24e4c07fdc6da04dac0448c4f5fc29 commit 86d8013ccc24e4c07fdc6da04dac0448c4f5fc29 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=78ec5648565d9ff0f8bd2c2e64de9cb590f4e7b6 commit 78ec5648565d9ff0f8bd2c2e64de9cb590f4e7b6 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7ffc0d20988284dbfe9b8b74e3b24e060f54ab0f commit 7ffc0d20988284dbfe9b8b74e3b24e060f54ab0f Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 6c4bb28cbcf7de0e201b56763fbc3d065a65871f (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c4bb28cbcf7de0e201b56763fbc3d065a65871f commit 6c4bb28cbcf7de0e201b56763fbc3d065a65871f Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4762c8dd1376e65036d182b03e3601d951882078 commit 4762c8dd1376e65036d182b03e3601d951882078 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a63718639bd9f75a55e53d5693d09fe2221c8821 commit a63718639bd9f75a55e53d5693d09fe2221c8821 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b4e2294124c218b8b4987a636ddcf1fb9321a684 commit b4e2294124c218b8b4987a636ddcf1fb9321a684 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=910c813de8bc8799712e38692cbc49e8adef2aab commit 910c813de8bc8799712e38692cbc49e8adef2aab Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f22f95b0e324e93ce4778dcfba5d637654596e5c commit f22f95b0e324e93ce4778dcfba5d637654596e5c Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e411b80cbdc69c79bd4e710af5d3d66b7c3d4ede commit e411b80cbdc69c79bd4e710af5d3d66b7c3d4ede Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c07173ce76874bc12e5835a6ea54e4f17c92316d commit c07173ce76874bc12e5835a6ea54e4f17c92316d Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at b1a906dcae20ee75ed4622740056395c04c0481a (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1a906dcae20ee75ed4622740056395c04c0481a commit b1a906dcae20ee75ed4622740056395c04c0481a Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3bcf822f9f612439b82779d357ec0b9f422a63b8 commit 3bcf822f9f612439b82779d357ec0b9f422a63b8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=180fa24e8b5a79f4ae2ee9d239ae2c7215798238 commit 180fa24e8b5a79f4ae2ee9d239ae2c7215798238 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e91e3d1db96bc8679bc92b44959c28c562a1f7e commit 9e91e3d1db96bc8679bc92b44959c28c562a1f7e Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7c6d58c373401f0274b826c90de5e25afad35239 commit 7c6d58c373401f0274b826c90de5e25afad35239 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ed8dc565a203acf7c6520ffce9c34cf5f2e0174 commit 3ed8dc565a203acf7c6520ffce9c34cf5f2e0174 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass addess of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless wether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6b825345ccb4b07d95b67c8714f8d342e3f3eac commit e6b825345ccb4b07d95b67c8714f8d342e3f3eac Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e7b13129f79665d99fbd5763a5652410cee50b05 commit e7b13129f79665d99fbd5763a5652410cee50b05 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at f7882894427b3d720892667418b5d97dc179c1e9 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7882894427b3d720892667418b5d97dc179c1e9 commit f7882894427b3d720892667418b5d97dc179c1e9 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie to build-many-glibcs.py https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=882a61c686b85cd1016c0909ca17cf508e307efc commit 882a61c686b85cd1016c0909ca17cf508e307efc Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cbf62acd2955290b3bce6174e68b5a40afed5ed2 commit cbf62acd2955290b3bce6174e68b5a40afed5ed2 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4e62403a180cc19785aab8b4a641fd5507dd156 commit c4e62403a180cc19785aab8b4a641fd5507dd156 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d7a746c98f130e78c33a8beb2d293d0312b53ad commit 4d7a746c98f130e78c33a8beb2d293d0312b53ad Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=44e46587845edfbfc58133037e1d90efca829cd6 commit 44e46587845edfbfc58133037e1d90efca829cd6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 17 08:17:32 2017 -0700 Add --enable-static-pie configure option to build static PIE [BZ #19574] Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass address of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. Patches are submitted for aarch64, hppa, m68k, microblaze and sparc. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. A patch is submitted for tile. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. Patches are submitted for aarch64, s390 and sh. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless whether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8116d0e4a14422efda45fd5292db1a58b3ce6f98 commit 8116d0e4a14422efda45fd5292db1a58b3ce6f98 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Nov 24 07:13:10 2017 -0800 aarch64: fix start code for static pie with upcoming static pie patches there are three flavors of the crt startup code: 1) crt1.o used for non-pie static linking (executable has no relocs), 2) Scrt1.o used for dynamic linking (dynamic linker relocates), 3) rcrt1.o used for static pie linking (self relocation is needed) when crt1.o and rcrt1.o is built in the --enable-static-pie case -DPIC is passed, when Scrt1.o is built then -DPIC -DSHARED is passed. (crt1.o gets a dummy _dl_relocate_static_pie that interposes the one in libc so no self-relocation is done in that case in __libc_start_main) the Scrt1.o code is position independent but it relies on GOT entries that need to be relocated which happens later and the static linker cannot relax the GOT loads, so rcrt1.o needs separate implementation. This implementation works with .text <= 4G files, which is fine, currently the toolchain does not support larger position independent executables. tests pass with ld/22269 and ld/22263 binutils bugs fixed. this patch is on top of master but assumes the static pie patches. * sysdeps/aarch64/start.S (_start): Handle PIC && !SHARED case. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=adda173d26aad05529a82ff9997584e5541ae42e commit adda173d26aad05529a82ff9997584e5541ae42e Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 9d7a3741c9e59eba87fb3ca6b9f979befce07826 (commit) from 95511aab9d5202470b90530e83d18a6f4b4aeb6b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9d7a3741c9e59eba87fb3ca6b9f979befce07826 commit 9d7a3741c9e59eba87fb3ca6b9f979befce07826 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 15 16:59:33 2017 -0800 Add --enable-static-pie configure option to build static PIE [BZ #19574] Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass address of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless whether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 72 ++++++++++++++++++ INSTALL | 9 ++ Makeconfig | 38 +++++++++- NEWS | 9 ++ config.h.in | 3 + configure | 79 ++++++++++++++++++++ configure.ac | 29 +++++++ csu/Makefile | 24 +++++- csu/libc-start.c | 2 + csu/libc-tls.c | 6 +- .../x86_64/tst-x86_64mod-1.c => csu/static-reloc.c | 8 ++- elf/Makefile | 7 +- elf/dl-reloc-static-pie.c | 52 +++++++++++++ elf/dl-support.c | 11 +++ elf/dynamic-link.h | 2 +- elf/get-dynamic-info.h | 6 +- gmon/Makefile | 25 ++++++- gmon/{tst-gmon-pie.c => tst-gmon-static-pie.c} | 0 manual/install.texi | 9 ++ sysdeps/generic/ldsodefs.h | 11 +++ sysdeps/i386/configure | 33 ++++++++ sysdeps/i386/configure.ac | 23 ++++++ sysdeps/mips/Makefile | 3 + sysdeps/x86_64/configure | 33 ++++++++ sysdeps/x86_64/configure.ac | 25 ++++++ 25 files changed, 500 insertions(+), 19 deletions(-) copy sysdeps/x86_64/tst-x86_64mod-1.c => csu/static-reloc.c (84%) create mode 100644 elf/dl-reloc-static-pie.c copy gmon/{tst-gmon-pie.c => tst-gmon-static-pie.c} (100%)
Fixed for 2.27. Not all architectures have working static PIE. See https://sourceware.org/glibc/wiki/PortStatus for static PIE status. Please open a new bug if static PIE doesn't work for a specific target.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 09e96bf7aa81e7b55dc8f96c1cd0a88a0952d8b0 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09e96bf7aa81e7b55dc8f96c1cd0a88a0952d8b0 commit 09e96bf7aa81e7b55dc8f96c1cd0a88a0952d8b0 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Dec 18 14:05:07 2017 -0800 Replece LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes [BZ #22630] After commit 9d7a3741c9e59eba87fb3ca6b9f979befce07826 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 15 16:59:33 2017 -0800 Add --enable-static-pie configure option to build static PIE [BZ #19574] and commit 00c714df398b63934540d95ce3792596f7a94a6c Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Dec 18 12:24:26 2017 -0800 Pass -no-pie to GCC only if GCC defaults to PIE [BZ #22614] $(no-pie-ldflag) is no longer effective since no-pie-ldflag is defined to -no-pie only if GCC defaults to PIE. When --enable-static-pie is used to configure glibc build and GCC doesn't default to PIE. no-pie-ldflag is undefined and these tests: elf/Makefile:LDFLAGS-tst-dlopen-aout = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-prelink = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-main1 = $(no-pie-ldflag) gmon/Makefile:LDFLAGS-tst-gmon := $(no-pie-ldflag) may fail to link. This patch "-pie" with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) and uses repleces LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes so that tst-dlopen-aout, tst-prelink, tst-main1 and tst-gmon are always built as non-PIE, with and without --enable-static-pie, using GCC defaulting to PIE or non-PIE. Tested with build-many-glibcs.py without --enable-static-pie as well as with --enable-static-pie for x86_64, x32 and i686. [BZ #22630] * Makeconfig (link-pie-before-libc): Replace -pie with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie). * elf/Makefile (LDFLAGS-tst-dlopen-aout): Removed. (tst-dlopen-aout-no-pie): New. (LDFLAGS-tst-prelink): Removed. (tst-prelink-no-pie): New. (LDFLAGS-tst-main1): Removed. (tst-main1-no-pie): New. * gmon/Makefile (LDFLAGS-tst-gmon): Removed. (tst-gmon-no-pie): New. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=35a594236fda3eb5a05bdea7e1bff37a8ffa7657 commit 35a594236fda3eb5a05bdea7e1bff37a8ffa7657 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie variants to x86_64, x32 and i686 Since the default GCC and binutils versions used by build-many-glibcs.py, which are GCC 7 branch and binutils 2.29 branch, this patch adds --enable-static-pie glibc variants to x86_64, x32 and i686. Tested with build-many-glibcs.py. * scripts/build-many-glibcs.py (Context.add_all_configs): Add --enable-static-pie variants to x86_64, x32 and i686. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=27ea6ee71a7319eabe18a133bbbd6da43caf74db commit 27ea6ee71a7319eabe18a133bbbd6da43caf74db Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a3b974ab7a5d90b16dcee699f52046905edd9a4 commit 4a3b974ab7a5d90b16dcee699f52046905edd9a4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=13e37fa5bb1ad8714270a012fa646969238589ef commit 13e37fa5bb1ad8714270a012fa646969238589ef Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4844933a9a0b3d36759fdcecf63f7d679dc9cf3c commit 4844933a9a0b3d36759fdcecf63f7d679dc9cf3c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bfbc0341f3a05dd0c8940743d3dad60ea1226295 commit bfbc0341f3a05dd0c8940743d3dad60ea1226295 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pie/static has been created at 7e29e9f2beed0a108951f1b4c7543fe39ff1da1a (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e29e9f2beed0a108951f1b4c7543fe39ff1da1a commit 7e29e9f2beed0a108951f1b4c7543fe39ff1da1a Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Dec 18 14:05:07 2017 -0800 Replece LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes [BZ #22630] After commit 9d7a3741c9e59eba87fb3ca6b9f979befce07826 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 15 16:59:33 2017 -0800 Add --enable-static-pie configure option to build static PIE [BZ #19574] and commit 00c714df398b63934540d95ce3792596f7a94a6c Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Dec 18 12:24:26 2017 -0800 Pass -no-pie to GCC only if GCC defaults to PIE [BZ #22614] $(no-pie-ldflag) is no longer effective since no-pie-ldflag is defined to -no-pie only if GCC defaults to PIE. When --enable-static-pie is used to configure glibc build and GCC doesn't default to PIE. no-pie-ldflag is undefined and these tests: elf/Makefile:LDFLAGS-tst-dlopen-aout = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-prelink = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-main1 = $(no-pie-ldflag) gmon/Makefile:LDFLAGS-tst-gmon := $(no-pie-ldflag) may fail to link. This patch replaces "-pie" with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) and repleces LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes so that tst-dlopen-aout, tst-prelink, tst-main1 and tst-gmon are always built as non-PIE, with and without --enable-static-pie, regardless if GCC defaults to PIE or non-PIE. Tested with build-many-glibcs.py without --enable-static-pie as well as with --enable-static-pie for x86_64, x32 and i686. [BZ #22630] * Makeconfig (link-pie-before-libc): Replace -pie with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie). * elf/Makefile (LDFLAGS-tst-dlopen-aout): Removed. (tst-dlopen-aout-no-pie): New. (LDFLAGS-tst-prelink): Removed. (tst-prelink-no-pie): New. (LDFLAGS-tst-main1): Removed. (tst-main1-no-pie): New. * gmon/Makefile (LDFLAGS-tst-gmon): Removed. (tst-gmon-no-pie): New. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=35a594236fda3eb5a05bdea7e1bff37a8ffa7657 commit 35a594236fda3eb5a05bdea7e1bff37a8ffa7657 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 27 16:47:29 2017 -0700 Add --enable-static-pie variants to x86_64, x32 and i686 Since the default GCC and binutils versions used by build-many-glibcs.py, which are GCC 7 branch and binutils 2.29 branch, this patch adds --enable-static-pie glibc variants to x86_64, x32 and i686. Tested with build-many-glibcs.py. * scripts/build-many-glibcs.py (Context.add_all_configs): Add --enable-static-pie variants to x86_64, x32 and i686. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=27ea6ee71a7319eabe18a133bbbd6da43caf74db commit 27ea6ee71a7319eabe18a133bbbd6da43caf74db Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:54 2017 -0700 sparc: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/sparc/sparc32/start.S (_start): Check PIC instead of SHARED. * sysdeps/sparc/sparc64/start.S (_start): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a3b974ab7a5d90b16dcee699f52046905edd9a4 commit 4a3b974ab7a5d90b16dcee699f52046905edd9a4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 16:13:22 2017 -0700 microblaze: Check PIC instead of SHARED in start.S Since start.o may be compiled as PIC, we should check PIC instead of SHARED. * sysdeps/microblaze/start.S (_start): Check PIC instead of SHARED. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=13e37fa5bb1ad8714270a012fa646969238589ef commit 13e37fa5bb1ad8714270a012fa646969238589ef Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:55:18 2017 -0700 sh: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/sh/dl-machine.h (elf_machine_load_address): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4844933a9a0b3d36759fdcecf63f7d679dc9cf3c commit 4844933a9a0b3d36759fdcecf63f7d679dc9cf3c Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 28 14:53:06 2017 -0700 s390: Update elf_machine_load_address for static PIE When --enable-static-pie is used to configure glibc, we need to use _dl_relocate_static_pie to compute load address in static PIE. * sysdeps/s390/s390-32/dl-machine.h (elf_machine_dynamic): Use _dl_relocate_static_pie instead of _dl_start to compute load address in static PIE. * sysdeps/s390/s390-64/dl-machine.h (elf_machine_dynamic): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bfbc0341f3a05dd0c8940743d3dad60ea1226295 commit bfbc0341f3a05dd0c8940743d3dad60ea1226295 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 1 09:49:25 2017 -0800 nios2: Don't use MIN in dl-machine.h MIN is used, but param.h may not be included, so expand its single use inline. * sysdeps/nios2/dl-machine.h (elf_machine_rela): Expand MIN. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via ce16eb52c0987fd94bc13d51ddc787134a7e4b0c (commit) from 126adc89d8a32193df075ce665e76ad95ebd0557 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ce16eb52c0987fd94bc13d51ddc787134a7e4b0c commit ce16eb52c0987fd94bc13d51ddc787134a7e4b0c Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Dec 19 13:53:00 2017 -0800 Replece LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes [BZ #22630] After commit 9d7a3741c9e59eba87fb3ca6b9f979befce07826 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Dec 15 16:59:33 2017 -0800 Add --enable-static-pie configure option to build static PIE [BZ #19574] and commit 00c714df398b63934540d95ce3792596f7a94a6c Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Dec 18 12:24:26 2017 -0800 Pass -no-pie to GCC only if GCC defaults to PIE [BZ #22614] $(no-pie-ldflag) is no longer effective since no-pie-ldflag is defined to -no-pie only if GCC defaults to PIE. When --enable-static-pie is used to configure glibc build and GCC doesn't default to PIE. no-pie-ldflag is undefined and these tests: elf/Makefile:LDFLAGS-tst-dlopen-aout = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-prelink = $(no-pie-ldflag) elf/Makefile:LDFLAGS-tst-main1 = $(no-pie-ldflag) gmon/Makefile:LDFLAGS-tst-gmon := $(no-pie-ldflag) may fail to link. This patch replaces "-pie" with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) and repleces LDFLAGS-* = $(no-pie-ldflag) with tst-*-no-pie = yes so that tst-dlopen-aout, tst-prelink, tst-main1 and tst-gmon are always built as non-PIE, with and without --enable-static-pie, regardless if GCC defaults to PIE or non-PIE. Tested with build-many-glibcs.py without --enable-static-pie as well as with --enable-static-pie for x86_64, x32 and i686. [BZ #22630] * Makeconfig (link-pie-before-libc): Replace -pie with $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie). * elf/Makefile (LDFLAGS-tst-dlopen-aout): Removed. (tst-dlopen-aout-no-pie): New. (LDFLAGS-tst-prelink): Removed. (tst-prelink-no-pie): New. (LDFLAGS-tst-main1): Removed. (tst-main1-no-pie): New. * gmon/Makefile (LDFLAGS-tst-gmon): Removed. (tst-gmon-no-pie): New. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 14 ++++++++++++++ Makeconfig | 3 ++- elf/Makefile | 6 +++--- gmon/Makefile | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-)