This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] PR ld/20283: ld: Add a linker configure option --enable-relro

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Nick Clifton <nickc at redhat dot com>
Cc: Binutils <binutils at sourceware dot org>
Date: Wed, 22 Jun 2016 05:40:35 -0700
Subject: Re: [PATCH] PR ld/20283: ld: Add a linker configure option --enable-relro
Authentication-results: sourceware.org; auth=none
References: <20160621221033 dot GA19120 at intel dot com> <52630d65-5f9f-3631-70a5-d566f19070ab at redhat dot com>

On Wed, Jun 22, 2016 at 1:17 AM, Nick Clifton <nickc@redhat.com> wrote:
> Hi H.J.
>
> A couple of observations:
>
>> +* Add a configure option --enable-relro to decide whether -z relro should
>> +  be enabled in ELF linker by default.
>
> Please could you mention the default setting here (ie "on" for all Linux targets
> except FRV, HPPA, IA64 and MIPS).
>
>
>> diff --git a/ld/configure b/ld/configure
>
> You know that you do not need to include the diffs in generated files like this one, right ?
>
>
>> +# Decide if -z relro should be enabled in ELF linker by default.
>> +ac_default_ld_z_relro=unset
>> +# Provide a configure time option to override our default.
>> +AC_ARG_ENABLE(relro,
>> +           AS_HELP_STRING([--enable-relro],
>> +           [enable -z relro in ELF linker by default]),
>> +[case "${enableval}" in
>> +  no)  ac_default_ld_z_relro=0 ;;
>> +esac])dnl
>
> I think that you ought to support --enable-relro=yes here as well.
>
> Cheers
>   Nick

This is what I checked in.

Thanks.

-- 
H.J.

From df40462336121184bc5be9458a070fb85e1dc266 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 21 Jun 2016 08:08:21 -0700
Subject: [PATCH 1/2] ld: Add a linker configure option --enable-relro

Add a configure option --enable-relro to decide whether -z relro should
be enabled in ELF linker by default.  Default to yes for all Linux
targets, except FRV, HPPA, IA64 and MIPS, since many relro tests fail
on these targets.

	PR ld/20283
	* NEWS: Mention --enable-relro.
	* configure.ac: Add --enable-relro.
	(DEFAULT_LD_Z_RELRO): New.  Set by --enable-relro.
	* configure.tgt (ac_default_ld_z_relro): Default it to 1 for
	some Linux targets.
	* config.in: Regenerated.
	* configure: Likewise.
	* emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set
	link_info.relro to DEFAULT_LD_Z_RELRO.
	* testsuite/config/default.exp (ld_elf_shared_opt): New.
	* testsuite/lib/ld-lib.exp (run_dump_test): Pass
	$ld_elf_shared_opt to ld for ELF targets with shared object
	support.
	(run_ld_link_tests): Likewise.
---
 ld/NEWS                         |  4 ++++
 ld/config.in                    |  3 +++
 ld/configure                    | 26 ++++++++++++++++++++++++--
 ld/configure.ac                 | 18 ++++++++++++++++++
 ld/configure.tgt                | 25 +++++++++++++++++++++++++
 ld/emultempl/elf32.em           |  1 +
 ld/testsuite/config/default.exp |  3 +++
 ld/testsuite/lib/ld-lib.exp     | 18 ++++++++++++++++--
 8 files changed, 94 insertions(+), 4 deletions(-)

diff --git a/ld/NEWS b/ld/NEWS
index 228fddf..b373f7c 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -1,5 +1,9 @@
 -*- text -*-
 
+* Add a configure option --enable-relro to decide whether -z relro should
+  be enabled in ELF linker by default.  Default to yes for all Linux
+  targets except FRV, HPPA, IA64 and MIPS.
+
 * Support for -z noreloc-overflow in the x86-64 ELF linker to disable
   relocation overflow check.
 
diff --git a/ld/configure.ac b/ld/configure.ac
index 6542506..d17281f 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -155,6 +155,17 @@ AC_ARG_ENABLE(compressed_debug_sections,
   ,no, | ,none,)  ac_default_compressed_debug_sections=no ;;
 esac])dnl
 
+# Decide if -z relro should be enabled in ELF linker by default.
+ac_default_ld_z_relro=unset
+# Provide a configure time option to override our default.
+AC_ARG_ENABLE(relro,
+	      AS_HELP_STRING([--enable-relro],
+	      [enable -z relro in ELF linker by default]),
+[case "${enableval}" in
+  yes)  ac_default_ld_z_relro=1 ;;
+  no)  ac_default_ld_z_relro=0 ;;
+esac])dnl
+
 AM_BINUTILS_WARNINGS
 
 AM_LC_MESSAGES
@@ -376,6 +387,13 @@ if test x$ac_default_compressed_debug_sections = xyes ; then
   AC_DEFINE(DEFAULT_FLAG_COMPRESS_DEBUG, 1, [Define if you want compressed debug sections by default.])
 fi
 
+if test "${ac_default_ld_z_relro}" = unset; then
+  ac_default_ld_z_relro=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_RELRO,
+  $ac_default_ld_z_relro,
+  [Define to 1 if you want to enable -z relro in ELF linker by default.])
+
 AC_SUBST(elf_list_options)
 AC_SUBST(elf_shlib_list_options)
 AC_SUBST(elf_plt_unwind_list_options)
diff --git a/ld/configure.tgt b/ld/configure.tgt
index 6251943..a3db909 100644
--- a/ld/configure.tgt
+++ b/ld/configure.tgt
@@ -882,3 +882,28 @@ alpha*-*-*)
   ;;
 
 esac
+
+case "${target}" in
+frv-*-* | hppa*-*-* | ia64-*-* | mips*-*-*)
+  # Don't enable -z relro by default since many relro tests fail on these
+  # targets:
+  # FAIL: strip -z relro (relro1)
+  # FAIL: strip -z relro -shared (relro1)
+  # FAIL: objcopy -z relro (relro1)
+  # FAIL: objcopy -z relro -shared (relro1)
+  # FAIL: objcopy -z relro (tdata1)
+  # FAIL: objcopy -shared -z relro (tdata1)
+  # FAIL: objcopy -z relro (tdata2)
+  # FAIL: objcopy -shared -z relro (tdata2)
+  # FAIL: objcopy -z relro (tdata3)
+  # FAIL: objcopy -shared -z relro (tdata3)
+  # FAIL: objcopy -shared -z relro (tbss1)
+  # FAIL: objcopy -shared -z relro (tbss2)
+  # FAIL: objcopy -shared -z relro (tbss3)
+  ;;
+*-*-linux*)
+  if test ${ac_default_ld_z_relro} = unset; then
+    ac_default_ld_z_relro=1
+  fi
+  ;;
+esac
diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
index c2ad202..47fa549 100644
--- a/ld/emultempl/elf32.em
+++ b/ld/emultempl/elf32.em
@@ -105,6 +105,7 @@ gld${EMULATION_NAME}_before_parse (void)
   config.separate_code = `if test "x${SEPARATE_CODE}" = xyes ; then echo TRUE ; else echo FALSE ; fi`;
   `if test -n "$CALL_NOP_BYTE" ; then echo link_info.call_nop_byte = $CALL_NOP_BYTE; fi`;
   link_info.check_relocs_after_open_input = `if test "x${CHECK_RELOCS_AFTER_OPEN_INPUT}" = xyes ; then echo TRUE ; else echo FALSE ; fi`;
+  link_info.relro = DEFAULT_LD_Z_RELRO;
 }
 
 EOF
diff --git a/ld/testsuite/config/default.exp b/ld/testsuite/config/default.exp
index 8ccad11..208c0d3 100644
--- a/ld/testsuite/config/default.exp
+++ b/ld/testsuite/config/default.exp
@@ -76,6 +76,9 @@ if {[file exists tmpdir/libpath.exp]} {
     }
 }
 
+# Many ELF testcases expect that "-z relro" is off.
+set ld_elf_shared_opt "-z norelro"
+
 # The "make check" target in the Makefile passes in
 # "CC=$(CC_FOR_TARGET)".  But, if the user invokes runtest directly
 # (as when testing an installed linker), these flags may not be set.  
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
index 29af846..62f9768 100644
--- a/ld/testsuite/lib/ld-lib.exp
+++ b/ld/testsuite/lib/ld-lib.exp
@@ -589,6 +589,13 @@ proc run_dump_test { name {extra_options {}} } {
     global OBJDUMPFLAGS NMFLAGS ASFLAGS OBJCOPYFLAGS READELFFLAGS LDFLAGS
     global host_triplet runtests
     global env verbose
+    global ld_elf_shared_opt
+
+    if { [is_elf_format] && [check_shared_lib_support] } {
+	set ld_extra_opt "$ld_elf_shared_opt"
+    } else {
+	set ld_extra_opt ""
+    }
 
     if [string match "*/*" $name] {
 	set file $name
@@ -912,7 +919,7 @@ proc run_dump_test { name {extra_options {}} } {
 
 	# Add -L$srcdir/$subdir so that the linker command can use
 	# linker scripts in the source directory.
-	set cmd "$LD $LDFLAGS -L$srcdir/$subdir \
+	set cmd "$LD $ld_extra_opt $LDFLAGS -L$srcdir/$subdir \
 		   $opts(ld) -o $objfile $objfiles $opts(ld_after_inputfiles)"
 
         # If needed then check for, or add a -Map option.
@@ -1166,6 +1173,13 @@ proc run_ld_link_tests { ldtests } {
     global CFLAGS
     global runtests
     global exec_output
+    global ld_elf_shared_opt
+
+    if { [is_elf_format] && [check_shared_lib_support] } {
+	set ld_extra_opt "$ld_elf_shared_opt"
+    } else {
+	set ld_extra_opt ""
+    }
 
     foreach testitem $ldtests {
 	set testname [lindex $testitem 0]
@@ -1228,7 +1242,7 @@ proc run_ld_link_tests { ldtests } {
 	    if { ![ar_simple_create $ar $ld_options $binfile "$objfiles $ld_after"] } {
 		set failed 1
 	    }
-	} elseif { ![ld_simple_link $ld $binfile "-L$srcdir/$subdir $ld_options $objfiles $ld_after"] } {
+	} elseif { ![ld_simple_link $ld $binfile "$ld_extra_opt -L$srcdir/$subdir $ld_options $objfiles $ld_after"] } {
 	    set maybe_failed 1
 	    set ld_output "$exec_output"
 	}
-- 
2.5.5

References:
- [PATCH] PR ld/20283: ld: Add a linker configure option --enable-relro
  - From: H.J. Lu
- Re: [PATCH] PR ld/20283: ld: Add a linker configure option --enable-relro
  - From: Nick Clifton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]