[glibc/siddhesh/default-pie] Replace --enable-static-pie with --disable-default-pie
Siddhesh Poyarekar
siddhesh@sourceware.org
Mon Dec 6 05:13:44 GMT 2021
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee14129be819bbe2d64a8e5c738cc13c47058296
commit ee14129be819bbe2d64a8e5c738cc13c47058296
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 6 10:43:18 2021 +0530
Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.
Also add a new configuration option --disable-default-pie to prevent building
programs as PIE.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
INSTALL | 18 +++++++-------
Makeconfig | 21 +++++++++++------
NEWS | 10 ++++++++
config.make.in | 3 ---
configure | 56 +++++++++++++++++++++-----------------------
configure.ac | 43 ++++++++++++++++------------------
manual/install.texi | 16 ++++++-------
scripts/build-many-glibcs.py | 12 +++++-----
sysdeps/sparc/Makefile | 1 +
9 files changed, 93 insertions(+), 87 deletions(-)
diff --git a/INSTALL b/INSTALL
index 02dcf6b1ca..3f89df2b81 100644
--- a/INSTALL
+++ b/INSTALL
@@ -111,16 +111,14 @@ if 'CFLAGS' is specified it must enable optimization. For example:
systems support shared libraries; you need ELF support and
(currently) the GNU linker.
-'--enable-static-pie'
- Enable static position independent executable (static PIE) support.
- Static PIE is similar to static executable, but can be loaded at
- any address without help from a dynamic linker. All static
- programs as well as static tests are built as static PIE, except
- for those marked with no-pie. The resulting glibc can be used with
- the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE. This option also implies that glibc
- programs and tests are created as dynamic position independent
- executables (PIE) by default.
+'--disable-default-pie'
+ Don't build glibc programs and tests in the testsuite as position
+ independent executables (PIE). By default, glibc programs and tests
+ are created as position independent executables. If the toolchain
+ and architecture supports it, static executable are built as static
+ PIE and the resulting glibc can be used with the GCC option,
+ -static-pie, which is available with GCC 8 or above, to create
+ static PIE.
'--enable-cet'
'--enable-cet=permissive'
diff --git a/Makeconfig b/Makeconfig
index 3fa2f13003..775bf12b65 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -1,4 +1,5 @@
# Copyright (C) 1991-2021 Free Software Foundation, Inc.
+# Copyright (C) The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -376,19 +377,24 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
-ifeq (yes,$(enable-static-pie))
+ifeq (no,$(build-pie-default))
+pie-default = $(no-pie-ccflag)
+else # build-pie-default
pic-default = -DPIC
# Compile libc.a and libc_p.a with -fPIE/-fpie for static PIE.
pie-default = $(pie-ccflag)
+
+ifeq (yes,$(enable-static-pie))
ifeq (yes,$(have-static-pie))
-default-pie-ldflag = -static-pie
+static-pie-ldflag = -static-pie
else
# Static PIE can't have dynamic relocations in read-only segments since
# static PIE is mapped into memory by kernel. --eh-frame-hdr is needed
# for PIE to support exception.
-default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
-endif
-endif
+static-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif # have-static-pie
+endif # enable-static-pie
+endif # build-pie-default
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
@@ -444,7 +450,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-inputs = -nostdlib -nostartfiles -static \
- $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)) \
+ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
$(+preinit) $(+prectorT)
@@ -479,7 +485,7 @@ ifeq (yes,$(build-pie-default))
+link-tests-after-inputs = $(link-libc-tests) $(+link-pie-after-libc)
+link-printers-tests = $(+link-pie-printers-tests)
else # not build-pie-default
-+link-before-inputs = -nostdlib -nostartfiles \
++link-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
$(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-installed-name)) \
@@ -1040,6 +1046,7 @@ PIC-ccflag = -fPIC
endif
# This can be changed by a sysdep makefile
pie-ccflag = -fpie
+no-pie-ccflag = -fno-pie
# This one should always stay like this unless there is a very good reason.
PIE-ccflag = -fPIE
ifeq (yes,$(build-profile))
diff --git a/NEWS b/NEWS
index f10971b180..4aecfa4e27 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,12 @@ Major new features:
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status.
+* All programs and tests in glibc are now built as position independent
+ executables (PIE) by default. Further, if static-pie is available in the
+ toolchain and the architecture, it is also enabled and static programs also
+ built as executable. A new option --disable-default-pie has been added to
+ disable this behavior and get a non-PIE build.
+
Deprecated and removed features, and other changes affecting compatibility:
* The r_version update in the debugger interface makes the glibc binary
@@ -80,6 +86,10 @@ Deprecated and removed features, and other changes affecting compatibility:
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
+* The --enable-static-pie option is no longer available. The glibc build
+ configuration script now automatically detects static-pie support in the
+ toolchain and architecture and enables it if available.
+
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
diff --git a/config.make.in b/config.make.in
index cbf59114b0..e8630a8d0c 100644
--- a/config.make.in
+++ b/config.make.in
@@ -90,9 +90,6 @@ static-nss-crypt = @libc_cv_static_nss_crypt@
# Configuration options.
build-shared = @shared@
-build-pic-default= @libc_cv_pic_default@
-build-pie-default= @libc_cv_pie_default@
-cc-pie-default= @libc_cv_cc_pie_default@
build-profile = @profile@
build-static-nss = @static_nss@
cross-compiling = @cross_compiling@
diff --git a/configure b/configure
index 2f9adca064..c613422722 100755
--- a/configure
+++ b/configure
@@ -597,8 +597,6 @@ static_nss
profile
libc_cv_multidir
libc_cv_pie_default
-libc_cv_cc_pie_default
-libc_cv_pic_default
shared
static
ldd_rewrite_script
@@ -767,7 +765,7 @@ with_nonshared_cflags
enable_sanity_checks
enable_shared
enable_profile
-enable_static_pie
+enable_default_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_hidden_plt
@@ -1423,8 +1421,8 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
- --enable-static-pie enable static PIE support and use it in the
- testsuite [default=no]
+ --disable-default-pie Do not build glibc programs and tests in the
+ testsuite as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3408,11 +3406,11 @@ else
profile=no
fi
-# Check whether --enable-static-pie was given.
-if test "${enable_static_pie+set}" = set; then :
- enableval=$enable_static_pie; static_pie=$enableval
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+ enableval=$enable_default_pie; default_pie=$enableval
else
- static_pie=no
+ default_pie=yes
fi
# Check whether --enable-timezone-tools was given.
@@ -6959,7 +6957,8 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pic_default" >&5
$as_echo "$libc_cv_pic_default" >&6; }
-
+config_vars="$config_vars
+build-pic-default = $libc_cv_pic_default"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIE is default" >&5
$as_echo_n "checking whether -fPIE is default... " >&6; }
@@ -6979,17 +6978,13 @@ rm -f conftest.*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_cc_pie_default" >&5
$as_echo "$libc_cv_cc_pie_default" >&6; }
-libc_cv_pie_default=$libc_cv_cc_pie_default
-
-
-
-# Set the `multidir' variable by grabbing the variable from the compiler.
-# We do it once and save the result in a generated makefile.
-libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+config_vars="$config_vars
+cc-pie-default = $libc_cv_cc_pie_default"
+libc_cv_pie_default=$default_pie
-if test "$static_pie" = yes; then
- # Check target support for static PIE
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef SUPPORT_STATIC_PIE
@@ -6997,22 +6992,25 @@ if test "$static_pie" = yes; then
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
-
+ libc_cv_static_pie=yes
else
- as_fn_error $? "the architecture does not support static PIE" "$LINENO" 5
+ libc_cv_static_pie=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ if test "$libc_cv_static_pie" = "yes"; then
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+ fi
fi
config_vars="$config_vars
-enable-static-pie = $static_pie"
+enable-static-pie = $libc_cv_static_pie"
+config_vars="$config_vars
+build-pie-default = $libc_cv_pie_default"
+
+# Set the `multidir' variable by grabbing the variable from the compiler.
+# We do it once and save the result in a generated makefile.
+libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+
diff --git a/configure.ac b/configure.ac
index 7eb4239359..356b44aec7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -179,11 +179,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
-AC_ARG_ENABLE([static-pie],
- AS_HELP_STRING([--enable-static-pie],
- [enable static PIE support and use it in the testsuite @<:@default=no@:>@]),
- [static_pie=$enableval],
- [static_pie=no])
+AC_ARG_ENABLE([default-pie],
+ AS_HELP_STRING([--disable-default-pie],
+ [Do not build glibc programs and tests in the testsuite as PIE @<:@default=no@:>@]),
+ [default_pie=$enableval],
+ [default_pie=yes])
AC_ARG_ENABLE([timezone-tools],
AS_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1839,7 +1839,7 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
-AC_SUBST(libc_cv_pic_default)
+LIBC_CONFIG_VAR([build-pic-default], [$libc_cv_pic_default])
AC_CACHE_CHECK([whether -fPIE is default], libc_cv_cc_pie_default,
[libc_cv_cc_pie_default=yes
@@ -1852,30 +1852,27 @@ if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_cc_pie_default=no
fi
rm -f conftest.*])
-libc_cv_pie_default=$libc_cv_cc_pie_default
-AC_SUBST(libc_cv_cc_pie_default)
+LIBC_CONFIG_VAR([cc-pie-default], [$libc_cv_cc_pie_default])
+
+libc_cv_pie_default=$default_pie
AC_SUBST(libc_cv_pie_default)
+if test "x$default_pie" != xno -a "$libc_cv_no_dynamic_linker" = yes; then
+ # Enable static-pie if available
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
+# error static PIE is not supported
+#endif]])], [libc_cv_static_pie=yes], [libc_cv_static_pie=no])
+ if test "$libc_cv_static_pie" = "yes"; then
+ AC_DEFINE(ENABLE_STATIC_PIE)
+ fi
+fi
+LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
+LIBC_CONFIG_VAR([build-pie-default], [$libc_cv_pie_default])
# Set the `multidir' variable by grabbing the variable from the compiler.
# We do it once and save the result in a generated makefile.
libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
AC_SUBST(libc_cv_multidir)
-if test "$static_pie" = yes; then
- # Check target support for static PIE
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#ifndef SUPPORT_STATIC_PIE
-# error static PIE is not supported
-#endif]])], , AC_MSG_ERROR([the architecture does not support static PIE]))
- # The linker must support --no-dynamic-linker.
- if test "$libc_cv_no_dynamic_linker" != yes; then
- AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
- fi
- # Default to PIE.
- libc_cv_pie_default=yes
- AC_DEFINE(ENABLE_STATIC_PIE)
-fi
-LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
-
AC_SUBST(profile)
AC_SUBST(static_nss)
diff --git a/manual/install.texi b/manual/install.texi
index 46f73b538d..5c4d6fc519 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -141,15 +141,13 @@ Don't build shared libraries even if it is possible. Not all systems
support shared libraries; you need ELF support and (currently) the GNU
linker.
-@item --enable-static-pie
-Enable static position independent executable (static PIE) support.
-Static PIE is similar to static executable, but can be loaded at any
-address without help from a dynamic linker. All static programs as
-well as static tests are built as static PIE, except for those marked
-with no-pie. The resulting glibc can be used with the GCC option,
--static-pie, which is available with GCC 8 or above, to create static
-PIE. This option also implies that glibc programs and tests are created
-as dynamic position independent executables (PIE) by default.
+@item --disable-default-pie
+Don't build glibc programs and tests in the testsuite as position independent
+executables (PIE). By default, glibc programs and tests are created as
+position independent executables. If the toolchain and architecture supports
+it, static executable are built as static PIE and the resulting glibc can be
+used with the GCC option, -static-pie, which is available with GCC 8 or above,
+to create static PIE.
@item --enable-cet
@itemx --enable-cet=permissive
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index 6ae2172956..89bd06881f 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -437,15 +437,15 @@ class Context(object):
'--disable-experimental-malloc',
'--disable-build-nscd',
'--disable-nscd']},
- {'variant': 'static-pie',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'x32-static-pie',
+ {'variant': 'no-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'x32-no-pie',
'ccopts': '-mx32',
- 'cfg': ['--enable-static-pie']},
- {'variant': 'static-pie',
+ 'cfg': ['--disable-default-pie']},
+ {'variant': 'no-pie',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
- 'cfg': ['--enable-static-pie']},
+ 'cfg': ['--disable-default-pie']},
{'variant': 'disable-multi-arch',
'arch': 'i686',
'ccopts': '-m32 -march=i686',
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
index 1be9a3db2c..12c2c1b085 100644
--- a/sysdeps/sparc/Makefile
+++ b/sysdeps/sparc/Makefile
@@ -2,6 +2,7 @@
long-double-fcts = yes
pie-ccflag = -fPIE
+no-pie-ccflag = -fno-PIE
ifeq ($(subdir),gmon)
sysdep_routines += sparc-mcount
More information about the Glibc-cvs
mailing list