[PATCH v11 6/7] Add --disable-default-dt-relr

Fangrui Song maskray@google.com
Fri Apr 22 22:43:52 GMT 2022 

On 2022-04-22, H.J. Lu wrote:
>Enable DT_RELR in glibc shared libraries and position independent
>executables (PIE) automatically if linker supports -z pack-relative-relocs.
>
>Also add a new configuration option, --disable-default-dt-relr, to
>avoid DT_RELR usage in glibc shared libraries and PIEs.
>---
> INSTALL             |  6 ++++++
> Makeconfig          | 19 +++++++++++++++++++
> Makerules           |  2 ++
> configure           | 18 ++++++++++++++++++
> configure.ac        | 13 +++++++++++++
> elf/Makefile        |  4 +++-
> manual/install.texi |  5 +++++
> 7 files changed, 66 insertions(+), 1 deletion(-)
>
>diff --git a/INSTALL b/INSTALL
>index b68884ccd6..09c9920a77 100644
>--- a/INSTALL
>+++ b/INSTALL
>@@ -139,6 +139,12 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
>      used with the GCC option, -static-pie, which is available with GCC
>      8 or above, to create static PIE.
>
>+'--disable-default-dt-relr'
>+     Don't enable DT_RELR in glibc shared libraries and position
>+     independent executables (PIE). By default, DT_RELR is enabled in
>+     glibc shared libraries and position independent executables on
>+     targets that support it.
>+
> '--enable-cet'
> '--enable-cet=permissive'
>      Enable Intel Control-flow Enforcement Technology (CET) support.
>diff --git a/Makeconfig b/Makeconfig
>index 0aa5fb0099..b75f28f837 100644
>--- a/Makeconfig
>+++ b/Makeconfig
>@@ -358,6 +358,23 @@ else
> real-static-start-installed-name = $(static-start-installed-name)
> endif
>
>+# Linker option to enable and disable DT-RELR.
>+ifeq ($(have-dt-relr),yes)
>+dt-relr-ldflag = -Wl,-z,pack-relative-relocs
>+no-dt-relr-ldflag = -Wl,-z,nopack-relative-relocs
>+else
>+dt-relr-ldflag =
>+no-dt-relr-ldflag =
>+endif
>+
>+# Default linker option for DT-RELR.
>+ifeq (yes,$(build-dt-relr-default))
>+default-rt-relr-ldflag = $(dt-relr-ldflag)
>+else
>+default-rt-relr-ldflag = $(no-dt-relr-ldflag)
>+endif
>+LDFLAGS-rtld += $(default-rt-relr-ldflag)
>+
> relro-LDFLAGS = -Wl,-z,relro
> LDFLAGS.so += $(relro-LDFLAGS)
> LDFLAGS-rtld += $(relro-LDFLAGS)
>@@ -413,6 +430,7 @@ link-extra-libs-tests = $(libsupport)
> # Command for linking PIE programs with the C library.
> ifndef +link-pie
> +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \
>+	     $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> 	     -Wl,-O1 -nostdlib -nostartfiles \
> 	     $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
> 	     $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
>@@ -445,6 +463,7 @@ endif
> ifndef +link-static
> +link-static-before-inputs = -nostdlib -nostartfiles -static \
> 	      $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
>+	      $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> 	      $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F))  \
> 	      $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
> 	      $(+preinit) $(+prectorT)
>diff --git a/Makerules b/Makerules
>index 428464f092..7c1da551bf 100644
>--- a/Makerules
>+++ b/Makerules
>@@ -536,6 +536,7 @@ lib%.so: lib%_pic.a $(+preinit) $(+postinit) $(link-libc-deps)
> define build-shlib-helper
> $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
> 	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \
>+	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> 	  $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
> 	  $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
> 	  -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
>@@ -595,6 +596,7 @@ endef
> define build-module-helper
> $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
> 	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \
>+	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> 	  -B$(csu-objpfx) $(load-map-file) \
> 	  $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \
> 	  $(link-test-modules-rpath-link) \
>diff --git a/configure b/configure
>index 5a730dc5fc..91152a5154 100755
>--- a/configure
>+++ b/configure
>@@ -767,6 +767,7 @@ enable_sanity_checks
> enable_shared
> enable_profile
> enable_default_pie
>+enable_default_dt_relr
> enable_timezone_tools
> enable_hardcoded_path_in_tests
> enable_hidden_plt
>@@ -1424,6 +1425,7 @@ Optional Features:
>   --enable-profile        build profiled library [default=no]
>   --disable-default-pie   Do not build glibc programs and the testsuite as PIE
>                           [default=no]
>+  --disable-dt-relr       Do not enable DT_RELR in glibc [default=no]
>   --disable-timezone-tools
>                           do not install timezone tools [default=install]
>   --enable-hardcoded-path-in-tests
>@@ -3440,6 +3442,13 @@ else
>   default_pie=yes
> fi
>
>+# Check whether --enable-default-dt-relr was given.
>+if test "${enable_default_dt_relr+set}" = set; then :
>+  enableval=$enable_default_dt_relr; default_dt_relr=$enableval
>+else
>+  default_dt_relr=yes
>+fi
>+
> # Check whether --enable-timezone-tools was given.
> if test "${enable_timezone_tools+set}" = set; then :
>   enableval=$enable_timezone_tools; enable_timezone_tools=$enableval
>@@ -7029,6 +7038,15 @@ fi
> config_vars="$config_vars
> enable-static-pie = $libc_cv_static_pie"
>
>+# Disable build-dt-relr-default if linker does not support it or if glibc
>+# is configured with --disable-default-dt-relr.
>+build_dt_relr_default=$default_dt_relr
>+if test "x$build_dt_relr_default" != xno; then
>+  build_dt_relr_default=$libc_cv_dt_relr
>+fi
>+config_vars="$config_vars
>+build-dt-relr-default = $build_dt_relr_default"
>+
> # Set the `multidir' variable by grabbing the variable from the compiler.
> # We do it once and save the result in a generated makefile.
> libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
>diff --git a/configure.ac b/configure.ac
>index a045f6608e..c4198af9dc 100644
>--- a/configure.ac
>+++ b/configure.ac
>@@ -197,6 +197,11 @@ AC_ARG_ENABLE([default-pie],
> 			     [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]),
> 	      [default_pie=$enableval],
> 	      [default_pie=yes])
>+AC_ARG_ENABLE([default-dt-relr],
>+	      AS_HELP_STRING([--disable-dt-relr],
>+			     [Do not enable DT_RELR in glibc @<:@default=no@:>@]),
>+	      [default_dt_relr=$enableval],
>+	      [default_dt_relr=yes])
> AC_ARG_ENABLE([timezone-tools],
> 	      AS_HELP_STRING([--disable-timezone-tools],
> 			     [do not install timezone tools @<:@default=install@:>@]),
>@@ -1825,6 +1830,14 @@ if test "$libc_cv_static_pie" = "yes"; then
> fi
> LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
>
>+# Disable build-dt-relr-default if linker does not support it or if glibc
>+# is configured with --disable-default-dt-relr.
>+build_dt_relr_default=$default_dt_relr
>+if test "x$build_dt_relr_default" != xno; then
>+  build_dt_relr_default=$libc_cv_dt_relr
>+fi
>+LIBC_CONFIG_VAR([build-dt-relr-default], [$build_dt_relr_default])
>+
> # Set the `multidir' variable by grabbing the variable from the compiler.
> # We do it once and save the result in a generated makefile.
> libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
>diff --git a/elf/Makefile b/elf/Makefile
>index bd9d03f527..c9f5876119 100644
>--- a/elf/Makefile
>+++ b/elf/Makefile
>@@ -1648,6 +1648,7 @@ $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so
>
> $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so
> 	$(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \
>+		  $(default-rt-relr-ldflag) \
> 		  -L$(subst :, -L,$(rpath-link)) \
> 		  -Wl,-rpath-link=$(rpath-link) \
> 		  $< -Wl,-F,$(objpfx)filtmod2.so
>@@ -2447,7 +2448,7 @@ $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so
> # artificial, large note in tst-big-note-lib.o and invalidate the
> # test.
> $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o
>-	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $<
>+	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $(default-rt-relr-ldflag) $<
>
> $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so
>
>@@ -2756,6 +2757,7 @@ $(objpfx)tst-ro-dynamic: $(objpfx)tst-ro-dynamic-mod.so
> $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \
>   tst-ro-dynamic-mod.map
> 	$(LINK.o) -nostdlib -nostartfiles -shared -o $@ \
>+		$(default-rt-relr-ldflag) \
> 		-Wl,--script=tst-ro-dynamic-mod.map \
> 		$(objpfx)tst-ro-dynamic-mod.os
>
>diff --git a/manual/install.texi b/manual/install.texi
>index fcfb6901e4..e446ac66c4 100644
>--- a/manual/install.texi
>+++ b/manual/install.texi
>@@ -167,6 +167,11 @@ and architecture support it, static executables are built as static PIE and the
> resulting glibc can be used with the GCC option, -static-pie, which is
> available with GCC 8 or above, to create static PIE.
>
>+@item --disable-default-dt-relr
>+Don't enable DT_RELR in glibc shared libraries and position independent
>+executables (PIE).  By default, DT_RELR is enabled in glibc shared
>+libraries and position independent executables on targets that support it.
>+
> @item --enable-cet
> @itemx --enable-cet=permissive
> Enable Intel Control-flow Enforcement Technology (CET) support.  When
>-- 
>2.35.1
>

I think the option can be useful to work around possible binutils ld bugs for other ports.

The default dt-relr when binutils supports it is nice as it makes the
entire glibc testsuite the testsuite for GNU ld support for other ports:)

Reviewed-by: Fangrui Song <maskray@google.com>

More information about the Libc-alpha mailing list