qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2 0/7] configure: Improve PIE and other linkage
@ 2019-12-18 22:34 Richard Henderson
  2019-12-18 22:34 ` [PATCH v2 1/7] configure: Drop adjustment of textseg Richard Henderson
                   ` (7 more replies)
  0 siblings, 8 replies; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, i, berrange

This begins by dropping the -Ttext-segment stuff, which Fangrui Song
correctly points out does not work with lld.  But it's also obsolete,
so instead of adding support for lld's --image-base, remove it all.

Then, remove some other legacy random addresses that were supposed
to apply to softmmu, but didn't really make any sense, and aren't
used anyway when PIE is used, which is the default with a modern
linux distribution.

Then, clean up some of the configure logic surrounding PIE, and its
current non-application to non-x86.

Finally, add support for static-pie linking.

Changes in v2:
 - Remove mention of config-host.ld from make distclean
 - Do not split -z,rodata/-z,now into two tests
 - Fix --disable-pie --static

Tested in conjunction with AJB's 
  configure: allow disable of cross compilation container
  https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg02943.html

as otherwise check-tcg simply doesn't work on aarch64 if you happen
to have docker installed.


r~


Richard Henderson (7):
  configure: Drop adjustment of textseg
  tcg: Remove softmmu code_gen_buffer fixed address
  configure: Do not force pie=no for non-x86
  configure: Always detect -no-pie toolchain support
  configure: Unnest detection of -z,relro and -z,now
  configure: Override the os default with --disable-pie
  configure: Support -static-pie if requested

 Makefile                  |   2 +-
 accel/tcg/translate-all.c |  37 ++----------
 configure                 | 116 +++++++++++---------------------------
 3 files changed, 38 insertions(+), 117 deletions(-)

-- 
2.20.1



^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH v2 1/7] configure: Drop adjustment of textseg
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 11:34   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address Richard Henderson
                   ` (6 subsequent siblings)
  7 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, Thomas Huth, i, berrange

This adjustment was random and unnecessary.  The user mode
startup code in probe_guest_base() will choose a value for
guest_base that allows the host qemu binary to not conflict
with the guest binary.

With modern distributions, this isn't even used, as the default
is PIE, which does the same job in a more portable way.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Remove mention of config-host.ld from make distclean
---
 Makefile  |  2 +-
 configure | 47 -----------------------------------------------
 2 files changed, 1 insertion(+), 48 deletions(-)

diff --git a/Makefile b/Makefile
index 1361def144..adf83f75a1 100644
--- a/Makefile
+++ b/Makefile
@@ -735,7 +735,7 @@ rm -f $(MANUAL_BUILDDIR)/$1/objects.inv $(MANUAL_BUILDDIR)/$1/searchindex.js $(M
 endef
 
 distclean: clean
-	rm -f config-host.mak config-host.h* config-host.ld $(DOCS) qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
+	rm -f config-host.mak config-host.h* $(DOCS) qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
 	rm -f tests/tcg/config-*.mak
 	rm -f config-all-devices.mak config-all-disas.mak config.status
 	rm -f $(SUBDIR_DEVICES_MAK)
diff --git a/configure b/configure
index e0c66ee9b6..30e3875c6b 100755
--- a/configure
+++ b/configure
@@ -6298,49 +6298,6 @@ if test "$cpu" = "s390x" ; then
   fi
 fi
 
-# Probe for the need for relocating the user-only binary.
-if ( [ "$linux_user" = yes ] || [ "$bsd_user" = yes ] ) && [ "$pie" = no ]; then
-  textseg_addr=
-  case "$cpu" in
-    arm | i386 | ppc* | s390* | sparc* | x86_64 | x32)
-      # ??? Rationale for choosing this address
-      textseg_addr=0x60000000
-      ;;
-    mips)
-      # A 256M aligned address, high in the address space, with enough
-      # room for the code_gen_buffer above it before the stack.
-      textseg_addr=0x60000000
-      ;;
-  esac
-  if [ -n "$textseg_addr" ]; then
-    cat > $TMPC <<EOF
-    int main(void) { return 0; }
-EOF
-    textseg_ldflags="-Wl,-Ttext-segment=$textseg_addr"
-    if ! compile_prog "" "$textseg_ldflags"; then
-      # In case ld does not support -Ttext-segment, edit the default linker
-      # script via sed to set the .text start addr.  This is needed on FreeBSD
-      # at least.
-      if ! $ld --verbose >/dev/null 2>&1; then
-        error_exit \
-            "We need to link the QEMU user mode binaries at a" \
-            "specific text address. Unfortunately your linker" \
-            "doesn't support either the -Ttext-segment option or" \
-            "printing the default linker script with --verbose." \
-            "If you don't want the user mode binaries, pass the" \
-            "--disable-user option to configure."
-      fi
-
-      $ld --verbose | sed \
-        -e '1,/==================================================/d' \
-        -e '/==================================================/,$d' \
-        -e "s/[.] = [0-9a-fx]* [+] SIZEOF_HEADERS/. = $textseg_addr + SIZEOF_HEADERS/" \
-        -e "s/__executable_start = [0-9a-fx]*/__executable_start = $textseg_addr/" > config-host.ld
-      textseg_ldflags="-Wl,-T../config-host.ld"
-    fi
-  fi
-fi
-
 # Check that the C++ compiler exists and works with the C compiler.
 # All the QEMU_CXXFLAGS are based on QEMU_CFLAGS. Keep this at the end to don't miss any other that could be added.
 if has $cxx; then
@@ -7903,10 +7860,6 @@ if test "$gprof" = "yes" ; then
   fi
 fi
 
-if test "$target_linux_user" = "yes" || test "$target_bsd_user" = "yes" ; then
-  ldflags="$ldflags $textseg_ldflags"
-fi
-
 # Newer kernels on s390 check for an S390_PGSTE program header and
 # enable the pgste page table extensions in that case. This makes
 # the vm.allocate_pgste sysctl unnecessary. We enable this program
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
  2019-12-18 22:34 ` [PATCH v2 1/7] configure: Drop adjustment of textseg Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 11:35   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 3/7] configure: Do not force pie=no for non-x86 Richard Henderson
                   ` (5 subsequent siblings)
  7 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, Thomas Huth, i, berrange

The commentary talks about "in concert with the addresses
assigned in the relevant linker script", except there is no
linker script for softmmu, nor has there been for some time.

(Do not confuse the user-only linker script editing that was
removed in the previous patch, because user-only does not
use this code_gen_buffer allocation method.)

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 37 +++++--------------------------------
 1 file changed, 5 insertions(+), 32 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 9f48da9472..88468a1c08 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1032,47 +1032,20 @@ static inline void *alloc_code_gen_buffer(void)
 {
     int prot = PROT_WRITE | PROT_READ | PROT_EXEC;
     int flags = MAP_PRIVATE | MAP_ANONYMOUS;
-    uintptr_t start = 0;
     size_t size = tcg_ctx->code_gen_buffer_size;
     void *buf;
 
-    /* Constrain the position of the buffer based on the host cpu.
-       Note that these addresses are chosen in concert with the
-       addresses assigned in the relevant linker script file.  */
-# if defined(__PIE__) || defined(__PIC__)
-    /* Don't bother setting a preferred location if we're building
-       a position-independent executable.  We're more likely to get
-       an address near the main executable if we let the kernel
-       choose the address.  */
-# elif defined(__x86_64__) && defined(MAP_32BIT)
-    /* Force the memory down into low memory with the executable.
-       Leave the choice of exact location with the kernel.  */
-    flags |= MAP_32BIT;
-    /* Cannot expect to map more than 800MB in low memory.  */
-    if (size > 800u * 1024 * 1024) {
-        tcg_ctx->code_gen_buffer_size = size = 800u * 1024 * 1024;
-    }
-# elif defined(__sparc__)
-    start = 0x40000000ul;
-# elif defined(__s390x__)
-    start = 0x90000000ul;
-# elif defined(__mips__)
-#  if _MIPS_SIM == _ABI64
-    start = 0x128000000ul;
-#  else
-    start = 0x08000000ul;
-#  endif
-# endif
-
-    buf = mmap((void *)start, size, prot, flags, -1, 0);
+    buf = mmap(NULL, size, prot, flags, -1, 0);
     if (buf == MAP_FAILED) {
         return NULL;
     }
 
 #ifdef __mips__
     if (cross_256mb(buf, size)) {
-        /* Try again, with the original still mapped, to avoid re-acquiring
-           that 256mb crossing.  This time don't specify an address.  */
+        /*
+         * Try again, with the original still mapped, to avoid re-acquiring
+         * the same 256mb crossing.
+         */
         size_t size2;
         void *buf2 = mmap(NULL, size, prot, flags, -1, 0);
         switch ((int)(buf2 != MAP_FAILED)) {
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 3/7] configure: Do not force pie=no for non-x86
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
  2019-12-18 22:34 ` [PATCH v2 1/7] configure: Drop adjustment of textseg Richard Henderson
  2019-12-18 22:34 ` [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 11:37   ` Philippe Mathieu-Daudé
  2020-01-07 12:58   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 4/7] configure: Always detect -no-pie toolchain support Richard Henderson
                   ` (4 subsequent siblings)
  7 siblings, 2 replies; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, i, berrange

PIE is supported on many other hosts besides x86.

The default for non-x86 is now the same as x86: pie is used
if supported, and may be forced via --enable/--disable-pie.

The original commit (40d6444e91c) said:

  "Non-x86 are not changed, as they require TCG changes"

but I think that's wrong -- there's nothing about PIE that
affects TCG one way or another.

Tested on aarch64 (bionic) and ppc64le (centos 7) hosts.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 configure | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/configure b/configure
index 30e3875c6b..99faf64a74 100755
--- a/configure
+++ b/configure
@@ -2018,16 +2018,6 @@ if ! compile_prog "-Werror" "" ; then
 	"Thread-Local Storage (TLS). Please upgrade to a version that does."
 fi
 
-if test "$pie" = ""; then
-  case "$cpu-$targetos" in
-    i386-Linux|x86_64-Linux|x32-Linux|i386-OpenBSD|x86_64-OpenBSD)
-      ;;
-    *)
-      pie="no"
-      ;;
-  esac
-fi
-
 if test "$pie" != "no" ; then
   cat > $TMPC << EOF
 
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 4/7] configure: Always detect -no-pie toolchain support
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
                   ` (2 preceding siblings ...)
  2019-12-18 22:34 ` [PATCH v2 3/7] configure: Do not force pie=no for non-x86 Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 13:16   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now Richard Henderson
                   ` (3 subsequent siblings)
  7 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, Thomas Huth, i, berrange

The CFLAGS_NOPIE and LDFLAGS_NOPIE variables are used
in pc-bios/optionrom/Makefile, which has nothing to do
with the PIE setting of the main qemu executables.

This overrides any operating system default to build
all executables as PIE, which is important for ROMs.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 configure | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/configure b/configure
index 99faf64a74..7a646ec007 100755
--- a/configure
+++ b/configure
@@ -2018,26 +2018,24 @@ if ! compile_prog "-Werror" "" ; then
 	"Thread-Local Storage (TLS). Please upgrade to a version that does."
 fi
 
-if test "$pie" != "no" ; then
-  cat > $TMPC << EOF
+cat > $TMPC << EOF
 
 #ifdef __linux__
 #  define THREAD __thread
 #else
 #  define THREAD
 #endif
-
 static THREAD int tls_var;
-
 int main(void) { return tls_var; }
-
 EOF
-  # check we support --no-pie first...
-  if compile_prog "-Werror -fno-pie" "-no-pie"; then
-    CFLAGS_NOPIE="-fno-pie"
-    LDFLAGS_NOPIE="-nopie"
-  fi
 
+# Check we support --no-pie first; we will need this for building ROMs.
+if compile_prog "-Werror -fno-pie" "-no-pie"; then
+  CFLAGS_NOPIE="-fno-pie"
+  LDFLAGS_NOPIE="-no-pie"
+fi
+
+if test "$pie" != "no" ; then
   if compile_prog "-fPIE -DPIE" "-pie"; then
     QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
     LDFLAGS="-pie $LDFLAGS"
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
                   ` (3 preceding siblings ...)
  2019-12-18 22:34 ` [PATCH v2 4/7] configure: Always detect -no-pie toolchain support Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2019-12-18 22:46   ` [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now Philippe Mathieu-Daudé
  2020-01-07 13:18   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 6/7] configure: Override the os default with --disable-pie Richard Henderson
                   ` (2 subsequent siblings)
  7 siblings, 2 replies; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, i, berrange

There is nothing about these options that is related to PIE.
Use them unconditionally.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Do not split into two tests.
---
 configure | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 7a646ec007..2503288654 100755
--- a/configure
+++ b/configure
@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
     QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
     LDFLAGS="-pie $LDFLAGS"
     pie="yes"
-    if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
-      LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
-    fi
   else
     if test "$pie" = "yes"; then
       error_exit "PIE not available due to missing toolchain support"
@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
   fi
 fi
 
+# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
+# The combination is known as "full relro", because .got is read-only too.
+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
+  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
+fi
+
 ##########################################
 # __sync_fetch_and_and requires at least -march=i486. Many toolchains
 # use i686 as default anyway, but for those that don't, an explicit
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 6/7] configure: Override the os default with --disable-pie
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
                   ` (4 preceding siblings ...)
  2019-12-18 22:34 ` [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 13:24   ` Alex Bennée
  2019-12-18 22:34 ` [PATCH v2 7/7] configure: Support -static-pie if requested Richard Henderson
  2020-01-06  2:57 ` [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
  7 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, Thomas Huth, i, berrange

Some distributions, e.g. Ubuntu 19.10, enable PIE by default.
If for some reason one wishes to build a non-pie binary, we
must provide additional options to override.

At the same time, reorg the code to an elif chain.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 configure | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/configure b/configure
index 2503288654..f6ff079fab 100755
--- a/configure
+++ b/configure
@@ -2035,19 +2035,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
   LDFLAGS_NOPIE="-no-pie"
 fi
 
-if test "$pie" != "no" ; then
-  if compile_prog "-fPIE -DPIE" "-pie"; then
-    QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
-    LDFLAGS="-pie $LDFLAGS"
-    pie="yes"
-  else
-    if test "$pie" = "yes"; then
-      error_exit "PIE not available due to missing toolchain support"
-    else
-      echo "Disabling PIE due to missing toolchain support"
-      pie="no"
-    fi
-  fi
+if test "$pie" = "no"; then
+  QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
+  LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
+elif compile_prog "-fPIE -DPIE" "-pie"; then
+  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
+  LDFLAGS="-pie $LDFLAGS"
+  pie="yes"
+elif test "$pie" = "yes"; then
+  error_exit "PIE not available due to missing toolchain support"
+else
+  echo "Disabling PIE due to missing toolchain support"
+  pie="no"
 fi
 
 # Detect support for PT_GNU_RELRO + DT_BIND_NOW.
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH v2 7/7] configure: Support -static-pie if requested
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
                   ` (5 preceding siblings ...)
  2019-12-18 22:34 ` [PATCH v2 6/7] configure: Override the os default with --disable-pie Richard Henderson
@ 2019-12-18 22:34 ` Richard Henderson
  2020-01-07 13:45   ` Alex Bennée
  2020-01-06  2:57 ` [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
  7 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2019-12-18 22:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, i, berrange

Recent toolchains support static and pie at the same time.

As with normal dynamic builds, allow --static to default to PIE
if supported by the toolchain.  Allow --enable/--disable-pie to
override the default.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Fix --disable-pie --static
---
 configure | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index f6ff079fab..55586c5498 100755
--- a/configure
+++ b/configure
@@ -1024,7 +1024,6 @@ for opt do
   ;;
   --static)
     static="yes"
-    LDFLAGS="-static $LDFLAGS"
     QEMU_PKG_CONFIG_FLAGS="--static $QEMU_PKG_CONFIG_FLAGS"
   ;;
   --mandir=*) mandir="$optarg"
@@ -2000,11 +1999,6 @@ if test "$static" = "yes" ; then
   if test "$modules" = "yes" ; then
     error_exit "static and modules are mutually incompatible"
   fi
-  if test "$pie" = "yes" ; then
-    error_exit "static and pie are mutually incompatible"
-  else
-    pie="no"
-  fi
 fi
 
 # Unconditional check for compiler __thread support
@@ -2035,7 +2029,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
   LDFLAGS_NOPIE="-no-pie"
 fi
 
-if test "$pie" = "no"; then
+if test "$static" = "yes"; then
+  if test "$pie" != "no" && compile_prog "-fPIE -DPIE" "-static-pie"; then
+    QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
+    LDFLAGS="-static-pie $LDFLAGS"
+    pie="yes"
+  elif test "$pie" = "yes"; then
+    error_exit "-static-pie not available due to missing toolchain support"
+  else
+    LDFLAGS="-static $LDFLAGS"
+    pie="no"
+  fi
+elif test "$pie" = "no"; then
   QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
   LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
 elif compile_prog "-fPIE -DPIE" "-pie"; then
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now
  2019-12-18 22:34 ` [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now Richard Henderson
@ 2019-12-18 22:46   ` Philippe Mathieu-Daudé
  2019-12-19  7:11     ` Fangrui Song
  2020-01-07 13:18   ` Alex Bennée
  1 sibling, 1 reply; 20+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-18 22:46 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: i, berrange

On 12/18/19 11:34 PM, Richard Henderson wrote:
> There is nothing about these options that is related to PIE.
> Use them unconditionally.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> v2: Do not split into two tests.
> ---
>   configure | 9 ++++++---
>   1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/configure b/configure
> index 7a646ec007..2503288654 100755
> --- a/configure
> +++ b/configure
> @@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
>       QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
>       LDFLAGS="-pie $LDFLAGS"
>       pie="yes"
> -    if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
> -      LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
> -    fi
>     else
>       if test "$pie" = "yes"; then
>         error_exit "PIE not available due to missing toolchain support"
> @@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
>     fi
>   fi
>   
> +# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
> +# The combination is known as "full relro", because .got is read-only too.
> +if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
> +  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
> +fi
> +
>   ##########################################
>   # __sync_fetch_and_and requires at least -march=i486. Many toolchains
>   # use i686 as default anyway, but for those that don't, an explicit
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>



^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now
  2019-12-18 22:46   ` [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now Philippe Mathieu-Daudé
@ 2019-12-19  7:11     ` Fangrui Song
  0 siblings, 0 replies; 20+ messages in thread
From: Fangrui Song @ 2019-12-19  7:11 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé; +Cc: berrange, Richard Henderson, qemu-devel


On 2019-12-18, Philippe Mathieu-Daudé wrote:
>On 12/18/19 11:34 PM, Richard Henderson wrote:
>>There is nothing about these options that is related to PIE.
>>Use them unconditionally.
>>
>>Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>---
>>v2: Do not split into two tests.
>>---
>>  configure | 9 ++++++---
>>  1 file changed, 6 insertions(+), 3 deletions(-)
>>
>>diff --git a/configure b/configure
>>index 7a646ec007..2503288654 100755
>>--- a/configure
>>+++ b/configure
>>@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
>>      QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
>>      LDFLAGS="-pie $LDFLAGS"
>>      pie="yes"
>>-    if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
>>-      LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
>>-    fi
>>    else
>>      if test "$pie" = "yes"; then
>>        error_exit "PIE not available due to missing toolchain support"
>>@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
>>    fi
>>  fi
>>+# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
>>+# The combination is known as "full relro", because .got is read-only too.
>>+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
>>+  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
>>+fi
>>+
>>  ##########################################
>>  # __sync_fetch_and_and requires at least -march=i486. Many toolchains
>>  # use i686 as default anyway, but for those that don't, an explicit
>>
>
>Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

One nit, .got is also read-only in partial relro. Full relro makes .got.plt
read-only. (On EM_PPC and EM_PPC64, .got.plt is named .plt (yes,
misnomer)).

Reviewed-by: Fangrui Song <i@maskray.me>


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 0/7] configure: Improve PIE and other linkage
  2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
                   ` (6 preceding siblings ...)
  2019-12-18 22:34 ` [PATCH v2 7/7] configure: Support -static-pie if requested Richard Henderson
@ 2020-01-06  2:57 ` Richard Henderson
  7 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2020-01-06  2:57 UTC (permalink / raw)
  To: qemu-devel; +Cc: philmd, i, berrange

On 12/19/19 8:34 AM, Richard Henderson wrote:
> This begins by dropping the -Ttext-segment stuff, which Fangrui Song
> correctly points out does not work with lld.  But it's also obsolete,
> so instead of adding support for lld's --image-base, remove it all.
> 
> Then, remove some other legacy random addresses that were supposed
> to apply to softmmu, but didn't really make any sense, and aren't
> used anyway when PIE is used, which is the default with a modern
> linux distribution.
> 
> Then, clean up some of the configure logic surrounding PIE, and its
> current non-application to non-x86.
> 
> Finally, add support for static-pie linking.
> 
> Changes in v2:
>  - Remove mention of config-host.ld from make distclean
>  - Do not split -z,rodata/-z,now into two tests
>  - Fix --disable-pie --static
> 
> Tested in conjunction with AJB's 
>   configure: allow disable of cross compilation container
>   https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg02943.html
> 
> as otherwise check-tcg simply doesn't work on aarch64 if you happen
> to have docker installed.

Ping.  Patches 3 and 7 still unreviewed.


r~


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 1/7] configure: Drop adjustment of textseg
  2019-12-18 22:34 ` [PATCH v2 1/7] configure: Drop adjustment of textseg Richard Henderson
@ 2020-01-07 11:34   ` Alex Bennée
  0 siblings, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 11:34 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, Thomas Huth, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> This adjustment was random and unnecessary.  The user mode
> startup code in probe_guest_base() will choose a value for
> guest_base that allows the host qemu binary to not conflict
> with the guest binary.
>
> With modern distributions, this isn't even used, as the default
> is PIE, which does the same job in a more portable way.
>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
> v2: Remove mention of config-host.ld from make distclean
> ---
>  Makefile  |  2 +-
>  configure | 47 -----------------------------------------------
>  2 files changed, 1 insertion(+), 48 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 1361def144..adf83f75a1 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -735,7 +735,7 @@ rm -f $(MANUAL_BUILDDIR)/$1/objects.inv $(MANUAL_BUILDDIR)/$1/searchindex.js $(M
>  endef
>  
>  distclean: clean
> -	rm -f config-host.mak config-host.h* config-host.ld $(DOCS) qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
> +	rm -f config-host.mak config-host.h* $(DOCS) qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
>  	rm -f tests/tcg/config-*.mak
>  	rm -f config-all-devices.mak config-all-disas.mak config.status
>  	rm -f $(SUBDIR_DEVICES_MAK)
> diff --git a/configure b/configure
> index e0c66ee9b6..30e3875c6b 100755
> --- a/configure
> +++ b/configure
> @@ -6298,49 +6298,6 @@ if test "$cpu" = "s390x" ; then
>    fi
>  fi
>  
> -# Probe for the need for relocating the user-only binary.
> -if ( [ "$linux_user" = yes ] || [ "$bsd_user" = yes ] ) && [ "$pie" = no ]; then
> -  textseg_addr=
> -  case "$cpu" in
> -    arm | i386 | ppc* | s390* | sparc* | x86_64 | x32)
> -      # ??? Rationale for choosing this address
> -      textseg_addr=0x60000000
> -      ;;
> -    mips)
> -      # A 256M aligned address, high in the address space, with enough
> -      # room for the code_gen_buffer above it before the stack.
> -      textseg_addr=0x60000000
> -      ;;
> -  esac
> -  if [ -n "$textseg_addr" ]; then
> -    cat > $TMPC <<EOF
> -    int main(void) { return 0; }
> -EOF
> -    textseg_ldflags="-Wl,-Ttext-segment=$textseg_addr"
> -    if ! compile_prog "" "$textseg_ldflags"; then
> -      # In case ld does not support -Ttext-segment, edit the default linker
> -      # script via sed to set the .text start addr.  This is needed on FreeBSD
> -      # at least.
> -      if ! $ld --verbose >/dev/null 2>&1; then
> -        error_exit \
> -            "We need to link the QEMU user mode binaries at a" \
> -            "specific text address. Unfortunately your linker" \
> -            "doesn't support either the -Ttext-segment option or" \
> -            "printing the default linker script with --verbose." \
> -            "If you don't want the user mode binaries, pass the" \
> -            "--disable-user option to configure."
> -      fi
> -
> -      $ld --verbose | sed \
> -        -e '1,/==================================================/d' \
> -        -e '/==================================================/,$d' \
> -        -e "s/[.] = [0-9a-fx]* [+] SIZEOF_HEADERS/. = $textseg_addr + SIZEOF_HEADERS/" \
> -        -e "s/__executable_start = [0-9a-fx]*/__executable_start = $textseg_addr/" > config-host.ld
> -      textseg_ldflags="-Wl,-T../config-host.ld"
> -    fi
> -  fi
> -fi
> -
>  # Check that the C++ compiler exists and works with the C compiler.
>  # All the QEMU_CXXFLAGS are based on QEMU_CFLAGS. Keep this at the end to don't miss any other that could be added.
>  if has $cxx; then
> @@ -7903,10 +7860,6 @@ if test "$gprof" = "yes" ; then
>    fi
>  fi
>  
> -if test "$target_linux_user" = "yes" || test "$target_bsd_user" = "yes" ; then
> -  ldflags="$ldflags $textseg_ldflags"
> -fi
> -
>  # Newer kernels on s390 check for an S390_PGSTE program header and
>  # enable the pgste page table extensions in that case. This makes
>  # the vm.allocate_pgste sysctl unnecessary. We enable this program


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address
  2019-12-18 22:34 ` [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address Richard Henderson
@ 2020-01-07 11:35   ` Alex Bennée
  0 siblings, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 11:35 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, Thomas Huth, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> The commentary talks about "in concert with the addresses
> assigned in the relevant linker script", except there is no
> linker script for softmmu, nor has there been for some time.
>
> (Do not confuse the user-only linker script editing that was
> removed in the previous patch, because user-only does not
> use this code_gen_buffer allocation method.)
>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  accel/tcg/translate-all.c | 37 +++++--------------------------------
>  1 file changed, 5 insertions(+), 32 deletions(-)
>
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index 9f48da9472..88468a1c08 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -1032,47 +1032,20 @@ static inline void *alloc_code_gen_buffer(void)
>  {
>      int prot = PROT_WRITE | PROT_READ | PROT_EXEC;
>      int flags = MAP_PRIVATE | MAP_ANONYMOUS;
> -    uintptr_t start = 0;
>      size_t size = tcg_ctx->code_gen_buffer_size;
>      void *buf;
>  
> -    /* Constrain the position of the buffer based on the host cpu.
> -       Note that these addresses are chosen in concert with the
> -       addresses assigned in the relevant linker script file.  */
> -# if defined(__PIE__) || defined(__PIC__)
> -    /* Don't bother setting a preferred location if we're building
> -       a position-independent executable.  We're more likely to get
> -       an address near the main executable if we let the kernel
> -       choose the address.  */
> -# elif defined(__x86_64__) && defined(MAP_32BIT)
> -    /* Force the memory down into low memory with the executable.
> -       Leave the choice of exact location with the kernel.  */
> -    flags |= MAP_32BIT;
> -    /* Cannot expect to map more than 800MB in low memory.  */
> -    if (size > 800u * 1024 * 1024) {
> -        tcg_ctx->code_gen_buffer_size = size = 800u * 1024 * 1024;
> -    }
> -# elif defined(__sparc__)
> -    start = 0x40000000ul;
> -# elif defined(__s390x__)
> -    start = 0x90000000ul;
> -# elif defined(__mips__)
> -#  if _MIPS_SIM == _ABI64
> -    start = 0x128000000ul;
> -#  else
> -    start = 0x08000000ul;
> -#  endif
> -# endif
> -
> -    buf = mmap((void *)start, size, prot, flags, -1, 0);
> +    buf = mmap(NULL, size, prot, flags, -1, 0);
>      if (buf == MAP_FAILED) {
>          return NULL;
>      }
>  
>  #ifdef __mips__
>      if (cross_256mb(buf, size)) {
> -        /* Try again, with the original still mapped, to avoid re-acquiring
> -           that 256mb crossing.  This time don't specify an address.  */
> +        /*
> +         * Try again, with the original still mapped, to avoid re-acquiring
> +         * the same 256mb crossing.
> +         */
>          size_t size2;
>          void *buf2 = mmap(NULL, size, prot, flags, -1, 0);
>          switch ((int)(buf2 != MAP_FAILED)) {


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 3/7] configure: Do not force pie=no for non-x86
  2019-12-18 22:34 ` [PATCH v2 3/7] configure: Do not force pie=no for non-x86 Richard Henderson
@ 2020-01-07 11:37   ` Philippe Mathieu-Daudé
  2020-01-07 12:58   ` Alex Bennée
  1 sibling, 0 replies; 20+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-01-07 11:37 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: i, berrange

On 12/18/19 11:34 PM, Richard Henderson wrote:
> PIE is supported on many other hosts besides x86.
> 
> The default for non-x86 is now the same as x86: pie is used
> if supported, and may be forced via --enable/--disable-pie.
> 
> The original commit (40d6444e91c) said:
> 
>    "Non-x86 are not changed, as they require TCG changes"
> 
> but I think that's wrong -- there's nothing about PIE that
> affects TCG one way or another.
> 
> Tested on aarch64 (bionic) and ppc64le (centos 7) hosts.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   configure | 10 ----------
>   1 file changed, 10 deletions(-)
> 
> diff --git a/configure b/configure
> index 30e3875c6b..99faf64a74 100755
> --- a/configure
> +++ b/configure
> @@ -2018,16 +2018,6 @@ if ! compile_prog "-Werror" "" ; then
>   	"Thread-Local Storage (TLS). Please upgrade to a version that does."
>   fi
>   
> -if test "$pie" = ""; then
> -  case "$cpu-$targetos" in
> -    i386-Linux|x86_64-Linux|x32-Linux|i386-OpenBSD|x86_64-OpenBSD)
> -      ;;
> -    *)
> -      pie="no"
> -      ;;
> -  esac
> -fi
> -
>   if test "$pie" != "no" ; then
>     cat > $TMPC << EOF
>   
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>



^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 3/7] configure: Do not force pie=no for non-x86
  2019-12-18 22:34 ` [PATCH v2 3/7] configure: Do not force pie=no for non-x86 Richard Henderson
  2020-01-07 11:37   ` Philippe Mathieu-Daudé
@ 2020-01-07 12:58   ` Alex Bennée
  1 sibling, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 12:58 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> PIE is supported on many other hosts besides x86.
>
> The default for non-x86 is now the same as x86: pie is used
> if supported, and may be forced via --enable/--disable-pie.
>
> The original commit (40d6444e91c) said:
>
>   "Non-x86 are not changed, as they require TCG changes"
>
> but I think that's wrong -- there's nothing about PIE that
> affects TCG one way or another.
>
> Tested on aarch64 (bionic) and ppc64le (centos 7) hosts.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

Also I double checked OpenBSD still worked:

Tested-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  configure | 10 ----------
>  1 file changed, 10 deletions(-)
>
> diff --git a/configure b/configure
> index 30e3875c6b..99faf64a74 100755
> --- a/configure
> +++ b/configure
> @@ -2018,16 +2018,6 @@ if ! compile_prog "-Werror" "" ; then
>  	"Thread-Local Storage (TLS). Please upgrade to a version that does."
>  fi
>  
> -if test "$pie" = ""; then
> -  case "$cpu-$targetos" in
> -    i386-Linux|x86_64-Linux|x32-Linux|i386-OpenBSD|x86_64-OpenBSD)
> -      ;;
> -    *)
> -      pie="no"
> -      ;;
> -  esac
> -fi
> -
>  if test "$pie" != "no" ; then
>    cat > $TMPC << EOF


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 4/7] configure: Always detect -no-pie toolchain support
  2019-12-18 22:34 ` [PATCH v2 4/7] configure: Always detect -no-pie toolchain support Richard Henderson
@ 2020-01-07 13:16   ` Alex Bennée
  2020-01-08  0:45     ` Richard Henderson
  0 siblings, 1 reply; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 13:16 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, Thomas Huth, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> The CFLAGS_NOPIE and LDFLAGS_NOPIE variables are used
> in pc-bios/optionrom/Makefile, which has nothing to do
> with the PIE setting of the main qemu executables.
>
> This overrides any operating system default to build
> all executables as PIE, which is important for ROMs.

But if the compiler doesn't support no-pie it just keeps going on.
Should the sub-build be bailing if _NOPIE is empty?

>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  configure | 18 ++++++++----------
>  1 file changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/configure b/configure
> index 99faf64a74..7a646ec007 100755
> --- a/configure
> +++ b/configure
> @@ -2018,26 +2018,24 @@ if ! compile_prog "-Werror" "" ; then
>  	"Thread-Local Storage (TLS). Please upgrade to a version that does."
>  fi
>  
> -if test "$pie" != "no" ; then
> -  cat > $TMPC << EOF
> +cat > $TMPC << EOF
>  
>  #ifdef __linux__
>  #  define THREAD __thread
>  #else
>  #  define THREAD
>  #endif
> -
>  static THREAD int tls_var;
> -
>  int main(void) { return tls_var; }
> -
>  EOF
> -  # check we support --no-pie first...
> -  if compile_prog "-Werror -fno-pie" "-no-pie"; then
> -    CFLAGS_NOPIE="-fno-pie"
> -    LDFLAGS_NOPIE="-nopie"
> -  fi
>  
> +# Check we support --no-pie first; we will need this for building ROMs.
> +if compile_prog "-Werror -fno-pie" "-no-pie"; then
> +  CFLAGS_NOPIE="-fno-pie"
> +  LDFLAGS_NOPIE="-no-pie"
> +fi
> +
> +if test "$pie" != "no" ; then
>    if compile_prog "-fPIE -DPIE" "-pie"; then
>      QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
>      LDFLAGS="-pie $LDFLAGS"


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now
  2019-12-18 22:34 ` [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now Richard Henderson
  2019-12-18 22:46   ` [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now Philippe Mathieu-Daudé
@ 2020-01-07 13:18   ` Alex Bennée
  1 sibling, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 13:18 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> There is nothing about these options that is related to PIE.
> Use them unconditionally.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
> v2: Do not split into two tests.
> ---
>  configure | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/configure b/configure
> index 7a646ec007..2503288654 100755
> --- a/configure
> +++ b/configure
> @@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
>      QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
>      LDFLAGS="-pie $LDFLAGS"
>      pie="yes"
> -    if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
> -      LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
> -    fi
>    else
>      if test "$pie" = "yes"; then
>        error_exit "PIE not available due to missing toolchain support"
> @@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
>    fi
>  fi
>  
> +# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
> +# The combination is known as "full relro", because .got is read-only too.
> +if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
> +  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
> +fi
> +
>  ##########################################
>  # __sync_fetch_and_and requires at least -march=i486. Many toolchains
>  # use i686 as default anyway, but for those that don't, an explicit


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 6/7] configure: Override the os default with --disable-pie
  2019-12-18 22:34 ` [PATCH v2 6/7] configure: Override the os default with --disable-pie Richard Henderson
@ 2020-01-07 13:24   ` Alex Bennée
  0 siblings, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 13:24 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, Thomas Huth, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> Some distributions, e.g. Ubuntu 19.10, enable PIE by default.
> If for some reason one wishes to build a non-pie binary, we
> must provide additional options to override.
>
> At the same time, reorg the code to an elif chain.
>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  configure | 25 ++++++++++++-------------
>  1 file changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/configure b/configure
> index 2503288654..f6ff079fab 100755
> --- a/configure
> +++ b/configure
> @@ -2035,19 +2035,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
>    LDFLAGS_NOPIE="-no-pie"
>  fi
>  
> -if test "$pie" != "no" ; then
> -  if compile_prog "-fPIE -DPIE" "-pie"; then
> -    QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
> -    LDFLAGS="-pie $LDFLAGS"
> -    pie="yes"
> -  else
> -    if test "$pie" = "yes"; then
> -      error_exit "PIE not available due to missing toolchain support"
> -    else
> -      echo "Disabling PIE due to missing toolchain support"
> -      pie="no"
> -    fi
> -  fi
> +if test "$pie" = "no"; then
> +  QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
> +  LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
> +elif compile_prog "-fPIE -DPIE" "-pie"; then
> +  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
> +  LDFLAGS="-pie $LDFLAGS"
> +  pie="yes"
> +elif test "$pie" = "yes"; then
> +  error_exit "PIE not available due to missing toolchain support"
> +else
> +  echo "Disabling PIE due to missing toolchain support"
> +  pie="no"
>  fi
>  
>  # Detect support for PT_GNU_RELRO + DT_BIND_NOW.


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 7/7] configure: Support -static-pie if requested
  2019-12-18 22:34 ` [PATCH v2 7/7] configure: Support -static-pie if requested Richard Henderson
@ 2020-01-07 13:45   ` Alex Bennée
  0 siblings, 0 replies; 20+ messages in thread
From: Alex Bennée @ 2020-01-07 13:45 UTC (permalink / raw)
  To: qemu-devel; +Cc: berrange, i, philmd


Richard Henderson <richard.henderson@linaro.org> writes:

> Recent toolchains support static and pie at the same time.
>
> As with normal dynamic builds, allow --static to default to PIE
> if supported by the toolchain.  Allow --enable/--disable-pie to
> override the default.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
> v2: Fix --disable-pie --static
> ---
>  configure | 19 ++++++++++++-------
>  1 file changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/configure b/configure
> index f6ff079fab..55586c5498 100755
> --- a/configure
> +++ b/configure
> @@ -1024,7 +1024,6 @@ for opt do
>    ;;
>    --static)
>      static="yes"
> -    LDFLAGS="-static $LDFLAGS"
>      QEMU_PKG_CONFIG_FLAGS="--static $QEMU_PKG_CONFIG_FLAGS"
>    ;;
>    --mandir=*) mandir="$optarg"
> @@ -2000,11 +1999,6 @@ if test "$static" = "yes" ; then
>    if test "$modules" = "yes" ; then
>      error_exit "static and modules are mutually incompatible"
>    fi
> -  if test "$pie" = "yes" ; then
> -    error_exit "static and pie are mutually incompatible"
> -  else
> -    pie="no"
> -  fi
>  fi
>  
>  # Unconditional check for compiler __thread support
> @@ -2035,7 +2029,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
>    LDFLAGS_NOPIE="-no-pie"
>  fi
>  
> -if test "$pie" = "no"; then
> +if test "$static" = "yes"; then
> +  if test "$pie" != "no" && compile_prog "-fPIE -DPIE" "-static-pie"; then
> +    QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
> +    LDFLAGS="-static-pie $LDFLAGS"
> +    pie="yes"
> +  elif test "$pie" = "yes"; then
> +    error_exit "-static-pie not available due to missing toolchain support"
> +  else
> +    LDFLAGS="-static $LDFLAGS"
> +    pie="no"
> +  fi
> +elif test "$pie" = "no"; then
>    QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
>    LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
>  elif compile_prog "-fPIE -DPIE" "-pie"; then


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH v2 4/7] configure: Always detect -no-pie toolchain support
  2020-01-07 13:16   ` Alex Bennée
@ 2020-01-08  0:45     ` Richard Henderson
  0 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2020-01-08  0:45 UTC (permalink / raw)
  To: Alex Bennée, qemu-devel; +Cc: philmd, Thomas Huth, i, berrange

On 1/7/20 11:16 PM, Alex Bennée wrote:
> 
> Richard Henderson <richard.henderson@linaro.org> writes:
> 
>> The CFLAGS_NOPIE and LDFLAGS_NOPIE variables are used
>> in pc-bios/optionrom/Makefile, which has nothing to do
>> with the PIE setting of the main qemu executables.
>>
>> This overrides any operating system default to build
>> all executables as PIE, which is important for ROMs.
> 
> But if the compiler doesn't support no-pie it just keeps going on.
> Should the sub-build be bailing if _NOPIE is empty?

If the compiler doesn't support no-pie, we assume that pie isn't default, and
so no arguments are required.


r~


^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2020-01-08  0:46 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-18 22:34 [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson
2019-12-18 22:34 ` [PATCH v2 1/7] configure: Drop adjustment of textseg Richard Henderson
2020-01-07 11:34   ` Alex Bennée
2019-12-18 22:34 ` [PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address Richard Henderson
2020-01-07 11:35   ` Alex Bennée
2019-12-18 22:34 ` [PATCH v2 3/7] configure: Do not force pie=no for non-x86 Richard Henderson
2020-01-07 11:37   ` Philippe Mathieu-Daudé
2020-01-07 12:58   ` Alex Bennée
2019-12-18 22:34 ` [PATCH v2 4/7] configure: Always detect -no-pie toolchain support Richard Henderson
2020-01-07 13:16   ` Alex Bennée
2020-01-08  0:45     ` Richard Henderson
2019-12-18 22:34 ` [PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now Richard Henderson
2019-12-18 22:46   ` [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now Philippe Mathieu-Daudé
2019-12-19  7:11     ` Fangrui Song
2020-01-07 13:18   ` Alex Bennée
2019-12-18 22:34 ` [PATCH v2 6/7] configure: Override the os default with --disable-pie Richard Henderson
2020-01-07 13:24   ` Alex Bennée
2019-12-18 22:34 ` [PATCH v2 7/7] configure: Support -static-pie if requested Richard Henderson
2020-01-07 13:45   ` Alex Bennée
2020-01-06  2:57 ` [PATCH v2 0/7] configure: Improve PIE and other linkage Richard Henderson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).