1. Patchew
  2. EDK2
  3. View series

[edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly

Ard Biesheuvel posted 1 patch 5 years, 10 months ago
Failed in applying to current master (apply log)
BaseTools/Conf/tools_def.template | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
[edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Ard Biesheuvel 5 years, 10 months ago 
As a security measure, some distros now build their GCC toolchains with
PIE code generation enabled by default, because it is a prerequisite
for ASLR to be enabled when running the executable.

This typically results in slightly larger code, but it also generates
ELF relocations that our tooling cannot deal with, so let's disable it
explicitly when using GCC49 or later for IA32. (Note that this does not
apply to X64: it uses PIE code deliberately in some cases, and our
tooling does deal with the resuling relocations)

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
 BaseTools/Conf/tools_def.template | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 7e9c915755ed..733c6ec71709 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)
 DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)
 DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
 
-DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
+DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie
 DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
 DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
 DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
@@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
 *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
 
 *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
-*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
+*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
 *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386
 *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386
-*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
+*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie
 *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
 *_GCC49_IA32_OBJCOPY_FLAGS        = 
 *_GCC49_IA32_NASM_FLAGS           = -f elf32
@@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)
 *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
 
 *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
-*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
+*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
 *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386
-*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
+*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
 *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
 *_GCC5_IA32_OBJCOPY_FLAGS        =
 *_GCC5_IA32_NASM_FLAGS           = -f elf32
-- 
2.17.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Laszlo Ersek 5 years, 10 months ago 
On 06/11/18 18:29, Ard Biesheuvel wrote:
> As a security measure, some distros now build their GCC toolchains with
> PIE code generation enabled by default, because it is a prerequisite
> for ASLR to be enabled when running the executable.
> 
> This typically results in slightly larger code, but it also generates
> ELF relocations that our tooling cannot deal with, so let's disable it
> explicitly when using GCC49 or later for IA32. (Note that this does not
> apply to X64: it uses PIE code deliberately in some cases, and our
> tooling does deal with the resuling relocations)
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Acked-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  BaseTools/Conf/tools_def.template | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
> index 7e9c915755ed..733c6ec71709 100755
> --- a/BaseTools/Conf/tools_def.template
> +++ b/BaseTools/Conf/tools_def.template
> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)
>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)
>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
>  
> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie
>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
>  
>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386
>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386
> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie
>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>  *_GCC49_IA32_OBJCOPY_FLAGS        = 
>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)
>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
>  
>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386
> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>  *_GCC5_IA32_OBJCOPY_FLAGS        =
>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
> 

Right, covering GCC49 works for me too. Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Gao, Liming 5 years, 10 months ago 
Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Tuesday, June 12, 2018 12:29 AM
> To: edk2-devel@lists.01.org
> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>
> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
> 
> As a security measure, some distros now build their GCC toolchains with
> PIE code generation enabled by default, because it is a prerequisite
> for ASLR to be enabled when running the executable.
> 
> This typically results in slightly larger code, but it also generates
> ELF relocations that our tooling cannot deal with, so let's disable it
> explicitly when using GCC49 or later for IA32. (Note that this does not
> apply to X64: it uses PIE code deliberately in some cases, and our
> tooling does deal with the resuling relocations)
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Acked-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  BaseTools/Conf/tools_def.template | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
> index 7e9c915755ed..733c6ec71709 100755
> --- a/BaseTools/Conf/tools_def.template
> +++ b/BaseTools/Conf/tools_def.template
> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)
>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)
>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
> 
> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie
>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u
> ReferenceAcpiTable
> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
> 
>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386
>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386
> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie
>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>  *_GCC49_IA32_OBJCOPY_FLAGS        =
>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)
>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
> 
>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386
> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>  *_GCC5_IA32_OBJCOPY_FLAGS        =
>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
> --
> 2.17.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Ard Biesheuvel 5 years, 10 months ago 
On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:
> Reviewed-by: Liming Gao <liming.gao@intel.com>
>

Thanks

Pushed as c25d3905523a

>> -----Original Message-----
>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>> Sent: Tuesday, June 12, 2018 12:29 AM
>> To: edk2-devel@lists.01.org
>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org>
>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
>>
>> As a security measure, some distros now build their GCC toolchains with
>> PIE code generation enabled by default, because it is a prerequisite
>> for ASLR to be enabled when running the executable.
>>
>> This typically results in slightly larger code, but it also generates
>> ELF relocations that our tooling cannot deal with, so let's disable it
>> explicitly when using GCC49 or later for IA32. (Note that this does not
>> apply to X64: it uses PIE code deliberately in some cases, and our
>> tooling does deal with the resuling relocations)
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>  BaseTools/Conf/tools_def.template | 10 +++++-----
>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
>> index 7e9c915755ed..733c6ec71709 100755
>> --- a/BaseTools/Conf/tools_def.template
>> +++ b/BaseTools/Conf/tools_def.template
>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)
>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)
>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
>>
>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie
>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u
>> ReferenceAcpiTable
>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
>>
>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
>> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386
>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386
>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie
>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>  *_GCC49_IA32_OBJCOPY_FLAGS        =
>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)
>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
>>
>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
>> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386
>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>  *_GCC5_IA32_OBJCOPY_FLAGS        =
>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
>> --
>> 2.17.1
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Gao, Liming 5 years, 10 months ago 
Ard:
  This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option -no-pie"
  Do you know any option to disable this error?

Thanks
Liming
>-----Original Message-----
>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>Sent: Tuesday, June 12, 2018 2:19 PM
>To: Gao, Liming <liming.gao@intel.com>
>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong
><yonghong.zhu@intel.com>
>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code
>generation explicitly
>
>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:
>> Reviewed-by: Liming Gao <liming.gao@intel.com>
>>
>
>Thanks
>
>Pushed as c25d3905523a
>
>>> -----Original Message-----
>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>>> Sent: Tuesday, June 12, 2018 12:29 AM
>>> To: edk2-devel@lists.01.org
>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,
>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel
>>> <ard.biesheuvel@linaro.org>
>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation
>explicitly
>>>
>>> As a security measure, some distros now build their GCC toolchains with
>>> PIE code generation enabled by default, because it is a prerequisite
>>> for ASLR to be enabled when running the executable.
>>>
>>> This typically results in slightly larger code, but it also generates
>>> ELF relocations that our tooling cannot deal with, so let's disable it
>>> explicitly when using GCC49 or later for IA32. (Note that this does not
>>> apply to X64: it uses PIE code deliberately in some cases, and our
>>> tooling does deal with the resuling relocations)
>>>
>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>>> ---
>>>  BaseTools/Conf/tools_def.template | 10 +++++-----
>>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/BaseTools/Conf/tools_def.template
>b/BaseTools/Conf/tools_def.template
>>> index 7e9c915755ed..733c6ec71709 100755
>>> --- a/BaseTools/Conf/tools_def.template
>>> +++ b/BaseTools/Conf/tools_def.template
>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =
>DEF(GCC47_AARCH64_DLINK2_FLAGS)
>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =
>DEF(GCC47_ARM_ASLDLINK_FLAGS)
>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =
>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
>>>
>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -
>fno-pic -fno-pie
>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-
>sections -z common-page-size=0x40
>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =
>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u
>>> ReferenceAcpiTable
>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =
>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
>>>
>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =
>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =
>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -
>march=i386
>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)
>-Wl,-m,elf_i386,--oformat=elf32-i386
>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -
>no-pie
>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =
>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =
>DEF(GCC49_AARCH64_DLINK_FLAGS)
>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
>>>
>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =
>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =
>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -
>march=i386
>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -
>no-pie
>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =
>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
>>> --
>>> 2.17.1
>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Ard Biesheuvel 5 years, 10 months ago 
On 13 June 2018 at 12:16, Gao, Liming <liming.gao@intel.com> wrote:
> Ard:
>   This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option -no-pie"
>   Do you know any option to disable this error?
>

Sorry about that.

I guess the assumption that this was safe for GCC49 was incorrect after all.

Shall I send a patch to move back to setting it for GCC5 only?

>>-----Original Message-----
>>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>>Sent: Tuesday, June 12, 2018 2:19 PM
>>To: Gao, Liming <liming.gao@intel.com>
>>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong
>><yonghong.zhu@intel.com>
>>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code
>>generation explicitly
>>
>>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:
>>> Reviewed-by: Liming Gao <liming.gao@intel.com>
>>>
>>
>>Thanks
>>
>>Pushed as c25d3905523a
>>
>>>> -----Original Message-----
>>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>>>> Sent: Tuesday, June 12, 2018 12:29 AM
>>>> To: edk2-devel@lists.01.org
>>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,
>>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel
>>>> <ard.biesheuvel@linaro.org>
>>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation
>>explicitly
>>>>
>>>> As a security measure, some distros now build their GCC toolchains with
>>>> PIE code generation enabled by default, because it is a prerequisite
>>>> for ASLR to be enabled when running the executable.
>>>>
>>>> This typically results in slightly larger code, but it also generates
>>>> ELF relocations that our tooling cannot deal with, so let's disable it
>>>> explicitly when using GCC49 or later for IA32. (Note that this does not
>>>> apply to X64: it uses PIE code deliberately in some cases, and our
>>>> tooling does deal with the resuling relocations)
>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>>>> ---
>>>>  BaseTools/Conf/tools_def.template | 10 +++++-----
>>>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/BaseTools/Conf/tools_def.template
>>b/BaseTools/Conf/tools_def.template
>>>> index 7e9c915755ed..733c6ec71709 100755
>>>> --- a/BaseTools/Conf/tools_def.template
>>>> +++ b/BaseTools/Conf/tools_def.template
>>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =
>>DEF(GCC47_AARCH64_DLINK2_FLAGS)
>>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =
>>DEF(GCC47_ARM_ASLDLINK_FLAGS)
>>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =
>>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
>>>>
>>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
>>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -
>>fno-pic -fno-pie
>>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
>>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-
>>sections -z common-page-size=0x40
>>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =
>>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u
>>>> ReferenceAcpiTable
>>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =
>>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
>>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
>>>>
>>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
>>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =
>>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =
>>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -
>>march=i386
>>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)
>>-Wl,-m,elf_i386,--oformat=elf32-i386
>>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
>>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -
>>no-pie
>>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =
>>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
>>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =
>>DEF(GCC49_AARCH64_DLINK_FLAGS)
>>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
>>>>
>>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
>>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =
>>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
>>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =
>>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
>>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -
>>march=i386
>>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
>>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -
>>no-pie
>>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
>>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =
>>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
>>>> --
>>>> 2.17.1
>>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
Posted by Gao, Liming 5 years, 10 months ago 
Ard:
  If we have no other solution to disable this error, we have to roll back the change in GCC49 tool chain. 

Thanks
Liming
> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Wednesday, June 13, 2018 6:19 PM
> To: Gao, Liming <liming.gao@intel.com>
> Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong <yonghong.zhu@intel.com>
> Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly
> 
> On 13 June 2018 at 12:16, Gao, Liming <liming.gao@intel.com> wrote:
> > Ard:
> >   This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option
> -no-pie"
> >   Do you know any option to disable this error?
> >
> 
> Sorry about that.
> 
> I guess the assumption that this was safe for GCC49 was incorrect after all.
> 
> Shall I send a patch to move back to setting it for GCC5 only?
> 
> >>-----Original Message-----
> >>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> >>Sent: Tuesday, June 12, 2018 2:19 PM
> >>To: Gao, Liming <liming.gao@intel.com>
> >>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong
> >><yonghong.zhu@intel.com>
> >>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code
> >>generation explicitly
> >>
> >>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:
> >>> Reviewed-by: Liming Gao <liming.gao@intel.com>
> >>>
> >>
> >>Thanks
> >>
> >>Pushed as c25d3905523a
> >>
> >>>> -----Original Message-----
> >>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> >>>> Sent: Tuesday, June 12, 2018 12:29 AM
> >>>> To: edk2-devel@lists.01.org
> >>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,
> >>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel
> >>>> <ard.biesheuvel@linaro.org>
> >>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation
> >>explicitly
> >>>>
> >>>> As a security measure, some distros now build their GCC toolchains with
> >>>> PIE code generation enabled by default, because it is a prerequisite
> >>>> for ASLR to be enabled when running the executable.
> >>>>
> >>>> This typically results in slightly larger code, but it also generates
> >>>> ELF relocations that our tooling cannot deal with, so let's disable it
> >>>> explicitly when using GCC49 or later for IA32. (Note that this does not
> >>>> apply to X64: it uses PIE code deliberately in some cases, and our
> >>>> tooling does deal with the resuling relocations)
> >>>>
> >>>> Contributed-under: TianoCore Contribution Agreement 1.1
> >>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>>> Acked-by: Laszlo Ersek <lersek@redhat.com>
> >>>> ---
> >>>>  BaseTools/Conf/tools_def.template | 10 +++++-----
> >>>>  1 file changed, 5 insertions(+), 5 deletions(-)
> >>>>
> >>>> diff --git a/BaseTools/Conf/tools_def.template
> >>b/BaseTools/Conf/tools_def.template
> >>>> index 7e9c915755ed..733c6ec71709 100755
> >>>> --- a/BaseTools/Conf/tools_def.template
> >>>> +++ b/BaseTools/Conf/tools_def.template
> >>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =
> >>DEF(GCC47_AARCH64_DLINK2_FLAGS)
> >>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =
> >>DEF(GCC47_ARM_ASLDLINK_FLAGS)
> >>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =
> >>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
> >>>>
> >>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
> >>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -
> >>fno-pic -fno-pie
> >>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
> >>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-
> >>sections -z common-page-size=0x40
> >>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =
> >>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u
> >>>> ReferenceAcpiTable
> >>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =
> >>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
> >>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
> >>>>
> >>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
> >>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =
> >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> >>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =
> >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
> >>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -
> >>march=i386
> >>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)
> >>-Wl,-m,elf_i386,--oformat=elf32-i386
> >>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
> >>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -
> >>no-pie
> >>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
> >>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =
> >>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32
> >>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =
> >>DEF(GCC49_AARCH64_DLINK_FLAGS)
> >>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
> >>>>
> >>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
> >>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =
> >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
> >>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =
> >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
> >>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -
> >>march=i386
> >>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
> >>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -
> >>no-pie
> >>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
> >>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =
> >>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32
> >>>> --
> >>>> 2.17.1
> >>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.