git: 9a227a2fd642 - main - Enable PIE by default on 64-bit architectures

Marcin Wojtas mw at FreeBSD.org
Wed Feb 24 23:26:45 UTC 2021 

The branch main has been updated by mw:

URL: https://cgit.FreeBSD.org/src/commit/?id=9a227a2fd642ec057a0ec70d67d5699d65553294

commit 9a227a2fd642ec057a0ec70d67d5699d65553294
Author:     Marcin Wojtas <mw at FreeBSD.org>
AuthorDate: 2021-01-22 12:13:03 +0000
Commit:     Marcin Wojtas <mw at FreeBSD.org>
CommitDate: 2021-02-24 23:26:11 +0000

    Enable PIE by default on 64-bit architectures
    
    This patch adds Position Independent Executables (PIE)
    flags for building OS. It allows to enable the ASLR
    feature based only on the sysctl knobs, without
    need to rebuild the image. Tests showed that
    no problems with stability / performance degradation
    were seen when using PIEs with ASLR disabled.
    
    The change is limited only for 64-bit architectures.
    
    Use bsd.opts.mk instead of the src.opts.mk in order
    to satisfy all build dependencies related to MK_PIE.
    
    Reviewed by: emaste, imp
    Obtained from: Semihalf
    Sponsored by: Stormshield
    Differential Revision: https://reviews.freebsd.org/D28328
---
 share/mk/bsd.opts.mk | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/share/mk/bsd.opts.mk b/share/mk/bsd.opts.mk
index 88c73cc6bfe4..9f9889d0a0f0 100644
--- a/share/mk/bsd.opts.mk
+++ b/share/mk/bsd.opts.mk
@@ -75,7 +75,6 @@ __DEFAULT_NO_OPTIONS = \
     INIT_ALL_PATTERN \
     INIT_ALL_ZERO \
     INSTALL_AS_USER \
-    PIE \
     RETPOLINE \
     STALE_STAGED
 
@@ -85,6 +84,21 @@ __DEFAULT_DEPENDENT_OPTIONS = \
     STAGING_PROG/STAGING \
     STALE_STAGED/STAGING \
 
+#
+# Default to disabling PIE on 32-bit architectures. The small address space
+# means that ASLR is of limited effectiveness, and it may cause issues with
+# some memory-hungry workloads.
+#
+.if ${MACHINE_ARCH} == "armv6" || ${MACHINE_ARCH} == "armv7" \
+    || ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "mips" \
+    || ${MACHINE_ARCH} == "mipsel" || ${MACHINE_ARCH} == "mipselhf" \
+    || ${MACHINE_ARCH} == "mipshf" || ${MACHINE_ARCH} == "mipsn32" \
+    || ${MACHINE_ARCH} == "mipsn32el" || ${MACHINE_ARCH} == "powerpc" \
+    || ${MACHINE_ARCH} == "powerpcspe"
+__DEFAULT_NO_OPTIONS+= PIE
+.else
+__DEFAULT_YES_OPTIONS+=PIE
+.endif
 
 .include <bsd.mkopt.mk>

More information about the dev-commits-src-main mailing list