PIE/PIC support on base
Baptiste Daroussin
bapt at FreeBSD.org
Wed Nov 5 12:44:32 UTC 2014
On Wed, Nov 05, 2014 at 02:26:12PM +0200, Konstantin Belousov wrote:
> On Wed, Nov 05, 2014 at 12:48:55PM +0100, Baptiste Daroussin wrote:
> > On Wed, Nov 05, 2014 at 11:26:14AM +0200, Konstantin Belousov wrote:
> > > On Wed, Nov 05, 2014 at 10:02:15AM +0100, Baptiste Daroussin wrote:
> > > > On amd64 WANTS_PIE will be useless as we can easily activate PIE on every places
> > > > For i386 we would propably prefer cherry picking the what we want to see built
> > > > with PIE. Don't know for other arches.
> > > >
> > > > So here is what I do propose:
> > > > if MK_PIE=no: no PIE at all
> > > > if MK_PIE=yes:
> > > > - on amd64/(platforms without performance penalty): build everything with PIE
> > > > from libs to prog
> > > See below.
> > >
> > > > - on i386/(platforms with performance penalty): build with PIE if WANTS_PIE
> > > > is defined.
> > > >
> > > > So the difference with the previous approach are:
> > > > - No way to opt out PIE for a single binary either totally disable or enable (I
> > > > have encountered no binary so far in the base system which fails with PIE
> > > > enabled - again only tested on amd64)
> > > > - Activate PIE for both binaries and libraries (no reason not to include
> > > > libraries)
> > > What does it mean 'PIE for library' ? There is simply no such thing.
> >
> > Sorry I badly explained, I was meaning PIC for libs PIE for binaries.
> > >
> > > Also, I strongly oppose compiling everything with PIC, even on amd64.
> > > I described somewhere else that using PIC code changes symbol lookup
> > > rules for binaries. So despite not having performance impact, the
> > > thing does impact runtime behaviour in subtle ways. The most affected
> > > programs are those which support dynamic modules.
> Please do not ignore this ^^^^^^ issue.
I was not aware of issues here, I'll investigate but will not ignore for usre :)
>
> > >
> > > Also, what is the state of static binaries + PIE ? Do our binutils
> > > support this at all ? The csu is definitely not ready for 'everything
> > > PIE'.
> >
> > Only dynamic binaries will receive PIE support (and in case of using an
> > INTERNALLIB will link to the libbla_pic.a) static ones will remain non PIE.
>
> And what about libX.a libraries, required by those static binaries ?
> It is wrong to compile the .o files for those static libraries in
> pic mode.
I was not planning to build .a files with PIC, static binaries at all
>
> More, take look at things which are done with -DPIC, e.g. in the
> lib/libc/sys/stack_protector*.c. There, it is critical for correctness.
>
>
I'll have a look thanks for the pointer!
regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20141105/485e3bd1/attachment.sig>
More information about the freebsd-arch
mailing list