diff mbox series

[edk2,v2] BaseTools/tools_def IA32: disable PIE code generation explicitly

Message ID 20180611162911.3386-1-ard.biesheuvel@linaro.org
State Accepted
Commit c25d3905523ae4961bb039b1aba597983f7e3e4e
Headers show
Series [edk2,v2] BaseTools/tools_def IA32: disable PIE code generation explicitly | expand

Commit Message

Ard Biesheuvel June 11, 2018, 4:29 p.m. UTC 
As a security measure, some distros now build their GCC toolchains with
PIE code generation enabled by default, because it is a prerequisite
for ASLR to be enabled when running the executable.

This typically results in slightly larger code, but it also generates
ELF relocations that our tooling cannot deal with, so let's disable it
explicitly when using GCC49 or later for IA32. (Note that this does not
apply to X64: it uses PIE code deliberately in some cases, and our
tooling does deal with the resuling relocations)

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Acked-by: Laszlo Ersek <lersek@redhat.com>

---
 BaseTools/Conf/tools_def.template | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

-- 
2.17.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Comments

Laszlo Ersek June 11, 2018, 5:31 p.m. UTC | #1 
On 06/11/18 18:29, Ard Biesheuvel wrote:
> As a security measure, some distros now build their GCC toolchains with

> PIE code generation enabled by default, because it is a prerequisite

> for ASLR to be enabled when running the executable.

> 

> This typically results in slightly larger code, but it also generates

> ELF relocations that our tooling cannot deal with, so let's disable it

> explicitly when using GCC49 or later for IA32. (Note that this does not

> apply to X64: it uses PIE code deliberately in some cases, and our

> tooling does deal with the resuling relocations)

> 

> Contributed-under: TianoCore Contribution Agreement 1.1

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> Acked-by: Laszlo Ersek <lersek@redhat.com>

> ---

>  BaseTools/Conf/tools_def.template | 10 +++++-----

>  1 file changed, 5 insertions(+), 5 deletions(-)

> 

> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template

> index 7e9c915755ed..733c6ec71709 100755

> --- a/BaseTools/Conf/tools_def.template

> +++ b/BaseTools/Conf/tools_def.template

> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)

>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)

>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

>  

> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie

>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40

>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable

> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

>  

>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386

>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386

> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie

>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>  *_GCC49_IA32_OBJCOPY_FLAGS        = 

>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)

>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

>  

>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386

> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie

>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>  *_GCC5_IA32_OBJCOPY_FLAGS        =

>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

> 


Right, covering GCC49 works for me too. Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Gao, Liming June 12, 2018, 1:40 a.m. UTC | #2 
Reviewed-by: Liming Gao <liming.gao@intel.com>


> -----Original Message-----

> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

> Sent: Tuesday, June 12, 2018 12:29 AM

> To: edk2-devel@lists.01.org

> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel

> <ard.biesheuvel@linaro.org>

> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly

> 

> As a security measure, some distros now build their GCC toolchains with

> PIE code generation enabled by default, because it is a prerequisite

> for ASLR to be enabled when running the executable.

> 

> This typically results in slightly larger code, but it also generates

> ELF relocations that our tooling cannot deal with, so let's disable it

> explicitly when using GCC49 or later for IA32. (Note that this does not

> apply to X64: it uses PIE code deliberately in some cases, and our

> tooling does deal with the resuling relocations)

> 

> Contributed-under: TianoCore Contribution Agreement 1.1

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> Acked-by: Laszlo Ersek <lersek@redhat.com>

> ---

>  BaseTools/Conf/tools_def.template | 10 +++++-----

>  1 file changed, 5 insertions(+), 5 deletions(-)

> 

> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template

> index 7e9c915755ed..733c6ec71709 100755

> --- a/BaseTools/Conf/tools_def.template

> +++ b/BaseTools/Conf/tools_def.template

> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)

>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)

>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

> 

> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie

>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40

>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u

> ReferenceAcpiTable

> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

> 

>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386

>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386

> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie

>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>  *_GCC49_IA32_OBJCOPY_FLAGS        =

>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)

>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

> 

>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386

> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie

>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>  *_GCC5_IA32_OBJCOPY_FLAGS        =

>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

> --

> 2.17.1


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Ard Biesheuvel June 12, 2018, 6:18 a.m. UTC | #3 
On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:
> Reviewed-by: Liming Gao <liming.gao@intel.com>

>


Thanks

Pushed as c25d3905523a

>> -----Original Message-----

>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

>> Sent: Tuesday, June 12, 2018 12:29 AM

>> To: edk2-devel@lists.01.org

>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel

>> <ard.biesheuvel@linaro.org>

>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly

>>

>> As a security measure, some distros now build their GCC toolchains with

>> PIE code generation enabled by default, because it is a prerequisite

>> for ASLR to be enabled when running the executable.

>>

>> This typically results in slightly larger code, but it also generates

>> ELF relocations that our tooling cannot deal with, so let's disable it

>> explicitly when using GCC49 or later for IA32. (Note that this does not

>> apply to X64: it uses PIE code deliberately in some cases, and our

>> tooling does deal with the resuling relocations)

>>

>> Contributed-under: TianoCore Contribution Agreement 1.1

>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>> Acked-by: Laszlo Ersek <lersek@redhat.com>

>> ---

>>  BaseTools/Conf/tools_def.template | 10 +++++-----

>>  1 file changed, 5 insertions(+), 5 deletions(-)

>>

>> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template

>> index 7e9c915755ed..733c6ec71709 100755

>> --- a/BaseTools/Conf/tools_def.template

>> +++ b/BaseTools/Conf/tools_def.template

>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)

>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)

>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

>>

>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie

>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40

>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u

>> ReferenceAcpiTable

>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

>>

>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

>> -*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>> +*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386

>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386

>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie

>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>  *_GCC49_IA32_OBJCOPY_FLAGS        =

>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)

>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

>>

>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

>> -*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>> +*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386

>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie

>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>  *_GCC5_IA32_OBJCOPY_FLAGS        =

>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

>> --

>> 2.17.1

>

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Gao, Liming June 13, 2018, 10:16 a.m. UTC | #4 
Ard:
  This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option -no-pie"
  Do you know any option to disable this error?

Thanks
Liming
>-----Original Message-----

>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

>Sent: Tuesday, June 12, 2018 2:19 PM

>To: Gao, Liming <liming.gao@intel.com>

>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong

><yonghong.zhu@intel.com>

>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code

>generation explicitly

>

>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:

>> Reviewed-by: Liming Gao <liming.gao@intel.com>

>>

>

>Thanks

>

>Pushed as c25d3905523a

>

>>> -----Original Message-----

>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

>>> Sent: Tuesday, June 12, 2018 12:29 AM

>>> To: edk2-devel@lists.01.org

>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,

>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel

>>> <ard.biesheuvel@linaro.org>

>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation

>explicitly

>>>

>>> As a security measure, some distros now build their GCC toolchains with

>>> PIE code generation enabled by default, because it is a prerequisite

>>> for ASLR to be enabled when running the executable.

>>>

>>> This typically results in slightly larger code, but it also generates

>>> ELF relocations that our tooling cannot deal with, so let's disable it

>>> explicitly when using GCC49 or later for IA32. (Note that this does not

>>> apply to X64: it uses PIE code deliberately in some cases, and our

>>> tooling does deal with the resuling relocations)

>>>

>>> Contributed-under: TianoCore Contribution Agreement 1.1

>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>>> Acked-by: Laszlo Ersek <lersek@redhat.com>

>>> ---

>>>  BaseTools/Conf/tools_def.template | 10 +++++-----

>>>  1 file changed, 5 insertions(+), 5 deletions(-)

>>>

>>> diff --git a/BaseTools/Conf/tools_def.template

>b/BaseTools/Conf/tools_def.template

>>> index 7e9c915755ed..733c6ec71709 100755

>>> --- a/BaseTools/Conf/tools_def.template

>>> +++ b/BaseTools/Conf/tools_def.template

>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =

>DEF(GCC47_AARCH64_DLINK2_FLAGS)

>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =

>DEF(GCC47_ARM_ASLDLINK_FLAGS)

>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =

>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

>>>

>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -

>fno-pic -fno-pie

>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-

>sections -z common-page-size=0x40

>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =

>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u

>>> ReferenceAcpiTable

>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =

>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

>>>

>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =

>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =

>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -

>march=i386

>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)

>-Wl,-m,elf_i386,--oformat=elf32-i386

>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -

>no-pie

>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =

>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =

>DEF(GCC49_AARCH64_DLINK_FLAGS)

>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

>>>

>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =

>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =

>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -

>march=i386

>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -

>no-pie

>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =

>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

>>> --

>>> 2.17.1

>>

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Ard Biesheuvel June 13, 2018, 10:19 a.m. UTC | #5 
On 13 June 2018 at 12:16, Gao, Liming <liming.gao@intel.com> wrote:
> Ard:

>   This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option -no-pie"

>   Do you know any option to disable this error?

>


Sorry about that.

I guess the assumption that this was safe for GCC49 was incorrect after all.

Shall I send a patch to move back to setting it for GCC5 only?

>>-----Original Message-----

>>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

>>Sent: Tuesday, June 12, 2018 2:19 PM

>>To: Gao, Liming <liming.gao@intel.com>

>>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong

>><yonghong.zhu@intel.com>

>>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code

>>generation explicitly

>>

>>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:

>>> Reviewed-by: Liming Gao <liming.gao@intel.com>

>>>

>>

>>Thanks

>>

>>Pushed as c25d3905523a

>>

>>>> -----Original Message-----

>>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

>>>> Sent: Tuesday, June 12, 2018 12:29 AM

>>>> To: edk2-devel@lists.01.org

>>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,

>>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel

>>>> <ard.biesheuvel@linaro.org>

>>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation

>>explicitly

>>>>

>>>> As a security measure, some distros now build their GCC toolchains with

>>>> PIE code generation enabled by default, because it is a prerequisite

>>>> for ASLR to be enabled when running the executable.

>>>>

>>>> This typically results in slightly larger code, but it also generates

>>>> ELF relocations that our tooling cannot deal with, so let's disable it

>>>> explicitly when using GCC49 or later for IA32. (Note that this does not

>>>> apply to X64: it uses PIE code deliberately in some cases, and our

>>>> tooling does deal with the resuling relocations)

>>>>

>>>> Contributed-under: TianoCore Contribution Agreement 1.1

>>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>>>> Acked-by: Laszlo Ersek <lersek@redhat.com>

>>>> ---

>>>>  BaseTools/Conf/tools_def.template | 10 +++++-----

>>>>  1 file changed, 5 insertions(+), 5 deletions(-)

>>>>

>>>> diff --git a/BaseTools/Conf/tools_def.template

>>b/BaseTools/Conf/tools_def.template

>>>> index 7e9c915755ed..733c6ec71709 100755

>>>> --- a/BaseTools/Conf/tools_def.template

>>>> +++ b/BaseTools/Conf/tools_def.template

>>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =

>>DEF(GCC47_AARCH64_DLINK2_FLAGS)

>>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =

>>DEF(GCC47_ARM_ASLDLINK_FLAGS)

>>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =

>>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

>>>>

>>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

>>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -

>>fno-pic -fno-pie

>>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

>>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-

>>sections -z common-page-size=0x40

>>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =

>>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u

>>>> ReferenceAcpiTable

>>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =

>>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

>>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

>>>>

>>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

>>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =

>>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =

>>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -

>>march=i386

>>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)

>>-Wl,-m,elf_i386,--oformat=elf32-i386

>>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

>>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -

>>no-pie

>>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =

>>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

>>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =

>>DEF(GCC49_AARCH64_DLINK_FLAGS)

>>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

>>>>

>>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

>>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =

>>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

>>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =

>>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

>>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -

>>march=i386

>>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

>>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -

>>no-pie

>>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

>>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =

>>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

>>>> --

>>>> 2.17.1

>>>

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Gao, Liming June 14, 2018, 4:04 a.m. UTC | #6 
Ard:
  If we have no other solution to disable this error, we have to roll back the change in GCC49 tool chain. 

Thanks
Liming
> -----Original Message-----

> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

> Sent: Wednesday, June 13, 2018 6:19 PM

> To: Gao, Liming <liming.gao@intel.com>

> Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong <yonghong.zhu@intel.com>

> Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation explicitly

> 

> On 13 June 2018 at 12:16, Gao, Liming <liming.gao@intel.com> wrote:

> > Ard:

> >   This patch causes GCC49 IA32 build failure with GCC compiler 4.9.2 in link phase. " gcc: error: unrecognized command line option

> -no-pie"

> >   Do you know any option to disable this error?

> >

> 

> Sorry about that.

> 

> I guess the assumption that this was safe for GCC49 was incorrect after all.

> 

> Shall I send a patch to move back to setting it for GCC5 only?

> 

> >>-----Original Message-----

> >>From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

> >>Sent: Tuesday, June 12, 2018 2:19 PM

> >>To: Gao, Liming <liming.gao@intel.com>

> >>Cc: edk2-devel@lists.01.org; lersek@redhat.com; Zhu, Yonghong

> >><yonghong.zhu@intel.com>

> >>Subject: Re: [PATCH v2] BaseTools/tools_def IA32: disable PIE code

> >>generation explicitly

> >>

> >>On 12 June 2018 at 03:40, Gao, Liming <liming.gao@intel.com> wrote:

> >>> Reviewed-by: Liming Gao <liming.gao@intel.com>

> >>>

> >>

> >>Thanks

> >>

> >>Pushed as c25d3905523a

> >>

> >>>> -----Original Message-----

> >>>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]

> >>>> Sent: Tuesday, June 12, 2018 12:29 AM

> >>>> To: edk2-devel@lists.01.org

> >>>> Cc: lersek@redhat.com; Gao, Liming <liming.gao@intel.com>; Zhu,

> >>Yonghong <yonghong.zhu@intel.com>; Ard Biesheuvel

> >>>> <ard.biesheuvel@linaro.org>

> >>>> Subject: [PATCH v2] BaseTools/tools_def IA32: disable PIE code generation

> >>explicitly

> >>>>

> >>>> As a security measure, some distros now build their GCC toolchains with

> >>>> PIE code generation enabled by default, because it is a prerequisite

> >>>> for ASLR to be enabled when running the executable.

> >>>>

> >>>> This typically results in slightly larger code, but it also generates

> >>>> ELF relocations that our tooling cannot deal with, so let's disable it

> >>>> explicitly when using GCC49 or later for IA32. (Note that this does not

> >>>> apply to X64: it uses PIE code deliberately in some cases, and our

> >>>> tooling does deal with the resuling relocations)

> >>>>

> >>>> Contributed-under: TianoCore Contribution Agreement 1.1

> >>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> >>>> Acked-by: Laszlo Ersek <lersek@redhat.com>

> >>>> ---

> >>>>  BaseTools/Conf/tools_def.template | 10 +++++-----

> >>>>  1 file changed, 5 insertions(+), 5 deletions(-)

> >>>>

> >>>> diff --git a/BaseTools/Conf/tools_def.template

> >>b/BaseTools/Conf/tools_def.template

> >>>> index 7e9c915755ed..733c6ec71709 100755

> >>>> --- a/BaseTools/Conf/tools_def.template

> >>>> +++ b/BaseTools/Conf/tools_def.template

> >>>> @@ -4648,7 +4648,7 @@ DEFINE GCC48_AARCH64_DLINK2_FLAGS    =

> >>DEF(GCC47_AARCH64_DLINK2_FLAGS)

> >>>>  DEFINE GCC48_ARM_ASLDLINK_FLAGS      =

> >>DEF(GCC47_ARM_ASLDLINK_FLAGS)

> >>>>  DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  =

> >>DEF(GCC47_AARCH64_ASLDLINK_FLAGS)

> >>>>

> >>>> -DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)

> >>>> +DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -

> >>fno-pic -fno-pie

> >>>>  DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)

> >>>>  DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-

> >>sections -z common-page-size=0x40

> >>>>  DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS =

> >>DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u

> >>>> ReferenceAcpiTable

> >>>> @@ -5357,10 +5357,10 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   =

> >>DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s

> >>>>  *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy

> >>>>

> >>>>  *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32

> >>>> -*_GCC49_IA32_ASLDLINK_FLAGS       =

> >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> >>>> +*_GCC49_IA32_ASLDLINK_FLAGS       =

> >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

> >>>>  *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -

> >>march=i386

> >>>>  *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS)

> >>-Wl,-m,elf_i386,--oformat=elf32-i386

> >>>> -*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

> >>>> +*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -

> >>no-pie

> >>>>  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

> >>>>  *_GCC49_IA32_OBJCOPY_FLAGS        =

> >>>>  *_GCC49_IA32_NASM_FLAGS           = -f elf32

> >>>> @@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS  =

> >>DEF(GCC49_AARCH64_DLINK_FLAGS)

> >>>>  *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy

> >>>>

> >>>>  *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto

> >>>> -*_GCC5_IA32_ASLDLINK_FLAGS       =

> >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386

> >>>> +*_GCC5_IA32_ASLDLINK_FLAGS       =

> >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie

> >>>>  *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -

> >>march=i386

> >>>> -*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)

> >>>> +*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -

> >>no-pie

> >>>>  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

> >>>>  *_GCC5_IA32_OBJCOPY_FLAGS        =

> >>>>  *_GCC5_IA32_NASM_FLAGS           = -f elf32

> >>>> --

> >>>> 2.17.1

> >>>

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
diff mbox series

Patch

diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 7e9c915755ed..733c6ec71709 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -4648,7 +4648,7 @@  DEFINE GCC48_AARCH64_DLINK2_FLAGS    = DEF(GCC47_AARCH64_DLINK2_FLAGS)
 DEFINE GCC48_ARM_ASLDLINK_FLAGS      = DEF(GCC47_ARM_ASLDLINK_FLAGS)
 DEFINE GCC48_AARCH64_ASLDLINK_FLAGS  = DEF(GCC47_AARCH64_ASLDLINK_FLAGS)
 
-DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS)
+DEFINE GCC49_IA32_CC_FLAGS           = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pie
 DEFINE GCC49_X64_CC_FLAGS            = DEF(GCC48_X64_CC_FLAGS)
 DEFINE GCC49_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
 DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
@@ -5357,10 +5357,10 @@  RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
 *_GCC49_IA32_RC_PATH              = DEF(GCC49_IA32_PREFIX)objcopy
 
 *_GCC49_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32
-*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
+*_GCC49_IA32_ASLDLINK_FLAGS       = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
 *_GCC49_IA32_ASM_FLAGS            = DEF(GCC49_ASM_FLAGS) -m32 -march=i386
 *_GCC49_IA32_DLINK_FLAGS          = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386
-*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)
+*_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS) -no-pie
 *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
 *_GCC49_IA32_OBJCOPY_FLAGS        = 
 *_GCC49_IA32_NASM_FLAGS           = -f elf32
@@ -5502,9 +5502,9 @@  RELEASE_GCC49_AARCH64_DLINK_FLAGS  = DEF(GCC49_AARCH64_DLINK_FLAGS)
 *_GCC5_IA32_RC_PATH              = DEF(GCC5_IA32_PREFIX)objcopy
 
 *_GCC5_IA32_ASLCC_FLAGS          = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
-*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
+*_GCC5_IA32_ASLDLINK_FLAGS       = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
 *_GCC5_IA32_ASM_FLAGS            = DEF(GCC5_ASM_FLAGS) -m32 -march=i386
-*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS)
+*_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
 *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)
 *_GCC5_IA32_OBJCOPY_FLAGS        =
 *_GCC5_IA32_NASM_FLAGS           = -f elf32