From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 28422 invoked from network); 16 Apr 2021 23:33:58 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 16 Apr 2021 23:33:58 -0000 Received: (qmail 15553 invoked by uid 550); 16 Apr 2021 23:33:56 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 15535 invoked from network); 16 Apr 2021 23:33:55 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=dRt1cVR3NT8Co5HlIL5LbvvOx/N6uzwCfLZ2aHHYtQo=; b=toTRynI70xX2hUn4fmkzfTiE6M+WHHE7sgRNsiogCu6VUeuyVVa4Z6tZN2EWI8Texa zQQPjMldNJ8U9KrbBGWcJZLCXoouQVbNtjU7vryobV+n25LxyUuf00RvBDwYQCpLKPqn u0nQPtnE4bZNCym7GSw0p9T+tFTkj+SlwM6QnSbtrCAy6ix+BS41cnNfvMW1Ep0aR1hv OllqLv+Psib3Ju8BOH8EqJrY8pZ5ViDNbqutFDUsX5MTyBjEjXRur9e5NBOfkZsOkTZj BNsCRh/SaJAGmld/jOtqV3Z2z9Ys/d8aKN31nxN7hGJR/yJXrBJ/kLVRJbav42fKGQaj /eZw== X-Gm-Message-State: AOAM533iU3oLFyPXPVQiUKBk2H/eAqJzyMdhIo7/Ru5aaS4Ak7vl3XYc Ojxyhdu0soVDsSjIVjqpnBnHl5H2SH0= X-Google-Smtp-Source: ABdhPJyFx/fE0pbf3RHJq24XZjlquwrtw2kZh8n65FWN+grP9qFBHDZYPbHnG2k0VlOTOvGxpdqtGA== X-Received: by 2002:a65:43c9:: with SMTP id n9mr1222202pgp.19.1618616023097; Fri, 16 Apr 2021 16:33:43 -0700 (PDT) Date: Fri, 16 Apr 2021 16:33:41 -0700 From: Fangrui Song To: musl@lists.openwall.com Cc: Andy Caldwell Message-ID: <20210416233341.r3puy5jkxzofhupm@gmail.com> References: <1ee762f8-94e2-baae-0466-deeab0f884f9@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1ee762f8-94e2-baae-0466-deeab0f884f9@redhat.com> Subject: Re: [musl] [PATCH] Add static-pie support to musl-gcc On 2021-04-16, Harald Hoyer wrote: >Yeah, I have been suggesting this, too . > >Final suggestion was: > > tools/musl-gcc.specs.sh | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > mode change 100644 => 100755 tools/musl-gcc.specs.sh > >diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh >old mode 100644 >new mode 100755 >index 30492574..ed584ed3 >--- a/tools/musl-gcc.specs.sh >+++ b/tools/musl-gcc.specs.sh >@@ -17,13 +17,13 @@ cat < libgcc.a%s %:if-exists(libgcc_eh.a%s) > > *startfile: >-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s >+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s > > *endfile: > crtendS.o%s $libdir/crtn.o > > *link: >--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic} >+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker} >%{rdynamic:-export-dynamic} > > *esp_link: If there is a change, will be good to restrict the --dynamic-linker option to !shared !static !static-pie only. > >Am 15.04.21 um 22:14 schrieb Andy Caldwell: >> Hello all, >> >> I've been using musl as the libc backend for rustc for various and I also wanted >> to build some C executables against musl (using the `musl-gcc` wrapper since I'm >> compiling on Ubuntu/Centos). For various (security and other) reasons we want >> to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't >> handle that flag. I found https://www.openwall.com/lists/musl/2019/05/28/1 >> which seemed like a good start, but also seems to have stalled. >> >> Starting from that patch, I've applied the various suggestions in the following >> emails in the thread (adding `-z text` and handling `-eh-frame-hdr`). I've also >> make a few other changes: >> >> * Pass `-pie` to the linker when `-static-pie` is requested (this might be >> passed automatically if gcc was built `-default-pie` but it doesn't hurt to >> pass it in and it's certainly needed in some cases) >> * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's >> gcc's standard behaviour) >> >> Using this specfile, I was able to build and run the OpenSSL command line tools >> (which seem to be a decent stress-test of a compiler/linker) both as `-static` and >> as `-static-pie`, as well as building the compiling the following example >> executable to check that PIE is being applied appropriately (compare the >> outputs with `-static` vs. `-static-pie` across multiple runs). >> >> ``` >> #include >> >> static int static_int = 42; >> static int *static_ptr = &static_int; >> >> int main(int argc, char** argv) { >> printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr); >> return 0; >> } >> ``` >> >> Thanks, >> >> Andy Caldwell >> >> --- PATCH BELOW --- >> >> From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001 >> From: Andy Caldwell >> Date: Thu, 15 Apr 2021 21:05:38 +0100 >> Subject: [PATCH] Add static-pie support to musl-gcc >> >> --- >> tools/musl-gcc.specs.sh | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh >> index 30492574..0e5a9035 100644 >> --- a/tools/musl-gcc.specs.sh >> +++ b/tools/musl-gcc.specs.sh >> @@ -17,13 +17,13 @@ cat <> libgcc.a%s %:if-exists(libgcc_eh.a%s) >> >> *startfile: >> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s >> +%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s >> >> *endfile: >> crtendS.o%s $libdir/crtn.o >> >> *link: >> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic} >> +%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr} >> >> *esp_link: >> >> >