| Message ID | 20191218223441.23852-6-richard.henderson@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | configure: Improve PIE and other linkage | expand |
On 12/18/19 11:34 PM, Richard Henderson wrote: > There is nothing about these options that is related to PIE. > Use them unconditionally. > > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > v2: Do not split into two tests. > --- > configure | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/configure b/configure > index 7a646ec007..2503288654 100755 > --- a/configure > +++ b/configure > @@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then > QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" > LDFLAGS="-pie $LDFLAGS" > pie="yes" > - if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then > - LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" > - fi > else > if test "$pie" = "yes"; then > error_exit "PIE not available due to missing toolchain support" > @@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then > fi > fi > > +# Detect support for PT_GNU_RELRO + DT_BIND_NOW. > +# The combination is known as "full relro", because .got is read-only too. > +if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then > + LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" > +fi > + > ########################################## > # __sync_fetch_and_and requires at least -march=i486. Many toolchains > # use i686 as default anyway, but for those that don't, an explicit > Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
On 2019-12-18, Philippe Mathieu-Daudé wrote: >On 12/18/19 11:34 PM, Richard Henderson wrote: >>There is nothing about these options that is related to PIE. >>Use them unconditionally. >> >>Signed-off-by: Richard Henderson <richard.henderson@linaro.org> >>--- >>v2: Do not split into two tests. >>--- >> configure | 9 ++++++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >>diff --git a/configure b/configure >>index 7a646ec007..2503288654 100755 >>--- a/configure >>+++ b/configure >>@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then >> QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" >> LDFLAGS="-pie $LDFLAGS" >> pie="yes" >>- if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then >>- LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" >>- fi >> else >> if test "$pie" = "yes"; then >> error_exit "PIE not available due to missing toolchain support" >>@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then >> fi >> fi >>+# Detect support for PT_GNU_RELRO + DT_BIND_NOW. >>+# The combination is known as "full relro", because .got is read-only too. >>+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then >>+ LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" >>+fi >>+ >> ########################################## >> # __sync_fetch_and_and requires at least -march=i486. Many toolchains >> # use i686 as default anyway, but for those that don't, an explicit >> > >Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> One nit, .got is also read-only in partial relro. Full relro makes .got.plt read-only. (On EM_PPC and EM_PPC64, .got.plt is named .plt (yes, misnomer)). Reviewed-by: Fangrui Song <i@maskray.me>
diff --git a/configure b/configure index 7a646ec007..2503288654 100755 --- a/configure +++ b/configure @@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" LDFLAGS="-pie $LDFLAGS" pie="yes" - if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then - LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" - fi else if test "$pie" = "yes"; then error_exit "PIE not available due to missing toolchain support" @@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then fi fi +# Detect support for PT_GNU_RELRO + DT_BIND_NOW. +# The combination is known as "full relro", because .got is read-only too. +if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then + LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" +fi + ########################################## # __sync_fetch_and_and requires at least -march=i486. Many toolchains # use i686 as default anyway, but for those that don't, an explicit
There is nothing about these options that is related to PIE. Use them unconditionally. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v2: Do not split into two tests. --- configure | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- 2.20.1