| Message ID | 1321284665-19356-1-git-send-email-avi@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 14 November 2011 15:31, Avi Kivity <avi@redhat.com> wrote: > @@ -1099,6 +1099,22 @@ for flag in $gcc_flags; do > fi > done > > +if test "$pie" = "yes" ; then > + cat > $TMPC << EOF > +int main(void) { return 0; } > +EOF > + if compile_prog "-fPIE -dPIE" "-Wl,-pie"; then Surely "-DPIE" ? gcc complains in the config.log: cc1: warning: unrecognized gcc debugging option: E > + QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" > + LDFLAGS="-Wl,-pie $LDFLAGS" > + if compile_prog "-fPIE -DPIE" "-Wl,-pie -Wl,-z,relro -Wl,-z,now"; then > + LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" > + fi > + else > + echo "Diabling PIE due missing toolchain support" "Disabling". "due to". Something in this patch is causing problems if you configure with --target-list=arm-linux-user --static. configure complains: ./configure: 1159: /tmp/qemu-conf--25989-.exe: not found because something about how we've built the test executable for the endianness test means it compiled successfully but won't run: cam-vm-266:maverick:qemu$ file /tmp/qemu-conf--25297-.exe /tmp/qemu-conf--25297-.exe: ELF 32-bit LSB shared object, Intel 80386, version 1 (GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, not stripped cam-vm-266:maverick:qemu$ ldd /tmp/qemu-conf--25297-.exe statically linked cam-vm-266:maverick:qemu$ /tmp/qemu-conf--25297-.exe -bash: /tmp/qemu-conf--25297-.exe: No such file or directory If you let it go ahead and build the whole arm-linux-user/qemu-arm binary then that has the same problem: it won't run. ...and this is all just on x86-32 hosts! -- PMM
On 11/14/2011 06:03 PM, Peter Maydell wrote: > On 14 November 2011 15:31, Avi Kivity <avi@redhat.com> wrote: > > @@ -1099,6 +1099,22 @@ for flag in $gcc_flags; do > > fi > > done > > > > +if test "$pie" = "yes" ; then > > + cat > $TMPC << EOF > > +int main(void) { return 0; } > > +EOF > > + if compile_prog "-fPIE -dPIE" "-Wl,-pie"; then > > Surely "-DPIE" ? > gcc complains in the config.log: > cc1: warning: unrecognized gcc debugging option: E Ugh. > > + QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" > > + LDFLAGS="-Wl,-pie $LDFLAGS" > > + if compile_prog "-fPIE -DPIE" "-Wl,-pie -Wl,-z,relro -Wl,-z,now"; then > > + LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" > > + fi > > + else > > + echo "Diabling PIE due missing toolchain support" > > "Disabling". "due to". Maybe I'm developing dyslexia. > Something in this patch is causing problems if you configure > with --target-list=arm-linux-user --static. configure complains: > ./configure: 1159: /tmp/qemu-conf--25989-.exe: not found > > because something about how we've built the test executable for > the endianness test means it compiled successfully but won't > run: > cam-vm-266:maverick:qemu$ file /tmp/qemu-conf--25297-.exe > /tmp/qemu-conf--25297-.exe: ELF 32-bit LSB shared object, Intel 80386, > version 1 (GNU/Linux), dynamically linked (uses shared libs), for > GNU/Linux 2.6.15, not stripped > cam-vm-266:maverick:qemu$ ldd /tmp/qemu-conf--25297-.exe > statically linked > cam-vm-266:maverick:qemu$ /tmp/qemu-conf--25297-.exe > -bash: /tmp/qemu-conf--25297-.exe: No such file or directory > > If you let it go ahead and build the whole arm-linux-user/qemu-arm > binary then that has the same problem: it won't run. > > ...and this is all just on x86-32 hosts! I'll disable PIE on static builds. So we'll be left with PIE enabled by default on x86 dynamic builds, which ought to work, or I'll go crazy.
diff --git a/configure b/configure index 6c77fbb..ff000f0 100755 --- a/configure +++ b/configure @@ -172,7 +172,7 @@ aix="no" blobs="yes" pkgversion="" check_utests="" -user_pie="no" +pie="yes" zero_malloc="" trace_backend="nop" trace_file="trace" @@ -701,9 +701,9 @@ for opt do ;; --disable-guest-base) guest_base="no" ;; - --enable-user-pie) user_pie="yes" + --enable-pie) pie="yes" ;; - --disable-user-pie) user_pie="no" + --disable-pie) pie="no" ;; --enable-uname-release=*) uname_release="$optarg" ;; @@ -1031,8 +1031,8 @@ echo " --disable-bsd-user disable all BSD usermode emulation targets" echo " --enable-guest-base enable GUEST_BASE support for usermode" echo " emulation targets" echo " --disable-guest-base disable GUEST_BASE support" -echo " --enable-user-pie build usermode emulation targets as PIE" -echo " --disable-user-pie do not build usermode emulation targets as PIE" +echo " --enable-pie build Position Independent Executables" +echo " --disable-pie do not build Position Independent Executables" echo " --fmod-lib path to FMOD library" echo " --fmod-inc path to FMOD includes" echo " --oss-lib path to OSS library" @@ -1099,6 +1099,22 @@ for flag in $gcc_flags; do fi done +if test "$pie" = "yes" ; then + cat > $TMPC << EOF +int main(void) { return 0; } +EOF + if compile_prog "-fPIE -dPIE" "-Wl,-pie"; then + QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" + LDFLAGS="-Wl,-pie $LDFLAGS" + if compile_prog "-fPIE -DPIE" "-Wl,-pie -Wl,-z,relro -Wl,-z,now"; then + LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS" + fi + else + echo "Diabling PIE due missing toolchain support" + pie="no" + fi +fi + # # Solaris specific configure tool chain decisions # @@ -2765,7 +2781,7 @@ echo "Documentation $docs" echo "uname -r $uname_release" echo "NPTL support $nptl" echo "GUEST_BASE $guest_base" -echo "PIE user targets $user_pie" +echo "PIE $pie" echo "vde support $vde" echo "Linux AIO support $linux_aio" echo "ATTR/XATTR support $attr" @@ -3225,9 +3241,6 @@ for d in libdis libdis-user; do symlink $source_path/Makefile.dis $d/Makefile echo > $d/config.mak done -if test "$static" = "no" -a "$user_pie" = "yes" ; then - echo "QEMU_CFLAGS+=-fpie" > libdis-user/config.mak -fi for target in $target_list; do target_dir="$target" @@ -3646,12 +3659,6 @@ if test "$target_softmmu" = "yes" ; then esac fi -if test "$target_user_only" = "yes" -a "$static" = "no" -a \ - "$user_pie" = "yes" ; then - cflags="-fpie $cflags" - ldflags="-pie $ldflags" -fi - if test "$target_softmmu" = "yes" -a \( \ "$TARGET_ARCH" = "microblaze" -o \ "$TARGET_ARCH" = "cris" \) ; then @@ -3775,9 +3782,6 @@ d=libuser mkdir -p $d mkdir -p $d/trace symlink $source_path/Makefile.user $d/Makefile -if test "$static" = "no" -a "$user_pie" = "yes" ; then - echo "QEMU_CFLAGS+=-fpie" > $d/config.mak -fi if test "$docs" = "yes" ; then mkdir -p QMP
Change the default to building PIE (position independent executables); instead of restricting the option to user-only targets, apply it to all targets. In addition, set the relocation sections to read-only (relro) when available; this reduces the attack surface by disallowing changes to relocation tables at runtime. While PIE reduces performance and relro increases load time, it greatly improves security, with the potential to reduce a code execution vulnerability to a self denial of service. Signed-off-by: Avi Kivity <avi@redhat.com> --- v4: say it's v4 and for 1.0 v3: detect toolchain support for PIE at configure time v2: improve description to include relro configure | 40 ++++++++++++++++++++++------------------ 1 files changed, 22 insertions(+), 18 deletions(-)