diff mbox

: New configure options that make the compiler use -fPIE and -pie as default option

Message ID 20150112161023.GA6392@gmail.com
State New
Headers show

Commit Message

H.J. Lu Jan. 12, 2015, 4:10 p.m. UTC 
On Fri, Jan 09, 2015 at 01:58:45PM +0100, Richard Biener wrote:
> On Tue, Dec 30, 2014 at 10:23 PM, Magnus Granberg <zorry@gentoo.org> wrote:
> > fredag 14 november 2014 23.31.48 skrev  Magnus Granberg:
> >> måndag 10 november 2014 21.26.39 skrev  Magnus Granberg:
> >> > >   Rainer
> >> >
> >> > Thanks Rainer for the nits and comments.
> >> > Have updated the patches and Changelogs.
> >> > But i still use PIE_DRIVER_SELF_SPECS, do you have a ide where move it so
> >> > i don't need to duplicate that stuff or how to do it?
> >> >
> >> > Magnus G
> >> >
> >> > 2014-11-10  Magnus Granberg  <zorry@gentoo.org>
> >> >
> >> >     /gcc
> >> >     * config/gnu-user.h (PIE_DRIVER_SELF_SPECS) and
> >> >     (GNU_DRIVER_SELF_SPECS): Define.
> >> >     * config/i386/gnu-user-common.h (DRIVER_SELF_SPECS): Define
> >> >     * configure.ac: Add new option.
> >> >     * configure, config.in: Rebuild.
> >> >     * Makefile.in (ALL_CFLAGS) and (ALL_CXXFLAGS): Disable PIE.
> >> >     * doc/install.texi: New configure option.
> >> >     * doc/invoke.texi: Add note to PIE.
> >> >     * doc/sourcebuild.texi: New effective target.
> >> >     gcc/testsuite
> >> >     * gcc/default-pie.c: New test
> >> >     * gcc.dg/tree-ssa/ssa-store-ccp-3.c: Skip if default_pie
> >> >     * g++.dg/other/anon5.C: Skip if default_pie
> >> >     * lib/target-supports.exp (check_effective_target_default_pie):
> >> >     New proc.
> >> >     /libgcc
> >> >     * Makefile.in (CRTSTUFF_CFLAGS): Disable PIE.
> >>
> >> Can this be included for GCC 5 ?
> >>
> >> /Magnus G.
> > One more ping on this. The patches where sent before stage 1 closed but i
> > did't get any feed back from it
> > Have updete the patchses for gcc 5.0 20141228 snapshot.
> > Bootstrapped and tested on x86_64-unknown-linux-gnu (Gentoo)
> > /Magnus
> 
> Looking at the actual implementation I wonder why it's not similar
> to how darwin gets at it default (not sure how it does).  Also
> looking at how DRIVER_SELF_SPECS is used I wonder if the
> functionality can be enabled with a simple
> 
> --with-specs="%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE|shared|static|nostdlib|nodefaultlibs|nostartfiles:;:-fPIE
> -pie}"
> 
> at configure time (using CONFIGURE_SPECS).
> 
> I have no idea if the above is really the proper spec to use - why
> do you include static, nostdlib, nodefaultlibs and nostartfiles
> for example?  Similar, if I say
> 
>  gcc -pie -c t.c
> 
> we will end up with a non-PIE object, and linking with -fPIE will
> end up with a DYN_EXEC object.
> 
> I believe you want to treat link and compile arguments separately
> (and adjust the link spec for linking).  I also would have said that
> elfos.h is more appropriate than gnu-user.h, but ...
> 
> That said, the patch looks more like a hack (and see above how
> to achieve the same without a patch(?)), not like a proper implementation
> of a PIE default.
> 
> Joseph may have an idea where the proper place for a spec-wise
> default PIE is.
> 

This is the new implementation of --enable-default-pie.  Tested on
Linux/x86-64.  OK for trunk?

Thanks.


H.J.
---
gcc/

2015-01-12  Magnus Granberg  <zorry@gentoo.org>
	    H.J. Lu  <hongjiu.lu@intel.com>

	* Makefile.in (COMPILER): Add @NO_PIE_CFLAGS@.
	(LINKER): Add @NO_PIE_FLAG@.
	(libgcc.mvars): Set NO_PIE_CFLAGS to -fno-PIE for
	--enable-default-pie.
	* common.opt (fPIE): Initialize to -1.
	(fpie): Likewise.
	(static): Add "RejectNegative Negative(shared)".
	(no-pie): New option.
	(pie): Replace "Negative(shared)" with "Negative(no-pie)".
	* configure.ac: Add --enable-default-pie.
	(NO_PIE_CFLAGS): New. Check if -fno-PIE works.  AC_SUBST.
	(NO_PIE_FLAG): New. Check if -no-pie works.  AC_SUBST.
	* defaults.h (DEFAULT_FLAG_PIE): New.  Default PIE to -fPIE.
	* gcc.c (NO_PIE_SPEC): New.
	(PIE_SPEC): Likewise.
	(LD_PIE_SPEC): Likewise.
	(LINK_PIE_SPEC): Handle -no-pie.  Use PIE_SPEC and LD_PIE_SPEC.
	* opts.c (DEFAULT_FLAG_PIE): New.  Set to 0 if ENABLE_DEFAULT_PIE
	is undefined.
	(finish_options): Update opts->x_flag_pie if it is -1.
	* config/gnu-user.h (FVTABLE_VERIFY_SPEC): New.
	(GNU_USER_TARGET_STARTFILE_SPEC): Use FVTABLE_VERIFY_SPEC.  Use
	NO_PIE_SPEC and NO_PIE_SPEC if ENABLE_DEFAULT_PIE is defined.
	(GNU_USER_TARGET_STARTFILE_SPEC): Use FVTABLE_VERIFY_SPEC.
	* doc/install.texi: Document --enable-default-pie.
	* doc/invoke.texi: Document -no-pie.
	* config.in: Regenerated.
	* configure: Likewise.

gcc/ada/

2015-01-12  H.J. Lu  <hongjiu.lu@intel.com>

	* gcc-interface/Makefile.in (TOOLS_LIBS): Add @NO_PIE_FLAG@.

libgcc/

2015-01-12  H.J. Lu  <hongjiu.lu@intel.com>

	* Makefile.in (CRTSTUFF_CFLAGS): Add $(NO_PIE_CFLAGS).

Comments

Joseph Myers Jan. 12, 2015, 11:50 p.m. UTC | #1 
On Mon, 12 Jan 2015, H.J. Lu wrote:

> +if test x$enable_default_pie = xyes; then
> +  AC_MSG_CHECKING(if $target supports default PIE)
> +  enable_default_pie=no
> +  case $target in
> +    i?86*-*-linux* | x86_64*-*-linux*)
> +      saved_LDFLAGS="$LDFLAGS"
> +      saved_CFLAGS="$CFLAGS"
> +      CFLAGS="$CFLAGS -fPIE"
> +      LDFLAGS="$LDFLAGS -fPIE -pie"
> +      AC_TRY_LINK(,,[enable_default_pie=yes],)
> +      LDFLAGS="$saved_LDFLAGS"
> +      CFLAGS="$saved_CFLAGS"
> +      ;;
> +    *)
> +      ;;
> +    esac

There should not be any such hardcoding of targets here without concrete 
evidence that the targets for which this sets enable_default_pie=no really 
cannot support PIE.  In particular, there is no reason at all for this to 
be architecture-specific; all GNU/Linux architectures should support PIE.

I believe AC_TRY_LINK here will test for the host, whereas what you want 
to know is what's supported for the target (but it's not possible to run 
link tests for the target at this point; the compiler for the target 
hasn't even been built).

So: just presume that if the user passes --enable-default-pie then they 
know what they are doing, and don't try to override their choice.

> diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
> index c9e3bf1..89fc305 100644
> --- a/gcc/doc/install.texi
> +++ b/gcc/doc/install.texi
> @@ -1583,6 +1583,10 @@ not be built.
>  Specify that the run-time libraries for stack smashing protection
>  should not be built.
>  
> +@item --enable-default-pie
> +Turn on @option{-fPIE} and @option{-pie} by default if supported.
> +Currently supported targets are i?86-*-linux* and x86-64-*-linux*.

The "if supported" and target list can then be removed here.
H.J. Lu Jan. 12, 2015, 11:53 p.m. UTC | #2 
On Mon, Jan 12, 2015 at 3:50 PM, Joseph Myers <joseph@codesourcery.com> wrote:
> On Mon, 12 Jan 2015, H.J. Lu wrote:
>
>> +if test x$enable_default_pie = xyes; then
>> +  AC_MSG_CHECKING(if $target supports default PIE)
>> +  enable_default_pie=no
>> +  case $target in
>> +    i?86*-*-linux* | x86_64*-*-linux*)
>> +      saved_LDFLAGS="$LDFLAGS"
>> +      saved_CFLAGS="$CFLAGS"
>> +      CFLAGS="$CFLAGS -fPIE"
>> +      LDFLAGS="$LDFLAGS -fPIE -pie"
>> +      AC_TRY_LINK(,,[enable_default_pie=yes],)
>> +      LDFLAGS="$saved_LDFLAGS"
>> +      CFLAGS="$saved_CFLAGS"
>> +      ;;
>> +    *)
>> +      ;;
>> +    esac
>
> There should not be any such hardcoding of targets here without concrete
> evidence that the targets for which this sets enable_default_pie=no really
> cannot support PIE.  In particular, there is no reason at all for this to
> be architecture-specific; all GNU/Linux architectures should support PIE.

I will make the change.  Can someone test it on non-x86 Linux?

> I believe AC_TRY_LINK here will test for the host, whereas what you want
> to know is what's supported for the target (but it's not possible to run
> link tests for the target at this point; the compiler for the target
> hasn't even been built).
>
> So: just presume that if the user passes --enable-default-pie then they
> know what they are doing, and don't try to override their choice.
>
>> diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
>> index c9e3bf1..89fc305 100644
>> --- a/gcc/doc/install.texi
>> +++ b/gcc/doc/install.texi
>> @@ -1583,6 +1583,10 @@ not be built.
>>  Specify that the run-time libraries for stack smashing protection
>>  should not be built.
>>
>> +@item --enable-default-pie
>> +Turn on @option{-fPIE} and @option{-pie} by default if supported.
>> +Currently supported targets are i?86-*-linux* and x86-64-*-linux*.
>
> The "if supported" and target list can then be removed here.
>

I will remove them.

Thanks.
diff mbox

Patch

diff --git a/gcc/Makefile.in b/gcc/Makefile.in
index 5f9261f..180751f 100644
--- a/gcc/Makefile.in
+++ b/gcc/Makefile.in
@@ -252,6 +252,12 @@  LINKER = $(CC)
 LINKER_FLAGS = $(CFLAGS)
 endif
 
+# We don't want to compile the compiler with -fPIE, it make PCH fail.
+COMPILER += @NO_PIE_CFLAGS@
+
+# Link with -no-pie since we compile the compiler with -fno-PIE.
+LINKER += @NO_PIE_FLAG@
+
 # Like LINKER, but use a mutex for serializing front end links.
 ifeq (@DO_LINK_MUTEX@,true)
 LLINKER = $(SHELL) $(srcdir)/lock-and-run.sh linkfe.lck $(LINKER)
@@ -1854,6 +1860,12 @@  libgcc.mvars: config.status Makefile specs xgcc$(exeext)
 	echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars
 	echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars
 	echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars
+	if test @enable_default_pie@ = yes; then \
+	  NO_PIE_CFLAGS="-fno-PIE"; \
+	else \
+	  NO_PIE_CFLAGS=; \
+	fi; \
+	echo NO_PIE_CFLAGS = "$$NO_PIE_CFLAGS" >> tmp-libgcc.mvars
 
 	mv tmp-libgcc.mvars libgcc.mvars
 
diff --git a/gcc/ada/gcc-interface/Makefile.in b/gcc/ada/gcc-interface/Makefile.in
index 870cfab..a446d48 100644
--- a/gcc/ada/gcc-interface/Makefile.in
+++ b/gcc/ada/gcc-interface/Makefile.in
@@ -267,6 +267,9 @@  TOOLS_LIBS = ../link.o ../targext.o ../../ggc-none.o ../../libcommon-target.a \
   ../../libcommon.a ../../../libcpp/libcpp.a $(LIBGNAT) $(LIBINTL) $(LIBICONV) \
   ../$(LIBBACKTRACE) ../$(LIBIBERTY) $(SYSLIBS) $(TGT_LIB)
 
+# Add -no-pie to TOOLS_LIBS since some of them are compiled with -fno-PIE.
+TOOLS_LIBS += @NO_PIE_FLAG@
+
 # Specify the directories to be searched for header files.
 # Both . and srcdir are used, in that order,
 # so that tm.h and config.h will be found in the compilation
diff --git a/gcc/common.opt b/gcc/common.opt
index e104269..b3fdb27 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -1755,7 +1755,7 @@  Common Report Var(flag_pic,2) Negative(fPIE)
 Generate position-independent code if possible (large mode)
 
 fPIE
-Common Report Var(flag_pie,2) Negative(fpic)
+Common Report Var(flag_pie,2) Negative(fpic) Init(-1)
 Generate position-independent code for executables if possible (large mode)
 
 fpic
@@ -1763,7 +1763,7 @@  Common Report Var(flag_pic,1) Negative(fpie)
 Generate position-independent code if possible (small mode)
 
 fpie
-Common Report Var(flag_pie,1) Negative(fPIC)
+Common Report Var(flag_pie,1) Negative(fPIC) Init(-1)
 Generate position-independent code for executables if possible (small mode)
 
 fplugin=
@@ -2792,7 +2792,7 @@  specs=
 Driver Joined
 
 static
-Driver
+Driver RejectNegative Negative(shared)
 
 static-libgcc
 Driver
@@ -2823,8 +2823,12 @@  Driver
 symbolic
 Driver
 
+no-pie
+Driver RejectNegative Negative(static)
+Don't create a position independent executable
+
 pie
-Driver RejectNegative Negative(shared)
+Driver RejectNegative Negative(no-pie)
 Create a position independent executable
 
 z
diff --git a/gcc/config.in b/gcc/config.in
index f34adb5..3fc018a 100644
--- a/gcc/config.in
+++ b/gcc/config.in
@@ -89,6 +89,12 @@ 
 #endif
 
 
+/* Define if your target supports default PIE and it is enabled. */
+#ifndef USED_FOR_TARGET
+#undef ENABLE_DEFAULT_PIE
+#endif
+
+
 /* Define if you want more run-time sanity checks for dataflow. */
 #ifndef USED_FOR_TARGET
 #undef ENABLE_DF_CHECKING
diff --git a/gcc/config/gnu-user.h b/gcc/config/gnu-user.h
index 2faa2e5..5cbe5da 100644
--- a/gcc/config/gnu-user.h
+++ b/gcc/config/gnu-user.h
@@ -41,19 +41,29 @@  see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
    object constructed before entering `main'.  */
 
 #if defined HAVE_LD_PIE
-#define GNU_USER_TARGET_STARTFILE_SPEC \
-  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \
-   %{fvtable-verify=none:%s; \
+#define FVTABLE_VERIFY_SPEC \
+  "%{fvtable-verify=none:%s; \
      fvtable-verify=preinit:vtv_start_preinit.o%s; \
      fvtable-verify=std:vtv_start.o%s}"
+#if defined ENABLE_DEFAULT_PIE
+#define GNU_USER_TARGET_STARTFILE_SPEC \
+  "%{!shared: %{pg|p|profile:gcrt1.o%s;: \
+    %{" PIE_SPEC ":Scrt1.o%s} %{" NO_PIE_SPEC ":crt1.o%s}}} \
+   crti.o%s %{static:crtbeginT.o%s;: %{shared:crtbeginS.o%s} \
+	      %{" PIE_SPEC ":crtbeginS.o%s} \
+	      %{" NO_PIE_SPEC ":crtbegin.o%s}}" \
+   FVTABLE_VERIFY_SPEC
+#else
+#define GNU_USER_TARGET_STARTFILE_SPEC \
+  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
+   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" \
+   FVTABLE_VERIFY_SPEC
+#endif
 #else
 #define GNU_USER_TARGET_STARTFILE_SPEC \
   "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \
-   %{fvtable-verify=none:%s; \
-     fvtable-verify=preinit:vtv_start_preinit.o%s; \
-     fvtable-verify=std:vtv_start.o%s}"
+   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" \
+   FVTABLE_VERIFY_SPEC
 #endif
 #undef  STARTFILE_SPEC
 #define STARTFILE_SPEC GNU_USER_TARGET_STARTFILE_SPEC
diff --git a/gcc/configure b/gcc/configure
index 1bf4358..57debff 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -600,6 +600,9 @@  ac_includes_default="\
 
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
+NO_PIE_FLAG
+NO_PIE_CFLAGS
+enable_default_pie
 PICFLAG
 enable_host_shared
 enable_plugin
@@ -937,6 +940,7 @@  enable_host_shared
 enable_libquadmath_support
 with_linker_hash_style
 with_diagnostics_color
+enable_default_pie
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1665,6 +1669,7 @@  Optional Features:
   --enable-host-shared    build host code as shared libraries
   --disable-libquadmath-support
                           disable libquadmath support for Fortran
+  --enable-default-pie    enable Position Independent Executable as default
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -18147,7 +18152,7 @@  else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18150 "configure"
+#line 18155 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -18253,7 +18258,7 @@  else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18256 "configure"
+#line 18261 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -28432,6 +28437,111 @@  cat > gcc-driver-name.h <<EOF
 #define GCC_DRIVER_NAME "${target_noncanonical}-gcc-${gcc_BASEVER}${exeext}"
 EOF
 
+# Check whether --enable-default-pie was given and target have the support.
+# Check whether --enable-default-pie was given.
+if test "${enable_default_pie+set}" = set; then :
+  enableval=$enable_default_pie; enable_default_pie=$enableval
+else
+  enable_default_pie=no
+fi
+
+if test x$enable_default_pie = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $target supports default PIE" >&5
+$as_echo_n "checking if $target supports default PIE... " >&6; }
+  enable_default_pie=no
+  case $target in
+    i?86*-*-linux* | x86_64*-*-linux*)
+      saved_LDFLAGS="$LDFLAGS"
+      saved_CFLAGS="$CFLAGS"
+      CFLAGS="$CFLAGS -fPIE"
+      LDFLAGS="$LDFLAGS -fPIE -pie"
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  enable_default_pie=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+      LDFLAGS="$saved_LDFLAGS"
+      CFLAGS="$saved_CFLAGS"
+      ;;
+    *)
+      ;;
+    esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_default_pie" >&5
+$as_echo "$enable_default_pie" >&6; }
+fi
+if test x$enable_default_pie == xyes ; then
+
+$as_echo "#define ENABLE_DEFAULT_PIE 1" >>confdefs.h
+
+fi
+
+
+# Check if -fno-PIE works.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fno-PIE option" >&5
+$as_echo_n "checking for -fno-PIE option... " >&6; }
+if test "${gcc_cv_c_no_fpie+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  saved_CFLAGS="$CFLAGS"
+   CFLAGS="$CFLAGS -fno-PIE"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) {return 0;}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gcc_cv_c_no_fpie=yes
+else
+  gcc_cv_c_no_fpie=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   CFLAGS="$saved_CFLAGS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5
+$as_echo "$gcc_cv_c_no_fpie" >&6; }
+if test "$gcc_cv_c_no_fpie" = "yes"; then
+  NO_PIE_CFLAGS="-fno-PIE"
+fi
+
+
+# Check if -no-pie works.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5
+$as_echo_n "checking for -no-pie option... " >&6; }
+if test "${gcc_cv_no_pie+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  saved_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS -no-pie"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) {return 0;}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  gcc_cv_no_pie=yes
+else
+  gcc_cv_no_pie=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+   LDFLAGS="$saved_LDFLAGS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5
+$as_echo "$gcc_cv_no_pie" >&6; }
+if test "$gcc_cv_no_pie" = "yes"; then
+  NO_PIE_FLAG="-no-pie"
+fi
+
+
 # Configure the subdirectories
 # AC_CONFIG_SUBDIRS($subdirs)
 
diff --git a/gcc/configure.ac b/gcc/configure.ac
index 102dab9..952fbec 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -5759,6 +5759,64 @@  cat > gcc-driver-name.h <<EOF
 #define GCC_DRIVER_NAME "${target_noncanonical}-gcc-${gcc_BASEVER}${exeext}"
 EOF
 
+# Check whether --enable-default-pie was given and target have the support.
+AC_ARG_ENABLE(default-pie,
+[AS_HELP_STRING([--enable-default-pie],
+  [enable Position Independent Executable as default])],
+enable_default_pie=$enableval,
+enable_default_pie=no)
+if test x$enable_default_pie = xyes; then
+  AC_MSG_CHECKING(if $target supports default PIE)
+  enable_default_pie=no
+  case $target in
+    i?86*-*-linux* | x86_64*-*-linux*)
+      saved_LDFLAGS="$LDFLAGS"
+      saved_CFLAGS="$CFLAGS"
+      CFLAGS="$CFLAGS -fPIE"
+      LDFLAGS="$LDFLAGS -fPIE -pie"
+      AC_TRY_LINK(,,[enable_default_pie=yes],)
+      LDFLAGS="$saved_LDFLAGS"
+      CFLAGS="$saved_CFLAGS"
+      ;;
+    *)
+      ;;
+    esac
+  AC_MSG_RESULT($enable_default_pie)
+fi
+if test x$enable_default_pie == xyes ; then
+  AC_DEFINE(ENABLE_DEFAULT_PIE, 1,
+      [Define if your target supports default PIE and it is enabled.])
+fi
+AC_SUBST([enable_default_pie])
+
+# Check if -fno-PIE works.
+AC_CACHE_CHECK([for -fno-PIE option],
+  [gcc_cv_c_no_fpie],
+  [saved_CFLAGS="$CFLAGS"
+   CFLAGS="$CFLAGS -fno-PIE"
+   AC_COMPILE_IFELSE([int main(void) {return 0;}],
+     [gcc_cv_c_no_fpie=yes],
+     [gcc_cv_c_no_fpie=no])
+   CFLAGS="$saved_CFLAGS"])
+if test "$gcc_cv_c_no_fpie" = "yes"; then
+  NO_PIE_CFLAGS="-fno-PIE"
+fi
+AC_SUBST([NO_PIE_CFLAGS])
+
+# Check if -no-pie works.
+AC_CACHE_CHECK([for -no-pie option],
+  [gcc_cv_no_pie],
+  [saved_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS -no-pie"
+   AC_LINK_IFELSE([int main(void) {return 0;}],
+     [gcc_cv_no_pie=yes],
+     [gcc_cv_no_pie=no])
+   LDFLAGS="$saved_LDFLAGS"])
+if test "$gcc_cv_no_pie" = "yes"; then
+  NO_PIE_FLAG="-no-pie"
+fi
+AC_SUBST([NO_PIE_FLAG])
+
 # Configure the subdirectories
 # AC_CONFIG_SUBDIRS($subdirs)
 
diff --git a/gcc/defaults.h b/gcc/defaults.h
index 5cef92c..970040e 100644
--- a/gcc/defaults.h
+++ b/gcc/defaults.h
@@ -1182,6 +1182,12 @@  see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 #define DEFAULT_PCC_STRUCT_RETURN 1
 #endif
 
+/* Default PIE to -fPIE.  */
+#ifndef DEFAULT_FLAG_PIE
+# define DEFAULT_FLAG_PIE 2
+#endif
+
+
 #ifdef GCC_INSN_FLAGS_H
 /* Dependent default target macro definitions
 
diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
index c9e3bf1..89fc305 100644
--- a/gcc/doc/install.texi
+++ b/gcc/doc/install.texi
@@ -1583,6 +1583,10 @@  not be built.
 Specify that the run-time libraries for stack smashing protection
 should not be built.
 
+@item --enable-default-pie
+Turn on @option{-fPIE} and @option{-pie} by default if supported.
+Currently supported targets are i?86-*-linux* and x86-64-*-linux*.
+
 @item --disable-libquadmath
 Specify that the GCC quad-precision math library should not be built.
 On some systems, the library is required to be linkable when building
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 0182952..842b2b8 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -10972,6 +10972,10 @@  For predictable results, you must also specify the same set of options
 used for compilation (@option{-fpie}, @option{-fPIE},
 or model suboptions) when you specify this linker option.
 
+@item -no-pie
+@opindex no-pie
+Don't produce a position independent executable.
+
 @item -rdynamic
 @opindex rdynamic
 Pass the flag @option{-export-dynamic} to the ELF linker, on targets
diff --git a/gcc/gcc.c b/gcc/gcc.c
index 55d0ff2..5d2e09d4 100644
--- a/gcc/gcc.c
+++ b/gcc/gcc.c
@@ -734,12 +734,20 @@  proper position among the other output files.  */
 #endif
 #endif
 
+#ifdef ENABLE_DEFAULT_PIE
+#define NO_PIE_SPEC	"no-pie|static"
+#define PIE_SPEC	NO_PIE_SPEC "|shared:;"
+#else
+#define PIE_SPEC "pie"
+#endif
+
 #ifndef LINK_PIE_SPEC
 #ifdef HAVE_LD_PIE
-#define LINK_PIE_SPEC "%{pie:-pie} "
+#define LD_PIE_SPEC "-pie"
 #else
-#define LINK_PIE_SPEC "%{pie:} "
+#define LD_PIE_SPEC ""
 #endif
+#define LINK_PIE_SPEC "%{no-pie:} " "%{" PIE_SPEC ":" LD_PIE_SPEC "} "
 #endif
 
 #ifndef LINK_BUILDID_SPEC
diff --git a/gcc/opts.c b/gcc/opts.c
index 8a16116..ee769c8 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -738,8 +738,22 @@  finish_options (struct gcc_options *opts, struct gcc_options *opts_set,
       opts->x_flag_section_anchors = 0;
     }
 
+#ifndef ENABLE_DEFAULT_PIE
+#undef DEFAULT_FLAG_PIE
+#define DEFAULT_FLAG_PIE 0
+#endif
+
   if (!opts->x_flag_opts_finished)
     {
+      /* We initialize opts->x_flag_pie to -1 so that targets can set a
+	 default value.  */
+      if (opts->x_flag_pie == -1)
+	{
+	  if (opts->x_flag_pic == 0)
+	    opts->x_flag_pie = DEFAULT_FLAG_PIE;
+	  else
+	    opts->x_flag_pie = 0;
+	}
       if (opts->x_flag_pie)
 	opts->x_flag_pic = opts->x_flag_pie;
       if (opts->x_flag_pic && !opts->x_flag_pie)
diff --git a/libgcc/Makefile.in b/libgcc/Makefile.in
index f693883..8d10386 100644
--- a/libgcc/Makefile.in
+++ b/libgcc/Makefile.in
@@ -284,7 +284,7 @@  INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \
 
 # Options to use when compiling crtbegin/end.
 CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \
-  -finhibit-size-directive -fno-inline -fno-exceptions \
+  $(NO_PIE_CFLAGS) -finhibit-size-directive -fno-inline -fno-exceptions \
   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
   -fbuilding-libgcc -fno-stack-protector $(FORCE_EXPLICIT_EH_REGISTRY) \
   $(INHIBIT_LIBC_CFLAGS)