| Message ID | 20230509194158.329137-1-polacek@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | configure: Implement --enable-host-pie | expand |
Ping. On Tue, May 09, 2023 at 03:41:58PM -0400, Marek Polacek via Gcc-patches wrote: > [ This is my third attempt to add this configure option. The first > version was approved but it came too late in the development cycle. > The second version was also approved, but I had to revert it: > <https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>. > I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to > ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer > need to touch Makefile.def, so this patch is simplified. ] > > This patch implements the --enable-host-pie configure option which > makes the compiler executables PIE. This can be used to enhance > protection against ROP attacks, and can be viewed as part of a wider > trend to harden binaries. > > It is similar to the option --enable-host-shared, except that --e-h-s > won't add -shared to the linker flags whereas --e-h-p will add -pie. > It is different from --enable-default-pie because that option just > adds an implicit -fPIE/-pie when the compiler is invoked, but the > compiler itself isn't PIE. > > Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH > regressions. > > When building the compiler, the build process may use various in-tree > libraries; these need to be built with -fPIE so that it's possible to > use them when building a PIE. For instance, when --with-included-gettext > is in effect, intl object files must be compiled with -fPIE. Similarly, > when building in-tree gmp, isl, mpfr and mpc, they must be compiled with > -fPIE. > > With this patch and --enable-host-pie used to configure gcc: > > $ file gcc/cc1{,plus,obj} gcc/f951 gcc/lto1 gcc/cpp > gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped > > I plan to add an option to link with -Wl,-z,now. > > Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext > --enable-host-pie as well as without --enable-host-pie. Also tested > on a Debian system where the system gcc was configured with > --enable-default-pie. > > ChangeLog: > > * configure.ac (--enable-host-pie): New check. Set PICFLAG after this > check. > * configure: Regenerate. > > c++tools/ChangeLog: > > * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. > Use pic/libiberty.a if PICFLAG is set. > * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. > (--enable-host-pie): New check. > * configure: Regenerate. > > fixincludes/ChangeLog: > > * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" > build of libiberty if PICFLAG is set. > * configure.ac: > * configure: Regenerate. > > gcc/ChangeLog: > > * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. > Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to > ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this > check. > * configure: Regenerate. > * doc/install.texi: Document --enable-host-pie. > > gcc/d/ChangeLog: > > * Make-lang.in: Remove NO_PIE_CFLAGS. > > intl/ChangeLog: > > * Makefile.in: Use @PICFLAG@ in COMPILE as well. > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG after this check. > * configure: Regenerate. > > libcody/ChangeLog: > > * Makefile.in: Pass LD_PICFLAG to LDFLAGS. > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this > check. > * configure: Regenerate. > > libcpp/ChangeLog: > > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG after this check. > * configure: Regenerate. > > libdecnumber/ChangeLog: > > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG after this check. > * configure: Regenerate. > > libiberty/ChangeLog: > > * configure.ac: Also set shared when enable_host_pie. > * configure: Regenerate. > > zlib/ChangeLog: > > * configure.ac (--enable-host-shared): Don't set PICFLAG here. > (--enable-host-pie): New check. Set PICFLAG after this check. > * configure: Regenerate. > --- > c++tools/Makefile.in | 11 ++++++--- > c++tools/configure | 17 +++++++++++--- > c++tools/configure.ac | 11 +++++++-- > configure | 24 +++++++++++++++++++- > configure.ac | 18 ++++++++++++++- > fixincludes/Makefile.in | 12 ++++++---- > fixincludes/configure | 13 +++++++++++ > fixincludes/configure.ac | 8 +++++++ > gcc/Makefile.in | 32 +++++++++++++++----------- > gcc/configure | 47 +++++++++++++++++++++++++++------------ > gcc/configure.ac | 36 +++++++++++++++++++++--------- > gcc/d/Make-lang.in | 2 +- > gcc/doc/install.texi | 16 +++++++++++-- > intl/Makefile.in | 2 +- > intl/configure | 24 ++++++++++++++++++-- > intl/configure.ac | 19 ++++++++++++++-- > libcody/Makefile.in | 2 +- > libcody/configure | 30 ++++++++++++++++++++++++- > libcody/configure.ac | 26 ++++++++++++++++++++-- > libcpp/configure | 22 +++++++++++++++++- > libcpp/configure.ac | 19 ++++++++++++++-- > libdecnumber/configure | 22 +++++++++++++++++- > libdecnumber/configure.ac | 19 ++++++++++++++-- > libiberty/configure | 4 ++-- > libiberty/configure.ac | 4 ++-- > zlib/configure | 28 +++++++++++++++++++---- > zlib/configure.ac | 21 ++++++++++++++--- > 27 files changed, 409 insertions(+), 80 deletions(-) > > diff --git a/c++tools/Makefile.in b/c++tools/Makefile.in > index 77bda3d56dc..dcb1029e064 100644 > --- a/c++tools/Makefile.in > +++ b/c++tools/Makefile.in > @@ -29,8 +29,9 @@ AUTOCONF := @AUTOCONF@ > AUTOHEADER := @AUTOHEADER@ > CXX := @CXX@ > CXXFLAGS := @CXXFLAGS@ > -PIEFLAG := @PIEFLAG@ > -CXXOPTS := $(CXXFLAGS) $(PIEFLAG) -fno-exceptions -fno-rtti > +PICFLAG := @PICFLAG@ > +LD_PICFLAG := @LD_PICFLAG@ > +CXXOPTS := $(CXXFLAGS) $(PICFLAG) -fno-exceptions -fno-rtti > LDFLAGS := @LDFLAGS@ > exeext := @EXEEXT@ > LIBIBERTY := ../libiberty/libiberty.a > @@ -90,11 +91,15 @@ ifeq (@CXX_AUX_TOOLS@,yes) > > all::g++-mapper-server$(exeext) > > +ifneq ($(PICFLAG),) > +override LIBIBERTY := ../libiberty/pic/libiberty.a > +endif > + > MAPPER.O := server.o resolver.o > CODYLIB = ../libcody/libcody.a > CXXINC += -I$(srcdir)/../libcody -I$(srcdir)/../include -I$(srcdir)/../gcc -I. -I../gcc > g++-mapper-server$(exeext): $(MAPPER.O) $(CODYLIB) > - +$(CXX) $(LDFLAGS) $(PIEFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) > + +$(CXX) $(LDFLAGS) $(PICFLAG) $(LD_PICFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) > > # copy to gcc dir so tests there can run > all::../gcc/g++-mapper-server$(exeext) > diff --git a/c++tools/configure b/c++tools/configure > index 742816e4253..88087009383 100755 > --- a/c++tools/configure > +++ b/c++tools/configure > @@ -627,7 +627,8 @@ get_gcc_base_ver > EGREP > GREP > CXXCPP > -PIEFLAG > +LD_PICFLAG > +PICFLAG > MAINTAINER > CXX_AUX_TOOLS > AUTOHEADER > @@ -700,6 +701,7 @@ enable_c___tools > enable_maintainer_mode > enable_checking > enable_default_pie > +enable_host_pie > with_gcc_major_version_only > ' > ac_precious_vars='build_alias > @@ -1333,6 +1335,7 @@ Optional Features: > only specific categories of checks. Categories are: > yes,no,all,none,release. > --enable-default-pie enable Position Independent Executable as default > + --enable-host-pie build host code as PIE > > Optional Packages: > --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] > @@ -2990,12 +2993,20 @@ fi > # Check whether --enable-default-pie was given. > # Check whether --enable-default-pie was given. > if test "${enable_default_pie+set}" = set; then : > - enableval=$enable_default_pie; PIEFLAG=-fPIE > + enableval=$enable_default_pie; PICFLAG=-fPIE > else > - PIEFLAG= > + PICFLAG= > fi > > > +# Enable --enable-host-pie > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie > +fi > + > + > + > > # Check if O_CLOEXEC is defined by fcntl > > diff --git a/c++tools/configure.ac b/c++tools/configure.ac > index 23e98c8e721..44dfaccbbfa 100644 > --- a/c++tools/configure.ac > +++ b/c++tools/configure.ac > @@ -102,8 +102,15 @@ fi > AC_ARG_ENABLE(default-pie, > [AS_HELP_STRING([--enable-default-pie], > [enable Position Independent Executable as default])], > -[PIEFLAG=-fPIE], [PIEFLAG=]) > -AC_SUBST([PIEFLAG]) > +[PICFLAG=-fPIE], [PICFLAG=]) > + > +# Enable --enable-host-pie > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])], > +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) > +AC_SUBST(PICFLAG) > +AC_SUBST(LD_PICFLAG) > > # Check if O_CLOEXEC is defined by fcntl > AC_CACHE_CHECK(for O_CLOEXEC, ac_cv_o_cloexec, [ > diff --git a/configure b/configure > index 0494e2fa2bf..f5cf9b84c06 100755 > --- a/configure > +++ b/configure > @@ -687,6 +687,8 @@ extra_host_zlib_configure_flags > extra_host_libiberty_configure_flags > stage1_languages > host_libs_picflag > +PICFLAG > +enable_host_pie > host_shared > extra_linker_plugin_flags > extra_linker_plugin_configure_flags > @@ -831,6 +833,7 @@ enable_lto > enable_linker_plugin_configure_flags > enable_linker_plugin_flags > enable_host_shared > +enable_host_pie > enable_stage1_languages > enable_objc_gc > with_target_bdw_gc > @@ -1559,6 +1562,7 @@ Optional Features: > additional flags for configuring and building linker > plugins [none] > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > --enable-stage1-languages[=all] > choose additional languages to build during stage1. > Mostly useful for compiler development > @@ -8669,11 +8673,29 @@ fi > > > > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > + > + > + > # If we are building PIC/PIE host executables, and we are building dependent > # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC > # code. > host_libs_picflag= > -if test "$host_shared" = "yes";then > +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then > host_libs_picflag='--with-pic' > fi > > diff --git a/configure.ac b/configure.ac > index f5cce5830bc..2a85834f2b6 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -1913,11 +1913,27 @@ AC_ARG_ENABLE(host-shared, > > AC_SUBST(host_shared) > > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > + > +AC_SUBST(PICFLAG) > + > # If we are building PIC/PIE host executables, and we are building dependent > # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC > # code. > host_libs_picflag= > -if test "$host_shared" = "yes";then > +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then > host_libs_picflag='--with-pic' > fi > AC_SUBST(host_libs_picflag) > diff --git a/fixincludes/Makefile.in b/fixincludes/Makefile.in > index 1937dcaa32d..e6ce41dba39 100644 > --- a/fixincludes/Makefile.in > +++ b/fixincludes/Makefile.in > @@ -73,7 +73,7 @@ default : all > # Now figure out from those variables how to compile and link. > > .c.o: > - $(CC) -c $(CFLAGS) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< > + $(CC) -c $(CFLAGS) $(PICFLAG) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< > > # The only suffixes we want for implicit rules are .c and .o. > .SUFFIXES: > @@ -87,7 +87,11 @@ default : all > ## > ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # > > +ifeq ($(PICFLAG),) > LIBIBERTY=../libiberty/libiberty.a > +else > +LIBIBERTY=../libiberty/pic/libiberty.a > +endif > > ALLOBJ = fixincl.o fixtests.o fixfixes.o server.o procopen.o \ > fixlib.o fixopts.o > @@ -107,15 +111,15 @@ oneprocess : full-stamp > twoprocess : test-stamp $(AF) > > full-stamp : $(ALLOBJ) $(LIBIBERTY) > - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(ALLOBJ) $(LIBIBERTY) > + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(ALLOBJ) $(LIBIBERTY) > $(STAMP) $@ > > test-stamp : $(TESTOBJ) $(LIBIBERTY) > - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(TESTOBJ) $(LIBIBERTY) > + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(TESTOBJ) $(LIBIBERTY) > $(STAMP) $@ > > $(AF): $(FIXOBJ) $(LIBIBERTY) > - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(FIXOBJ) $(LIBIBERTY) > + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $@ $(FIXOBJ) $(LIBIBERTY) > > $(ALLOBJ) : $(HDR) > fixincl.o : fixincl.c $(srcdir)/fixincl.x > diff --git a/fixincludes/configure b/fixincludes/configure > index bdcc41f6ddc..f1748ebef74 100755 > --- a/fixincludes/configure > +++ b/fixincludes/configure > @@ -623,6 +623,8 @@ ac_subst_vars='LTLIBOBJS > LIBOBJS > get_gcc_base_ver > MAINT > +LD_PICFLAG > +PICFLAG > TARGET > target_noncanonical > WERROR > @@ -695,6 +697,7 @@ enable_option_checking > enable_werror_always > with_local_prefix > enable_twoprocess > +enable_host_pie > enable_maintainer_mode > with_gcc_major_version_only > ' > @@ -1323,6 +1326,7 @@ Optional Features: > --enable-FEATURE[=ARG] include FEATURE [ARG=yes] > --enable-werror-always enable -Werror despite compiler version > --enable-twoprocess Use a separate process to apply the fixes > + --enable-host-pie build host code as PIE > --enable-maintainer-mode enable make rules and dependencies not useful > (and sometimes confusing) to the casual installer > > @@ -4835,6 +4839,15 @@ $as_echo "#define SEPARATE_FIX_PROC 1" >>confdefs.h > > fi > > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie > +fi > + > + > + > + > case $host in > vax-dec-bsd* ) > > diff --git a/fixincludes/configure.ac b/fixincludes/configure.ac > index ef2227e3c93..4e78511d20f 100644 > --- a/fixincludes/configure.ac > +++ b/fixincludes/configure.ac > @@ -68,6 +68,14 @@ if test $TARGET = twoprocess; then > [Define if testing and fixing are done by separate process]) > fi > > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])], > +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) > +AC_SUBST(PICFLAG) > +AC_SUBST(LD_PICFLAG) > + > case $host in > vax-dec-bsd* ) > AC_DEFINE(exit, xexit, [Define to xexit if the host system does not support atexit]) > diff --git a/gcc/Makefile.in b/gcc/Makefile.in > index bb63b5c501d..860fd9af81a 100644 > --- a/gcc/Makefile.in > +++ b/gcc/Makefile.in > @@ -158,6 +158,9 @@ LDFLAGS = @LDFLAGS@ > # Should we build position-independent host code? > PICFLAG = @PICFLAG@ > > +# The linker flag for the above. > +LD_PICFLAG = @LD_PICFLAG@ > + > # Flags to determine code coverage. When coverage is disabled, this will > # contain the optimization flags, as you normally want code coverage > # without optimization. > @@ -283,19 +286,19 @@ LINKER = $(CC) > LINKER_FLAGS = $(CFLAGS) > endif > > +enable_host_pie = @enable_host_pie@ > + > # Enable Intel CET on Intel CET enabled host if needed. > CET_HOST_FLAGS = @CET_HOST_FLAGS@ > COMPILER += $(CET_HOST_FLAGS) > > -NO_PIE_CFLAGS = @NO_PIE_CFLAGS@ > -NO_PIE_FLAG = @NO_PIE_FLAG@ > DO_LINK_MUTEX = @DO_LINK_MUTEX@ > > -# We don't want to compile the compilers with -fPIE, it make PCH fail. > -COMPILER += $(NO_PIE_CFLAGS) > +# Maybe compile the compilers with -fPIE or -fPIC. > +COMPILER += $(PICFLAG) > > -# Link with -no-pie since we compile the compiler with -fno-PIE. > -LINKER += $(NO_PIE_FLAG) > +# Link with -pie, or -no-pie, depending on the above. > +LINKER += $(LD_PICFLAG) > > # Like LINKER, but use a mutex for serializing front end links. > ifeq (@DO_LINK_MUTEX@,true) > @@ -1067,7 +1070,7 @@ RTL_SSA_H = $(PRETTY_PRINT_H) insn-config.h splay-tree-utils.h \ > # programs built during a bootstrap. > # autoconf inserts -DCROSS_DIRECTORY_STRUCTURE if we are building a > # cross compiler which does not use the native headers and libraries. > -INTERNAL_CFLAGS = -DIN_GCC $(PICFLAG) @CROSS@ > +INTERNAL_CFLAGS = -DIN_GCC @CROSS@ > > # This is the variable actually used when we compile. If you change this, > # you probably want to update BUILD_CFLAGS in configure.ac > @@ -1085,21 +1088,24 @@ ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ > ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS) > > # This is the variable to use when using $(COMPILER). > -ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) > +ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) $(PICFLAG) > > # This is the variable to use when using $(LINKER). > -ALL_LINKERFLAGS = $(ALL_CXXFLAGS) > +ALL_LINKERFLAGS = $(ALL_CXXFLAGS) $(LD_PICFLAG) > > # Build and host support libraries. > > -# Use the "pic" build of libiberty if --enable-host-shared, unless we are > -# building for mingw. > +# Use the "pic" build of libiberty if --enable-host-shared or --enable-host-pie, > +# unless we are building for mingw. > LIBIBERTY_PICDIR=$(if $(findstring mingw,$(target)),,pic) > -ifeq ($(enable_host_shared),yes) > +ifneq ($(enable_host_shared)$(enable_host_pie),) > LIBIBERTY = ../libiberty/$(LIBIBERTY_PICDIR)/libiberty.a > -BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a > else > LIBIBERTY = ../libiberty/libiberty.a > +endif > +ifeq ($(enable_host_shared),yes) > +BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a > +else > BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/libiberty.a > endif > > diff --git a/gcc/configure b/gcc/configure > index 191f68581b3..629446ecf3b 100755 > --- a/gcc/configure > +++ b/gcc/configure > @@ -632,10 +632,10 @@ ac_includes_default="\ > ac_subst_vars='LTLIBOBJS > LIBOBJS > CET_HOST_FLAGS > -NO_PIE_FLAG > -NO_PIE_CFLAGS > -enable_default_pie > +LD_PICFLAG > PICFLAG > +enable_default_pie > +enable_host_pie > enable_host_shared > enable_plugin > pluginlibs > @@ -1030,6 +1030,7 @@ enable_link_serialization > enable_version_specific_runtime_libs > enable_plugin > enable_host_shared > +enable_host_pie > enable_libquadmath_support > with_linker_hash_style > with_diagnostics_color > @@ -1792,6 +1793,7 @@ Optional Features: > in a compiler-specific directory > --enable-plugin enable plugin support > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > --disable-libquadmath-support > disable libquadmath support for Fortran > --enable-default-pie enable Position Independent Executable as default > @@ -19850,7 +19852,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 19853 "configure" > +#line 19867 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -19956,7 +19958,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 19959 "configure" > +#line 19973 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -32090,13 +32092,17 @@ fi > # Enable --enable-host-shared > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > -else > - PICFLAG= > + enableval=$enable_host_shared; > fi > > > > +# Enable --enable-host-pie > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > > > # Check whether --enable-libquadmath-support was given. > @@ -32250,10 +32256,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > fi > { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5 > $as_echo "$gcc_cv_c_no_fpie" >&6; } > -if test "$gcc_cv_c_no_fpie" = "yes"; then > - NO_PIE_CFLAGS="-fno-PIE" > -fi > - > > # Check if -no-pie works. > { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5 > @@ -32278,11 +32280,28 @@ rm -f core conftest.err conftest.$ac_objext \ > fi > { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5 > $as_echo "$gcc_cv_no_pie" >&6; } > -if test "$gcc_cv_no_pie" = "yes"; then > - NO_PIE_FLAG="-no-pie" > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +elif test x$gcc_cv_c_no_fpie = xyes; then > + PICFLAG=-fno-PIE > +else > + PICFLAG= > +fi > + > +if test x$enable_host_pie = xyes; then > + LD_PICFLAG=-pie > +elif test x$gcc_cv_no_pie = xyes; then > + LD_PICFLAG=-no-pie > +else > + LD_PICFLAG= > fi > > > + > + > # Enable Intel CET on Intel CET enabled host if jit is enabled. > # Check whether --enable-cet was given. > if test "${enable_cet+set}" = set; then : > diff --git a/gcc/configure.ac b/gcc/configure.ac > index 075424669c9..9c69a55668e 100644 > --- a/gcc/configure.ac > +++ b/gcc/configure.ac > @@ -7418,11 +7418,14 @@ fi > # Enable --enable-host-shared > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > + [build host code as shared libraries])]) > AC_SUBST(enable_host_shared) > -AC_SUBST(PICFLAG) > > +# Enable --enable-host-pie > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > > AC_ARG_ENABLE(libquadmath-support, > [AS_HELP_STRING([--disable-libquadmath-support], > @@ -7544,10 +7547,6 @@ AC_CACHE_CHECK([for -fno-PIE option], > [gcc_cv_c_no_fpie=yes], > [gcc_cv_c_no_fpie=no]) > CXXFLAGS="$saved_CXXFLAGS"]) > -if test "$gcc_cv_c_no_fpie" = "yes"; then > - NO_PIE_CFLAGS="-fno-PIE" > -fi > -AC_SUBST([NO_PIE_CFLAGS]) > > # Check if -no-pie works. > AC_CACHE_CHECK([for -no-pie option], > @@ -7558,10 +7557,27 @@ AC_CACHE_CHECK([for -no-pie option], > [gcc_cv_no_pie=yes], > [gcc_cv_no_pie=no]) > LDFLAGS="$saved_LDFLAGS"]) > -if test "$gcc_cv_no_pie" = "yes"; then > - NO_PIE_FLAG="-no-pie" > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +elif test x$gcc_cv_c_no_fpie = xyes; then > + PICFLAG=-fno-PIE > +else > + PICFLAG= > fi > -AC_SUBST([NO_PIE_FLAG]) > + > +if test x$enable_host_pie = xyes; then > + LD_PICFLAG=-pie > +elif test x$gcc_cv_no_pie = xyes; then > + LD_PICFLAG=-no-pie > +else > + LD_PICFLAG= > +fi > + > +AC_SUBST([PICFLAG]) > +AC_SUBST([LD_PICFLAG]) > > # Enable Intel CET on Intel CET enabled host if jit is enabled. > GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) > diff --git a/gcc/d/Make-lang.in b/gcc/d/Make-lang.in > index 1679fb81097..4fbf2096416 100644 > --- a/gcc/d/Make-lang.in > +++ b/gcc/d/Make-lang.in > @@ -64,7 +64,7 @@ ALL_DFLAGS = $(DFLAGS-$@) $(GDCFLAGS) -fversion=IN_GCC $(CHECKING_DFLAGS) \ > $(PICFLAG) $(ALIASING_FLAGS) $(NOEXCEPTION_DFLAGS) $(COVERAGE_FLAGS) \ > $(WARN_DFLAGS) > > -DCOMPILE.base = $(GDC) $(NO_PIE_CFLAGS) -c $(ALL_DFLAGS) -o $@ > +DCOMPILE.base = $(GDC) -c $(ALL_DFLAGS) -o $@ > DCOMPILE = $(DCOMPILE.base) -MT $@ -MMD -MP -MF $(@D)/$(DEPDIR)/$(*F).TPo > DPOSTCOMPILE = @mv $(@D)/$(DEPDIR)/$(*F).TPo $(@D)/$(DEPDIR)/$(*F).Po > DLINKER = $(GDC) $(NO_PIE_FLAG) -lstdc++ > diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi > index fa91ce1953d..2248308dbdf 100644 > --- a/gcc/doc/install.texi > +++ b/gcc/doc/install.texi > @@ -1072,14 +1072,26 @@ code. > > @item --enable-host-shared > Specify that the @emph{host} code should be built into position-independent > -machine code (with -fPIC), allowing it to be used within shared libraries, > -but yielding a slightly slower compiler. > +machine code (with @option{-fPIC}), allowing it to be used within shared > +libraries, but yielding a slightly slower compiler. > > This option is required when building the libgccjit.so library. > > Contrast with @option{--enable-shared}, which affects @emph{target} > libraries. > > +@item --enable-host-pie > +Specify that the @emph{host} executables should be built into > +position-independent executables (with @option{-fPIE} and @option{-pie}), > +yielding a slightly slower compiler (but faster than > +@option{--enable-host-shared}). Position-independent executables are loaded > +at random addresses each time they are executed, therefore provide additional > +protection against Return Oriented Programming (ROP) attacks. > + > +@option{--enable-host-pie}) may be used with @option{--enable-host-shared}), > +in which case @option{-fPIC} is used when compiling, and @option{-pie} when > +linking. > + > @item @anchor{with-gnu-as}--with-gnu-as > Specify that the compiler should assume that the > assembler it finds is the GNU assembler. However, this does not modify > diff --git a/intl/Makefile.in b/intl/Makefile.in > index 409d693c48e..5beebdc152c 100644 > --- a/intl/Makefile.in > +++ b/intl/Makefile.in > @@ -54,7 +54,7 @@ CTAGS = @CTAGS@ > ETAGS = @ETAGS@ > MKID = @MKID@ > > -COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(DEFS-$@) $(INCLUDES) > +COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) @PICFLAG@ $(DEFS) $(DEFS-$@) $(INCLUDES) > > HEADERS = \ > gmo.h \ > diff --git a/intl/configure b/intl/configure > index 03f40487a92..79bb5831a47 100755 > --- a/intl/configure > +++ b/intl/configure > @@ -623,6 +623,8 @@ ac_header_list= > ac_subst_vars='LTLIBOBJS > LIBOBJS > PICFLAG > +enable_host_pie > +enable_host_shared > BISON3_NO > BISON3_YES > INCINTL > @@ -731,6 +733,7 @@ with_libintl_prefix > with_libintl_type > enable_maintainer_mode > enable_host_shared > +enable_host_pie > ' > ac_precious_vars='build_alias > host_alias > @@ -1356,6 +1359,7 @@ Optional Features: > --disable-rpath do not hardcode runtime library paths > --enable-maintainer-mode enable rules only needed by maintainers > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > > Optional Packages: > --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] > @@ -6852,15 +6856,31 @@ fi > > > > +# Enable --enable-host-shared. > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > + enableval=$enable_host_shared; > +fi > + > + > + > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > else > PICFLAG= > fi > > > - > ac_config_files="$ac_config_files Makefile config.intl" > > cat >confcache <<\_ACEOF > diff --git a/intl/configure.ac b/intl/configure.ac > index 16a740aa230..81aa831f59f 100644 > --- a/intl/configure.ac > +++ b/intl/configure.ac > @@ -83,10 +83,25 @@ fi > AC_SUBST(BISON3_YES) > AC_SUBST(BISON3_NO) > > +# Enable --enable-host-shared. > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > + [build host code as shared libraries])]) > +AC_SUBST(enable_host_shared) > + > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > AC_SUBST(PICFLAG) > > AC_CONFIG_FILES(Makefile config.intl) > diff --git a/libcody/Makefile.in b/libcody/Makefile.in > index bb87468cb9a..cb01b0092d8 100644 > --- a/libcody/Makefile.in > +++ b/libcody/Makefile.in > @@ -31,7 +31,7 @@ endif > CXXOPTS += $(filter-out -DHAVE_CONFIG_H,@DEFS@) -include config.h > > # Linker options > -LDFLAGS := @LDFLAGS@ > +LDFLAGS := @LDFLAGS@ @LD_PICFLAG@ > LIBS := @LIBS@ > > # Per-source & per-directory compile flags (warning: recursive) > diff --git a/libcody/configure b/libcody/configure > index da52a5cfca5..0e536c0ccb0 100755 > --- a/libcody/configure > +++ b/libcody/configure > @@ -591,7 +591,10 @@ configure_args > AR > RANLIB > EXCEPTIONS > +LD_PICFLAG > PICFLAG > +enable_host_pie > +enable_host_shared > OBJEXT > EXEEXT > ac_ct_CXX > @@ -653,6 +656,7 @@ enable_maintainer_mode > with_compiler > enable_checking > enable_host_shared > +enable_host_pie > enable_exceptions > ' > ac_precious_vars='build_alias > @@ -1286,6 +1290,7 @@ Optional Features: > yes,no,all,none,release. Flags are: misc,valgrind or > other strings > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > --enable-exceptions enable exceptions & rtti > > Optional Packages: > @@ -2635,11 +2640,34 @@ fi > # Enable --enable-host-shared. > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > + enableval=$enable_host_shared; > +fi > + > + > + > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > else > PICFLAG= > fi > > +if test x$enable_host_pie = xyes; then > + LD_PICFLAG=-pie > +else > + LD_PICFLAG= > +fi > + > + > > > # Check whether --enable-exceptions was given. > diff --git a/libcody/configure.ac b/libcody/configure.ac > index 960191ecb72..14e8dd4a226 100644 > --- a/libcody/configure.ac > +++ b/libcody/configure.ac > @@ -63,9 +63,31 @@ fi > # Enable --enable-host-shared. > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > + [build host code as shared libraries])]) > +AC_SUBST(enable_host_shared) > + > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > + > +if test x$enable_host_pie = xyes; then > + LD_PICFLAG=-pie > +else > + LD_PICFLAG= > +fi > + > AC_SUBST(PICFLAG) > +AC_SUBST(LD_PICFLAG) > > NMS_ENABLE_EXCEPTIONS > > diff --git a/libcpp/configure b/libcpp/configure > index e9937cde330..1389ddab544 100755 > --- a/libcpp/configure > +++ b/libcpp/configure > @@ -625,6 +625,8 @@ ac_includes_default="\ > ac_subst_vars='LTLIBOBJS > CET_HOST_FLAGS > PICFLAG > +enable_host_pie > +enable_host_shared > MAINT > USED_CATALOGS > PACKAGE > @@ -738,6 +740,7 @@ enable_maintainer_mode > enable_checking > enable_canonical_system_headers > enable_host_shared > +enable_host_pie > enable_cet > enable_valgrind_annotations > ' > @@ -1379,6 +1382,7 @@ Optional Features: > --enable-canonical-system-headers > enable or disable system headers canonicalization > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > --enable-cet enable Intel CET in host libraries [default=auto] > --enable-valgrind-annotations > enable valgrind runtime interaction > @@ -7605,7 +7609,23 @@ esac > # Enable --enable-host-shared. > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > + enableval=$enable_host_shared; > +fi > + > + > + > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > else > PICFLAG= > fi > diff --git a/libcpp/configure.ac b/libcpp/configure.ac > index 89ac99b04bd..b29b4d6acf1 100644 > --- a/libcpp/configure.ac > +++ b/libcpp/configure.ac > @@ -211,8 +211,23 @@ esac > # Enable --enable-host-shared. > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > + [build host code as shared libraries])]) > +AC_SUBST(enable_host_shared) > + > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > + > AC_SUBST(PICFLAG) > > # Enable Intel CET on Intel CET enabled host if jit is enabled. > diff --git a/libdecnumber/configure b/libdecnumber/configure > index fb6db05565a..84bc4ffc767 100755 > --- a/libdecnumber/configure > +++ b/libdecnumber/configure > @@ -626,6 +626,8 @@ ac_subst_vars='LTLIBOBJS > LIBOBJS > CET_HOST_FLAGS > PICFLAG > +enable_host_pie > +enable_host_shared > ADDITIONAL_OBJS > enable_decimal_float > target_os > @@ -706,6 +708,7 @@ enable_werror_always > enable_maintainer_mode > enable_decimal_float > enable_host_shared > +enable_host_pie > enable_cet > ' > ac_precious_vars='build_alias > @@ -1338,6 +1341,7 @@ Optional Features: > or 'dpd' choses which decimal floating point format > to use > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > --enable-cet enable Intel CET in host libraries [default=auto] > > Some influential environment variables: > @@ -5186,7 +5190,23 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h > # Enable --enable-host-shared. > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > + enableval=$enable_host_shared; > +fi > + > + > + > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > else > PICFLAG= > fi > diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac > index aafd06f8a64..30a51ca410b 100644 > --- a/libdecnumber/configure.ac > +++ b/libdecnumber/configure.ac > @@ -100,8 +100,23 @@ AC_C_BIGENDIAN > # Enable --enable-host-shared. > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > + [build host code as shared libraries])]) > +AC_SUBST(enable_host_shared) > + > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > + > AC_SUBST(PICFLAG) > > # Enable Intel CET on Intel CET enabled host if jit is enabled. > diff --git a/libiberty/configure b/libiberty/configure > index 860f981fa18..b8a19c42110 100755 > --- a/libiberty/configure > +++ b/libiberty/configure > @@ -5258,8 +5258,8 @@ case "${enable_shared}" in > *) shared=yes ;; > esac > > -# ...unless --enable-host-shared was passed from top-level config: > -if [ "${enable_host_shared}" = "yes" ]; then > +# ...unless --enable-host-{shared,pie} was passed from top-level config: > +if [ "${enable_host_shared}" = "yes" ] || [ "${enable_host_pie}" = "yes" ]; then > shared=yes > fi > > diff --git a/libiberty/configure.ac b/libiberty/configure.ac > index 28d996f9cf7..6747a7b5cff 100644 > --- a/libiberty/configure.ac > +++ b/libiberty/configure.ac > @@ -233,8 +233,8 @@ case "${enable_shared}" in > *) shared=yes ;; > esac > > -# ...unless --enable-host-shared was passed from top-level config: > -if [[ "${enable_host_shared}" = "yes" ]]; then > +# ...unless --enable-host-{shared,pie} was passed from top-level config: > +if [[ "${enable_host_shared}" = "yes" ]] || [[ "${enable_host_pie}" = "yes" ]]; then > shared=yes > fi > > diff --git a/zlib/configure b/zlib/configure > index e35ac6e7e17..77be6c284e3 100755 > --- a/zlib/configure > +++ b/zlib/configure > @@ -635,6 +635,8 @@ am__EXEEXT_TRUE > LTLIBOBJS > LIBOBJS > PICFLAG > +enable_host_pie > +enable_host_shared > TARGET_LIBRARY_FALSE > TARGET_LIBRARY_TRUE > toolexeclibdir > @@ -778,6 +780,7 @@ with_gnu_ld > enable_libtool_lock > with_toolexeclibdir > enable_host_shared > +enable_host_pie > ' > ac_precious_vars='build_alias > host_alias > @@ -1420,6 +1423,7 @@ Optional Features: > optimize for fast installation [default=yes] > --disable-libtool-lock avoid locking (might break parallel builds) > --enable-host-shared build host code as shared libraries > + --enable-host-pie build host code as PIE > > Optional Packages: > --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] > @@ -10759,7 +10763,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 10762 "configure" > +#line 10778 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -10865,7 +10869,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 10868 "configure" > +#line 10884 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -11548,15 +11552,31 @@ else > multilib_arg= > fi > > +# Enable --enable-host-shared. > # Check whether --enable-host-shared was given. > if test "${enable_host_shared+set}" = set; then : > - enableval=$enable_host_shared; PICFLAG=-fPIC > + enableval=$enable_host_shared; > +fi > + > + > + > +# Enable --enable-host-pie. > +# Check whether --enable-host-pie was given. > +if test "${enable_host_pie+set}" = set; then : > + enableval=$enable_host_pie; > +fi > + > + > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > else > PICFLAG= > fi > > > - > ac_config_files="$ac_config_files Makefile" > > cat >confcache <<\_ACEOF > diff --git a/zlib/configure.ac b/zlib/configure.ac > index be1cfe29651..adf7aad4e51 100644 > --- a/zlib/configure.ac > +++ b/zlib/configure.ac > @@ -122,11 +122,26 @@ else > multilib_arg= > fi > > +# Enable --enable-host-shared. > AC_ARG_ENABLE(host-shared, > [AS_HELP_STRING([--enable-host-shared], > - [build host code as shared libraries])], > -[PICFLAG=-fPIC], [PICFLAG=]) > -AC_SUBST(PICFLAG) > + [build host code as shared libraries])]) > +AC_SUBST(enable_host_shared) > + > +# Enable --enable-host-pie. > +AC_ARG_ENABLE(host-pie, > +[AS_HELP_STRING([--enable-host-pie], > + [build host code as PIE])]) > +AC_SUBST(enable_host_pie) > + > +if test x$enable_host_shared = xyes; then > + PICFLAG=-fPIC > +elif test x$enable_host_pie = xyes; then > + PICFLAG=-fPIE > +else > + PICFLAG= > +fi > > +AC_SUBST(PICFLAG) > AC_CONFIG_FILES([Makefile]) > AC_OUTPUT > > base-commit: bbb6cf926f1732559b3a8aaf2796d34e8651c066 > -- > 2.40.1 > Marek
Hi Marek, > On 16 May 2023, at 16:29, Marek Polacek via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > Ping. I’m trying this on Darwin (since I have a local patch to do this for modern [darwin20+] versions, which do not allow non-PIE) I think you are missing a hunk to deal with Ada. thanks for the patch Iain > > On Tue, May 09, 2023 at 03:41:58PM -0400, Marek Polacek via Gcc-patches wrote: >> [ This is my third attempt to add this configure option. The first >> version was approved but it came too late in the development cycle. >> The second version was also approved, but I had to revert it: >> <https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>. >> I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to >> ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer >> need to touch Makefile.def, so this patch is simplified. ] >> >> This patch implements the --enable-host-pie configure option which >> makes the compiler executables PIE. This can be used to enhance >> protection against ROP attacks, and can be viewed as part of a wider >> trend to harden binaries. >> >> It is similar to the option --enable-host-shared, except that --e-h-s >> won't add -shared to the linker flags whereas --e-h-p will add -pie. >> It is different from --enable-default-pie because that option just >> adds an implicit -fPIE/-pie when the compiler is invoked, but the >> compiler itself isn't PIE. >> >> Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH >> regressions. >> >> When building the compiler, the build process may use various in-tree >> libraries; these need to be built with -fPIE so that it's possible to >> use them when building a PIE. For instance, when --with-included-gettext >> is in effect, intl object files must be compiled with -fPIE. Similarly, >> when building in-tree gmp, isl, mpfr and mpc, they must be compiled with >> -fPIE. >> >> With this patch and --enable-host-pie used to configure gcc: >> >> $ file gcc/cc1{,plus,obj} gcc/f951 gcc/lto1 gcc/cpp >> gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped >> >> I plan to add an option to link with -Wl,-z,now. >> >> Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext >> --enable-host-pie as well as without --enable-host-pie. Also tested >> on a Debian system where the system gcc was configured with >> --enable-default-pie. >> >> ChangeLog: >> >> * configure.ac (--enable-host-pie): New check. Set PICFLAG after this >> check. >> * configure: Regenerate. >> >> c++tools/ChangeLog: >> >> * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. >> Use pic/libiberty.a if PICFLAG is set. >> * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. >> (--enable-host-pie): New check. >> * configure: Regenerate. >> >> fixincludes/ChangeLog: >> >> * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" >> build of libiberty if PICFLAG is set. >> * configure.ac: >> * configure: Regenerate. >> >> gcc/ChangeLog: >> >> * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. >> Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to >> ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this >> check. >> * configure: Regenerate. >> * doc/install.texi: Document --enable-host-pie. >> >> gcc/d/ChangeLog: >> >> * Make-lang.in: Remove NO_PIE_CFLAGS. >> >> intl/ChangeLog: >> >> * Makefile.in: Use @PICFLAG@ in COMPILE as well. >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG after this check. >> * configure: Regenerate. >> >> libcody/ChangeLog: >> >> * Makefile.in: Pass LD_PICFLAG to LDFLAGS. >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this >> check. >> * configure: Regenerate. >> >> libcpp/ChangeLog: >> >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG after this check. >> * configure: Regenerate. >> >> libdecnumber/ChangeLog: >> >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG after this check. >> * configure: Regenerate. >> >> libiberty/ChangeLog: >> >> * configure.ac: Also set shared when enable_host_pie. >> * configure: Regenerate. >> >> zlib/ChangeLog: >> >> * configure.ac (--enable-host-shared): Don't set PICFLAG here. >> (--enable-host-pie): New check. Set PICFLAG after this check. >> * configure: Regenerate. >> --- >> c++tools/Makefile.in | 11 ++++++--- >> c++tools/configure | 17 +++++++++++--- >> c++tools/configure.ac | 11 +++++++-- >> configure | 24 +++++++++++++++++++- >> configure.ac | 18 ++++++++++++++- >> fixincludes/Makefile.in | 12 ++++++---- >> fixincludes/configure | 13 +++++++++++ >> fixincludes/configure.ac | 8 +++++++ >> gcc/Makefile.in | 32 +++++++++++++++----------- >> gcc/configure | 47 +++++++++++++++++++++++++++------------ >> gcc/configure.ac | 36 +++++++++++++++++++++--------- >> gcc/d/Make-lang.in | 2 +- >> gcc/doc/install.texi | 16 +++++++++++-- >> intl/Makefile.in | 2 +- >> intl/configure | 24 ++++++++++++++++++-- >> intl/configure.ac | 19 ++++++++++++++-- >> libcody/Makefile.in | 2 +- >> libcody/configure | 30 ++++++++++++++++++++++++- >> libcody/configure.ac | 26 ++++++++++++++++++++-- >> libcpp/configure | 22 +++++++++++++++++- >> libcpp/configure.ac | 19 ++++++++++++++-- >> libdecnumber/configure | 22 +++++++++++++++++- >> libdecnumber/configure.ac | 19 ++++++++++++++-- >> libiberty/configure | 4 ++-- >> libiberty/configure.ac | 4 ++-- >> zlib/configure | 28 +++++++++++++++++++---- >> zlib/configure.ac | 21 ++++++++++++++--- >> 27 files changed, 409 insertions(+), 80 deletions(-) >> >> diff --git a/c++tools/Makefile.in b/c++tools/Makefile.in >> index 77bda3d56dc..dcb1029e064 100644 >> --- a/c++tools/Makefile.in >> +++ b/c++tools/Makefile.in >> @@ -29,8 +29,9 @@ AUTOCONF := @AUTOCONF@ >> AUTOHEADER := @AUTOHEADER@ >> CXX := @CXX@ >> CXXFLAGS := @CXXFLAGS@ >> -PIEFLAG := @PIEFLAG@ >> -CXXOPTS := $(CXXFLAGS) $(PIEFLAG) -fno-exceptions -fno-rtti >> +PICFLAG := @PICFLAG@ >> +LD_PICFLAG := @LD_PICFLAG@ >> +CXXOPTS := $(CXXFLAGS) $(PICFLAG) -fno-exceptions -fno-rtti >> LDFLAGS := @LDFLAGS@ >> exeext := @EXEEXT@ >> LIBIBERTY := ../libiberty/libiberty.a >> @@ -90,11 +91,15 @@ ifeq (@CXX_AUX_TOOLS@,yes) >> >> all::g++-mapper-server$(exeext) >> >> +ifneq ($(PICFLAG),) >> +override LIBIBERTY := ../libiberty/pic/libiberty.a >> +endif >> + >> MAPPER.O := server.o resolver.o >> CODYLIB = ../libcody/libcody.a >> CXXINC += -I$(srcdir)/../libcody -I$(srcdir)/../include -I$(srcdir)/../gcc -I. -I../gcc >> g++-mapper-server$(exeext): $(MAPPER.O) $(CODYLIB) >> - +$(CXX) $(LDFLAGS) $(PIEFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) >> + +$(CXX) $(LDFLAGS) $(PICFLAG) $(LD_PICFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) >> >> # copy to gcc dir so tests there can run >> all::../gcc/g++-mapper-server$(exeext) >> diff --git a/c++tools/configure b/c++tools/configure >> index 742816e4253..88087009383 100755 >> --- a/c++tools/configure >> +++ b/c++tools/configure >> @@ -627,7 +627,8 @@ get_gcc_base_ver >> EGREP >> GREP >> CXXCPP >> -PIEFLAG >> +LD_PICFLAG >> +PICFLAG >> MAINTAINER >> CXX_AUX_TOOLS >> AUTOHEADER >> @@ -700,6 +701,7 @@ enable_c___tools >> enable_maintainer_mode >> enable_checking >> enable_default_pie >> +enable_host_pie >> with_gcc_major_version_only >> ' >> ac_precious_vars='build_alias >> @@ -1333,6 +1335,7 @@ Optional Features: >> only specific categories of checks. Categories are: >> yes,no,all,none,release. >> --enable-default-pie enable Position Independent Executable as default >> + --enable-host-pie build host code as PIE >> >> Optional Packages: >> --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] >> @@ -2990,12 +2993,20 @@ fi >> # Check whether --enable-default-pie was given. >> # Check whether --enable-default-pie was given. >> if test "${enable_default_pie+set}" = set; then : >> - enableval=$enable_default_pie; PIEFLAG=-fPIE >> + enableval=$enable_default_pie; PICFLAG=-fPIE >> else >> - PIEFLAG= >> + PICFLAG= >> fi >> >> >> +# Enable --enable-host-pie >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie >> +fi >> + >> + >> + >> >> # Check if O_CLOEXEC is defined by fcntl >> >> diff --git a/c++tools/configure.ac b/c++tools/configure.ac >> index 23e98c8e721..44dfaccbbfa 100644 >> --- a/c++tools/configure.ac >> +++ b/c++tools/configure.ac >> @@ -102,8 +102,15 @@ fi >> AC_ARG_ENABLE(default-pie, >> [AS_HELP_STRING([--enable-default-pie], >> [enable Position Independent Executable as default])], >> -[PIEFLAG=-fPIE], [PIEFLAG=]) >> -AC_SUBST([PIEFLAG]) >> +[PICFLAG=-fPIE], [PICFLAG=]) >> + >> +# Enable --enable-host-pie >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])], >> +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) >> +AC_SUBST(PICFLAG) >> +AC_SUBST(LD_PICFLAG) >> >> # Check if O_CLOEXEC is defined by fcntl >> AC_CACHE_CHECK(for O_CLOEXEC, ac_cv_o_cloexec, [ >> diff --git a/configure b/configure >> index 0494e2fa2bf..f5cf9b84c06 100755 >> --- a/configure >> +++ b/configure >> @@ -687,6 +687,8 @@ extra_host_zlib_configure_flags >> extra_host_libiberty_configure_flags >> stage1_languages >> host_libs_picflag >> +PICFLAG >> +enable_host_pie >> host_shared >> extra_linker_plugin_flags >> extra_linker_plugin_configure_flags >> @@ -831,6 +833,7 @@ enable_lto >> enable_linker_plugin_configure_flags >> enable_linker_plugin_flags >> enable_host_shared >> +enable_host_pie >> enable_stage1_languages >> enable_objc_gc >> with_target_bdw_gc >> @@ -1559,6 +1562,7 @@ Optional Features: >> additional flags for configuring and building linker >> plugins [none] >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> --enable-stage1-languages[=all] >> choose additional languages to build during stage1. >> Mostly useful for compiler development >> @@ -8669,11 +8673,29 @@ fi >> >> >> >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> + >> + >> + >> # If we are building PIC/PIE host executables, and we are building dependent >> # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC >> # code. >> host_libs_picflag= >> -if test "$host_shared" = "yes";then >> +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then >> host_libs_picflag='--with-pic' >> fi >> >> diff --git a/configure.ac b/configure.ac >> index f5cce5830bc..2a85834f2b6 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -1913,11 +1913,27 @@ AC_ARG_ENABLE(host-shared, >> >> AC_SUBST(host_shared) >> >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> + >> +AC_SUBST(PICFLAG) >> + >> # If we are building PIC/PIE host executables, and we are building dependent >> # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC >> # code. >> host_libs_picflag= >> -if test "$host_shared" = "yes";then >> +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then >> host_libs_picflag='--with-pic' >> fi >> AC_SUBST(host_libs_picflag) >> diff --git a/fixincludes/Makefile.in b/fixincludes/Makefile.in >> index 1937dcaa32d..e6ce41dba39 100644 >> --- a/fixincludes/Makefile.in >> +++ b/fixincludes/Makefile.in >> @@ -73,7 +73,7 @@ default : all >> # Now figure out from those variables how to compile and link. >> >> .c.o: >> - $(CC) -c $(CFLAGS) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< >> + $(CC) -c $(CFLAGS) $(PICFLAG) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< >> >> # The only suffixes we want for implicit rules are .c and .o. >> .SUFFIXES: >> @@ -87,7 +87,11 @@ default : all >> ## >> ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # >> >> +ifeq ($(PICFLAG),) >> LIBIBERTY=../libiberty/libiberty.a >> +else >> +LIBIBERTY=../libiberty/pic/libiberty.a >> +endif >> >> ALLOBJ = fixincl.o fixtests.o fixfixes.o server.o procopen.o \ >> fixlib.o fixopts.o >> @@ -107,15 +111,15 @@ oneprocess : full-stamp >> twoprocess : test-stamp $(AF) >> >> full-stamp : $(ALLOBJ) $(LIBIBERTY) >> - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(ALLOBJ) $(LIBIBERTY) >> + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(ALLOBJ) $(LIBIBERTY) >> $(STAMP) $@ >> >> test-stamp : $(TESTOBJ) $(LIBIBERTY) >> - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(TESTOBJ) $(LIBIBERTY) >> + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(TESTOBJ) $(LIBIBERTY) >> $(STAMP) $@ >> >> $(AF): $(FIXOBJ) $(LIBIBERTY) >> - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(FIXOBJ) $(LIBIBERTY) >> + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $@ $(FIXOBJ) $(LIBIBERTY) >> >> $(ALLOBJ) : $(HDR) >> fixincl.o : fixincl.c $(srcdir)/fixincl.x >> diff --git a/fixincludes/configure b/fixincludes/configure >> index bdcc41f6ddc..f1748ebef74 100755 >> --- a/fixincludes/configure >> +++ b/fixincludes/configure >> @@ -623,6 +623,8 @@ ac_subst_vars='LTLIBOBJS >> LIBOBJS >> get_gcc_base_ver >> MAINT >> +LD_PICFLAG >> +PICFLAG >> TARGET >> target_noncanonical >> WERROR >> @@ -695,6 +697,7 @@ enable_option_checking >> enable_werror_always >> with_local_prefix >> enable_twoprocess >> +enable_host_pie >> enable_maintainer_mode >> with_gcc_major_version_only >> ' >> @@ -1323,6 +1326,7 @@ Optional Features: >> --enable-FEATURE[=ARG] include FEATURE [ARG=yes] >> --enable-werror-always enable -Werror despite compiler version >> --enable-twoprocess Use a separate process to apply the fixes >> + --enable-host-pie build host code as PIE >> --enable-maintainer-mode enable make rules and dependencies not useful >> (and sometimes confusing) to the casual installer >> >> @@ -4835,6 +4839,15 @@ $as_echo "#define SEPARATE_FIX_PROC 1" >>confdefs.h >> >> fi >> >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie >> +fi >> + >> + >> + >> + >> case $host in >> vax-dec-bsd* ) >> >> diff --git a/fixincludes/configure.ac b/fixincludes/configure.ac >> index ef2227e3c93..4e78511d20f 100644 >> --- a/fixincludes/configure.ac >> +++ b/fixincludes/configure.ac >> @@ -68,6 +68,14 @@ if test $TARGET = twoprocess; then >> [Define if testing and fixing are done by separate process]) >> fi >> >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])], >> +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) >> +AC_SUBST(PICFLAG) >> +AC_SUBST(LD_PICFLAG) >> + >> case $host in >> vax-dec-bsd* ) >> AC_DEFINE(exit, xexit, [Define to xexit if the host system does not support atexit]) >> diff --git a/gcc/Makefile.in b/gcc/Makefile.in >> index bb63b5c501d..860fd9af81a 100644 >> --- a/gcc/Makefile.in >> +++ b/gcc/Makefile.in >> @@ -158,6 +158,9 @@ LDFLAGS = @LDFLAGS@ >> # Should we build position-independent host code? >> PICFLAG = @PICFLAG@ >> >> +# The linker flag for the above. >> +LD_PICFLAG = @LD_PICFLAG@ >> + >> # Flags to determine code coverage. When coverage is disabled, this will >> # contain the optimization flags, as you normally want code coverage >> # without optimization. >> @@ -283,19 +286,19 @@ LINKER = $(CC) >> LINKER_FLAGS = $(CFLAGS) >> endif >> >> +enable_host_pie = @enable_host_pie@ >> + >> # Enable Intel CET on Intel CET enabled host if needed. >> CET_HOST_FLAGS = @CET_HOST_FLAGS@ >> COMPILER += $(CET_HOST_FLAGS) >> >> -NO_PIE_CFLAGS = @NO_PIE_CFLAGS@ >> -NO_PIE_FLAG = @NO_PIE_FLAG@ >> DO_LINK_MUTEX = @DO_LINK_MUTEX@ >> >> -# We don't want to compile the compilers with -fPIE, it make PCH fail. >> -COMPILER += $(NO_PIE_CFLAGS) >> +# Maybe compile the compilers with -fPIE or -fPIC. >> +COMPILER += $(PICFLAG) >> >> -# Link with -no-pie since we compile the compiler with -fno-PIE. >> -LINKER += $(NO_PIE_FLAG) >> +# Link with -pie, or -no-pie, depending on the above. >> +LINKER += $(LD_PICFLAG) >> >> # Like LINKER, but use a mutex for serializing front end links. >> ifeq (@DO_LINK_MUTEX@,true) >> @@ -1067,7 +1070,7 @@ RTL_SSA_H = $(PRETTY_PRINT_H) insn-config.h splay-tree-utils.h \ >> # programs built during a bootstrap. >> # autoconf inserts -DCROSS_DIRECTORY_STRUCTURE if we are building a >> # cross compiler which does not use the native headers and libraries. >> -INTERNAL_CFLAGS = -DIN_GCC $(PICFLAG) @CROSS@ >> +INTERNAL_CFLAGS = -DIN_GCC @CROSS@ >> >> # This is the variable actually used when we compile. If you change this, >> # you probably want to update BUILD_CFLAGS in configure.ac >> @@ -1085,21 +1088,24 @@ ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ >> ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS) >> >> # This is the variable to use when using $(COMPILER). >> -ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) >> +ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) $(PICFLAG) >> >> # This is the variable to use when using $(LINKER). >> -ALL_LINKERFLAGS = $(ALL_CXXFLAGS) >> +ALL_LINKERFLAGS = $(ALL_CXXFLAGS) $(LD_PICFLAG) >> >> # Build and host support libraries. >> >> -# Use the "pic" build of libiberty if --enable-host-shared, unless we are >> -# building for mingw. >> +# Use the "pic" build of libiberty if --enable-host-shared or --enable-host-pie, >> +# unless we are building for mingw. >> LIBIBERTY_PICDIR=$(if $(findstring mingw,$(target)),,pic) >> -ifeq ($(enable_host_shared),yes) >> +ifneq ($(enable_host_shared)$(enable_host_pie),) >> LIBIBERTY = ../libiberty/$(LIBIBERTY_PICDIR)/libiberty.a >> -BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a >> else >> LIBIBERTY = ../libiberty/libiberty.a >> +endif >> +ifeq ($(enable_host_shared),yes) >> +BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a >> +else >> BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/libiberty.a >> endif >> >> diff --git a/gcc/configure b/gcc/configure >> index 191f68581b3..629446ecf3b 100755 >> --- a/gcc/configure >> +++ b/gcc/configure >> @@ -632,10 +632,10 @@ ac_includes_default="\ >> ac_subst_vars='LTLIBOBJS >> LIBOBJS >> CET_HOST_FLAGS >> -NO_PIE_FLAG >> -NO_PIE_CFLAGS >> -enable_default_pie >> +LD_PICFLAG >> PICFLAG >> +enable_default_pie >> +enable_host_pie >> enable_host_shared >> enable_plugin >> pluginlibs >> @@ -1030,6 +1030,7 @@ enable_link_serialization >> enable_version_specific_runtime_libs >> enable_plugin >> enable_host_shared >> +enable_host_pie >> enable_libquadmath_support >> with_linker_hash_style >> with_diagnostics_color >> @@ -1792,6 +1793,7 @@ Optional Features: >> in a compiler-specific directory >> --enable-plugin enable plugin support >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> --disable-libquadmath-support >> disable libquadmath support for Fortran >> --enable-default-pie enable Position Independent Executable as default >> @@ -19850,7 +19852,7 @@ else >> lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 >> lt_status=$lt_dlunknown >> cat > conftest.$ac_ext <<_LT_EOF >> -#line 19853 "configure" >> +#line 19867 "configure" >> #include "confdefs.h" >> >> #if HAVE_DLFCN_H >> @@ -19956,7 +19958,7 @@ else >> lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 >> lt_status=$lt_dlunknown >> cat > conftest.$ac_ext <<_LT_EOF >> -#line 19959 "configure" >> +#line 19973 "configure" >> #include "confdefs.h" >> >> #if HAVE_DLFCN_H >> @@ -32090,13 +32092,17 @@ fi >> # Enable --enable-host-shared >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> -else >> - PICFLAG= >> + enableval=$enable_host_shared; >> fi >> >> >> >> +# Enable --enable-host-pie >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> >> >> # Check whether --enable-libquadmath-support was given. >> @@ -32250,10 +32256,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext >> fi >> { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5 >> $as_echo "$gcc_cv_c_no_fpie" >&6; } >> -if test "$gcc_cv_c_no_fpie" = "yes"; then >> - NO_PIE_CFLAGS="-fno-PIE" >> -fi >> - >> >> # Check if -no-pie works. >> { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5 >> @@ -32278,11 +32280,28 @@ rm -f core conftest.err conftest.$ac_objext \ >> fi >> { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5 >> $as_echo "$gcc_cv_no_pie" >&6; } >> -if test "$gcc_cv_no_pie" = "yes"; then >> - NO_PIE_FLAG="-no-pie" >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +elif test x$gcc_cv_c_no_fpie = xyes; then >> + PICFLAG=-fno-PIE >> +else >> + PICFLAG= >> +fi >> + >> +if test x$enable_host_pie = xyes; then >> + LD_PICFLAG=-pie >> +elif test x$gcc_cv_no_pie = xyes; then >> + LD_PICFLAG=-no-pie >> +else >> + LD_PICFLAG= >> fi >> >> >> + >> + >> # Enable Intel CET on Intel CET enabled host if jit is enabled. >> # Check whether --enable-cet was given. >> if test "${enable_cet+set}" = set; then : >> diff --git a/gcc/configure.ac b/gcc/configure.ac >> index 075424669c9..9c69a55668e 100644 >> --- a/gcc/configure.ac >> +++ b/gcc/configure.ac >> @@ -7418,11 +7418,14 @@ fi >> # Enable --enable-host-shared >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> + [build host code as shared libraries])]) >> AC_SUBST(enable_host_shared) >> -AC_SUBST(PICFLAG) >> >> +# Enable --enable-host-pie >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> >> AC_ARG_ENABLE(libquadmath-support, >> [AS_HELP_STRING([--disable-libquadmath-support], >> @@ -7544,10 +7547,6 @@ AC_CACHE_CHECK([for -fno-PIE option], >> [gcc_cv_c_no_fpie=yes], >> [gcc_cv_c_no_fpie=no]) >> CXXFLAGS="$saved_CXXFLAGS"]) >> -if test "$gcc_cv_c_no_fpie" = "yes"; then >> - NO_PIE_CFLAGS="-fno-PIE" >> -fi >> -AC_SUBST([NO_PIE_CFLAGS]) >> >> # Check if -no-pie works. >> AC_CACHE_CHECK([for -no-pie option], >> @@ -7558,10 +7557,27 @@ AC_CACHE_CHECK([for -no-pie option], >> [gcc_cv_no_pie=yes], >> [gcc_cv_no_pie=no]) >> LDFLAGS="$saved_LDFLAGS"]) >> -if test "$gcc_cv_no_pie" = "yes"; then >> - NO_PIE_FLAG="-no-pie" >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +elif test x$gcc_cv_c_no_fpie = xyes; then >> + PICFLAG=-fno-PIE >> +else >> + PICFLAG= >> fi >> -AC_SUBST([NO_PIE_FLAG]) >> + >> +if test x$enable_host_pie = xyes; then >> + LD_PICFLAG=-pie >> +elif test x$gcc_cv_no_pie = xyes; then >> + LD_PICFLAG=-no-pie >> +else >> + LD_PICFLAG= >> +fi >> + >> +AC_SUBST([PICFLAG]) >> +AC_SUBST([LD_PICFLAG]) >> >> # Enable Intel CET on Intel CET enabled host if jit is enabled. >> GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) >> diff --git a/gcc/d/Make-lang.in b/gcc/d/Make-lang.in >> index 1679fb81097..4fbf2096416 100644 >> --- a/gcc/d/Make-lang.in >> +++ b/gcc/d/Make-lang.in >> @@ -64,7 +64,7 @@ ALL_DFLAGS = $(DFLAGS-$@) $(GDCFLAGS) -fversion=IN_GCC $(CHECKING_DFLAGS) \ >> $(PICFLAG) $(ALIASING_FLAGS) $(NOEXCEPTION_DFLAGS) $(COVERAGE_FLAGS) \ >> $(WARN_DFLAGS) >> >> -DCOMPILE.base = $(GDC) $(NO_PIE_CFLAGS) -c $(ALL_DFLAGS) -o $@ >> +DCOMPILE.base = $(GDC) -c $(ALL_DFLAGS) -o $@ >> DCOMPILE = $(DCOMPILE.base) -MT $@ -MMD -MP -MF $(@D)/$(DEPDIR)/$(*F).TPo >> DPOSTCOMPILE = @mv $(@D)/$(DEPDIR)/$(*F).TPo $(@D)/$(DEPDIR)/$(*F).Po >> DLINKER = $(GDC) $(NO_PIE_FLAG) -lstdc++ >> diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi >> index fa91ce1953d..2248308dbdf 100644 >> --- a/gcc/doc/install.texi >> +++ b/gcc/doc/install.texi >> @@ -1072,14 +1072,26 @@ code. >> >> @item --enable-host-shared >> Specify that the @emph{host} code should be built into position-independent >> -machine code (with -fPIC), allowing it to be used within shared libraries, >> -but yielding a slightly slower compiler. >> +machine code (with @option{-fPIC}), allowing it to be used within shared >> +libraries, but yielding a slightly slower compiler. >> >> This option is required when building the libgccjit.so library. >> >> Contrast with @option{--enable-shared}, which affects @emph{target} >> libraries. >> >> +@item --enable-host-pie >> +Specify that the @emph{host} executables should be built into >> +position-independent executables (with @option{-fPIE} and @option{-pie}), >> +yielding a slightly slower compiler (but faster than >> +@option{--enable-host-shared}). Position-independent executables are loaded >> +at random addresses each time they are executed, therefore provide additional >> +protection against Return Oriented Programming (ROP) attacks. >> + >> +@option{--enable-host-pie}) may be used with @option{--enable-host-shared}), >> +in which case @option{-fPIC} is used when compiling, and @option{-pie} when >> +linking. >> + >> @item @anchor{with-gnu-as}--with-gnu-as >> Specify that the compiler should assume that the >> assembler it finds is the GNU assembler. However, this does not modify >> diff --git a/intl/Makefile.in b/intl/Makefile.in >> index 409d693c48e..5beebdc152c 100644 >> --- a/intl/Makefile.in >> +++ b/intl/Makefile.in >> @@ -54,7 +54,7 @@ CTAGS = @CTAGS@ >> ETAGS = @ETAGS@ >> MKID = @MKID@ >> >> -COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(DEFS-$@) $(INCLUDES) >> +COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) @PICFLAG@ $(DEFS) $(DEFS-$@) $(INCLUDES) >> >> HEADERS = \ >> gmo.h \ >> diff --git a/intl/configure b/intl/configure >> index 03f40487a92..79bb5831a47 100755 >> --- a/intl/configure >> +++ b/intl/configure >> @@ -623,6 +623,8 @@ ac_header_list= >> ac_subst_vars='LTLIBOBJS >> LIBOBJS >> PICFLAG >> +enable_host_pie >> +enable_host_shared >> BISON3_NO >> BISON3_YES >> INCINTL >> @@ -731,6 +733,7 @@ with_libintl_prefix >> with_libintl_type >> enable_maintainer_mode >> enable_host_shared >> +enable_host_pie >> ' >> ac_precious_vars='build_alias >> host_alias >> @@ -1356,6 +1359,7 @@ Optional Features: >> --disable-rpath do not hardcode runtime library paths >> --enable-maintainer-mode enable rules only needed by maintainers >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> >> Optional Packages: >> --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] >> @@ -6852,15 +6856,31 @@ fi >> >> >> >> +# Enable --enable-host-shared. >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> + enableval=$enable_host_shared; >> +fi >> + >> + >> + >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> else >> PICFLAG= >> fi >> >> >> - >> ac_config_files="$ac_config_files Makefile config.intl" >> >> cat >confcache <<\_ACEOF >> diff --git a/intl/configure.ac b/intl/configure.ac >> index 16a740aa230..81aa831f59f 100644 >> --- a/intl/configure.ac >> +++ b/intl/configure.ac >> @@ -83,10 +83,25 @@ fi >> AC_SUBST(BISON3_YES) >> AC_SUBST(BISON3_NO) >> >> +# Enable --enable-host-shared. >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> + [build host code as shared libraries])]) >> +AC_SUBST(enable_host_shared) >> + >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> AC_SUBST(PICFLAG) >> >> AC_CONFIG_FILES(Makefile config.intl) >> diff --git a/libcody/Makefile.in b/libcody/Makefile.in >> index bb87468cb9a..cb01b0092d8 100644 >> --- a/libcody/Makefile.in >> +++ b/libcody/Makefile.in >> @@ -31,7 +31,7 @@ endif >> CXXOPTS += $(filter-out -DHAVE_CONFIG_H,@DEFS@) -include config.h >> >> # Linker options >> -LDFLAGS := @LDFLAGS@ >> +LDFLAGS := @LDFLAGS@ @LD_PICFLAG@ >> LIBS := @LIBS@ >> >> # Per-source & per-directory compile flags (warning: recursive) >> diff --git a/libcody/configure b/libcody/configure >> index da52a5cfca5..0e536c0ccb0 100755 >> --- a/libcody/configure >> +++ b/libcody/configure >> @@ -591,7 +591,10 @@ configure_args >> AR >> RANLIB >> EXCEPTIONS >> +LD_PICFLAG >> PICFLAG >> +enable_host_pie >> +enable_host_shared >> OBJEXT >> EXEEXT >> ac_ct_CXX >> @@ -653,6 +656,7 @@ enable_maintainer_mode >> with_compiler >> enable_checking >> enable_host_shared >> +enable_host_pie >> enable_exceptions >> ' >> ac_precious_vars='build_alias >> @@ -1286,6 +1290,7 @@ Optional Features: >> yes,no,all,none,release. Flags are: misc,valgrind or >> other strings >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> --enable-exceptions enable exceptions & rtti >> >> Optional Packages: >> @@ -2635,11 +2640,34 @@ fi >> # Enable --enable-host-shared. >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> + enableval=$enable_host_shared; >> +fi >> + >> + >> + >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> else >> PICFLAG= >> fi >> >> +if test x$enable_host_pie = xyes; then >> + LD_PICFLAG=-pie >> +else >> + LD_PICFLAG= >> +fi >> + >> + >> >> >> # Check whether --enable-exceptions was given. >> diff --git a/libcody/configure.ac b/libcody/configure.ac >> index 960191ecb72..14e8dd4a226 100644 >> --- a/libcody/configure.ac >> +++ b/libcody/configure.ac >> @@ -63,9 +63,31 @@ fi >> # Enable --enable-host-shared. >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> + [build host code as shared libraries])]) >> +AC_SUBST(enable_host_shared) >> + >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> + >> +if test x$enable_host_pie = xyes; then >> + LD_PICFLAG=-pie >> +else >> + LD_PICFLAG= >> +fi >> + >> AC_SUBST(PICFLAG) >> +AC_SUBST(LD_PICFLAG) >> >> NMS_ENABLE_EXCEPTIONS >> >> diff --git a/libcpp/configure b/libcpp/configure >> index e9937cde330..1389ddab544 100755 >> --- a/libcpp/configure >> +++ b/libcpp/configure >> @@ -625,6 +625,8 @@ ac_includes_default="\ >> ac_subst_vars='LTLIBOBJS >> CET_HOST_FLAGS >> PICFLAG >> +enable_host_pie >> +enable_host_shared >> MAINT >> USED_CATALOGS >> PACKAGE >> @@ -738,6 +740,7 @@ enable_maintainer_mode >> enable_checking >> enable_canonical_system_headers >> enable_host_shared >> +enable_host_pie >> enable_cet >> enable_valgrind_annotations >> ' >> @@ -1379,6 +1382,7 @@ Optional Features: >> --enable-canonical-system-headers >> enable or disable system headers canonicalization >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> --enable-cet enable Intel CET in host libraries [default=auto] >> --enable-valgrind-annotations >> enable valgrind runtime interaction >> @@ -7605,7 +7609,23 @@ esac >> # Enable --enable-host-shared. >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> + enableval=$enable_host_shared; >> +fi >> + >> + >> + >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> else >> PICFLAG= >> fi >> diff --git a/libcpp/configure.ac b/libcpp/configure.ac >> index 89ac99b04bd..b29b4d6acf1 100644 >> --- a/libcpp/configure.ac >> +++ b/libcpp/configure.ac >> @@ -211,8 +211,23 @@ esac >> # Enable --enable-host-shared. >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> + [build host code as shared libraries])]) >> +AC_SUBST(enable_host_shared) >> + >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> + >> AC_SUBST(PICFLAG) >> >> # Enable Intel CET on Intel CET enabled host if jit is enabled. >> diff --git a/libdecnumber/configure b/libdecnumber/configure >> index fb6db05565a..84bc4ffc767 100755 >> --- a/libdecnumber/configure >> +++ b/libdecnumber/configure >> @@ -626,6 +626,8 @@ ac_subst_vars='LTLIBOBJS >> LIBOBJS >> CET_HOST_FLAGS >> PICFLAG >> +enable_host_pie >> +enable_host_shared >> ADDITIONAL_OBJS >> enable_decimal_float >> target_os >> @@ -706,6 +708,7 @@ enable_werror_always >> enable_maintainer_mode >> enable_decimal_float >> enable_host_shared >> +enable_host_pie >> enable_cet >> ' >> ac_precious_vars='build_alias >> @@ -1338,6 +1341,7 @@ Optional Features: >> or 'dpd' choses which decimal floating point format >> to use >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> --enable-cet enable Intel CET in host libraries [default=auto] >> >> Some influential environment variables: >> @@ -5186,7 +5190,23 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h >> # Enable --enable-host-shared. >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> + enableval=$enable_host_shared; >> +fi >> + >> + >> + >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> else >> PICFLAG= >> fi >> diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac >> index aafd06f8a64..30a51ca410b 100644 >> --- a/libdecnumber/configure.ac >> +++ b/libdecnumber/configure.ac >> @@ -100,8 +100,23 @@ AC_C_BIGENDIAN >> # Enable --enable-host-shared. >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> + [build host code as shared libraries])]) >> +AC_SUBST(enable_host_shared) >> + >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> + >> AC_SUBST(PICFLAG) >> >> # Enable Intel CET on Intel CET enabled host if jit is enabled. >> diff --git a/libiberty/configure b/libiberty/configure >> index 860f981fa18..b8a19c42110 100755 >> --- a/libiberty/configure >> +++ b/libiberty/configure >> @@ -5258,8 +5258,8 @@ case "${enable_shared}" in >> *) shared=yes ;; >> esac >> >> -# ...unless --enable-host-shared was passed from top-level config: >> -if [ "${enable_host_shared}" = "yes" ]; then >> +# ...unless --enable-host-{shared,pie} was passed from top-level config: >> +if [ "${enable_host_shared}" = "yes" ] || [ "${enable_host_pie}" = "yes" ]; then >> shared=yes >> fi >> >> diff --git a/libiberty/configure.ac b/libiberty/configure.ac >> index 28d996f9cf7..6747a7b5cff 100644 >> --- a/libiberty/configure.ac >> +++ b/libiberty/configure.ac >> @@ -233,8 +233,8 @@ case "${enable_shared}" in >> *) shared=yes ;; >> esac >> >> -# ...unless --enable-host-shared was passed from top-level config: >> -if [[ "${enable_host_shared}" = "yes" ]]; then >> +# ...unless --enable-host-{shared,pie} was passed from top-level config: >> +if [[ "${enable_host_shared}" = "yes" ]] || [[ "${enable_host_pie}" = "yes" ]]; then >> shared=yes >> fi >> >> diff --git a/zlib/configure b/zlib/configure >> index e35ac6e7e17..77be6c284e3 100755 >> --- a/zlib/configure >> +++ b/zlib/configure >> @@ -635,6 +635,8 @@ am__EXEEXT_TRUE >> LTLIBOBJS >> LIBOBJS >> PICFLAG >> +enable_host_pie >> +enable_host_shared >> TARGET_LIBRARY_FALSE >> TARGET_LIBRARY_TRUE >> toolexeclibdir >> @@ -778,6 +780,7 @@ with_gnu_ld >> enable_libtool_lock >> with_toolexeclibdir >> enable_host_shared >> +enable_host_pie >> ' >> ac_precious_vars='build_alias >> host_alias >> @@ -1420,6 +1423,7 @@ Optional Features: >> optimize for fast installation [default=yes] >> --disable-libtool-lock avoid locking (might break parallel builds) >> --enable-host-shared build host code as shared libraries >> + --enable-host-pie build host code as PIE >> >> Optional Packages: >> --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] >> @@ -10759,7 +10763,7 @@ else >> lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 >> lt_status=$lt_dlunknown >> cat > conftest.$ac_ext <<_LT_EOF >> -#line 10762 "configure" >> +#line 10778 "configure" >> #include "confdefs.h" >> >> #if HAVE_DLFCN_H >> @@ -10865,7 +10869,7 @@ else >> lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 >> lt_status=$lt_dlunknown >> cat > conftest.$ac_ext <<_LT_EOF >> -#line 10868 "configure" >> +#line 10884 "configure" >> #include "confdefs.h" >> >> #if HAVE_DLFCN_H >> @@ -11548,15 +11552,31 @@ else >> multilib_arg= >> fi >> >> +# Enable --enable-host-shared. >> # Check whether --enable-host-shared was given. >> if test "${enable_host_shared+set}" = set; then : >> - enableval=$enable_host_shared; PICFLAG=-fPIC >> + enableval=$enable_host_shared; >> +fi >> + >> + >> + >> +# Enable --enable-host-pie. >> +# Check whether --enable-host-pie was given. >> +if test "${enable_host_pie+set}" = set; then : >> + enableval=$enable_host_pie; >> +fi >> + >> + >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> else >> PICFLAG= >> fi >> >> >> - >> ac_config_files="$ac_config_files Makefile" >> >> cat >confcache <<\_ACEOF >> diff --git a/zlib/configure.ac b/zlib/configure.ac >> index be1cfe29651..adf7aad4e51 100644 >> --- a/zlib/configure.ac >> +++ b/zlib/configure.ac >> @@ -122,11 +122,26 @@ else >> multilib_arg= >> fi >> >> +# Enable --enable-host-shared. >> AC_ARG_ENABLE(host-shared, >> [AS_HELP_STRING([--enable-host-shared], >> - [build host code as shared libraries])], >> -[PICFLAG=-fPIC], [PICFLAG=]) >> -AC_SUBST(PICFLAG) >> + [build host code as shared libraries])]) >> +AC_SUBST(enable_host_shared) >> + >> +# Enable --enable-host-pie. >> +AC_ARG_ENABLE(host-pie, >> +[AS_HELP_STRING([--enable-host-pie], >> + [build host code as PIE])]) >> +AC_SUBST(enable_host_pie) >> + >> +if test x$enable_host_shared = xyes; then >> + PICFLAG=-fPIC >> +elif test x$enable_host_pie = xyes; then >> + PICFLAG=-fPIE >> +else >> + PICFLAG= >> +fi >> >> +AC_SUBST(PICFLAG) >> AC_CONFIG_FILES([Makefile]) >> AC_OUTPUT >> >> base-commit: bbb6cf926f1732559b3a8aaf2796d34e8651c066 >> -- >> 2.40.1 >> > > Marek >
diff --git a/c++tools/Makefile.in b/c++tools/Makefile.in index 77bda3d56dc..dcb1029e064 100644 --- a/c++tools/Makefile.in +++ b/c++tools/Makefile.in @@ -29,8 +29,9 @@ AUTOCONF := @AUTOCONF@ AUTOHEADER := @AUTOHEADER@ CXX := @CXX@ CXXFLAGS := @CXXFLAGS@ -PIEFLAG := @PIEFLAG@ -CXXOPTS := $(CXXFLAGS) $(PIEFLAG) -fno-exceptions -fno-rtti +PICFLAG := @PICFLAG@ +LD_PICFLAG := @LD_PICFLAG@ +CXXOPTS := $(CXXFLAGS) $(PICFLAG) -fno-exceptions -fno-rtti LDFLAGS := @LDFLAGS@ exeext := @EXEEXT@ LIBIBERTY := ../libiberty/libiberty.a @@ -90,11 +91,15 @@ ifeq (@CXX_AUX_TOOLS@,yes) all::g++-mapper-server$(exeext) +ifneq ($(PICFLAG),) +override LIBIBERTY := ../libiberty/pic/libiberty.a +endif + MAPPER.O := server.o resolver.o CODYLIB = ../libcody/libcody.a CXXINC += -I$(srcdir)/../libcody -I$(srcdir)/../include -I$(srcdir)/../gcc -I. -I../gcc g++-mapper-server$(exeext): $(MAPPER.O) $(CODYLIB) - +$(CXX) $(LDFLAGS) $(PIEFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) + +$(CXX) $(LDFLAGS) $(PICFLAG) $(LD_PICFLAG) -o $@ $^ $(LIBIBERTY) $(NETLIBS) # copy to gcc dir so tests there can run all::../gcc/g++-mapper-server$(exeext) diff --git a/c++tools/configure b/c++tools/configure index 742816e4253..88087009383 100755 --- a/c++tools/configure +++ b/c++tools/configure @@ -627,7 +627,8 @@ get_gcc_base_ver EGREP GREP CXXCPP -PIEFLAG +LD_PICFLAG +PICFLAG MAINTAINER CXX_AUX_TOOLS AUTOHEADER @@ -700,6 +701,7 @@ enable_c___tools enable_maintainer_mode enable_checking enable_default_pie +enable_host_pie with_gcc_major_version_only ' ac_precious_vars='build_alias @@ -1333,6 +1335,7 @@ Optional Features: only specific categories of checks. Categories are: yes,no,all,none,release. --enable-default-pie enable Position Independent Executable as default + --enable-host-pie build host code as PIE Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -2990,12 +2993,20 @@ fi # Check whether --enable-default-pie was given. # Check whether --enable-default-pie was given. if test "${enable_default_pie+set}" = set; then : - enableval=$enable_default_pie; PIEFLAG=-fPIE + enableval=$enable_default_pie; PICFLAG=-fPIE else - PIEFLAG= + PICFLAG= fi +# Enable --enable-host-pie +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie +fi + + + # Check if O_CLOEXEC is defined by fcntl diff --git a/c++tools/configure.ac b/c++tools/configure.ac index 23e98c8e721..44dfaccbbfa 100644 --- a/c++tools/configure.ac +++ b/c++tools/configure.ac @@ -102,8 +102,15 @@ fi AC_ARG_ENABLE(default-pie, [AS_HELP_STRING([--enable-default-pie], [enable Position Independent Executable as default])], -[PIEFLAG=-fPIE], [PIEFLAG=]) -AC_SUBST([PIEFLAG]) +[PICFLAG=-fPIE], [PICFLAG=]) + +# Enable --enable-host-pie +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])], +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) +AC_SUBST(PICFLAG) +AC_SUBST(LD_PICFLAG) # Check if O_CLOEXEC is defined by fcntl AC_CACHE_CHECK(for O_CLOEXEC, ac_cv_o_cloexec, [ diff --git a/configure b/configure index 0494e2fa2bf..f5cf9b84c06 100755 --- a/configure +++ b/configure @@ -687,6 +687,8 @@ extra_host_zlib_configure_flags extra_host_libiberty_configure_flags stage1_languages host_libs_picflag +PICFLAG +enable_host_pie host_shared extra_linker_plugin_flags extra_linker_plugin_configure_flags @@ -831,6 +833,7 @@ enable_lto enable_linker_plugin_configure_flags enable_linker_plugin_flags enable_host_shared +enable_host_pie enable_stage1_languages enable_objc_gc with_target_bdw_gc @@ -1559,6 +1562,7 @@ Optional Features: additional flags for configuring and building linker plugins [none] --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE --enable-stage1-languages[=all] choose additional languages to build during stage1. Mostly useful for compiler development @@ -8669,11 +8673,29 @@ fi +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + + + # If we are building PIC/PIE host executables, and we are building dependent # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC # code. host_libs_picflag= -if test "$host_shared" = "yes";then +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then host_libs_picflag='--with-pic' fi diff --git a/configure.ac b/configure.ac index f5cce5830bc..2a85834f2b6 100644 --- a/configure.ac +++ b/configure.ac @@ -1913,11 +1913,27 @@ AC_ARG_ENABLE(host-shared, AC_SUBST(host_shared) +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + +AC_SUBST(PICFLAG) + # If we are building PIC/PIE host executables, and we are building dependent # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC # code. host_libs_picflag= -if test "$host_shared" = "yes";then +if test "$host_shared" = "yes" -o "$enable_host_pie" = "yes"; then host_libs_picflag='--with-pic' fi AC_SUBST(host_libs_picflag) diff --git a/fixincludes/Makefile.in b/fixincludes/Makefile.in index 1937dcaa32d..e6ce41dba39 100644 --- a/fixincludes/Makefile.in +++ b/fixincludes/Makefile.in @@ -73,7 +73,7 @@ default : all # Now figure out from those variables how to compile and link. .c.o: - $(CC) -c $(CFLAGS) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< + $(CC) -c $(CFLAGS) $(PICFLAG) $(WARN_CFLAGS) $(CPPFLAGS) $(FIXINC_CFLAGS) $< # The only suffixes we want for implicit rules are .c and .o. .SUFFIXES: @@ -87,7 +87,11 @@ default : all ## ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +ifeq ($(PICFLAG),) LIBIBERTY=../libiberty/libiberty.a +else +LIBIBERTY=../libiberty/pic/libiberty.a +endif ALLOBJ = fixincl.o fixtests.o fixfixes.o server.o procopen.o \ fixlib.o fixopts.o @@ -107,15 +111,15 @@ oneprocess : full-stamp twoprocess : test-stamp $(AF) full-stamp : $(ALLOBJ) $(LIBIBERTY) - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(ALLOBJ) $(LIBIBERTY) + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(ALLOBJ) $(LIBIBERTY) $(STAMP) $@ test-stamp : $(TESTOBJ) $(LIBIBERTY) - $(CC) $(CFLAGS) $(LDFLAGS) -o $(FI) $(TESTOBJ) $(LIBIBERTY) + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $(FI) $(TESTOBJ) $(LIBIBERTY) $(STAMP) $@ $(AF): $(FIXOBJ) $(LIBIBERTY) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(FIXOBJ) $(LIBIBERTY) + $(CC) $(CFLAGS) $(PICFLAG) $(LDFLAGS) $(LD_PICFLAG) -o $@ $(FIXOBJ) $(LIBIBERTY) $(ALLOBJ) : $(HDR) fixincl.o : fixincl.c $(srcdir)/fixincl.x diff --git a/fixincludes/configure b/fixincludes/configure index bdcc41f6ddc..f1748ebef74 100755 --- a/fixincludes/configure +++ b/fixincludes/configure @@ -623,6 +623,8 @@ ac_subst_vars='LTLIBOBJS LIBOBJS get_gcc_base_ver MAINT +LD_PICFLAG +PICFLAG TARGET target_noncanonical WERROR @@ -695,6 +697,7 @@ enable_option_checking enable_werror_always with_local_prefix enable_twoprocess +enable_host_pie enable_maintainer_mode with_gcc_major_version_only ' @@ -1323,6 +1326,7 @@ Optional Features: --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-werror-always enable -Werror despite compiler version --enable-twoprocess Use a separate process to apply the fixes + --enable-host-pie build host code as PIE --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer @@ -4835,6 +4839,15 @@ $as_echo "#define SEPARATE_FIX_PROC 1" >>confdefs.h fi +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie +fi + + + + case $host in vax-dec-bsd* ) diff --git a/fixincludes/configure.ac b/fixincludes/configure.ac index ef2227e3c93..4e78511d20f 100644 --- a/fixincludes/configure.ac +++ b/fixincludes/configure.ac @@ -68,6 +68,14 @@ if test $TARGET = twoprocess; then [Define if testing and fixing are done by separate process]) fi +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])], +[PICFLAG=-fPIE; LD_PICFLAG=-pie], []) +AC_SUBST(PICFLAG) +AC_SUBST(LD_PICFLAG) + case $host in vax-dec-bsd* ) AC_DEFINE(exit, xexit, [Define to xexit if the host system does not support atexit]) diff --git a/gcc/Makefile.in b/gcc/Makefile.in index bb63b5c501d..860fd9af81a 100644 --- a/gcc/Makefile.in +++ b/gcc/Makefile.in @@ -158,6 +158,9 @@ LDFLAGS = @LDFLAGS@ # Should we build position-independent host code? PICFLAG = @PICFLAG@ +# The linker flag for the above. +LD_PICFLAG = @LD_PICFLAG@ + # Flags to determine code coverage. When coverage is disabled, this will # contain the optimization flags, as you normally want code coverage # without optimization. @@ -283,19 +286,19 @@ LINKER = $(CC) LINKER_FLAGS = $(CFLAGS) endif +enable_host_pie = @enable_host_pie@ + # Enable Intel CET on Intel CET enabled host if needed. CET_HOST_FLAGS = @CET_HOST_FLAGS@ COMPILER += $(CET_HOST_FLAGS) -NO_PIE_CFLAGS = @NO_PIE_CFLAGS@ -NO_PIE_FLAG = @NO_PIE_FLAG@ DO_LINK_MUTEX = @DO_LINK_MUTEX@ -# We don't want to compile the compilers with -fPIE, it make PCH fail. -COMPILER += $(NO_PIE_CFLAGS) +# Maybe compile the compilers with -fPIE or -fPIC. +COMPILER += $(PICFLAG) -# Link with -no-pie since we compile the compiler with -fno-PIE. -LINKER += $(NO_PIE_FLAG) +# Link with -pie, or -no-pie, depending on the above. +LINKER += $(LD_PICFLAG) # Like LINKER, but use a mutex for serializing front end links. ifeq (@DO_LINK_MUTEX@,true) @@ -1067,7 +1070,7 @@ RTL_SSA_H = $(PRETTY_PRINT_H) insn-config.h splay-tree-utils.h \ # programs built during a bootstrap. # autoconf inserts -DCROSS_DIRECTORY_STRUCTURE if we are building a # cross compiler which does not use the native headers and libraries. -INTERNAL_CFLAGS = -DIN_GCC $(PICFLAG) @CROSS@ +INTERNAL_CFLAGS = -DIN_GCC @CROSS@ # This is the variable actually used when we compile. If you change this, # you probably want to update BUILD_CFLAGS in configure.ac @@ -1085,21 +1088,24 @@ ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS) # This is the variable to use when using $(COMPILER). -ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) +ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) $(PICFLAG) # This is the variable to use when using $(LINKER). -ALL_LINKERFLAGS = $(ALL_CXXFLAGS) +ALL_LINKERFLAGS = $(ALL_CXXFLAGS) $(LD_PICFLAG) # Build and host support libraries. -# Use the "pic" build of libiberty if --enable-host-shared, unless we are -# building for mingw. +# Use the "pic" build of libiberty if --enable-host-shared or --enable-host-pie, +# unless we are building for mingw. LIBIBERTY_PICDIR=$(if $(findstring mingw,$(target)),,pic) -ifeq ($(enable_host_shared),yes) +ifneq ($(enable_host_shared)$(enable_host_pie),) LIBIBERTY = ../libiberty/$(LIBIBERTY_PICDIR)/libiberty.a -BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a else LIBIBERTY = ../libiberty/libiberty.a +endif +ifeq ($(enable_host_shared),yes) +BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a +else BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/libiberty.a endif diff --git a/gcc/configure b/gcc/configure index 191f68581b3..629446ecf3b 100755 --- a/gcc/configure +++ b/gcc/configure @@ -632,10 +632,10 @@ ac_includes_default="\ ac_subst_vars='LTLIBOBJS LIBOBJS CET_HOST_FLAGS -NO_PIE_FLAG -NO_PIE_CFLAGS -enable_default_pie +LD_PICFLAG PICFLAG +enable_default_pie +enable_host_pie enable_host_shared enable_plugin pluginlibs @@ -1030,6 +1030,7 @@ enable_link_serialization enable_version_specific_runtime_libs enable_plugin enable_host_shared +enable_host_pie enable_libquadmath_support with_linker_hash_style with_diagnostics_color @@ -1792,6 +1793,7 @@ Optional Features: in a compiler-specific directory --enable-plugin enable plugin support --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE --disable-libquadmath-support disable libquadmath support for Fortran --enable-default-pie enable Position Independent Executable as default @@ -19850,7 +19852,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19853 "configure" +#line 19867 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -19956,7 +19958,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19959 "configure" +#line 19973 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -32090,13 +32092,17 @@ fi # Enable --enable-host-shared # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC -else - PICFLAG= + enableval=$enable_host_shared; fi +# Enable --enable-host-pie +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + # Check whether --enable-libquadmath-support was given. @@ -32250,10 +32256,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5 $as_echo "$gcc_cv_c_no_fpie" >&6; } -if test "$gcc_cv_c_no_fpie" = "yes"; then - NO_PIE_CFLAGS="-fno-PIE" -fi - # Check if -no-pie works. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5 @@ -32278,11 +32280,28 @@ rm -f core conftest.err conftest.$ac_objext \ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5 $as_echo "$gcc_cv_no_pie" >&6; } -if test "$gcc_cv_no_pie" = "yes"; then - NO_PIE_FLAG="-no-pie" + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +elif test x$gcc_cv_c_no_fpie = xyes; then + PICFLAG=-fno-PIE +else + PICFLAG= +fi + +if test x$enable_host_pie = xyes; then + LD_PICFLAG=-pie +elif test x$gcc_cv_no_pie = xyes; then + LD_PICFLAG=-no-pie +else + LD_PICFLAG= fi + + # Enable Intel CET on Intel CET enabled host if jit is enabled. # Check whether --enable-cet was given. if test "${enable_cet+set}" = set; then : diff --git a/gcc/configure.ac b/gcc/configure.ac index 075424669c9..9c69a55668e 100644 --- a/gcc/configure.ac +++ b/gcc/configure.ac @@ -7418,11 +7418,14 @@ fi # Enable --enable-host-shared AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) AC_SUBST(enable_host_shared) -AC_SUBST(PICFLAG) +# Enable --enable-host-pie +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) AC_ARG_ENABLE(libquadmath-support, [AS_HELP_STRING([--disable-libquadmath-support], @@ -7544,10 +7547,6 @@ AC_CACHE_CHECK([for -fno-PIE option], [gcc_cv_c_no_fpie=yes], [gcc_cv_c_no_fpie=no]) CXXFLAGS="$saved_CXXFLAGS"]) -if test "$gcc_cv_c_no_fpie" = "yes"; then - NO_PIE_CFLAGS="-fno-PIE" -fi -AC_SUBST([NO_PIE_CFLAGS]) # Check if -no-pie works. AC_CACHE_CHECK([for -no-pie option], @@ -7558,10 +7557,27 @@ AC_CACHE_CHECK([for -no-pie option], [gcc_cv_no_pie=yes], [gcc_cv_no_pie=no]) LDFLAGS="$saved_LDFLAGS"]) -if test "$gcc_cv_no_pie" = "yes"; then - NO_PIE_FLAG="-no-pie" + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +elif test x$gcc_cv_c_no_fpie = xyes; then + PICFLAG=-fno-PIE +else + PICFLAG= fi -AC_SUBST([NO_PIE_FLAG]) + +if test x$enable_host_pie = xyes; then + LD_PICFLAG=-pie +elif test x$gcc_cv_no_pie = xyes; then + LD_PICFLAG=-no-pie +else + LD_PICFLAG= +fi + +AC_SUBST([PICFLAG]) +AC_SUBST([LD_PICFLAG]) # Enable Intel CET on Intel CET enabled host if jit is enabled. GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) diff --git a/gcc/d/Make-lang.in b/gcc/d/Make-lang.in index 1679fb81097..4fbf2096416 100644 --- a/gcc/d/Make-lang.in +++ b/gcc/d/Make-lang.in @@ -64,7 +64,7 @@ ALL_DFLAGS = $(DFLAGS-$@) $(GDCFLAGS) -fversion=IN_GCC $(CHECKING_DFLAGS) \ $(PICFLAG) $(ALIASING_FLAGS) $(NOEXCEPTION_DFLAGS) $(COVERAGE_FLAGS) \ $(WARN_DFLAGS) -DCOMPILE.base = $(GDC) $(NO_PIE_CFLAGS) -c $(ALL_DFLAGS) -o $@ +DCOMPILE.base = $(GDC) -c $(ALL_DFLAGS) -o $@ DCOMPILE = $(DCOMPILE.base) -MT $@ -MMD -MP -MF $(@D)/$(DEPDIR)/$(*F).TPo DPOSTCOMPILE = @mv $(@D)/$(DEPDIR)/$(*F).TPo $(@D)/$(DEPDIR)/$(*F).Po DLINKER = $(GDC) $(NO_PIE_FLAG) -lstdc++ diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi index fa91ce1953d..2248308dbdf 100644 --- a/gcc/doc/install.texi +++ b/gcc/doc/install.texi @@ -1072,14 +1072,26 @@ code. @item --enable-host-shared Specify that the @emph{host} code should be built into position-independent -machine code (with -fPIC), allowing it to be used within shared libraries, -but yielding a slightly slower compiler. +machine code (with @option{-fPIC}), allowing it to be used within shared +libraries, but yielding a slightly slower compiler. This option is required when building the libgccjit.so library. Contrast with @option{--enable-shared}, which affects @emph{target} libraries. +@item --enable-host-pie +Specify that the @emph{host} executables should be built into +position-independent executables (with @option{-fPIE} and @option{-pie}), +yielding a slightly slower compiler (but faster than +@option{--enable-host-shared}). Position-independent executables are loaded +at random addresses each time they are executed, therefore provide additional +protection against Return Oriented Programming (ROP) attacks. + +@option{--enable-host-pie}) may be used with @option{--enable-host-shared}), +in which case @option{-fPIC} is used when compiling, and @option{-pie} when +linking. + @item @anchor{with-gnu-as}--with-gnu-as Specify that the compiler should assume that the assembler it finds is the GNU assembler. However, this does not modify diff --git a/intl/Makefile.in b/intl/Makefile.in index 409d693c48e..5beebdc152c 100644 --- a/intl/Makefile.in +++ b/intl/Makefile.in @@ -54,7 +54,7 @@ CTAGS = @CTAGS@ ETAGS = @ETAGS@ MKID = @MKID@ -COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(DEFS-$@) $(INCLUDES) +COMPILE = $(CC) -c $(CPPFLAGS) $(CFLAGS) @PICFLAG@ $(DEFS) $(DEFS-$@) $(INCLUDES) HEADERS = \ gmo.h \ diff --git a/intl/configure b/intl/configure index 03f40487a92..79bb5831a47 100755 --- a/intl/configure +++ b/intl/configure @@ -623,6 +623,8 @@ ac_header_list= ac_subst_vars='LTLIBOBJS LIBOBJS PICFLAG +enable_host_pie +enable_host_shared BISON3_NO BISON3_YES INCINTL @@ -731,6 +733,7 @@ with_libintl_prefix with_libintl_type enable_maintainer_mode enable_host_shared +enable_host_pie ' ac_precious_vars='build_alias host_alias @@ -1356,6 +1359,7 @@ Optional Features: --disable-rpath do not hardcode runtime library paths --enable-maintainer-mode enable rules only needed by maintainers --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -6852,15 +6856,31 @@ fi +# Enable --enable-host-shared. # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC + enableval=$enable_host_shared; +fi + + + +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE else PICFLAG= fi - ac_config_files="$ac_config_files Makefile config.intl" cat >confcache <<\_ACEOF diff --git a/intl/configure.ac b/intl/configure.ac index 16a740aa230..81aa831f59f 100644 --- a/intl/configure.ac +++ b/intl/configure.ac @@ -83,10 +83,25 @@ fi AC_SUBST(BISON3_YES) AC_SUBST(BISON3_NO) +# Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi AC_SUBST(PICFLAG) AC_CONFIG_FILES(Makefile config.intl) diff --git a/libcody/Makefile.in b/libcody/Makefile.in index bb87468cb9a..cb01b0092d8 100644 --- a/libcody/Makefile.in +++ b/libcody/Makefile.in @@ -31,7 +31,7 @@ endif CXXOPTS += $(filter-out -DHAVE_CONFIG_H,@DEFS@) -include config.h # Linker options -LDFLAGS := @LDFLAGS@ +LDFLAGS := @LDFLAGS@ @LD_PICFLAG@ LIBS := @LIBS@ # Per-source & per-directory compile flags (warning: recursive) diff --git a/libcody/configure b/libcody/configure index da52a5cfca5..0e536c0ccb0 100755 --- a/libcody/configure +++ b/libcody/configure @@ -591,7 +591,10 @@ configure_args AR RANLIB EXCEPTIONS +LD_PICFLAG PICFLAG +enable_host_pie +enable_host_shared OBJEXT EXEEXT ac_ct_CXX @@ -653,6 +656,7 @@ enable_maintainer_mode with_compiler enable_checking enable_host_shared +enable_host_pie enable_exceptions ' ac_precious_vars='build_alias @@ -1286,6 +1290,7 @@ Optional Features: yes,no,all,none,release. Flags are: misc,valgrind or other strings --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE --enable-exceptions enable exceptions & rtti Optional Packages: @@ -2635,11 +2640,34 @@ fi # Enable --enable-host-shared. # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC + enableval=$enable_host_shared; +fi + + + +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE else PICFLAG= fi +if test x$enable_host_pie = xyes; then + LD_PICFLAG=-pie +else + LD_PICFLAG= +fi + + # Check whether --enable-exceptions was given. diff --git a/libcody/configure.ac b/libcody/configure.ac index 960191ecb72..14e8dd4a226 100644 --- a/libcody/configure.ac +++ b/libcody/configure.ac @@ -63,9 +63,31 @@ fi # Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + +if test x$enable_host_pie = xyes; then + LD_PICFLAG=-pie +else + LD_PICFLAG= +fi + AC_SUBST(PICFLAG) +AC_SUBST(LD_PICFLAG) NMS_ENABLE_EXCEPTIONS diff --git a/libcpp/configure b/libcpp/configure index e9937cde330..1389ddab544 100755 --- a/libcpp/configure +++ b/libcpp/configure @@ -625,6 +625,8 @@ ac_includes_default="\ ac_subst_vars='LTLIBOBJS CET_HOST_FLAGS PICFLAG +enable_host_pie +enable_host_shared MAINT USED_CATALOGS PACKAGE @@ -738,6 +740,7 @@ enable_maintainer_mode enable_checking enable_canonical_system_headers enable_host_shared +enable_host_pie enable_cet enable_valgrind_annotations ' @@ -1379,6 +1382,7 @@ Optional Features: --enable-canonical-system-headers enable or disable system headers canonicalization --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE --enable-cet enable Intel CET in host libraries [default=auto] --enable-valgrind-annotations enable valgrind runtime interaction @@ -7605,7 +7609,23 @@ esac # Enable --enable-host-shared. # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC + enableval=$enable_host_shared; +fi + + + +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE else PICFLAG= fi diff --git a/libcpp/configure.ac b/libcpp/configure.ac index 89ac99b04bd..b29b4d6acf1 100644 --- a/libcpp/configure.ac +++ b/libcpp/configure.ac @@ -211,8 +211,23 @@ esac # Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + AC_SUBST(PICFLAG) # Enable Intel CET on Intel CET enabled host if jit is enabled. diff --git a/libdecnumber/configure b/libdecnumber/configure index fb6db05565a..84bc4ffc767 100755 --- a/libdecnumber/configure +++ b/libdecnumber/configure @@ -626,6 +626,8 @@ ac_subst_vars='LTLIBOBJS LIBOBJS CET_HOST_FLAGS PICFLAG +enable_host_pie +enable_host_shared ADDITIONAL_OBJS enable_decimal_float target_os @@ -706,6 +708,7 @@ enable_werror_always enable_maintainer_mode enable_decimal_float enable_host_shared +enable_host_pie enable_cet ' ac_precious_vars='build_alias @@ -1338,6 +1341,7 @@ Optional Features: or 'dpd' choses which decimal floating point format to use --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE --enable-cet enable Intel CET in host libraries [default=auto] Some influential environment variables: @@ -5186,7 +5190,23 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h # Enable --enable-host-shared. # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC + enableval=$enable_host_shared; +fi + + + +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE else PICFLAG= fi diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac index aafd06f8a64..30a51ca410b 100644 --- a/libdecnumber/configure.ac +++ b/libdecnumber/configure.ac @@ -100,8 +100,23 @@ AC_C_BIGENDIAN # Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + AC_SUBST(PICFLAG) # Enable Intel CET on Intel CET enabled host if jit is enabled. diff --git a/libiberty/configure b/libiberty/configure index 860f981fa18..b8a19c42110 100755 --- a/libiberty/configure +++ b/libiberty/configure @@ -5258,8 +5258,8 @@ case "${enable_shared}" in *) shared=yes ;; esac -# ...unless --enable-host-shared was passed from top-level config: -if [ "${enable_host_shared}" = "yes" ]; then +# ...unless --enable-host-{shared,pie} was passed from top-level config: +if [ "${enable_host_shared}" = "yes" ] || [ "${enable_host_pie}" = "yes" ]; then shared=yes fi diff --git a/libiberty/configure.ac b/libiberty/configure.ac index 28d996f9cf7..6747a7b5cff 100644 --- a/libiberty/configure.ac +++ b/libiberty/configure.ac @@ -233,8 +233,8 @@ case "${enable_shared}" in *) shared=yes ;; esac -# ...unless --enable-host-shared was passed from top-level config: -if [[ "${enable_host_shared}" = "yes" ]]; then +# ...unless --enable-host-{shared,pie} was passed from top-level config: +if [[ "${enable_host_shared}" = "yes" ]] || [[ "${enable_host_pie}" = "yes" ]]; then shared=yes fi diff --git a/zlib/configure b/zlib/configure index e35ac6e7e17..77be6c284e3 100755 --- a/zlib/configure +++ b/zlib/configure @@ -635,6 +635,8 @@ am__EXEEXT_TRUE LTLIBOBJS LIBOBJS PICFLAG +enable_host_pie +enable_host_shared TARGET_LIBRARY_FALSE TARGET_LIBRARY_TRUE toolexeclibdir @@ -778,6 +780,7 @@ with_gnu_ld enable_libtool_lock with_toolexeclibdir enable_host_shared +enable_host_pie ' ac_precious_vars='build_alias host_alias @@ -1420,6 +1423,7 @@ Optional Features: optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-host-shared build host code as shared libraries + --enable-host-pie build host code as PIE Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -10759,7 +10763,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10762 "configure" +#line 10778 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10865,7 +10869,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10868 "configure" +#line 10884 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11548,15 +11552,31 @@ else multilib_arg= fi +# Enable --enable-host-shared. # Check whether --enable-host-shared was given. if test "${enable_host_shared+set}" = set; then : - enableval=$enable_host_shared; PICFLAG=-fPIC + enableval=$enable_host_shared; +fi + + + +# Enable --enable-host-pie. +# Check whether --enable-host-pie was given. +if test "${enable_host_pie+set}" = set; then : + enableval=$enable_host_pie; +fi + + + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE else PICFLAG= fi - ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF diff --git a/zlib/configure.ac b/zlib/configure.ac index be1cfe29651..adf7aad4e51 100644 --- a/zlib/configure.ac +++ b/zlib/configure.ac @@ -122,11 +122,26 @@ else multilib_arg= fi +# Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) -AC_SUBST(PICFLAG) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi +AC_SUBST(PICFLAG) AC_CONFIG_FILES([Makefile]) AC_OUTPUT
[ This is my third attempt to add this configure option. The first version was approved but it came too late in the development cycle. The second version was also approved, but I had to revert it: <https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>. I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer need to touch Makefile.def, so this patch is simplified. ] This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. With this patch and --enable-host-pie used to configure gcc: $ file gcc/cc1{,plus,obj} gcc/f951 gcc/lto1 gcc/cpp gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped I plan to add an option to link with -Wl,-z,now. Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext --enable-host-pie as well as without --enable-host-pie. Also tested on a Debian system where the system gcc was configured with --enable-default-pie. ChangeLog: * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. --- c++tools/Makefile.in | 11 ++++++--- c++tools/configure | 17 +++++++++++--- c++tools/configure.ac | 11 +++++++-- configure | 24 +++++++++++++++++++- configure.ac | 18 ++++++++++++++- fixincludes/Makefile.in | 12 ++++++---- fixincludes/configure | 13 +++++++++++ fixincludes/configure.ac | 8 +++++++ gcc/Makefile.in | 32 +++++++++++++++----------- gcc/configure | 47 +++++++++++++++++++++++++++------------ gcc/configure.ac | 36 +++++++++++++++++++++--------- gcc/d/Make-lang.in | 2 +- gcc/doc/install.texi | 16 +++++++++++-- intl/Makefile.in | 2 +- intl/configure | 24 ++++++++++++++++++-- intl/configure.ac | 19 ++++++++++++++-- libcody/Makefile.in | 2 +- libcody/configure | 30 ++++++++++++++++++++++++- libcody/configure.ac | 26 ++++++++++++++++++++-- libcpp/configure | 22 +++++++++++++++++- libcpp/configure.ac | 19 ++++++++++++++-- libdecnumber/configure | 22 +++++++++++++++++- libdecnumber/configure.ac | 19 ++++++++++++++-- libiberty/configure | 4 ++-- libiberty/configure.ac | 4 ++-- zlib/configure | 28 +++++++++++++++++++---- zlib/configure.ac | 21 ++++++++++++++--- 27 files changed, 409 insertions(+), 80 deletions(-) base-commit: bbb6cf926f1732559b3a8aaf2796d34e8651c066