From owner-freebsd-arch@FreeBSD.ORG Wed Nov 5 12:59:26 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B39F34AA; Wed, 5 Nov 2014 12:59:26 +0000 (UTC) Received: from mail-qg0-x22f.google.com (mail-qg0-x22f.google.com [IPv6:2607:f8b0:400d:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5AEC05EA; Wed, 5 Nov 2014 12:59:26 +0000 (UTC) Received: by mail-qg0-f47.google.com with SMTP id j107so11996477qga.6 for ; Wed, 05 Nov 2014 04:59:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=user-agent:in-reply-to:references:mime-version :content-transfer-encoding:content-type:subject:from:date:to:cc :message-id; bh=jhAc7kmMN9FDThei+ojVlHXfnKJSic5jYW4tVm+WWk4=; b=FqWMldUOFGHNvltqSu/wpWYesJt1UkL8NE0mr54jLPX0Xvt6XjUOqevVlTajJJXR5r Ad9H/XAYSI5eux4DV0CXESsWbA7EGA/ORYwFkr791kD1kXbW7OoI99we2FX9sN4RbGBs hU9yDtgec1mKLvYdStnyM8cUDlLQvRWpQh550KMLPg10njFYCzJGrSaNAqvHjVYAhHmR jSFr+sWkiaHqPbVbgnQV3XykuKFe4SG06f/R0LiZ19errzNIVN98aY9vA/V+5pPkSe4y 5eeUGQVfyCYdaWeh0ZWJR4RdwdOPXSRFEEIJEwi8FO2KY0NDhMt726Zlc2eUgJ0kKla2 Xc4A== X-Received: by 10.224.41.142 with SMTP id o14mr87970839qae.100.1415192364889; Wed, 05 Nov 2014 04:59:24 -0800 (PST) Received: from ?IPv6:2601:a:1380:1046:4cde:a114:1388:ec9c? ([2601:a:1380:1046:4cde:a114:1388:ec9c]) by mx.google.com with ESMTPSA id d2sm3056110qab.24.2014.11.05.04.59.24 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Nov 2014 04:59:24 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: <20141105122612.GC53947@kib.kiev.ua> References: <315B4DC5-0E04-4F6B-BBB0-477D049025BF@bsdimp.com> <20141105090215.GF10388@ivaldir.etoilebsd.net> <20141105092614.GB53947@kib.kiev.ua> <20141105114855.GH10388@ivaldir.etoilebsd.net> <20141105122612.GC53947@kib.kiev.ua> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: PIE/PIC support on base From: Shawn Webb Date: Wed, 05 Nov 2014 07:59:21 -0500 To: Konstantin Belousov , Baptiste Daroussin Message-ID: Cc: FreeBSD Arch X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 12:59:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On November 5, 2014 7:26:12 AM EST, Konstantin Belousov wrote: >On Wed, Nov 05, 2014 at 12:48:55PM +0100, Baptiste Daroussin wrote: >> On Wed, Nov 05, 2014 at 11:26:14AM +0200, Konstantin Belousov wrote: >> > On Wed, Nov 05, 2014 at 10:02:15AM +0100, Baptiste Daroussin wrote: >> > > On amd64 WANTS_PIE will be useless as we can easily activate PIE >on every places >> > > For i386 we would propably prefer cherry picking the what we want >to see built >> > > with PIE. Don't know for other arches. >> > > >> > > So here is what I do propose: >> > > if MK_PIE=no: no PIE at all >> > > if MK_PIE=yes: >> > > - on amd64/(platforms without performance penalty): build >everything with PIE >> > > from libs to prog >> > See below. >> > >> > > - on i386/(platforms with performance penalty): build with PIE if >WANTS_PIE >> > > is defined. >> > > >> > > So the difference with the previous approach are: >> > > - No way to opt out PIE for a single binary either totally >disable or enable (I >> > > have encountered no binary so far in the base system which >fails with PIE >> > > enabled - again only tested on amd64) >> > > - Activate PIE for both binaries and libraries (no reason not to >include >> > > libraries) >> > What does it mean 'PIE for library' ? There is simply no such >thing. >> >> Sorry I badly explained, I was meaning PIC for libs PIE for binaries. >> > >> > Also, I strongly oppose compiling everything with PIC, even on >amd64. >> > I described somewhere else that using PIC code changes symbol >lookup >> > rules for binaries. So despite not having performance impact, the >> > thing does impact runtime behaviour in subtle ways. The most >affected >> > programs are those which support dynamic modules. >Please do not ignore this ^^^^^^ issue. > Can you go into detail what those changes are? >> > >> > Also, what is the state of static binaries + PIE ? Do our binutils >> > support this at all ? The csu is definitely not ready for >'everything >> > PIE'. >> >> Only dynamic binaries will receive PIE support (and in case of using >an >> INTERNALLIB will link to the libbla_pic.a) static ones will remain >non PIE. > >And what about libX.a libraries, required by those static binaries ? >It is wrong to compile the .o files for those static libraries in >pic mode. > >More, take look at things which are done with -DPIC, e.g. in the >lib/libc/sys/stack_protector*.c. There, it is critical for >correctness. > > >_______________________________________________ >freebsd-arch@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-arch >To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" - -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI8BAEBCgAmBQJUWh8pHxxTaGF3biBXZWJiIDxsYXR0ZXJhQGdtYWlsLmNvbT4A CgkQaoRlj1JFbu7dvA//UsGATM6oO3Wutl6AeD17GyAd3b8LcYnxeF2mRV7EWwn+ o0I2Riact18cjO8VvCKqb3PGDdiARJK9Qi7kcJz2zQeMg6CvNWKfXBZ+W3Fp5KeC 8dhFaw+vzxG/FaAE/ZfsyUJhjB2kDWPrMqqoui1HNWG3AG8P92r7XEphs3XMX5+s tS68r1P9C02q+jI/GgIyyNmReBlRKdAN7g05vW08TfGSPiI2SG5pd6q7zHn/iVXX eHiHZ06mS3ljpm6rTfrNZlUqX8sPH8/wGGGcR9zWlHhxT8fvdY+2jZ59R2ddCcHu pRZ4oZ3RTMFCh7vBCPPC1FjjzWmp6CNnRu51Ud+w2Yau0bt9AyAcplCCEhiO+jDI ZjWTgkLMnZRyarnHqaF7eHtKRifKL29k/D4Uc3eL5mK8UYHtbDIAAlNAYWdDecwt E8lYT4VUWnw7/slGRt6Zv+lbieEk0Q5iHyNaoE28BZnOLC6smLeNd1CAz7bOradb 8c2C5NH7oOWqV9ZarX2oSgBQdFLhRRTLAKUFBbDY22nRBpLdNKCF48MIzds5ZCo8 dlxSM6DjnJQF4dtIM9VL6zr3o9SqCLn1mGqkAABAYvnTo/zBMJ3u21ayzWYMYAs6 NWD9a/+Iu3dYP4uyi2139/Pvwy6C/Riuiag4iVk+/qc9m42FnNAPzsPgHIEtgRY= =HscB -----END PGP SIGNATURE-----