From owner-freebsd-toolchain@freebsd.org Fri Aug 26 15:00:55 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B7E1B7017C for ; Fri, 26 Aug 2016 15:00:55 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm18-vm0.bullet.mail.bf1.yahoo.com (nm18-vm0.bullet.mail.bf1.yahoo.com [98.139.213.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 353FCC8C for ; Fri, 26 Aug 2016 15:00:54 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1472223648; bh=LgHGcNcTeXP3OEZmgYWZ/gxSssiWY5+/65ucjQ6raIo=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=KSdQTuFKvsir76cTNYZpzLatHcrTn8ZbO8aRiwrhmrSYWqj+CjZvn4JEkJxQ6B3VJum/1hgEydNQshdVTTuGInY53TDMYmQqerPauZwhc8MMBogoF2MuglITgBZNXUJ65zhXFNkR6BItbY84Tozw0oX1cajGgmAbBf2pgGZb74ACdNhgwz/iJggrVYIApPzYjqkXDzQKYujQU2J7fHRw5V5q70f4NQBc+kZoOGEtjwIUDLwWCCDkh+xv2McUCiGNxq6Yifd81RpgTiDSy+hc8cRVm4ETvFFwk4J79P8JTSsqKqutjqrzdVtrOo6rGCiX3y7UoCa369Fo6+gBibrLpQ== Received: from [66.196.81.172] by nm18.bullet.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:00:48 -0000 Received: from [98.139.213.15] by tm18.bullet.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:00:48 -0000 Received: from [127.0.0.1] by smtp115.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:00:48 -0000 X-Yahoo-Newman-Id: 29185.74208.bm@smtp115.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 7TcGJSIVM1mt_7ubyqS05vVl1vK4mMauMhyLtw_Kz8SRfni CaZSmglRJ7KHk.q4fufqLdENxNRLh28zaZEoLCcjGJhL_6qpGmBJg0fJzYMD 4LhtTnVbpUzdfllVPiDrznjYAmB5S64Onvsavo84MrrUFE3SEc_.mk.MvQBO MqbOEa5h_fOFaBQECK_EkBGK_aBdfCX8rMO.ilHu2VPLY2qIYLUjBLfOWnGo NI0E5z2_3hjipXYB5rYPIxGNBOmyVbXc0g1QbY706gg0ZbgtUT8PzaKhu5NA 3vEPr8sBfUucEsV0JxpEHCGUlItCcEGtokEqEwbzE70tUOq62MjnIJ2PR8B8 RR.ifq4prhfGN6if3Vz0JsMhNtgr9JhxQteEkwYxr7DT4yFI6TZIG1hTU6OO Eqibd1Cs0KpRpgc_Z2WguJqj44.ibPBsZiC_5G_js4_LyN1yqZsYO._IYcWq kRm_yeoobgjCIOCAde2hjh1vCT2ebwNxgGjYvvP2OEdVke2OMd4TVCHmiTdR uBFXT.hv7Zw1UtpInGEve5634OpiKrJjnN4lnTxgXuQb6OA-- X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Subject: Re: Time to enable partial relro To: Konstantin Belousov References: <20160826105618.GS83214@kib.kiev.ua> Cc: freebsd-toolchain@FreeBSD.org From: Pedro Giffuni Message-ID: Date: Fri, 26 Aug 2016 10:00:58 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160826105618.GS83214@kib.kiev.ua> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2016 15:00:55 -0000 On 08/26/16 05:56, Konstantin Belousov wrote: > On Thu, Aug 25, 2016 at 05:50:31PM -0500, Pedro Giffuni wrote: >> Hello; >> >> GNU RELRO support was committed in r230784 (2012-01-30) but we never >> enabled it by default. >> >> There was some discussion about it on >> https://reviews.freebsd.org/D3001 >> >> By now, all Linux distributions, NetBSD and DragonFly support it and >> it is the default for most systems in binutils 2.27. >> >> This doesn't affect performance, I ran it through an exp-run last >> year, no other OS has had issues etc ... seems safe and can be >> disabled if needed when linking. > Exp-run does not test anything interesting about relro. If all testing > that was done is basically just an exp-run, then there was no useful > runtime testing done. > The exp-run does cover Java and other VM-type thingies that bootstrap. For upstream binutils this is now the default (at least for linux, they never ask us if we want to follow). So the change has been tested extensively but perhaps not on cases that are relevant to us. Note that the "fix" for any port is ultimately trivial: LDFLAGS+= "-z norelro" >> >> I think it's time to enable it be default in our base binutils. If >> there are no objections, I will just commit the attached patch over >> the weekend. > > There are objections, the change must be runtime tested on large and > representative set of real-world applications before turning the knob. > You are not giving any hint on what would be a "representative set of real-world applications". Given that you committed the initial support your objection stands very high and is a blocker. :( As I see it committing it now would give ample time to test this in current before it hits any release. If you want more extensive testing merging it in -stable right after the 11-Release is guaranteed to help weed out any remaining update ports may need. Pedro.