From owner-freebsd-toolchain@freebsd.org Sat Aug 27 18:32:17 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8896FB775E4 for ; Sat, 27 Aug 2016 18:32:17 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm37-vm0.bullet.mail.bf1.yahoo.com (nm37-vm0.bullet.mail.bf1.yahoo.com [72.30.238.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BB238C4 for ; Sat, 27 Aug 2016 18:32:16 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1472322735; bh=0uM4DFZ9hIByzXpaTKSywBPAxGi88SiEdeFxj4ZM3OM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=BhytqLkB8hB08fDWioKeG91L8XpJyKv+E4Z2TTnblQ0PaC5cxZVzReQtV7HhWzV0we21wuIKS+qQKadelfaQ73fv7bU0oCNwhN3iSPoWnTdT8bPdChXoGTSCiTfJPYhLSVOHmz78NsBn3ShixCwkMl9WXAmQx81ruAzl/XD+agrSzVzihlLrpSJPDbtJrYgpSQMPwrIeA/A3RBeeiiIIDBkt8ymhOQH7JeJrpo7dMGlF5L16qWLpFfOpgEpE/XpxvIZ4j3KkB6pqlKiSyndc7COu4uG7mlNlVVGj3kiPotxZqPsvI29ddP1ENHSfziDNOSL2zlWYajDM3z7mzy4Idw== Received: from [66.196.81.170] by nm37.bullet.mail.bf1.yahoo.com with NNFMP; 27 Aug 2016 18:32:15 -0000 Received: from [98.139.213.9] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 27 Aug 2016 18:32:15 -0000 Received: from [127.0.0.1] by smtp109.mail.bf1.yahoo.com with NNFMP; 27 Aug 2016 18:32:15 -0000 X-Yahoo-Newman-Id: 586754.47094.bm@smtp109.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: jeDJ4vEVM1ldWb_Sexk5P4zvA3DfiPiy4f7GDmGyvoBchyt .EeJDhPAoXy5lMC1oKTE_rmazelLLVYPhtHJl.FISK91LM4640bNwmcHC8bY FSo04F3xcT6ZPzkefqgVuSnEaHlS7AfUiSiL8RUtra_jtvodqQ_u9FJKTK.Z ezxVTn1uRr4f_Nnhxxsc.Q4pnQkaJvqJhjWjoznC4abCUj.1w8fne1yu.o.0 zNI1sExcxyO5dYqJxzOJbGhYHeqhhiNZ1aWoSLeHSCPh7P4KUF_sBRM6ht6O i1EgLW2TlBgyGdUk289goTceGCZVzcfAPCztGjdTXKcxXYOjQS019l8vqfB_ vdkfseDAVfWy2JQofJIEJQXTnASRUubKdrxaFp_8ElJughOiH9sqtfu0epu7 eIqrk34jB4XeawDxfGOJPHTWP1jKXvlLQq4SNdKYUcjM2G_BbkY37udB9z6z YHXxv6Xl0aH0c.XUe1gQDvtS8ODypbOZAVsJSilET3i7pZ4GhVbe5z2m_VFc pX3b3xihSkmMycUoNM1RP_9tOKZxO8.NnI92oDjlHBs0X2Q-- X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Subject: Re: Time to enable partial relro To: Konstantin Belousov References: <20160826105618.GS83214@kib.kiev.ua> <2e5bee0b-0102-8454-9975-e997bd5229ae@FreeBSD.org> <04514DD6-F431-490D-9ED6-EBFC9DCE97BF@bsdimp.com> <20160827174544.GC83214@kib.kiev.ua> Cc: "freebsd-toolchain@FreeBSD.org" , Warner Losh , Baptiste Daroussin , Mark Millard From: Pedro Giffuni Message-ID: <5fe3c09d-7a01-25c7-43de-c7176755a96b@FreeBSD.org> Date: Sat, 27 Aug 2016 13:32:23 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160827174544.GC83214@kib.kiev.ua> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 18:32:17 -0000 On 08/27/16 12:45, Konstantin Belousov wrote: > On Sat, Aug 27, 2016 at 11:06:54AM -0500, Pedro Giffuni wrote: >> >> >> On 08/26/16 20:10, Pedro Giffuni wrote: >>> >>> >> ...>> I think we should move forward, just want to make sure it doesn???t >>>> break some arch completely before moving ahead. While lld is a goal, >>>> the goal is also to have a ld.bdf installed for 12, iirc, as a fallback. >>> >>> And very right you are, this has all the chances of breaking MIPS*: >>> >>> "A configure option --enable-relro={yes|no} to decide >>> whether -z relro should be the default behaviour for >>> the linker in ELF based targets. If this configure >>> option is not specified then relro will be enabled >>> automatically for all Linux based targets except FRV, >>> HPPA, IA64 and MIPS." >>> >>> _____ >>> >>> I will update the patch to exclude MIPS (and MIPS64 JIC). >>> >>> Pedro. >>> >>> *https://gcc.gnu.org/ml/gcc/2016-08/msg00134.html >>> >> >> Looking more into this, and the arm report from Mark Millard (thanks!), >> binutils has tests for RELRO in their testsuite that would be an >> important indicator before enabling the option. >> >> It surprises me that we don't have an easy way to run those checks from >> the port, so I borrowed the regression-test mode from GCC and I am >> attaching it. >> >> The tests may depend on some gnu-isms but we don't appear to do too >> well on the tests: >> >> === ld Summary === >> >> # of expected passes 511 >> # of unexpected failures 78 >> # of expected failures 4 >> # of unresolved testcases 35 >> # of untested testcases 1 >> # of unsupported tests 9 >> /usr/ports/devel/binutils/work/binutils-2.27/ld/ld-new 2.27 > > And ? In which way this data is useful or indicative of anything ? This is just informational. According to the GNU ld commit [1], passing the tests is the criteria used to decide whether the RELRO should be enabled on a particular platform. We don't complete all the tests and it appears the tests break before I get to the relro part: ... .PASS: test-strtol-20. gmake[2]: Target 'check-host' not remade because of errors. gmake[1]: *** [Makefile:2204: do-check] Error 2 gmake[1]: Target 'check' not remade because of errors. *** Error code 2 Stop. make: stopped in /usr/ports/devel/binutils > Why this tests are relevant to the proposed change ? I will drop the proposed change. We should evaluate individually each platform before enabling RELRO. At this time I am more worried about the failing tests and our lack of testing of binutils. AFAIK, binutils > tests typically compare ld output against expected binary. > > And, number of the unexpected failures in your showcase is quite worrying. > It is. Having a knob in the port to run the tests seems important. Pedro. [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=647e4d46495f2bfb0950fd1066c8a660173cca40