This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH][1-3] New configure options that make the compiler use -fPIE and -pie as default option


Hi
This patchset will add a new configure options --enable-default-pie.
With the new option enable will make it pass -fPIE and -pie from the gcc and 
g++ frontend. Have only add the support for two targets but should work on
more targes. In configure.ac we add the new option. We can't compile the 
compiler or the crt stuff with -fPIE it will brake the PCH and the crtbegin and
crtend files. The disabling is done in the Makefiles. The needed spec is added 
to DRIVER_SELF_SPECS. We disable all the profiling test for the linking will 
fail. Tested on x86_64 linux (Gentoo).

More and more Linux/gnu distributions compile binary with PIE with this you
could allmost compile all binary with PIE as we do on Gentoo Hardened.
This patches have bin posted before on the list.
https://gcc.gnu.org/ml/gcc-patches/2013-11/msg01515.html


/Magnus Granberg

Changlog

2014-07-31  Magnus Granberg  <zorry@gentoo.org>

	/gcc
	* config/gnu-user.h: Define PIE_DRIVER_SELF_SPECS for PIE 
	as default and GNU_DRIVER_SELF_SPECS.
	* config/i386/gnu-user-common.h: Define DRIVER_SELF_SPECS
	* configure.ac: Add new option that enable PIE as default.
	* configure, config.in: Rebuild.
	* Makefile.in: Disable PIE when building the compiler.
	* doc/install.texi: Add the new configure option default PIE.
	* doc/invoke.texi: Add note for the new configure option default PIE.
	* testsuite/gcc/default-pie.c: New test for new configure option
	--enale-default-pie
	* testsuite/gcc.dg/other/anon5.C: Add skip test as it fail to link
	on effective_target default_pie.
	* testsuite/lib/target-supports.exp (check_profiling_available):
	We can't use profiling on effective target default_pie. 
	(check_effective_target_pie): Add check_effective_target_default_pie.

	/libgcc
	* Makefile.in: Disable PIE when building the crtbegin/end files.

----
--- a/gcc/config/gnu-user.h	2013-08-20 10:31:40.000000000 +0200
+++ b/gcc/config/gnu-user.h	2013-10-23 22:01:42.337238981 +0200
@@ -126,3 +126,17 @@ see the files COPYING3 and COPYING.RUNTI
   LD_STATIC_OPTION " --whole-archive -ltsan --no-whole-archive " \
   LD_DYNAMIC_OPTION "}}%{!static-libtsan:-ltsan}"
 #endif
+
+/* We use this to make the compiler use -fPIE as default and link
+   with -pie.  */
+#ifdef ENABLE_DEFAULT_PIE
+#define PIE_DRIVER_SELF_SPECS \
+"%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE| \
+  shared|static|nostdlib|nodefaultlibs|nostartfiles:;:-fPIE -pie}"
+#else
+#define PIE_DRIVER_SELF_SPECS ""
+#endif
+
+#ifndef GNU_DRIVER_SELF_SPECS
+#define GNU_DRIVER_SELF_SPECS PIE_DRIVER_SELF_SPECS
+#endif
--- a/gcc/config/i386/gnu-user-common.h	2013-01-10 21:38:27.000000000 +0100
+++ b/gcc/config/i386/gnu-user-common.h	2013-10-23 17:37:45.432767049 +0200
@@ -70,3 +70,8 @@ along with GCC; see the file COPYING3.
 
 /* Static stack checking is supported by means of probes.  */
 #define STACK_CHECK_STATIC_BUILTIN 1
+
+/* Use GNU_DRIVER_SELF_SPECS.  */
+#ifndef DRIVER_SELF_SPECS
+#define DRIVER_SELF_SPECS GNU_DRIVER_SELF_SPECS
+#endif
--- a/gcc/configure.ac	2014-04-28 16:01:40.000000000 +0200
+++ b/gcc/configure.ac	2014-05-08 02:42:30.900883247 +0200
@@ -5671,6 +5671,36 @@ if test x"${LINKER_HASH_STYLE}" != x; th
                                          [The linker hash style])
 fi
 
+# Check whether --enable-default-pie was given and target have the support.
+AC_ARG_ENABLE(default-pie,
+[AS_HELP_STRING([--enable-default-pie],
+  [enable Position Independent Executable as default])],
+enable_default_pie=$enableval,
+enable_default_pie=no)
+if test x$enable_default_pie = xyes; then
+  AC_MSG_CHECKING(if $target supports default PIE)
+  enable_default_pie=no
+  case $target in
+    i?86*-*-linux* | x86_64*-*-linux*)
+      saved_LDFLAGS="$LDFLAGS"
+      saved_CFLAGS="$CFLAGS"
+      CFLAGS="$CFLAGS -fPIE"
+      LDFLAGS="$LDFLAGS -fPIE -pie"
+      AC_TRY_LINK(,,[enable_default_pie=yes],)
+      LDFLAGS="$saved_LDFLAGS"
+      CFLAGS="$saved_CFLAGS"
+      ;;
+    *)
+      ;;
+    esac
+  AC_MSG_RESULT($enable_default_pie)
+fi
+if test x$enable_default_pie == xyes ; then
+  AC_DEFINE(ENABLE_DEFAULT_PIE, 1,
+      [Define if your target supports default PIE and it is enabled.])
+fi
+AC_SUBST([enable_default_pie])
+
 # Configure the subdirectories
 # AC_CONFIG_SUBDIRS($subdirs)
 
--- a/gcc/Makefile.in	2013-10-02 21:52:27.000000000 +0200
+++ b/gcc/Makefile.in	2013-10-24 17:46:22.055357122 +0200
@@ -968,14 +968,23 @@ CONTEXT_H = context.h
 # cross compiler which does not use the native headers and libraries.
 INTERNAL_CFLAGS = -DIN_GCC $(PICFLAG) @CROSS@
 
+# We don't want to compile the compiler with -fPIE, it make PCH fail.
+enable_default_pie = @enable_default_pie@
+ifeq ($(enable_default_pie),yes)
+NOPIE_CFLAGS = -fno-PIE
+else
+NOPIE_CFLAGS=
+endif
+
 # This is the variable actually used when we compile. If you change this,
 # you probably want to update BUILD_CFLAGS in configure.ac
-ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \
+ALL_CFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \
   $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@
 
 # The C++ version.
-ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \
-  $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@
+ALL_CXXFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \
+  $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \
+  $(WARN_CXXFLAGS) @DEFS@
 
 # Likewise.  Put INCLUDES at the beginning: this way, if some autoconf macro
 # puts -I options in CPPFLAGS, our include files in the srcdir will always
@@ -1831,6 +1831,7 @@ libgcc.mvars: config.status Makefile spe
 	echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars
 	echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars
 	echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars
+	echo enable_default_pie = '$(enable_default_pie)' >> tmp-libgcc.mvars
 
 	mv tmp-libgcc.mvars libgcc.mvars
 
@@ -3536,6 +3536,9 @@ site.exp: ./config.status Makefile
 	@if test "@enable_lto@" = "yes" ; then \
 	  echo "set ENABLE_LTO 1" >> ./site.tmp; \
 	fi
+	@if test "@enable_default_pie@" = "yes" ; then \
+	  echo "set ENABLE_DEFAULT_PIE 1" >> ./site.tmp; \
+	fi
 # If newlib has been configured, we need to pass -B to gcc so it can find
 # newlib's crt0.o if it exists.  This will cause a "path prefix not used"
 # message if it doesn't, but the testsuite is supposed to ignore the message -
--- a/libgcc/Makefile.in	2011-11-22 04:01:02.000000000 +0100
+++ b/libgcc/Makefile.in	2012-06-29 00:15:04.534016511 +0200
@@ -279,11 +279,17 @@ override CFLAGS := $(filter-out -fprofil
 INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \
 		  $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@
 
+#Don't use -fPIE when compiling crtbegin/end.
+ifeq ($(enable_default_pie),yes)
+NOPIE_CFLAGS = -fno-PIE
+else
+NOPIE_CFLAGS=
+endif
 # Options to use when compiling crtbegin/end.
 CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \
   -finhibit-size-directive -fno-inline -fno-exceptions \
   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
-  -fno-stack-protector \
+  -fno-stack-protector $(NOPIE_CFLAGS) \
   $(INHIBIT_LIBC_CFLAGS)
 
 # Extra flags to use when compiling crt{begin,end}.o.
--- a/gcc/testsuite/gcc.dg/default-pie.c	2013-11-09 21:07:16.741479728 +0100
+++ b/gcc/testsuite/gcc.dg/default-pie.c	2013-11-09 21:05:07.801479218 +0100
@@ -0,0 +1,12 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target default_pie } */
+/* { dg-options "-O2" } */
+int foo (void);
+
+int
+main (void)
+{
+	return foo ();
+}
+
+/* { dg-final { scan-assembler "foo@PLT" } } */
--- a/gcc/testsuite/gcc.dg/tree-ssa/ssa-store-ccp-3.c	2012-03-14 17:33:37.000000000 +0100
+++ b/gcc/testsuite/gcc.dg/tree-ssa/ssa-store-ccp-3.c	2014-07-29 00:55:17.421086416 +0200
@@ -2,6 +2,9 @@
 /* Skipped on MIPS GNU/Linux target because __PIC__ can be
    defined for executables as well as shared libraries.  */
 /* { dg-skip-if "" { *-*-darwin* hppa*64*-*-* mips*-*-linux* *-*-mingw* } { "*" } { "" } } */
+/* Skipped on default_pie targets because __PIC__ is
+   defined for executables.  */
+/* { dg-skip-if "" { default_pie } { "*" } { "" } }  */
 /* { dg-options "-O2 -fno-common -fdump-tree-optimized" } */
 
 const int conststaticvariable;
--- a/gcc/testsuite/g++.dg/other/anon5.C	2012-11-10 15:34:42.000000000 +0100
+++ b/gcc/testsuite/g++.dg/other/anon5.C	2013-11-09 14:49:52.281390127 +0100
@@ -1,5 +1,6 @@
 // PR c++/34094
 // { dg-do link { target { ! { *-*-darwin* *-*-hpux* *-*-solaris2.* } } } }
+// { dg-skip-if "" { default_pie } { "*" } { "" } }
 // { dg-options "-g" }
 // Ignore additional message on powerpc-ibm-aix
 // { dg-prune-output "obtain more information" } */
--- a/gcc/testsuite/lib/target-supports.exp	2013-10-01 11:18:30.000000000 +0200
+++ b/gcc/testsuite/lib/target-supports.exp	2013-10-25 22:01:46.743388469 +0200
@@ -474,6 +474,11 @@ proc check_profiling_available { test_wh
 	}
     }
 
+    # Profiling don't work with default -fPIE -pie.
+    if { [check_effective_target_default_pie] } {
+      return 0
+    }
+
     # Support for -p on solaris2 relies on mcrt1.o which comes with the
     # vendor compiler.  We cannot reliably predict the directory where the
     # vendor compiler (and thus mcrt1.o) is installed so we can't
@@ -856,6 +856,14 @@ proc check_effective_target_pie { } {
     return 0
 }
 
+# Return 1 if -pie, -fPIE are default enable, 0 otherwise.
+
+proc check_effective_target_default_pie { } {
+    global ENABLE_DEFAULT_PIE
+    return [info exists ENABLE_DEFAULT_PIE]
+    return 0
+}
+
 # Return true if the target supports -mpaired-single (as used on MIPS).
 
 proc check_effective_target_mpaired_single { } {
--- a/gcc/doc/install.texi	2013-10-01 19:29:40.000000000 +0200
+++ b/gcc/doc/install.texi	2013-11-17 16:13:20.474144921 +0100
@@ -1455,6 +1455,10 @@ do a @samp{make -C gcc gnatlib_and_tools
 Specify that the run-time libraries for stack smashing protection
 should not be built.
 
+@item --enable-default-pie
+Turn on @option{-fPIE} and @option{-pie} by default if supported.
+Currently supported targets are i?86-*-linux* and x86-64-*-linux*.
+
 @item --disable-libquadmath
 Specify that the GCC quad-precision math library should not be built.
 On some systems, the library is required to be linkable when building
--- a/gcc/doc/invoke.texi	2013-10-03 19:13:50.000000000 +0200
+++ b/gcc/doc/invoke.texi	2013-11-17 21:30:02.784220111 +0100
@@ -10535,6 +10535,12 @@ For predictable results, you must also s
 used for compilation (@option{-fpie}, @option{-fPIE},
 or model suboptions) when you specify this linker option.
 
+NOTE: With configure --enable-default-pie this option is enabled by default
+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie},
+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic},
+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared},
+@option{-nodefaultlibs}, nor @option{static} are found.
+
 @item -rdynamic
 @opindex rdynamic
 Pass the flag @option{-export-dynamic} to the ELF linker, on targets
@@ -22476,6 +22476,12 @@ used during linking.
 @code{__pie__} and @code{__PIE__}.  The macros have the value 1
 for @option{-fpie} and 2 for @option{-fPIE}.
 
+NOTE: With configure --enable-default-pie this option is enabled by default
+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie},
+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic},
+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared},
+@option{-nodefaultlibs}, nor @option{static} are found.
+
 @item -fno-jump-tables
 @opindex fno-jump-tables
 Do not use jump tables for switch statements even where it would be

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]