You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
851 lines
24 KiB
851 lines
24 KiB
1 year ago
|
From 088d8e322811394203220663c3b9c925980d57a2 Mon Sep 17 00:00:00 2001
|
||
|
From: Marek Polacek <polacek@redhat.com>
|
||
|
Date: Tue, 1 Feb 2022 18:27:16 -0500
|
||
|
Subject: [PATCH] configure: Implement --enable-host-pie
|
||
|
|
||
|
This patch implements the --enable-host-pie configure option which
|
||
|
makes the compiler executables PIE. This can be used to enhance
|
||
|
protection against ROP attacks, and can be viewed as part of a wider
|
||
|
trend to harden binaries.
|
||
|
|
||
|
It is similar to the option --enable-host-shared, except that --e-h-s
|
||
|
won't add -shared to the linker flags whereas --e-h-p will add -pie.
|
||
|
It is different from --enable-default-pie because that option just
|
||
|
adds an implicit -fPIE/-pie when the compiler is invoked, but the
|
||
|
compiler itself isn't PIE.
|
||
|
|
||
|
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
|
||
|
regressions.
|
||
|
|
||
|
I plan to add an option to link with -Wl,-z,now.
|
||
|
|
||
|
c++tools/ChangeLog:
|
||
|
|
||
|
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
|
||
|
Use pic/libiberty.a if PICFLAG is set.
|
||
|
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
|
||
|
(--enable-host-pie): New check.
|
||
|
* configure: Regenerate.
|
||
|
|
||
|
gcc/ChangeLog:
|
||
|
|
||
|
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
|
||
|
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
|
||
|
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
|
||
|
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
|
||
|
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
|
||
|
check.
|
||
|
* configure: Regenerate.
|
||
|
* doc/install.texi: Document --enable-host-pie.
|
||
|
|
||
|
libcody/ChangeLog:
|
||
|
|
||
|
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
|
||
|
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
|
||
|
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
|
||
|
check.
|
||
|
* configure: Regenerate.
|
||
|
|
||
|
libcpp/ChangeLog:
|
||
|
|
||
|
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
|
||
|
(--enable-host-pie): New check. Set PICFLAG after this check.
|
||
|
* configure: Regenerate.
|
||
|
|
||
|
libdecnumber/ChangeLog:
|
||
|
|
||
|
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
|
||
|
(--enable-host-pie): New check. Set PICFLAG after this check.
|
||
|
* configure: Regenerate.
|
||
|
|
||
|
zlib/ChangeLog:
|
||
|
|
||
|
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
|
||
|
(--enable-host-pie): New check. Set PICFLAG after this check.
|
||
|
* configure: Regenerate.
|
||
|
---
|
||
|
c++tools/Makefile.in | 11 ++++++---
|
||
|
c++tools/configure | 17 +++++++++++---
|
||
|
c++tools/configure.ac | 11 +++++++--
|
||
|
gcc/Makefile.in | 29 ++++++++++++++----------
|
||
|
gcc/configure | 47 +++++++++++++++++++++++++++------------
|
||
|
gcc/configure.ac | 36 +++++++++++++++++++++---------
|
||
|
gcc/d/Make-lang.in | 2 +-
|
||
|
gcc/doc/install.texi | 16 +++++++++++--
|
||
|
libcody/Makefile.in | 2 +-
|
||
|
libcody/configure | 30 ++++++++++++++++++++++++-
|
||
|
libcody/configure.ac | 26 ++++++++++++++++++++--
|
||
|
libcpp/configure | 22 +++++++++++++++++-
|
||
|
libcpp/configure.ac | 19 ++++++++++++++--
|
||
|
libdecnumber/configure | 22 +++++++++++++++++-
|
||
|
libdecnumber/configure.ac | 19 ++++++++++++++--
|
||
|
zlib/configure | 30 ++++++++++++++++++++-----
|
||
|
zlib/configure.ac | 21 ++++++++++++++---
|
||
|
17 files changed, 295 insertions(+), 65 deletions(-)
|
||
|
|
||
|
diff --git a/c++tools/Makefile.in b/c++tools/Makefile.in
|
||
|
index d6a33613732..4d5a5b0522b 100644
|
||
|
--- a/c++tools/Makefile.in
|
||
|
+++ b/c++tools/Makefile.in
|
||
|
@@ -28,8 +28,9 @@ AUTOCONF := @AUTOCONF@
|
||
|
AUTOHEADER := @AUTOHEADER@
|
||
|
CXX := @CXX@
|
||
|
CXXFLAGS := @CXXFLAGS@
|
||
|
-PIEFLAG := @PIEFLAG@
|
||
|
-CXXOPTS := $(CXXFLAGS) $(PIEFLAG) -fno-exceptions -fno-rtti
|
||
|
+PICFLAG := @PICFLAG@
|
||
|
+LD_PICFLAG := @LD_PICFLAG@
|
||
|
+CXXOPTS := $(CXXFLAGS) $(PICFLAG) -fno-exceptions -fno-rtti
|
||
|
LDFLAGS := @LDFLAGS@
|
||
|
exeext := @EXEEXT@
|
||
|
LIBIBERTY := ../libiberty/libiberty.a
|
||
|
@@ -87,11 +88,15 @@ ifeq (@CXX_AUX_TOOLS@,yes)
|
||
|
|
||
|
all::g++-mapper-server$(exeext)
|
||
|
|
||
|
+ifneq ($(PICFLAG),)
|
||
|
+override LIBIBERTY := ../libiberty/pic/libiberty.a
|
||
|
+endif
|
||
|
+
|
||
|
MAPPER.O := server.o resolver.o
|
||
|
CODYLIB = ../libcody/libcody.a
|
||
|
CXXINC += -I$(srcdir)/../libcody -I$(srcdir)/../include -I$(srcdir)/../gcc -I.
|
||
|
g++-mapper-server$(exeext): $(MAPPER.O) $(CODYLIB)
|
||
|
- +$(CXX) $(LDFLAGS) $(PIEFLAG) -o $@ $^ $(VERSION.O) $(LIBIBERTY) $(NETLIBS)
|
||
|
+ +$(CXX) $(LDFLAGS) $(PICFLAG) $(LD_PICFLAG) -o $@ $^ $(VERSION.O) $(LIBIBERTY) $(NETLIBS)
|
||
|
|
||
|
# copy to gcc dir so tests there can run
|
||
|
all::../gcc/g++-mapper-server$(exeext)
|
||
|
diff --git a/c++tools/configure b/c++tools/configure
|
||
|
index 742816e4253..88087009383 100755
|
||
|
--- a/c++tools/configure
|
||
|
+++ b/c++tools/configure
|
||
|
@@ -630,7 +630,8 @@ CPP
|
||
|
EGREP
|
||
|
GREP
|
||
|
CXXCPP
|
||
|
-PIEFLAG
|
||
|
+LD_PICFLAG
|
||
|
+PICFLAG
|
||
|
MAINTAINER
|
||
|
CXX_AUX_TOOLS
|
||
|
AUTOHEADER
|
||
|
@@ -700,6 +701,7 @@ enable_c___tools
|
||
|
enable_maintainer_mode
|
||
|
enable_checking
|
||
|
enable_default_pie
|
||
|
+enable_host_pie
|
||
|
with_gcc_major_version_only
|
||
|
'
|
||
|
ac_precious_vars='build_alias
|
||
|
@@ -1333,6 +1335,7 @@ Optional Features:
|
||
|
only specific categories of checks. Categories are:
|
||
|
yes,no,all,none,release.
|
||
|
--enable-default-pie enable Position Independent Executable as default
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
|
||
|
Optional Packages:
|
||
|
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||
|
@@ -2990,12 +2993,20 @@ fi
|
||
|
# Check whether --enable-default-pie was given.
|
||
|
# Check whether --enable-default-pie was given.
|
||
|
if test "${enable_default_pie+set}" = set; then :
|
||
|
- enableval=$enable_default_pie; PIEFLAG=-fPIE
|
||
|
+ enableval=$enable_default_pie; PICFLAG=-fPIE
|
||
|
else
|
||
|
- PIEFLAG=
|
||
|
+ PICFLAG=
|
||
|
fi
|
||
|
|
||
|
|
||
|
+# Enable --enable-host-pie
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
|
||
|
# Check if O_CLOEXEC is defined by fcntl
|
||
|
|
||
|
diff --git a/c++tools/configure.ac b/c++tools/configure.ac
|
||
|
index 6662b5ad7c9..1e42689f2eb 100644
|
||
|
--- a/c++tools/configure.ac
|
||
|
+++ b/c++tools/configure.ac
|
||
|
@@ -102,8 +102,15 @@ fi
|
||
|
AC_ARG_ENABLE(default-pie,
|
||
|
[AS_HELP_STRING([--enable-default-pie],
|
||
|
[enable Position Independent Executable as default])],
|
||
|
-[PIEFLAG=-fPIE], [PIEFLAG=])
|
||
|
-AC_SUBST([PIEFLAG])
|
||
|
+[PICFLAG=-fPIE], [PICFLAG=])
|
||
|
+
|
||
|
+# Enable --enable-host-pie
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])],
|
||
|
+[PICFLAG=-fPIE; LD_PICFLAG=-pie], [])
|
||
|
+AC_SUBST(PICFLAG)
|
||
|
+AC_SUBST(LD_PICFLAG)
|
||
|
|
||
|
# Check if O_CLOEXEC is defined by fcntl
|
||
|
AC_CACHE_CHECK(for O_CLOEXEC, ac_cv_o_cloexec, [
|
||
|
diff --git a/gcc/Makefile.in b/gcc/Makefile.in
|
||
|
index 31ff95500c9..151dbfa54ec 100644
|
||
|
--- a/gcc/Makefile.in
|
||
|
+++ b/gcc/Makefile.in
|
||
|
@@ -155,6 +155,9 @@ LDFLAGS = @LDFLAGS@
|
||
|
# Should we build position-independent host code?
|
||
|
PICFLAG = @PICFLAG@
|
||
|
|
||
|
+# The linker flag for the above.
|
||
|
+LD_PICFLAG = @LD_PICFLAG@
|
||
|
+
|
||
|
# Flags to determine code coverage. When coverage is disabled, this will
|
||
|
# contain the optimization flags, as you normally want code coverage
|
||
|
# without optimization.
|
||
|
@@ -263,18 +266,17 @@ LINKER = $(CC)
|
||
|
LINKER_FLAGS = $(CFLAGS)
|
||
|
endif
|
||
|
|
||
|
+enable_host_pie = @enable_host_pie@
|
||
|
+
|
||
|
# Enable Intel CET on Intel CET enabled host if needed.
|
||
|
CET_HOST_FLAGS = @CET_HOST_FLAGS@
|
||
|
COMPILER += $(CET_HOST_FLAGS)
|
||
|
|
||
|
-NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
|
||
|
-NO_PIE_FLAG = @NO_PIE_FLAG@
|
||
|
-
|
||
|
-# We don't want to compile the compilers with -fPIE, it make PCH fail.
|
||
|
-COMPILER += $(NO_PIE_CFLAGS)
|
||
|
+# Maybe compile the compilers with -fPIE or -fPIC.
|
||
|
+COMPILER += $(PICFLAG)
|
||
|
|
||
|
-# Link with -no-pie since we compile the compiler with -fno-PIE.
|
||
|
-LINKER += $(NO_PIE_FLAG)
|
||
|
+# Link with -pie, or -no-pie, depending on the above.
|
||
|
+LINKER += $(LD_PICFLAG)
|
||
|
|
||
|
# Like LINKER, but use a mutex for serializing front end links.
|
||
|
ifeq (@DO_LINK_MUTEX@,true)
|
||
|
@@ -1057,18 +1059,21 @@ ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS)
|
||
|
ALL_COMPILERFLAGS = $(ALL_CXXFLAGS)
|
||
|
|
||
|
# This is the variable to use when using $(LINKER).
|
||
|
-ALL_LINKERFLAGS = $(ALL_CXXFLAGS)
|
||
|
+ALL_LINKERFLAGS = $(ALL_CXXFLAGS) $(LD_PICFLAG)
|
||
|
|
||
|
# Build and host support libraries.
|
||
|
|
||
|
-# Use the "pic" build of libiberty if --enable-host-shared, unless we are
|
||
|
-# building for mingw.
|
||
|
+# Use the "pic" build of libiberty if --enable-host-shared or --enable-host-pie,
|
||
|
+# unless we are building for mingw.
|
||
|
LIBIBERTY_PICDIR=$(if $(findstring mingw,$(target)),,pic)
|
||
|
-ifeq ($(enable_host_shared),yes)
|
||
|
+ifneq ($(enable_host_shared)$(enable_host_pie),)
|
||
|
LIBIBERTY = ../libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
|
||
|
-BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
|
||
|
else
|
||
|
LIBIBERTY = ../libiberty/libiberty.a
|
||
|
+endif
|
||
|
+ifeq ($(enable_host_shared),yes)
|
||
|
+BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
|
||
|
+else
|
||
|
BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/libiberty.a
|
||
|
endif
|
||
|
|
||
|
diff --git a/gcc/configure b/gcc/configure
|
||
|
index 258b17a226e..bd4fe1fd6ca 100755
|
||
|
--- a/gcc/configure
|
||
|
+++ b/gcc/configure
|
||
|
@@ -632,10 +632,10 @@ ac_includes_default="\
|
||
|
ac_subst_vars='LTLIBOBJS
|
||
|
LIBOBJS
|
||
|
CET_HOST_FLAGS
|
||
|
-NO_PIE_FLAG
|
||
|
-NO_PIE_CFLAGS
|
||
|
-enable_default_pie
|
||
|
+LD_PICFLAG
|
||
|
PICFLAG
|
||
|
+enable_default_pie
|
||
|
+enable_host_pie
|
||
|
enable_host_shared
|
||
|
enable_plugin
|
||
|
pluginlibs
|
||
|
@@ -1025,6 +1025,7 @@ enable_link_serialization
|
||
|
enable_version_specific_runtime_libs
|
||
|
enable_plugin
|
||
|
enable_host_shared
|
||
|
+enable_host_pie
|
||
|
enable_libquadmath_support
|
||
|
with_linker_hash_style
|
||
|
with_diagnostics_color
|
||
|
@@ -1787,6 +1788,7 @@ Optional Features:
|
||
|
in a compiler-specific directory
|
||
|
--enable-plugin enable plugin support
|
||
|
--enable-host-shared build host code as shared libraries
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
--disable-libquadmath-support
|
||
|
disable libquadmath support for Fortran
|
||
|
--enable-default-pie enable Position Independent Executable as default
|
||
|
@@ -32221,13 +32223,17 @@ fi
|
||
|
# Enable --enable-host-shared
|
||
|
# Check whether --enable-host-shared was given.
|
||
|
if test "${enable_host_shared+set}" = set; then :
|
||
|
- enableval=$enable_host_shared; PICFLAG=-fPIC
|
||
|
-else
|
||
|
- PICFLAG=
|
||
|
+ enableval=$enable_host_shared;
|
||
|
fi
|
||
|
|
||
|
|
||
|
|
||
|
+# Enable --enable-host-pie
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie;
|
||
|
+fi
|
||
|
+
|
||
|
|
||
|
|
||
|
# Check whether --enable-libquadmath-support was given.
|
||
|
@@ -32381,10 +32387,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||
|
fi
|
||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5
|
||
|
$as_echo "$gcc_cv_c_no_fpie" >&6; }
|
||
|
-if test "$gcc_cv_c_no_fpie" = "yes"; then
|
||
|
- NO_PIE_CFLAGS="-fno-PIE"
|
||
|
-fi
|
||
|
-
|
||
|
|
||
|
# Check if -no-pie works.
|
||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5
|
||
|
@@ -32409,11 +32411,28 @@ rm -f core conftest.err conftest.$ac_objext \
|
||
|
fi
|
||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5
|
||
|
$as_echo "$gcc_cv_no_pie" >&6; }
|
||
|
-if test "$gcc_cv_no_pie" = "yes"; then
|
||
|
- NO_PIE_FLAG="-no-pie"
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+elif test x$gcc_cv_c_no_fpie = xyes; then
|
||
|
+ PICFLAG=-fno-PIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
+if test x$enable_host_pie = xyes; then
|
||
|
+ LD_PICFLAG=-pie
|
||
|
+elif test x$gcc_cv_no_pie = xyes; then
|
||
|
+ LD_PICFLAG=-no-pie
|
||
|
+else
|
||
|
+ LD_PICFLAG=
|
||
|
fi
|
||
|
|
||
|
|
||
|
+
|
||
|
+
|
||
|
# Enable Intel CET on Intel CET enabled host if jit is enabled.
|
||
|
# Check whether --enable-cet was given.
|
||
|
if test "${enable_cet+set}" = set; then :
|
||
|
diff --git a/gcc/configure.ac b/gcc/configure.ac
|
||
|
index 06750cee977..dca995aeec7 100644
|
||
|
--- a/gcc/configure.ac
|
||
|
+++ b/gcc/configure.ac
|
||
|
@@ -7488,11 +7488,14 @@ fi
|
||
|
# Enable --enable-host-shared
|
||
|
AC_ARG_ENABLE(host-shared,
|
||
|
[AS_HELP_STRING([--enable-host-shared],
|
||
|
- [build host code as shared libraries])],
|
||
|
-[PICFLAG=-fPIC], [PICFLAG=])
|
||
|
+ [build host code as shared libraries])])
|
||
|
AC_SUBST(enable_host_shared)
|
||
|
-AC_SUBST(PICFLAG)
|
||
|
|
||
|
+# Enable --enable-host-pie
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])])
|
||
|
+AC_SUBST(enable_host_pie)
|
||
|
|
||
|
AC_ARG_ENABLE(libquadmath-support,
|
||
|
[AS_HELP_STRING([--disable-libquadmath-support],
|
||
|
@@ -7614,10 +7617,6 @@ AC_CACHE_CHECK([for -fno-PIE option],
|
||
|
[gcc_cv_c_no_fpie=yes],
|
||
|
[gcc_cv_c_no_fpie=no])
|
||
|
CXXFLAGS="$saved_CXXFLAGS"])
|
||
|
-if test "$gcc_cv_c_no_fpie" = "yes"; then
|
||
|
- NO_PIE_CFLAGS="-fno-PIE"
|
||
|
-fi
|
||
|
-AC_SUBST([NO_PIE_CFLAGS])
|
||
|
|
||
|
# Check if -no-pie works.
|
||
|
AC_CACHE_CHECK([for -no-pie option],
|
||
|
@@ -7628,10 +7627,27 @@ AC_CACHE_CHECK([for -no-pie option],
|
||
|
[gcc_cv_no_pie=yes],
|
||
|
[gcc_cv_no_pie=no])
|
||
|
LDFLAGS="$saved_LDFLAGS"])
|
||
|
-if test "$gcc_cv_no_pie" = "yes"; then
|
||
|
- NO_PIE_FLAG="-no-pie"
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+elif test x$gcc_cv_c_no_fpie = xyes; then
|
||
|
+ PICFLAG=-fno-PIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
fi
|
||
|
-AC_SUBST([NO_PIE_FLAG])
|
||
|
+
|
||
|
+if test x$enable_host_pie = xyes; then
|
||
|
+ LD_PICFLAG=-pie
|
||
|
+elif test x$gcc_cv_no_pie = xyes; then
|
||
|
+ LD_PICFLAG=-no-pie
|
||
|
+else
|
||
|
+ LD_PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
+AC_SUBST([PICFLAG])
|
||
|
+AC_SUBST([LD_PICFLAG])
|
||
|
|
||
|
# Enable Intel CET on Intel CET enabled host if jit is enabled.
|
||
|
GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
|
||
|
diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
|
||
|
index 93eae1f2582..be6985646b2 100644
|
||
|
--- a/gcc/doc/install.texi
|
||
|
+++ b/gcc/doc/install.texi
|
||
|
@@ -1021,14 +1021,26 @@ code.
|
||
|
|
||
|
@item --enable-host-shared
|
||
|
Specify that the @emph{host} code should be built into position-independent
|
||
|
-machine code (with -fPIC), allowing it to be used within shared libraries,
|
||
|
-but yielding a slightly slower compiler.
|
||
|
+machine code (with @option{-fPIC}), allowing it to be used within shared
|
||
|
+libraries, but yielding a slightly slower compiler.
|
||
|
|
||
|
This option is required when building the libgccjit.so library.
|
||
|
|
||
|
Contrast with @option{--enable-shared}, which affects @emph{target}
|
||
|
libraries.
|
||
|
|
||
|
+@item --enable-host-pie
|
||
|
+Specify that the @emph{host} executables should be built into
|
||
|
+position-independent executables (with @option{-fPIE} and @option{-pie}),
|
||
|
+yielding a slightly slower compiler (but faster than
|
||
|
+@option{--enable-host-shared}). Position-independent executables are loaded
|
||
|
+at random addresses each time they are executed, therefore provide additional
|
||
|
+protection against Return Oriented Programming (ROP) attacks.
|
||
|
+
|
||
|
+@option{--enable-host-pie}) may be used with @option{--enable-host-shared}),
|
||
|
+in which case @option{-fPIC} is used when compiling, and @option{-pie} when
|
||
|
+linking.
|
||
|
+
|
||
|
@item @anchor{with-gnu-as}--with-gnu-as
|
||
|
Specify that the compiler should assume that the
|
||
|
assembler it finds is the GNU assembler. However, this does not modify
|
||
|
diff --git a/libcody/Makefile.in b/libcody/Makefile.in
|
||
|
index 7eaf8ace8ce..0ff1625a39f 100644
|
||
|
--- a/libcody/Makefile.in
|
||
|
+++ b/libcody/Makefile.in
|
||
|
@@ -31,7 +31,7 @@ endif
|
||
|
CXXOPTS += $(filter-out -DHAVE_CONFIG_H,@DEFS@) -include config.h
|
||
|
|
||
|
# Linker options
|
||
|
-LDFLAGS := @LDFLAGS@
|
||
|
+LDFLAGS := @LDFLAGS@ @LD_PICFLAG@
|
||
|
LIBS := @LIBS@
|
||
|
|
||
|
# Per-source & per-directory compile flags (warning: recursive)
|
||
|
diff --git a/libcody/configure b/libcody/configure
|
||
|
index da52a5cfca5..0e536c0ccb0 100755
|
||
|
--- a/libcody/configure
|
||
|
+++ b/libcody/configure
|
||
|
@@ -591,7 +591,10 @@ configure_args
|
||
|
AR
|
||
|
RANLIB
|
||
|
EXCEPTIONS
|
||
|
+LD_PICFLAG
|
||
|
PICFLAG
|
||
|
+enable_host_pie
|
||
|
+enable_host_shared
|
||
|
OBJEXT
|
||
|
EXEEXT
|
||
|
ac_ct_CXX
|
||
|
@@ -653,6 +656,7 @@ enable_maintainer_mode
|
||
|
with_compiler
|
||
|
enable_checking
|
||
|
enable_host_shared
|
||
|
+enable_host_pie
|
||
|
enable_exceptions
|
||
|
'
|
||
|
ac_precious_vars='build_alias
|
||
|
@@ -1286,6 +1290,7 @@ Optional Features:
|
||
|
yes,no,all,none,release. Flags are: misc,valgrind or
|
||
|
other strings
|
||
|
--enable-host-shared build host code as shared libraries
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
--enable-exceptions enable exceptions & rtti
|
||
|
|
||
|
Optional Packages:
|
||
|
@@ -2635,11 +2640,34 @@ fi
|
||
|
# Enable --enable-host-shared.
|
||
|
# Check whether --enable-host-shared was given.
|
||
|
if test "${enable_host_shared+set}" = set; then :
|
||
|
- enableval=$enable_host_shared; PICFLAG=-fPIC
|
||
|
+ enableval=$enable_host_shared;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
else
|
||
|
PICFLAG=
|
||
|
fi
|
||
|
|
||
|
+if test x$enable_host_pie = xyes; then
|
||
|
+ LD_PICFLAG=-pie
|
||
|
+else
|
||
|
+ LD_PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
|
||
|
|
||
|
# Check whether --enable-exceptions was given.
|
||
|
diff --git a/libcody/configure.ac b/libcody/configure.ac
|
||
|
index 960191ecb72..14e8dd4a226 100644
|
||
|
--- a/libcody/configure.ac
|
||
|
+++ b/libcody/configure.ac
|
||
|
@@ -63,9 +63,31 @@ fi
|
||
|
# Enable --enable-host-shared.
|
||
|
AC_ARG_ENABLE(host-shared,
|
||
|
[AS_HELP_STRING([--enable-host-shared],
|
||
|
- [build host code as shared libraries])],
|
||
|
-[PICFLAG=-fPIC], [PICFLAG=])
|
||
|
+ [build host code as shared libraries])])
|
||
|
+AC_SUBST(enable_host_shared)
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])])
|
||
|
+AC_SUBST(enable_host_pie)
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
+if test x$enable_host_pie = xyes; then
|
||
|
+ LD_PICFLAG=-pie
|
||
|
+else
|
||
|
+ LD_PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
AC_SUBST(PICFLAG)
|
||
|
+AC_SUBST(LD_PICFLAG)
|
||
|
|
||
|
NMS_ENABLE_EXCEPTIONS
|
||
|
|
||
|
diff --git a/libcpp/configure b/libcpp/configure
|
||
|
index 75145390215..85168273cd1 100755
|
||
|
--- a/libcpp/configure
|
||
|
+++ b/libcpp/configure
|
||
|
@@ -625,6 +625,8 @@ ac_includes_default="\
|
||
|
ac_subst_vars='LTLIBOBJS
|
||
|
CET_HOST_FLAGS
|
||
|
PICFLAG
|
||
|
+enable_host_pie
|
||
|
+enable_host_shared
|
||
|
MAINT
|
||
|
USED_CATALOGS
|
||
|
PACKAGE
|
||
|
@@ -738,6 +740,7 @@ enable_maintainer_mode
|
||
|
enable_checking
|
||
|
enable_canonical_system_headers
|
||
|
enable_host_shared
|
||
|
+enable_host_pie
|
||
|
enable_cet
|
||
|
enable_valgrind_annotations
|
||
|
'
|
||
|
@@ -1379,6 +1382,7 @@ Optional Features:
|
||
|
--enable-canonical-system-headers
|
||
|
enable or disable system headers canonicalization
|
||
|
--enable-host-shared build host code as shared libraries
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
--enable-cet enable Intel CET in host libraries [default=auto]
|
||
|
--enable-valgrind-annotations
|
||
|
enable valgrind runtime interaction
|
||
|
@@ -7605,7 +7609,23 @@ esac
|
||
|
# Enable --enable-host-shared.
|
||
|
# Check whether --enable-host-shared was given.
|
||
|
if test "${enable_host_shared+set}" = set; then :
|
||
|
- enableval=$enable_host_shared; PICFLAG=-fPIC
|
||
|
+ enableval=$enable_host_shared;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
else
|
||
|
PICFLAG=
|
||
|
fi
|
||
|
diff --git a/libcpp/configure.ac b/libcpp/configure.ac
|
||
|
index 9b6042518e5..d25bf5f414f 100644
|
||
|
--- a/libcpp/configure.ac
|
||
|
+++ b/libcpp/configure.ac
|
||
|
@@ -211,8 +211,23 @@ esac
|
||
|
# Enable --enable-host-shared.
|
||
|
AC_ARG_ENABLE(host-shared,
|
||
|
[AS_HELP_STRING([--enable-host-shared],
|
||
|
- [build host code as shared libraries])],
|
||
|
-[PICFLAG=-fPIC], [PICFLAG=])
|
||
|
+ [build host code as shared libraries])])
|
||
|
+AC_SUBST(enable_host_shared)
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])])
|
||
|
+AC_SUBST(enable_host_pie)
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
AC_SUBST(PICFLAG)
|
||
|
|
||
|
# Enable Intel CET on Intel CET enabled host if jit is enabled.
|
||
|
diff --git a/libdecnumber/configure b/libdecnumber/configure
|
||
|
index da5302f9315..d805fdeab5a 100755
|
||
|
--- a/libdecnumber/configure
|
||
|
+++ b/libdecnumber/configure
|
||
|
@@ -626,6 +626,8 @@ ac_subst_vars='LTLIBOBJS
|
||
|
LIBOBJS
|
||
|
CET_HOST_FLAGS
|
||
|
PICFLAG
|
||
|
+enable_host_pie
|
||
|
+enable_host_shared
|
||
|
ADDITIONAL_OBJS
|
||
|
enable_decimal_float
|
||
|
target_os
|
||
|
@@ -706,6 +708,7 @@ enable_werror_always
|
||
|
enable_maintainer_mode
|
||
|
enable_decimal_float
|
||
|
enable_host_shared
|
||
|
+enable_host_pie
|
||
|
enable_cet
|
||
|
'
|
||
|
ac_precious_vars='build_alias
|
||
|
@@ -1338,6 +1341,7 @@ Optional Features:
|
||
|
or 'dpd' choses which decimal floating point format
|
||
|
to use
|
||
|
--enable-host-shared build host code as shared libraries
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
--enable-cet enable Intel CET in host libraries [default=auto]
|
||
|
|
||
|
Some influential environment variables:
|
||
|
@@ -5185,7 +5189,23 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
|
||
|
# Enable --enable-host-shared.
|
||
|
# Check whether --enable-host-shared was given.
|
||
|
if test "${enable_host_shared+set}" = set; then :
|
||
|
- enableval=$enable_host_shared; PICFLAG=-fPIC
|
||
|
+ enableval=$enable_host_shared;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
else
|
||
|
PICFLAG=
|
||
|
fi
|
||
|
diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac
|
||
|
index 0794031ec83..14f67f926d1 100644
|
||
|
--- a/libdecnumber/configure.ac
|
||
|
+++ b/libdecnumber/configure.ac
|
||
|
@@ -100,8 +100,23 @@ AC_C_BIGENDIAN
|
||
|
# Enable --enable-host-shared.
|
||
|
AC_ARG_ENABLE(host-shared,
|
||
|
[AS_HELP_STRING([--enable-host-shared],
|
||
|
- [build host code as shared libraries])],
|
||
|
-[PICFLAG=-fPIC], [PICFLAG=])
|
||
|
+ [build host code as shared libraries])])
|
||
|
+AC_SUBST(enable_host_shared)
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])])
|
||
|
+AC_SUBST(enable_host_pie)
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
+fi
|
||
|
+
|
||
|
AC_SUBST(PICFLAG)
|
||
|
|
||
|
# Enable Intel CET on Intel CET enabled host if jit is enabled.
|
||
|
diff --git a/zlib/configure b/zlib/configure
|
||
|
index f489f31bc70..0dfc1982844 100755
|
||
|
--- a/zlib/configure
|
||
|
+++ b/zlib/configure
|
||
|
@@ -635,6 +635,8 @@ am__EXEEXT_TRUE
|
||
|
LTLIBOBJS
|
||
|
LIBOBJS
|
||
|
PICFLAG
|
||
|
+enable_host_pie
|
||
|
+enable_host_shared
|
||
|
TARGET_LIBRARY_FALSE
|
||
|
TARGET_LIBRARY_TRUE
|
||
|
toolexeclibdir
|
||
|
@@ -778,6 +780,7 @@ with_gnu_ld
|
||
|
enable_libtool_lock
|
||
|
with_toolexeclibdir
|
||
|
enable_host_shared
|
||
|
+enable_host_pie
|
||
|
'
|
||
|
ac_precious_vars='build_alias
|
||
|
host_alias
|
||
|
@@ -1420,6 +1423,7 @@ Optional Features:
|
||
|
optimize for fast installation [default=yes]
|
||
|
--disable-libtool-lock avoid locking (might break parallel builds)
|
||
|
--enable-host-shared build host code as shared libraries
|
||
|
+ --enable-host-pie build host code as PIE
|
||
|
|
||
|
Optional Packages:
|
||
|
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||
|
@@ -4169,7 +4173,7 @@ case "$host" in
|
||
|
case "$enable_cet" in
|
||
|
auto)
|
||
|
# Check if target supports multi-byte NOPs
|
||
|
- # and if assembler supports CET insn.
|
||
|
+ # and if compiler and assembler support CET insn.
|
||
|
cet_save_CFLAGS="$CFLAGS"
|
||
|
CFLAGS="$CFLAGS -fcf-protection"
|
||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||
|
@@ -11524,15 +11528,31 @@ else
|
||
|
multilib_arg=
|
||
|
fi
|
||
|
|
||
|
+# Enable --enable-host-shared.
|
||
|
# Check whether --enable-host-shared was given.
|
||
|
if test "${enable_host_shared+set}" = set; then :
|
||
|
- enableval=$enable_host_shared; PICFLAG=-fPIC
|
||
|
+ enableval=$enable_host_shared;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+# Check whether --enable-host-pie was given.
|
||
|
+if test "${enable_host_pie+set}" = set; then :
|
||
|
+ enableval=$enable_host_pie;
|
||
|
+fi
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
else
|
||
|
PICFLAG=
|
||
|
fi
|
||
|
|
||
|
|
||
|
-
|
||
|
ac_config_files="$ac_config_files Makefile"
|
||
|
|
||
|
cat >confcache <<\_ACEOF
|
||
|
diff --git a/zlib/configure.ac b/zlib/configure.ac
|
||
|
index be1cfe29651..adf7aad4e51 100644
|
||
|
--- a/zlib/configure.ac
|
||
|
+++ b/zlib/configure.ac
|
||
|
@@ -122,11 +122,26 @@ else
|
||
|
multilib_arg=
|
||
|
fi
|
||
|
|
||
|
+# Enable --enable-host-shared.
|
||
|
AC_ARG_ENABLE(host-shared,
|
||
|
[AS_HELP_STRING([--enable-host-shared],
|
||
|
- [build host code as shared libraries])],
|
||
|
-[PICFLAG=-fPIC], [PICFLAG=])
|
||
|
-AC_SUBST(PICFLAG)
|
||
|
+ [build host code as shared libraries])])
|
||
|
+AC_SUBST(enable_host_shared)
|
||
|
+
|
||
|
+# Enable --enable-host-pie.
|
||
|
+AC_ARG_ENABLE(host-pie,
|
||
|
+[AS_HELP_STRING([--enable-host-pie],
|
||
|
+ [build host code as PIE])])
|
||
|
+AC_SUBST(enable_host_pie)
|
||
|
+
|
||
|
+if test x$enable_host_shared = xyes; then
|
||
|
+ PICFLAG=-fPIC
|
||
|
+elif test x$enable_host_pie = xyes; then
|
||
|
+ PICFLAG=-fPIE
|
||
|
+else
|
||
|
+ PICFLAG=
|
||
|
+fi
|
||
|
|
||
|
+AC_SUBST(PICFLAG)
|
||
|
AC_CONFIG_FILES([Makefile])
|
||
|
AC_OUTPUT
|
||
|
|
||
|
base-commit: ee50b4383a0dca88172c3a821418344bd7391956
|
||
|
--
|
||
|
2.34.1
|
||
|
|