mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-27 11:43:34 +08:00
9d7a3741c9
Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass address of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless whether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise.
249 lines
6.9 KiB
C
249 lines
6.9 KiB
C
/* Define if building with SELinux support. Set by --with-selinux. */
|
||
#undef HAVE_SELINUX
|
||
|
||
/* Defined if building with SELinux support & audit libs are detected. */
|
||
#undef HAVE_LIBAUDIT
|
||
|
||
/* Defined if building with SELinux support & libcap libs are detected. */
|
||
#undef HAVE_LIBCAP
|
||
|
||
/* Define to the assembler line separator character for multiple
|
||
assembler instructions per line. Default is `;' */
|
||
#undef ASM_LINE_SEP
|
||
|
||
/* Define if __attribute__((section("foo"))) puts quotes around foo. */
|
||
#undef HAVE_SECTION_QUOTES
|
||
|
||
/* Define if the assembler supports the `.set' directive. */
|
||
#undef HAVE_ASM_SET_DIRECTIVE
|
||
|
||
/* On powerpc64, use overlapping .opd entries. */
|
||
#undef USE_PPC64_OVERLAPPING_OPD
|
||
|
||
/* Define if _Unwind_Find_FDE should be exported from glibc. */
|
||
#undef EXPORT_UNWIND_FIND_FDE
|
||
|
||
/* Define if static NSS modules are wanted. */
|
||
#undef DO_STATIC_NSS
|
||
|
||
/* Assume that the compiler supports __builtin_expect.
|
||
This macro is necessary for proper compilation of code
|
||
shared between GNU libc and GNU gettext projects. */
|
||
#define HAVE_BUILTIN_EXPECT 1
|
||
|
||
/* Define if the compiler supports __builtin_memset. */
|
||
#undef HAVE_BUILTIN_MEMSET
|
||
|
||
/* Define if compiler accepts -ftree-loop-distribute-patterns. */
|
||
#undef HAVE_CC_INHIBIT_LOOP_TO_LIBCALL
|
||
|
||
/* Define if compiler accepts -fno-stack-protector in an
|
||
__attribute__ ((__optimize__)). */
|
||
#undef HAVE_CC_NO_STACK_PROTECTOR
|
||
|
||
/* The level of stack protection in use for glibc as a whole.
|
||
May be overridden on a file-by-file basis. */
|
||
#ifndef STACK_PROTECTOR_LEVEL
|
||
#undef STACK_PROTECTOR_LEVEL
|
||
#endif
|
||
|
||
/* Defined on SPARC if GCC emits GOTDATA relocations. */
|
||
#undef HAVE_GCC_GOTDATA
|
||
|
||
/* Define if the linker supports the -z combreloc option. */
|
||
#undef HAVE_Z_COMBRELOC
|
||
|
||
/* Define if _rtld_local structure should be forced into .sdata section. */
|
||
#undef HAVE_SDATA_SECTION
|
||
|
||
/* Define if compiler supports AVX512. */
|
||
#undef HAVE_AVX512_SUPPORT
|
||
|
||
/* Define if assembler supports AVX512DQ. */
|
||
#undef HAVE_AVX512DQ_ASM_SUPPORT
|
||
|
||
/* Define if assembler supports z196 zarch instructions as default on S390. */
|
||
#undef HAVE_S390_MIN_Z196_ZARCH_ASM_SUPPORT
|
||
|
||
/* Define if assembler supports vector instructions on S390. */
|
||
#undef HAVE_S390_VX_ASM_SUPPORT
|
||
|
||
/* Define if gcc supports vector registers as clobbers in inline assembly
|
||
on S390. */
|
||
#undef HAVE_S390_VX_GCC_SUPPORT
|
||
|
||
/* Define if assembler supports Intel MPX. */
|
||
#undef HAVE_MPX_SUPPORT
|
||
|
||
/* Define if the compiler\'s exception support is based on libunwind. */
|
||
#undef HAVE_CC_WITH_LIBUNWIND
|
||
|
||
/* Define if the access to static and hidden variables is position independent
|
||
and does not need relocations. */
|
||
#undef PI_STATIC_AND_HIDDEN
|
||
|
||
/* Define this to disable the 'hidden_proto' et al macros in
|
||
include/libc-symbols.h that avoid PLT slots in PIE. */
|
||
#undef NO_HIDDEN_EXTERN_FUNC_IN_PIE
|
||
|
||
/* Define this to disable the 'hidden_proto' et al macros in
|
||
include/libc-symbols.h that avoid PLT slots in the shared objects. */
|
||
#undef NO_HIDDEN
|
||
|
||
/* Define this to disable in rtld the 'hidden_proto' et al macros in
|
||
include/libc-symbols.h that avoid PLT slots in the shared objects. */
|
||
#undef NO_RTLD_HIDDEN
|
||
|
||
/* Define this to disable lazy relocations in DSOs. */
|
||
#undef BIND_NOW
|
||
|
||
/* AArch64 big endian ABI */
|
||
#undef HAVE_AARCH64_BE
|
||
|
||
|
||
/* Linux specific: minimum supported kernel version. */
|
||
#undef __LINUX_KERNEL_VERSION
|
||
|
||
/* Override abi-tags ABI version if necessary. */
|
||
#undef __ABI_TAG_VERSION
|
||
|
||
/* Mach/Hurd specific: define if mig supports the `retcode' keyword. */
|
||
#undef HAVE_MIG_RETCODE
|
||
|
||
/* Mach specific: define if the `host_page_size' RPC is available. */
|
||
#undef HAVE_HOST_PAGE_SIZE
|
||
|
||
/* Mach/i386 specific: define if the `i386_io_perm_*' RPCs are available. */
|
||
#undef HAVE_I386_IO_PERM_MODIFY
|
||
|
||
/* Mach/i386 specific: define if the `i386_set_gdt' RPC is available. */
|
||
#undef HAVE_I386_SET_GDT
|
||
|
||
/* Defined of libidn is available. */
|
||
#undef HAVE_LIBIDN
|
||
|
||
/* Define if inlined system calls are available. */
|
||
#undef HAVE_INLINED_SYSCALLS
|
||
|
||
/* Define if your compiler defaults to -msecure-plt mode on ppc. */
|
||
#undef HAVE_PPC_SECURE_PLT
|
||
|
||
/* Define if __stack_chk_guard canary should be randomized at program startup. */
|
||
#undef ENABLE_STACKGUARD_RANDOMIZE
|
||
|
||
/* Package description. */
|
||
#undef PKGVERSION
|
||
|
||
/* Bug reporting address. */
|
||
#undef REPORT_BUGS_TO
|
||
|
||
/* Define if multi-arch DSOs should be generated. */
|
||
#undef USE_MULTIARCH
|
||
|
||
/* Define if `.ctors' and `.dtors' sections shouldn't be used. */
|
||
#undef NO_CTORS_DTORS_SECTIONS
|
||
|
||
/* Define if obsolete RPC code should be made available for user-level code
|
||
to link against. */
|
||
#undef LINK_OBSOLETE_RPC
|
||
|
||
/* Define if obsolete libnsl code should be made available for user-level
|
||
code to link against. */
|
||
#undef LINK_OBSOLETE_NSL
|
||
|
||
/* Define if Systemtap <sys/sdt.h> probes should be defined. */
|
||
#undef USE_STAP_PROBE
|
||
|
||
/* Define if library functions should try to contact the nscd daemon. */
|
||
#undef USE_NSCD
|
||
|
||
/* Define if the dynamic linker should consult an ld.so.cache file. */
|
||
#undef USE_LDCONFIG
|
||
|
||
/* Define to 1 if STT_GNU_IFUNC support actually works. */
|
||
#define HAVE_IFUNC 0
|
||
|
||
/* Define if gcc supports attribute ifunc. */
|
||
#undef HAVE_GCC_IFUNC
|
||
|
||
/* Define if the linker defines __ehdr_start. */
|
||
#undef HAVE_EHDR_START
|
||
|
||
/*
|
||
*/
|
||
|
||
#ifndef _LIBC
|
||
|
||
/* These symbols might be defined by some sysdeps configures.
|
||
They are used only in miscellaneous generator programs, not
|
||
in compiling libc itself. */
|
||
|
||
/* sysdeps/generic/configure.ac */
|
||
#undef HAVE_PSIGNAL
|
||
|
||
/* sysdeps/unix/configure.ac */
|
||
#undef HAVE_STRERROR
|
||
|
||
/* sysdeps/unix/common/configure.ac */
|
||
#undef HAVE_SYS_SIGLIST
|
||
#undef HAVE__SYS_SIGLIST
|
||
#undef HAVE__CTYPE_
|
||
#undef HAVE___CTYPE_
|
||
#undef HAVE___CTYPE
|
||
#undef HAVE__CTYPE__
|
||
#undef HAVE__CTYPE
|
||
#undef HAVE__LOCP
|
||
|
||
#endif
|
||
|
||
/*
|
||
*/
|
||
|
||
#ifdef _LIBC
|
||
|
||
/* The zic and zdump programs need these definitions. */
|
||
|
||
#define HAVE_STRERROR 1
|
||
|
||
/* The locale code needs these definitions. */
|
||
|
||
#define HAVE_REGEX 1
|
||
|
||
/* The ARM hard-float ABI is being used. */
|
||
#undef HAVE_ARM_PCS_VFP
|
||
|
||
/* The ARM movw/movt instructions using PC-relative relocs work right. */
|
||
#define ARM_PCREL_MOVW_OK 0
|
||
|
||
/* The pt_chown binary is being built and used by grantpt. */
|
||
#define HAVE_PT_CHOWN 0
|
||
|
||
/* Define if the compiler supports __builtin_trap without
|
||
any external dependencies such as making a function call. */
|
||
#define HAVE_BUILTIN_TRAP 0
|
||
|
||
/* ports/sysdeps/mips/configure.in */
|
||
/* Define if using the IEEE 754-2008 NaN encoding on the MIPS target. */
|
||
#undef HAVE_MIPS_NAN2008
|
||
|
||
/* The PowerPC64 ELFv2 ABI is being used. */
|
||
#undef HAVE_ELFV2_ABI
|
||
|
||
/* PowerPC32 uses fcfid for integer to floating point conversions. */
|
||
#define HAVE_PPC_FCFID 0
|
||
|
||
/* PowerPC32 uses fctidz for floating point to long long conversions. */
|
||
#define HAVE_PPC_FCTIDZ 0
|
||
|
||
/* Build glibc with tunables support. */
|
||
#define HAVE_TUNABLES 0
|
||
|
||
/* Define if static PIE is enabled. */
|
||
#define ENABLE_STATIC_PIE 0
|
||
|
||
/* Some compiler options may now allow to use ebp in __asm__ (used mainly
|
||
in i386 6 argument syscall issue). */
|
||
#define CAN_USE_REGISTER_ASM_EBP 0
|
||
|
||
#endif
|