* [Buildroot] [PATCH] trousers: disable pie option on ARC
@ 2016-01-15 12:21 Lada Trimasova
2016-01-15 13:33 ` Thomas Petazzoni
0 siblings, 1 reply; 4+ messages in thread
From: Lada Trimasova @ 2016-01-15 12:21 UTC (permalink / raw)
To: buildroot
ARC gcc understands "-pie" option and attempts to generate PIE
binaries as of today PIE is not really supported for user-space
applications. So we provide option which can make relro and pie usage
optional and disable PIE detection if building for ARC. Also AUTORECONF
option should be added because of modified configure.in and Makefile.am
files.
Signed-off-by: Lada Trimasova <ltrimas@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
---
package/trousers/0002-add-pie-option.patch | 69 ++++++++++++++++++++++++++++++
package/trousers/trousers.mk | 8 ++++
2 files changed, 77 insertions(+)
create mode 100644 package/trousers/0002-add-pie-option.patch
diff --git a/package/trousers/0002-add-pie-option.patch b/package/trousers/0002-add-pie-option.patch
new file mode 100644
index 0000000..95a2f01
--- /dev/null
+++ b/package/trousers/0002-add-pie-option.patch
@@ -0,0 +1,69 @@
+Even though ARC gcc understands "-pie" option and attempts
+to generate PIE binaries as of today PIE is not really supported
+for user-space applications. Trousers configure scripts don't provide
+any options which can disable "-pie" usage. This patch provides an
+option to make PIE usage optional.
+
+Signed-off-by: Lada Trimasova <ltrimas@synopsys.com>
+
+
+diff -Naur trousers.orig/configure.in trousers/configure.in
+--- trousers.orig/configure.in 2014-04-24 22:05:43.000000000 +0400
++++ trousers/configure.in 2016-01-15 13:15:44.486371425 +0300
+@@ -144,6 +144,18 @@
+ AC_MSG_ERROR(["gtk", "openssl" and "none" are the only supported gui options for trousers])
+ fi
+
++#"enable" options
++ AC_ARG_ENABLE(pie,
++ [AC_HELP_STRING([--enable-pie],
++ [Produce position independent executables @<:@default=yes@:>@])],
++ enable_pie=$enableval,
++ enable_pie="maybe")
++
++AC_ARG_ENABLE(relro,
++ [AC_HELP_STRING([--enable-relro],
++ [Enable relocations read-only support @<:@default=yes@:>@])],
++ enable_relro=$enableval,
++ enable_relro="maybe")
+ #
+ # The default port that the TCS daemon listens on
+ #
+@@ -383,6 +395,21 @@
+ localstatedir="/usr/local/var"
+ fi
+
++if test $enable_pie != "no"; then
++ PIE_CFLAGS="-fpie -pie"
++else
++ PIE_CFLAGS=""
++fi
++AC_SUBST([PIE_CFLAGS])
++
++if test $enable_relro != "no"; then
++ RELRO_CFLAGS="-Wl,-z,relro"
++else
++ RELRO_CFLAGS=""
++fi
++AC_SUBST([RELRO_CFLAGS])
++
++
+ AC_OUTPUT(dist/tcsd.conf \
+ dist/fedora/trousers.spec \
+ dist/trousers.spec \
+
+diff -Naur trousers.orig/src/tcsd/Makefile.am trousers/src/tcsd/Makefile.am
+--- trousers.orig/src/tcsd/Makefile.am 2014-04-24 22:05:44.000000000 +0400
++++ trousers/src/tcsd/Makefile.am 2016-01-15 13:15:44.486371425 +0300
+@@ -2,8 +2,7 @@
+
+ tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIE -DPIE
+ tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@
+-tcsd_LDFLAGS=-pie -Wl,-z,relro -Wl,-z,now
+-
++tcsd_LDFLAGS=$(PIE_CFLAGS) $(RELRO_CFLAGS)
+ tcsd_SOURCES=svrside.c tcsd_conf.c tcsd_threads.c platform.c
+
+ if TSS_BUILD_PS
+
+
diff --git a/package/trousers/trousers.mk b/package/trousers/trousers.mk
index 5ecab70..1397ac4 100644
--- a/package/trousers/trousers.mk
+++ b/package/trousers/trousers.mk
@@ -10,6 +10,8 @@ TROUSERS_SITE = http://downloads.sourceforge.net/project/trousers/trousers/$(TRO
TROUSERS_LICENSE = BSD-3c
TROUSERS_LICENSE_FILES = LICENSE
TROUSERS_INSTALL_STAGING = YES
+# Need autoreconf because of a patch touching configure.in and Makefile.am
+TROUSERS_AUTORECONF = YES
TROUSERS_DEPENDENCIES = openssl
ifeq ($(BR2_PACKAGE_LIBICONV),y)
@@ -21,4 +23,10 @@ endif
# workaround.
TROUSERS_CONF_OPTS += --disable-usercheck
+# uClibc toolchain for ARC doesn't support PIE at the moment
+ifeq ($(BR2_arc),y)
+TROUSERS_CONF_OPTS += --disable-pie
+endif
+
+
$(eval $(autotools-package))
--
2.5.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* [Buildroot] [PATCH] trousers: disable pie option on ARC
2016-01-15 12:21 [Buildroot] [PATCH] trousers: disable pie option on ARC Lada Trimasova
@ 2016-01-15 13:33 ` Thomas Petazzoni
2016-01-15 13:56 ` Alexey Brodkin
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2016-01-15 13:33 UTC (permalink / raw)
To: buildroot
Dear Lada Trimasova,
On Fri, 15 Jan 2016 15:21:48 +0300, Lada Trimasova wrote:
> ARC gcc understands "-pie" option and attempts to generate PIE
> binaries as of today PIE is not really supported for user-space
> applications. So we provide option which can make relro and pie usage
> optional and disable PIE detection if building for ARC. Also AUTORECONF
> option should be added because of modified configure.in and Makefile.am
> files.
>
> Signed-off-by: Lada Trimasova <ltrimas@synopsys.com>
> Cc: Alexey Brodkin <abrodkin@synopsys.com>
> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> Cc: Peter Korsgaard <peter@korsgaard.com>
Thanks for the new patch. See some comments below.
> ---
> package/trousers/0002-add-pie-option.patch | 69 ++++++++++++++++++++++++++++++
> package/trousers/trousers.mk | 8 ++++
> 2 files changed, 77 insertions(+)
> create mode 100644 package/trousers/0002-add-pie-option.patch
>
> diff --git a/package/trousers/0002-add-pie-option.patch b/package/trousers/0002-add-pie-option.patch
> new file mode 100644
> index 0000000..95a2f01
> --- /dev/null
> +++ b/package/trousers/0002-add-pie-option.patch
> @@ -0,0 +1,69 @@
> +Even though ARC gcc understands "-pie" option and attempts
> +to generate PIE binaries as of today PIE is not really supported
> +for user-space applications. Trousers configure scripts don't provide
> +any options which can disable "-pie" usage. This patch provides an
> +option to make PIE usage optional.
> +
> +Signed-off-by: Lada Trimasova <ltrimas@synopsys.com>
Could you use Git to create this patch? The existing patch on the
trousers package is a Git formatted patch, so it would be good if
additional patches were git formatted as well. The upstream project
uses Git, so it is easy to do.
> ++#"enable" options
> ++ AC_ARG_ENABLE(pie,
> ++ [AC_HELP_STRING([--enable-pie],
> ++ [Produce position independent executables @<:@default=yes@:>@])],
> ++ enable_pie=$enableval,
> ++ enable_pie="maybe")
This last line should probably be:
enable_pie="yes"
Because we're actually enabling pie by default.
> ++
> ++AC_ARG_ENABLE(relro,
> ++ [AC_HELP_STRING([--enable-relro],
> ++ [Enable relocations read-only support @<:@default=yes@:>@])],
> ++ enable_relro=$enableval,
> ++ enable_relro="maybe")
Ditto.
> + #
> + # The default port that the TCS daemon listens on
> + #
> +@@ -383,6 +395,21 @@
> + localstatedir="/usr/local/var"
> + fi
> +
> ++if test $enable_pie != "no"; then
> ++ PIE_CFLAGS="-fpie -pie"
> ++else
> ++ PIE_CFLAGS=""
> ++fi
> ++AC_SUBST([PIE_CFLAGS])
> ++
> ++if test $enable_relro != "no"; then
> ++ RELRO_CFLAGS="-Wl,-z,relro"
> ++else
> ++ RELRO_CFLAGS=""
> ++fi
> ++AC_SUBST([RELRO_CFLAGS])
> ++
> ++
> + AC_OUTPUT(dist/tcsd.conf \
> + dist/fedora/trousers.spec \
> + dist/trousers.spec \
> +
> +diff -Naur trousers.orig/src/tcsd/Makefile.am trousers/src/tcsd/Makefile.am
> +--- trousers.orig/src/tcsd/Makefile.am 2014-04-24 22:05:44.000000000 +0400
> ++++ trousers/src/tcsd/Makefile.am 2016-01-15 13:15:44.486371425 +0300
> +@@ -2,8 +2,7 @@
> +
> + tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIE -DPIE
We probably want to remove -fPIE -DPIE when PIE support is disabled.
> + tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@
> +-tcsd_LDFLAGS=-pie -Wl,-z,relro -Wl,-z,now
> +-
> ++tcsd_LDFLAGS=$(PIE_CFLAGS) $(RELRO_CFLAGS)
This should be:
tcsd_LDFLAGS=@PIE_CFLAGS@ @RELRO_CFLAGS@
*But* as you can see, those are CFLAGS, but LDFLAGS, so the variables
should really be named PIE_LDFLAGS and RELRO_LDFLAGS. However, -fpie is
a CFLAGS, so it shouldn't be in PIE_LDFLAGS.
> +# uClibc toolchain for ARC doesn't support PIE at the moment
> +ifeq ($(BR2_arc),y)
> +TROUSERS_CONF_OPTS += --disable-pie
> +endif
> +
> +
One empty new line is enough.
Also, could you submit this patch upstream ?
Now that I think of it, what would be even better than adding a new
config option is to simply test if the compiler is capable of linking a
simple PIE binary. If the compiler is PIE capable, then trousers would
use PIE, otherwise not.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread* [Buildroot] [PATCH] trousers: disable pie option on ARC
2016-01-15 13:33 ` Thomas Petazzoni
@ 2016-01-15 13:56 ` Alexey Brodkin
2016-01-15 14:05 ` Thomas Petazzoni
0 siblings, 1 reply; 4+ messages in thread
From: Alexey Brodkin @ 2016-01-15 13:56 UTC (permalink / raw)
To: buildroot
Hi Thomas, Lada,
On Fri, 2016-01-15 at 14:33 +0100, Thomas Petazzoni wrote:
> Dear Lada Trimasova,
>
> On Fri, 15 Jan 2016 15:21:48 +0300, Lada Trimasova wrote:
> > ARC gcc understands "-pie" option and attempts to generate PIE
> > binaries as of today PIE is not really supported for user-space
> > applications. So we provide option which can make relro and pie usage
> > optional and disable PIE detection if building for ARC. Also AUTORECONF
> > option should be added because of modified configure.in and Makefile.am
> > files.
> >
> > Signed-off-by: Lada Trimasova <ltrimas@synopsys.com>
> > Cc: Alexey Brodkin <abrodkin@synopsys.com>
> > Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> > Cc: Peter Korsgaard <peter@korsgaard.com>
[snip]
> Now that I think of it, what would be even better than adding a new
> config option is to simply test if the compiler is capable of linking a
> simple PIE binary. If the compiler is PIE capable, then trousers would
> use PIE, otherwise not.
I'm afraid that won't work for ARC. That's because simple apps could be
built but as we've seen already more complicated apps will fail to build.
I.e. we need to have an ability to force disable PIE on ARC.
Still check for PIE makes perfect sense but in addition to it we'll
need a way to disable that check and force disable PIE.
-Alexey
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] trousers: disable pie option on ARC
2016-01-15 13:56 ` Alexey Brodkin
@ 2016-01-15 14:05 ` Thomas Petazzoni
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2016-01-15 14:05 UTC (permalink / raw)
To: buildroot
Alexey,
On Fri, 15 Jan 2016 13:56:07 +0000, Alexey Brodkin wrote:
> I'm afraid that won't work for ARC. That's because simple apps could be
> built but as we've seen already more complicated apps will fail to build.
> I.e. we need to have an ability to force disable PIE on ARC.
Aah, okay.
> Still check for PIE makes perfect sense but in addition to it we'll
> need a way to disable that check and force disable PIE.
Indeed. Then a compiler check could be done by the configure script,
and the Buildroot packages could specify the appropriate ac_cv_<foo>=no
variable.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-01-15 14:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-15 12:21 [Buildroot] [PATCH] trousers: disable pie option on ARC Lada Trimasova
2016-01-15 13:33 ` Thomas Petazzoni
2016-01-15 13:56 ` Alexey Brodkin
2016-01-15 14:05 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox