[Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Kirill A. Shutemov]

Now we can drop link hack for i386 and fix text relocations on i386 host.

v2:
  - Add configure options do enable/disable PIE for usermode targets.
    Disabling can be useful if you build uswing toolchain which has
    broken PIE support. PIE for usermode targets enabled by default.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 Makefile          |   10 +---------
 Makefile.target   |   19 +++++++++++++++----
 configure         |   26 +++++++++++++++-----------
 linux-user/main.c |   20 --------------------
 4 files changed, 31 insertions(+), 44 deletions(-)

diff --git a/Makefile b/Makefile
index bdac9b3..634ea81 100644
--- a/Makefile
+++ b/Makefile
@@ -39,8 +39,6 @@ subdir-%:
 	$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" TARGET_DIR="$*/" all,)
 
 $(filter %-softmmu,$(SUBDIR_RULES)): libqemu_common.a
-$(filter %-user,$(SUBDIR_RULES)): libqemu_user.a
-
 
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
 romsubdir-%:
@@ -74,7 +72,7 @@ block-obj-y +=  $(addprefix block/, $(block-nested-y))
 # CPUs and machines.
 
 obj-y = $(block-obj-y)
-obj-y += readline.o console.o host-utils.o
+obj-y += readline.o console.o
 
 obj-y += irq.o ptimer.o
 obj-y += i2c.o smbus.o smbus_eeprom.o max7310.o max111x.o wm8750.o
@@ -161,12 +159,6 @@ bt-host.o: QEMU_CFLAGS += $(BLUEZ_CFLAGS)
 
 libqemu_common.a: $(obj-y)
 
-#######################################################################
-# user-obj-y is code used by qemu userspace emulation
-user-obj-y = cutils.o cache-utils.o path.o envlist.o host-utils.o
-
-libqemu_user.a: $(user-obj-y)
-
 ######################################################################
 
 qemu-img.o: qemu-img-cmds.h
diff --git a/Makefile.target b/Makefile.target
index f7d1919..f738617 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -31,7 +31,7 @@ all: $(PROGS)
 
 #########################################################
 # cpu emulator library
-libobj-y = exec.o translate-all.o cpu-exec.o translate.o
+libobj-y = exec.o translate-all.o cpu-exec.o translate.o host-utils.o
 libobj-y += tcg/tcg.o tcg/tcg-runtime.o
 libobj-$(CONFIG_SOFTFLOAT) += fpu/softfloat.o
 libobj-$(CONFIG_NOSOFTFLOAT) += fpu/softfloat-native.o
@@ -80,9 +80,9 @@ ifdef CONFIG_LINUX_USER
 
 VPATH+=:$(SRC_PATH)/linux-user:$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)
 QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user -I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)
-
 obj-y = main.o syscall.o strace.o mmap.o signal.o thunk.o \
       elfload.o linuxload.o uaccess.o gdbstub.o gdbstub-xml.o
+obj-y += envlist.o path.o
 
 obj-$(TARGET_HAS_BFLT) += flatload.o
 obj-$(TARGET_HAS_ELFLOAD32) += elfload32.o
@@ -98,7 +98,7 @@ obj-arm-y += arm-semi.o
 
 obj-m68k-y += m68k-sim.o m68k-semi.o
 
-ARLIBS=../libqemu_user.a libqemu.a
+ARLIBS=libqemu.a
 endif #CONFIG_LINUX_USER
 
 #########################################################
@@ -116,6 +116,7 @@ LIBS+=-lmx
 
 obj-y = main.o commpage.o machload.o mmap.o signal.o syscall.o thunk.o \
         gdbstub.o gdbstub-xml.o
+obj-y += envlist.o path.o
 
 obj-i386-y += ioport-user.o
 
@@ -133,13 +134,23 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/bsd-user -I$(SRC_PATH)/bsd-user/$(TARGET_ARCH)
 
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
         gdbstub.o gdbstub-xml.o uaccess.o
+obj-y += envlist.o path.o
 
 obj-i386-y += ioport-user.o
 
-ARLIBS=libqemu.a ../libqemu_user.a
+ARLIBS=libqemu.a
 
 endif #CONFIG_BSD_USER
 
+ifdef CONFIG_USER_ONLY
+# hack to compile with -fpie for *-user targets
+obj-y += cutils-user.o cache-utils-user.o
+cutils-user.c cache-utils-user.c:
+	@echo "  LN	$(TARGET_DIR)$@"
+	@ln -s $(SRC_PATH)/$(@:%-user.c=%.c) $@
+endif
+
+
 #########################################################
 # System emulator target
 ifdef CONFIG_SOFTMMU
diff --git a/configure b/configure
index 0d0162a..4f5850c 100755
--- a/configure
+++ b/configure
@@ -221,6 +221,7 @@ kerneldir=""
 aix="no"
 blobs="yes"
 pkgversion=""
+user_pie="yes"
 
 # OS specific
 if check_define __linux__ ; then
@@ -498,6 +499,10 @@ for opt do
   ;;
   --disable-guest-base) guest_base="no"
   ;;
+  --enable-user-pie) user_pie="yes"
+  ;;
+  --disable-user-pie) user_pie="no"
+  ;;
   --enable-uname-release=*) uname_release="$optarg"
   ;;
   --sparc_cpu=*)
@@ -672,6 +677,8 @@ echo "  --disable-bsd-user       disable all BSD usermode emulation targets"
 echo "  --enable-guest-base      enable GUEST_BASE support for usermode"
 echo "                           emulation targets"
 echo "  --disable-guest-base     disable GUEST_BASE support"
+echo "  --enable-user-pie        build usermode emulation targets as PIE"
+echo "  --disable-user-pie       do not build usermode emulation targets as PIE"
 echo "  --fmod-lib               path to FMOD library"
 echo "  --fmod-inc               path to FMOD includes"
 echo "  --oss-lib                path to OSS library"
@@ -1678,6 +1685,7 @@ echo "Documentation     $docs"
 echo "uname -r          $uname_release"
 echo "NPTL support      $nptl"
 echo "GUEST_BASE        $guest_base"
+echo "PIE user targets  $user_pie"
 echo "vde support       $vde"
 echo "IO thread         $io_thread"
 echo "Linux AIO support $linux_aio"
@@ -2302,6 +2310,12 @@ if test "$target_softmmu" = "yes" ; then
   esac
 fi
 
+if test "$target_user_only" = "yes" -a "$static" = "no" -a \
+	"$user_pie" = "yes" ; then
+  cflags="-fpie $cflags"
+  ldflags="-pie $ldflags"
+fi
+
 if test "$target_softmmu" = "yes" -a \( \
         "$TARGET_ARCH" = "microblaze" -o \
         "$TARGET_ARCH" = "cris" \) ; then
@@ -2323,16 +2337,6 @@ fi
 linker_script="-Wl,-T../config-host.ld -Wl,-T,\$(SRC_PATH)/\$(ARCH).ld"
 if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then
   case "$ARCH" in
-  i386)
-    if test "$gprof" = "yes" -o "$static" = "yes" ; then
-      ldflags="$linker_script $ldflags"
-    else
-      # WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
-      # that the kernel ELF loader considers as an executable. I think this
-      # is the simplest way to make it self virtualizable!
-      ldflags="-Wl,-shared $ldflags"
-    fi
-    ;;
   sparc)
     # -static is used to avoid g1/g3 usage by the dynamic linker
     ldflags="$linker_script -static $ldflags"
@@ -2340,7 +2344,7 @@ if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then
   ia64)
     ldflags="-Wl,-G0 $linker_script -static $ldflags"
     ;;
-  x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
+  i386|x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
     ldflags="$linker_script $ldflags"
     ;;
   esac
diff --git a/linux-user/main.c b/linux-user/main.c
index a628c01..d3af2e2 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -54,26 +54,6 @@ const char *qemu_uname_release = CONFIG_UNAME_RELEASE;
 const char interp[] __attribute__((section(".interp"))) = "/lib/ld-linux.so.2";
 #endif
 
-/* for recent libc, we add these dummy symbols which are not declared
-   when generating a linked object (bug in ld ?) */
-#if (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) && !defined(CONFIG_STATIC)
-asm(".globl __preinit_array_start\n"
-    ".globl __preinit_array_end\n"
-    ".globl __init_array_start\n"
-    ".globl __init_array_end\n"
-    ".globl __fini_array_start\n"
-    ".globl __fini_array_end\n"
-    ".section \".rodata\"\n"
-    "__preinit_array_start:\n"
-    "__preinit_array_end:\n"
-    "__init_array_start:\n"
-    "__init_array_end:\n"
-    "__fini_array_start:\n"
-    "__fini_array_end:\n"
-    ".long 0\n"
-    ".previous\n");
-#endif
-
 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
    we allocate a bigger stack. Need a better solution, for example
    by remapping the process stack directly at the right place */
-- 
1.6.4.2

[Qemu-devel] Re: [PATCH v2] Build *-user targets as PIE

[Kirill A. Shutemov]

Sorry, I've sent wrong patch. I need to sleep a bit...

Re: [Qemu-devel] [PATCH 2/2] Build *-user targets as PIE

[Arnaud Patard]

"Kirill A. Shutemov" <kirill@shutemov.name> writes:

> On Wed, Sep 2, 2009 at 6:46 PM, Arnaud Patard<arnaud.patard@rtp-net.org> wrote:
>> "Kirill A. Shutemov" <kirill@shutemov.name> writes:
>>
>> Hi,
>>
>> [...]
>>
>>> diff --git a/configure b/configure
>>> index 0d0162a..b501526 100755
>>> --- a/configure
>>> +++ b/configure
>>> @@ -2302,6 +2302,11 @@ if test "$target_softmmu" = "yes" ; then
>>>    esac
>>>  fi
>>>
>>> +if test "$target_user_only" = "yes" -a "$static" = "no" ; then
>>> +  cflags="-fpie $cflags"
>>> +  ldflags="-pie $ldflags"
>>> +fi
>>> +
>>
>> Please do that on per-arch basis. For instance, pie support tends to
>> be broken quite often on mips (afaik, it's currently broken on debian
>> unstable). I know qemu doesn't support mips host but it doesn't mean it
>> will never be supported - I need to find time to update to current git
>> and fix remaining bugs in my code before sending it for merge.
>> Unfortunately, this kind of patch will make sure it won't happen soon :(
>>
>>
>> Thanks,
>> Arnaud
>>
>
> Will you happy if I provide option like --disable-user-pie to configure?

yes, it's fine as I hope that pie support will be fixed.

>
> P.S. Sorry I forgot to put qemu-devil into CC.

qemu-_devil_ ? :)


Arnaud

Re: [Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Reimar Döffinger]

On Thu, Sep 03, 2009 at 03:15:17PM +0300, Kirill A. Shutemov wrote:
> Now we can drop link hack for i386 and fix text relocations on i386 host.
> 
> v2:
>   - Add configure options do enable/disable PIE for usermode targets.
>     Disabling can be useful if you build uswing toolchain which has
>     broken PIE support. PIE for usermode targets enabled by default.

Hm. Would be nice if the commit message said more about the "why". What
is the advantage of PIE (I mean, is there something special about qemu
that makes it particularly useful)? Is there any measurable speed
difference between PIE and no PIE?
(sorry if it was explained for v1, I must have missed that one)

Re: [Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Kirill A. Shutemov]

On Thu, Sep 3, 2009 at 3:00 PM, Reimar
Döffinger<Reimar.Doeffinger@gmx.de> wrote:
> On Thu, Sep 03, 2009 at 03:15:17PM +0300, Kirill A. Shutemov wrote:
>> Now we can drop link hack for i386 and fix text relocations on i386 host.
>>
>> v2:
>>   - Add configure options do enable/disable PIE for usermode targets.
>>     Disabling can be useful if you build uswing toolchain which has
>>     broken PIE support. PIE for usermode targets enabled by default.
>
> Hm. Would be nice if the commit message said more about the "why". What
> is the advantage of PIE (I mean, is there something special about qemu
> that makes it particularly useful)?

The main advantage is that we can drop linking hack for i386 (and keep keep
qemu self-virtualizable) and solve  text relocations.

The other advantage is security. Since qemu is PIE kernel can load at random
position in memory. It makes qemu harder for many types of attacks.

> Is there any measurable speed
> difference between PIE and no PIE?

Actually, I have no numbers for qemu.

PIE code usually is a bit slower. Approximately, 1% for i386 according to
some tests. RISC architectures should be affected less, since they have
more registers. On other hand we are getting rid from text relocations on
i386 which make executable loading slower. So...

Re: [Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Paul Brook]

> PIE code usually is a bit slower. Approximately, 1% for i386 according to
> some tests. RISC architectures should be affected less, since they have
> more registers. On other hand we are getting rid from text relocations on
> i386 which make executable loading slower. So...

I think you've got that backwards.
A traditional (fixed address) executable requires no load-time relocation for 
internal references because all addresses are known at static link time. PIE 
require the dynamic linker adjust all absolute addresses.

Paul

[Qemu-devel] Re: [PATCH v2] Build *-user targets as PIE

[Paolo Bonzini]

On 09/03/2009 04:38 PM, Paul Brook wrote:
>> PIE code usually is a bit slower. Approximately, 1% for i386 according to
>> some tests. RISC architectures should be affected less, since they have
>> more registers. On other hand we are getting rid from text relocations on
>> i386 which make executable loading slower. So...
>
> I think you've got that backwards.
> A traditional (fixed address) executable requires no load-time relocation for
> internal references because all addresses are known at static link time. PIE
> require the dynamic linker adjust all absolute addresses.

Yes, but since it's also compiled as PIE, there are no absolute 
addresses.  Previously QEMU was linked -shared but compiled as 
non-position independent code.  I am not sure whether only the 
self-virtualized machine would be subject to relocation, or also the 
outer one (maybe address space virtualization would also have to be 
taken into account?).

Anyway, as far as text relocations are concerned Kirill's pathc cannot 
make things worse.

Paolo

[Qemu-devel] [PATCH v2] Build *-user targets as PIE

[Kirill A. Shutemov]

Now we can drop link hack for i386 and fix text relocations on i386 host.

v2:
  - Add configure options do enable/disable PIE for usermode targets.
    Disabling can be useful if you build uswing toolchain which has
    broken PIE support. PIE for usermode targets enabled by default.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 Makefile          |   10 +---------
 Makefile.target   |   19 +++++++++++++++----
 configure         |   26 +++++++++++++++-----------
 linux-user/main.c |   20 --------------------
 4 files changed, 31 insertions(+), 44 deletions(-)

diff --git a/Makefile b/Makefile
index bdac9b3..634ea81 100644
--- a/Makefile
+++ b/Makefile
@@ -39,8 +39,6 @@ subdir-%:
 	$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" TARGET_DIR="$*/" all,)
 
 $(filter %-softmmu,$(SUBDIR_RULES)): libqemu_common.a
-$(filter %-user,$(SUBDIR_RULES)): libqemu_user.a
-
 
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
 romsubdir-%:
@@ -74,7 +72,7 @@ block-obj-y +=  $(addprefix block/, $(block-nested-y))
 # CPUs and machines.
 
 obj-y = $(block-obj-y)
-obj-y += readline.o console.o host-utils.o
+obj-y += readline.o console.o
 
 obj-y += irq.o ptimer.o
 obj-y += i2c.o smbus.o smbus_eeprom.o max7310.o max111x.o wm8750.o
@@ -161,12 +159,6 @@ bt-host.o: QEMU_CFLAGS += $(BLUEZ_CFLAGS)
 
 libqemu_common.a: $(obj-y)
 
-#######################################################################
-# user-obj-y is code used by qemu userspace emulation
-user-obj-y = cutils.o cache-utils.o path.o envlist.o host-utils.o
-
-libqemu_user.a: $(user-obj-y)
-
 ######################################################################
 
 qemu-img.o: qemu-img-cmds.h
diff --git a/Makefile.target b/Makefile.target
index f7d1919..f738617 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -31,7 +31,7 @@ all: $(PROGS)
 
 #########################################################
 # cpu emulator library
-libobj-y = exec.o translate-all.o cpu-exec.o translate.o
+libobj-y = exec.o translate-all.o cpu-exec.o translate.o host-utils.o
 libobj-y += tcg/tcg.o tcg/tcg-runtime.o
 libobj-$(CONFIG_SOFTFLOAT) += fpu/softfloat.o
 libobj-$(CONFIG_NOSOFTFLOAT) += fpu/softfloat-native.o
@@ -80,9 +80,9 @@ ifdef CONFIG_LINUX_USER
 
 VPATH+=:$(SRC_PATH)/linux-user:$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)
 QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user -I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)
-
 obj-y = main.o syscall.o strace.o mmap.o signal.o thunk.o \
       elfload.o linuxload.o uaccess.o gdbstub.o gdbstub-xml.o
+obj-y += envlist.o path.o
 
 obj-$(TARGET_HAS_BFLT) += flatload.o
 obj-$(TARGET_HAS_ELFLOAD32) += elfload32.o
@@ -98,7 +98,7 @@ obj-arm-y += arm-semi.o
 
 obj-m68k-y += m68k-sim.o m68k-semi.o
 
-ARLIBS=../libqemu_user.a libqemu.a
+ARLIBS=libqemu.a
 endif #CONFIG_LINUX_USER
 
 #########################################################
@@ -116,6 +116,7 @@ LIBS+=-lmx
 
 obj-y = main.o commpage.o machload.o mmap.o signal.o syscall.o thunk.o \
         gdbstub.o gdbstub-xml.o
+obj-y += envlist.o path.o
 
 obj-i386-y += ioport-user.o
 
@@ -133,13 +134,23 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/bsd-user -I$(SRC_PATH)/bsd-user/$(TARGET_ARCH)
 
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
         gdbstub.o gdbstub-xml.o uaccess.o
+obj-y += envlist.o path.o
 
 obj-i386-y += ioport-user.o
 
-ARLIBS=libqemu.a ../libqemu_user.a
+ARLIBS=libqemu.a
 
 endif #CONFIG_BSD_USER
 
+ifdef CONFIG_USER_ONLY
+# hack to compile with -fpie for *-user targets
+obj-y += cutils-user.o cache-utils-user.o
+cutils-user.c cache-utils-user.c:
+	@echo "  LN	$(TARGET_DIR)$@"
+	@ln -s $(SRC_PATH)/$(@:%-user.c=%.c) $@
+endif
+
+
 #########################################################
 # System emulator target
 ifdef CONFIG_SOFTMMU
diff --git a/configure b/configure
index 0d0162a..4f5850c 100755
--- a/configure
+++ b/configure
@@ -221,6 +221,7 @@ kerneldir=""
 aix="no"
 blobs="yes"
 pkgversion=""
+user_pie="yes"
 
 # OS specific
 if check_define __linux__ ; then
@@ -498,6 +499,10 @@ for opt do
   ;;
   --disable-guest-base) guest_base="no"
   ;;
+  --enable-user-pie) user_pie="yes"
+  ;;
+  --disable-user-pie) user_pie="no"
+  ;;
   --enable-uname-release=*) uname_release="$optarg"
   ;;
   --sparc_cpu=*)
@@ -672,6 +677,8 @@ echo "  --disable-bsd-user       disable all BSD usermode emulation targets"
 echo "  --enable-guest-base      enable GUEST_BASE support for usermode"
 echo "                           emulation targets"
 echo "  --disable-guest-base     disable GUEST_BASE support"
+echo "  --enable-user-pie        build usermode emulation targets as PIE"
+echo "  --disable-user-pie       do not build usermode emulation targets as PIE"
 echo "  --fmod-lib               path to FMOD library"
 echo "  --fmod-inc               path to FMOD includes"
 echo "  --oss-lib                path to OSS library"
@@ -1678,6 +1685,7 @@ echo "Documentation     $docs"
 echo "uname -r          $uname_release"
 echo "NPTL support      $nptl"
 echo "GUEST_BASE        $guest_base"
+echo "PIE user targets  $user_pie"
 echo "vde support       $vde"
 echo "IO thread         $io_thread"
 echo "Linux AIO support $linux_aio"
@@ -2302,6 +2310,12 @@ if test "$target_softmmu" = "yes" ; then
   esac
 fi
 
+if test "$target_user_only" = "yes" -a "$static" = "no" -a \
+	"$user_pie" = "yes" ; then
+  cflags="-fpie $cflags"
+  ldflags="-pie $ldflags"
+fi
+
 if test "$target_softmmu" = "yes" -a \( \
         "$TARGET_ARCH" = "microblaze" -o \
         "$TARGET_ARCH" = "cris" \) ; then
@@ -2323,16 +2337,6 @@ fi
 linker_script="-Wl,-T../config-host.ld -Wl,-T,\$(SRC_PATH)/\$(ARCH).ld"
 if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then
   case "$ARCH" in
-  i386)
-    if test "$gprof" = "yes" -o "$static" = "yes" ; then
-      ldflags="$linker_script $ldflags"
-    else
-      # WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
-      # that the kernel ELF loader considers as an executable. I think this
-      # is the simplest way to make it self virtualizable!
-      ldflags="-Wl,-shared $ldflags"
-    fi
-    ;;
   sparc)
     # -static is used to avoid g1/g3 usage by the dynamic linker
     ldflags="$linker_script -static $ldflags"
@@ -2340,7 +2344,7 @@ if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then
   ia64)
     ldflags="-Wl,-G0 $linker_script -static $ldflags"
     ;;
-  x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
+  i386|x86_64|ppc|ppc64|s390|sparc64|alpha|arm|m68k|mips|mips64)
     ldflags="$linker_script $ldflags"
     ;;
   esac
diff --git a/linux-user/main.c b/linux-user/main.c
index a628c01..d3af2e2 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -54,26 +54,6 @@ const char *qemu_uname_release = CONFIG_UNAME_RELEASE;
 const char interp[] __attribute__((section(".interp"))) = "/lib/ld-linux.so.2";
 #endif
 
-/* for recent libc, we add these dummy symbols which are not declared
-   when generating a linked object (bug in ld ?) */
-#if (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) && !defined(CONFIG_STATIC)
-asm(".globl __preinit_array_start\n"
-    ".globl __preinit_array_end\n"
-    ".globl __init_array_start\n"
-    ".globl __init_array_end\n"
-    ".globl __fini_array_start\n"
-    ".globl __fini_array_end\n"
-    ".section \".rodata\"\n"
-    "__preinit_array_start:\n"
-    "__preinit_array_end:\n"
-    "__init_array_start:\n"
-    "__init_array_end:\n"
-    "__fini_array_start:\n"
-    "__fini_array_end:\n"
-    ".long 0\n"
-    ".previous\n");
-#endif
-
 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
    we allocate a bigger stack. Need a better solution, for example
    by remapping the process stack directly at the right place */
-- 
1.6.4.2

[Qemu-devel] Re: [PATCH v2] Build *-user targets as PIE

[Kirill A. Shutemov]

On Thu, Sep 3, 2009 at 3:07 PM, Juan Quintela<quintela@trasno.org> wrote:
> "Kirill A. Shutemov" <kirill@shutemov.name> wrote:
>> Now we can drop link hack for i386 and fix text relocations on i386
>> host.
>
> Still not good enough :(
>
> Fedora 11 here.  I got this error:
>
> /usr/bin/ld: main.o: relocation R_X86_64_TPO  LINK  arm-linux-user/qemu-arm
> /usr/bin/ld: main.o: relocation R_X86_64_TPOFF32 against `thread_env' can not be used when making a shared object; recompile with -fPIC
> main.o: could not read symbols: Bad value
> collect2: ld returned 1 exit status
> make[1]: *** [qemu-arm] Error 1
> make: *** [subdir-arm-linux-user] Error 2
>
> (I got it for all the -linux-user targets)

What version of binutils do you have? It seems your binutils is buggy.