Ard: GCC49 tool chain can be used by GCC4.9 and above compiler. It provides the GCC setting without LTO. GCC5 tool chain provides GCC setting with LTO. So, I suggest to disable it also in GCC49 tool chain.
Thanks Liming > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] > Sent: Tuesday, June 12, 2018 12:04 AM > To: Gao, Liming <liming....@intel.com> > Cc: edk2-devel@lists.01.org; ler...@redhat.com; > zenith...@users.sourceforge.net > Subject: Re: [edk2] [PATCH] BaseTools/tools_def IA32: disable PIE code > generation explicitly > > On 11 June 2018 at 18:00, Gao, Liming <liming....@intel.com> wrote: > > Ard: > > Is this option required in GCC49 tool chain? Or, this option is only > > required when lto is enabled? > > > > It has nothing to do with LTO. > > In theory, it could be required for any toolchain that supports -fpic > and or -fpie. However, not all 4.x toolchains support -fpie and so > they don't support -fno-pie either. > > Given that the distros only changed this default recently (in the 5.x > timeframe or later), it makes sense to only disable it for GCC5, > although it is safe to disable it for GCC49 as well. > > >> -----Original Message----- > >> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ard > >> Biesheuvel > >> Sent: Monday, June 11, 2018 4:53 PM > >> To: Gao, Liming <liming....@intel.com> > >> Cc: edk2-devel@lists.01.org; ler...@redhat.com; > >> zenith...@users.sourceforge.net > >> Subject: Re: [edk2] [PATCH] BaseTools/tools_def IA32: disable PIE code > >> generation explicitly > >> > >> On 11 June 2018 at 10:38, Gao, Liming <liming....@intel.com> wrote: > >> > Ard: > >> > Do you mean the default GCC compiler disables PIC and PIE for IA32 > >> > arch? But now, some distribution GCC compiler enables > PIC > >> and PIE by default. So, we have to obviously disable PIC and PIE in > >> tools_def.txt. > >> > > >> > >> Yes. On my x86 Ubuntu 18.04 LTS system: > >> > >> $ gcc -v > >> Using built-in specs. > >> COLLECT_GCC=gcc > >> COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper > >> OFFLOAD_TARGET_NAMES=nvptx-none > >> OFFLOAD_TARGET_DEFAULT=1 > >> Target: x86_64-linux-gnu > >> Configured with: ../src/configure -v --with-pkgversion='Ubuntu > >> 7.3.0-16ubuntu3' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs > >> --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ > >> --prefix=/usr --with-gcc-major-version-only > >> --with-as=/usr/bin/x86_64-linux-gnu-as > >> --with-ld=/usr/bin/x86_64-linux-gnu-ld --program-suffix=-7 > >> --program-prefix=x86_64-linux-gnu- --enable-shared > >> --enable-linker-build-id --libexecdir=/usr/lib > >> --without-included-gettext --enable-threads=posix --libdir=/usr/lib > >> --enable-nls --with-sysroot=/ --enable-clocale=gnu > >> --enable-libstdcxx-debug --enable-libstdcxx-time=yes > >> --with-default-libstdcxx-abi=new --enable-gnu-unique-object > >> --disable-vtable-verify --enable-libmpx --enable-plugin > >> --enable-default-pie --with-system-zlib --with-target-system-zlib > >> --enable-objc-gc=auto --enable-multiarch --disable-werror > >> --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 > >> --enable-multilib --with-tune=generic > >> --enable-offload-targets=nvptx-none --without-cuda-driver > >> --enable-checking=release --build=x86_64-linux-gnu > >> --host=x86_64-linux-gnu --target=x86_64-linux-gnu > >> Thread model: posix > >> gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3) > >> > >> > >> Notice the '--enable-default-pie' 4 lines from the bottom. > >> > >> > >> > >> >>-----Original Message----- > >> >>From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] > >> >>Sent: Monday, June 11, 2018 3:42 PM > >> >>To: edk2-devel@lists.01.org > >> >>Cc: Zhu, Yonghong <yonghong....@intel.com>; Gao, Liming > >> >><liming....@intel.com>; ler...@redhat.com; Shi, Steven > >> >><steven....@intel.com>; zenith...@users.sourceforge.net; Ard Biesheuvel > >> >><ard.biesheu...@linaro.org> > >> >>Subject: [PATCH] BaseTools/tools_def IA32: disable PIE code generation > >> >>explicitly > >> >> > >> >>As a security measure, some distros now build their GCC toolchains with > >> >>PIE code generation enabled by default, because it is a prerequisite > >> >>for ASLR to be enabled when running the executable. > >> >> > >> >>This typically results in slightly larger code, but it also generates > >> >>ELF relocations that our tooling cannot deal with, so let's disable it > >> >>explicitly when using GCC5 for IA32. (Note that this does not apply to > >> >>X64: it uses PIE code deliberately in some cases, and our tooling does > >> >>deal with the resuling relocations) > >> >> > >> >>Contributed-under: TianoCore Contribution Agreement 1.1 > >> >>Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> > >> >>--- > >> >> BaseTools/Conf/tools_def.template | 6 +++--- > >> >> 1 file changed, 3 insertions(+), 3 deletions(-) > >> >> > >> >>diff --git a/BaseTools/Conf/tools_def.template > >> >>b/BaseTools/Conf/tools_def.template > >> >>index 7e9c915755ed..ab57f9c706e3 100755 > >> >>--- a/BaseTools/Conf/tools_def.template > >> >>+++ b/BaseTools/Conf/tools_def.template > >> >>@@ -4670,7 +4670,7 @@ DEFINE GCC49_AARCH64_DLINK2_FLAGS = > >> >>DEF(GCC48_AARCH64_DLINK2_FLAGS) > >> >> DEFINE GCC49_ARM_ASLDLINK_FLAGS = > >> >>DEF(GCC48_ARM_ASLDLINK_FLAGS) > >> >> DEFINE GCC49_AARCH64_ASLDLINK_FLAGS = > >> >>DEF(GCC48_AARCH64_ASLDLINK_FLAGS) > >> >> > >> >>-DEFINE GCC5_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) > >> >>+DEFINE GCC5_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -fno-pic > >> >>-fno-pie > >> >> DEFINE GCC5_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) > >> >> DEFINE GCC5_IA32_X64_DLINK_COMMON = > >> >>DEF(GCC49_IA32_X64_DLINK_COMMON) > >> >> DEFINE GCC5_IA32_X64_ASLDLINK_FLAGS = > >> >>DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) > >> >>@@ -5502,9 +5502,9 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = > >> >>DEF(GCC49_AARCH64_DLINK_FLAGS) > >> >> *_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy > >> >> > >> >> *_GCC5_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto > >> >>-*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) > >> >>-Wl,-m,elf_i386 > >> >>+*_GCC5_IA32_ASLDLINK_FLAGS = > >> >>DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie > >> >> *_GCC5_IA32_ASM_FLAGS = DEF(GCC5_ASM_FLAGS) -m32 - > >> >>march=i386 > >> >>-*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) > >> >>+*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no- > >> >>pie > >> >> *_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS) > >> >> *_GCC5_IA32_OBJCOPY_FLAGS = > >> >> *_GCC5_IA32_NASM_FLAGS = -f elf32 > >> >>-- > >> >>2.17.1 > >> > > >> _______________________________________________ > >> edk2-devel mailing list > >> edk2-devel@lists.01.org > >> https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
