V2 Enable linking to a static position independent executable

Submitted by Harald Hoyer on April 6, 2020, 6:07 p.m.

Details

Message ID 20200406180738.946894-1-harald@redhat.com
State New
Series "V2 Enable linking to a static position independent executable"
Headers show

Commit Message

Harald Hoyer April 6, 2020, 6:07 p.m.
From: Harald Hoyer <harald@redhat.com>

This also enables address space layout randomization (ASLR).

$ cat hello.c

int main()
{
  printf("main = 0x%lxd\n", main);
  return 0;
}

$ gcc -static-pie -o hello hello.c -specs musl-gcc.specs

$ ldd hello
	statically linked

$ file hello
hello: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=24fe0d02b0558dc37b8ae2268878b118804ae72d, with debug_info, not stripped

$ ./hello
main = 0x7f858c4e72b9d

$ ./hello
main = 0x7f0854d312b9d

$ ./hello
main = 0x7f7179a1d2b9d

$ ./hello
main = 0x7f37f981b2b9d

$ readelf -l hello

Elf file type is DYN (Shared object file)
Entry point 0x1058
There are 9 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x00000000000003c0 0x00000000000003c0  R      0x1000
  LOAD           0x0000000000001000 0x0000000000001000 0x0000000000001000
                 0x0000000000002cce 0x0000000000002cce  R E    0x1000
  LOAD           0x0000000000004000 0x0000000000004000 0x0000000000004000
                 0x0000000000001550 0x0000000000001550  R      0x1000
  LOAD           0x0000000000005e50 0x0000000000006e50 0x0000000000006e50
                 0x00000000000002e0 0x00000000000009a0  RW     0x1000
  DYNAMIC        0x0000000000005e70 0x0000000000006e70 0x0000000000006e70
                 0x0000000000000170 0x0000000000000170  RW     0x8
  NOTE           0x0000000000000238 0x0000000000000238 0x0000000000000238
                 0x0000000000000024 0x0000000000000024  R      0x4
  GNU_EH_FRAME   0x0000000000004b60 0x0000000000004b60 0x0000000000004b60
                 0x00000000000001ec 0x00000000000001ec  R      0x4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x10
  GNU_RELRO      0x0000000000005e50 0x0000000000006e50 0x0000000000006e50
                 0x00000000000001b0 0x00000000000001b0  R      0x1

 Section to Segment mapping:
  Segment Sections...
   00     .note.gnu.build-id .gnu.hash .dynsym .dynstr .rela.dyn
   01     .init .plt .text .fini
   02     .rodata .eh_frame_hdr .eh_frame
   03     .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss
   04     .dynamic
   05     .note.gnu.build-id
   06     .eh_frame_hdr
   07
   08     .init_array .fini_array .data.rel.ro .dynamic .got
---
 tools/musl-gcc.specs.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 tools/musl-gcc.specs.sh

Patch hide | download patch | download mbox

diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
old mode 100644
new mode 100755
index 30492574..72f5f487
--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
@@ -8,7 +8,7 @@  cat <<EOF
 -nostdinc -isystem $incdir -isystem include%s %(old_cpp_options)
 
 *cc1:
-%(cc1_cpu) -nostdinc -isystem $incdir -isystem include%s
+%(cc1_cpu) %{static-pie:-fPIE} -nostdinc -isystem $incdir -isystem include%s
 
 *link_libgcc:
 -L$libdir -L .%s
@@ -17,13 +17,13 @@  cat <<EOF
 libgcc.a%s %:if-exists(libgcc_eh.a%s)
 
 *startfile:
-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{shared:;static:$libdir/crt1.o%s; static-pie:$libdir/rcrt1.o%s; pie:$libdir/Scrt1.o%s; :$libdir/crt1.o%s} $libdir/crti.o%s %{static:crtbeginT.o%s; shared|static-pie|pie:crtbeginS.o%s; :crtbegin.o%s}
 
 *endfile:
-crtendS.o%s $libdir/crtn.o
+%{static:crtend.o%s; shared|static-pie|pie:crtendS.o%s; :crtend.o%s} $libdir/crtn.o%s
 
 *link:
--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+%{!r:--build-id} --no-add-needed %{!static|static-pie:--eh-frame-hdr} --hash-style=gnu %{shared:-shared} %{!shared:%{!static:%{!static-pie:%{rdynamic:-export-dynamic} -dynamic-linker $ldso}} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker -z text}}
 
 *esp_link:
 

Comments

Fangrui Song April 6, 2020, 10:04 p.m.
On 2020-04-06, harald@redhat.com wrote:
>From: Harald Hoyer <harald@redhat.com>
>
>This also enables address space layout randomization (ASLR).
>
>$ cat hello.c
>
>int main()
>{
>  printf("main = 0x%lxd\n", main);
>  return 0;
>}
>
>$ gcc -static-pie -o hello hello.c -specs musl-gcc.specs
>
>$ ldd hello
>	statically linked
>
>$ file hello
>hello: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=24fe0d02b0558dc37b8ae2268878b118804ae72d, with debug_info, not stripped
>
>$ ./hello
>main = 0x7f858c4e72b9d
>
>$ ./hello
>main = 0x7f0854d312b9d
>
>$ ./hello
>main = 0x7f7179a1d2b9d
>
>$ ./hello
>main = 0x7f37f981b2b9d
>
>$ readelf -l hello
>
>Elf file type is DYN (Shared object file)
>Entry point 0x1058
>There are 9 program headers, starting at offset 64
>
>Program Headers:
>  Type           Offset             VirtAddr           PhysAddr
>                 FileSiz            MemSiz              Flags  Align
>  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
>                 0x00000000000003c0 0x00000000000003c0  R      0x1000
>  LOAD           0x0000000000001000 0x0000000000001000 0x0000000000001000
>                 0x0000000000002cce 0x0000000000002cce  R E    0x1000
>  LOAD           0x0000000000004000 0x0000000000004000 0x0000000000004000
>                 0x0000000000001550 0x0000000000001550  R      0x1000
>  LOAD           0x0000000000005e50 0x0000000000006e50 0x0000000000006e50
>                 0x00000000000002e0 0x00000000000009a0  RW     0x1000
>  DYNAMIC        0x0000000000005e70 0x0000000000006e70 0x0000000000006e70
>                 0x0000000000000170 0x0000000000000170  RW     0x8
>  NOTE           0x0000000000000238 0x0000000000000238 0x0000000000000238
>                 0x0000000000000024 0x0000000000000024  R      0x4
>  GNU_EH_FRAME   0x0000000000004b60 0x0000000000004b60 0x0000000000004b60
>                 0x00000000000001ec 0x00000000000001ec  R      0x4
>  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
>                 0x0000000000000000 0x0000000000000000  RW     0x10
>  GNU_RELRO      0x0000000000005e50 0x0000000000006e50 0x0000000000006e50
>                 0x00000000000001b0 0x00000000000001b0  R      0x1
>
> Section to Segment mapping:
>  Segment Sections...
>   00     .note.gnu.build-id .gnu.hash .dynsym .dynstr .rela.dyn
>   01     .init .plt .text .fini
>   02     .rodata .eh_frame_hdr .eh_frame
>   03     .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss
>   04     .dynamic
>   05     .note.gnu.build-id
>   06     .eh_frame_hdr
>   07
>   08     .init_array .fini_array .data.rel.ro .dynamic .got
>---
> tools/musl-gcc.specs.sh | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
> mode change 100644 => 100755 tools/musl-gcc.specs.sh
>
>diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
>old mode 100644
>new mode 100755
>index 30492574..72f5f487
>--- a/tools/musl-gcc.specs.sh
>+++ b/tools/musl-gcc.specs.sh
>@@ -8,7 +8,7 @@ cat <<EOF
> -nostdinc -isystem $incdir -isystem include%s %(old_cpp_options)
>
> *cc1:
>-%(cc1_cpu) -nostdinc -isystem $incdir -isystem include%s
>+%(cc1_cpu) %{static-pie:-fPIE} -nostdinc -isystem $incdir -isystem include%s

The intention of the compiler driver option -static-pie is that it only
affects linking options (-static -pie --no-dynamic-linker -z text), not compile options (-fPIE).

(I don't know why -z text (which is not too relevant) ended up in GCC's default specs.
  Anyway, I followed suit for clang: https://reviews.llvm.org/D62606)

> *link_libgcc:
> -L$libdir -L .%s
>@@ -17,13 +17,13 @@ cat <<EOF
> libgcc.a%s %:if-exists(libgcc_eh.a%s)
>
> *startfile:
>-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>+%{shared:;static:$libdir/crt1.o%s; static-pie:$libdir/rcrt1.o%s; pie:$libdir/Scrt1.o%s; :$libdir/crt1.o%s} $libdir/crti.o%s %{static:crtbeginT.o%s; shared|static-pie|pie:crtbeginS.o%s; :crtbegin.o%s}
>
> *endfile:
>-crtendS.o%s $libdir/crtn.o
>+%{static:crtend.o%s; shared|static-pie|pie:crtendS.o%s; :crtend.o%s} $libdir/crtn.o%s
>
> *link:
>--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
>+%{!r:--build-id} --no-add-needed %{!static|static-pie:--eh-frame-hdr} --hash-style=gnu %{shared:-shared} %{!shared:%{!static:%{!static-pie:%{rdynamic:-export-dynamic} -dynamic-linker $ldso}} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker -z text}}
>
> *esp_link:
>
>-- 
>2.25.2
>
Szabolcs Nagy April 7, 2020, 8:42 a.m.
* Fangrui Song <i@maskray.me> [2020-04-06 15:04:03 -0700]:
> On 2020-04-06, harald@redhat.com wrote:
> > 
> > *cc1:
> > -%(cc1_cpu) -nostdinc -isystem $incdir -isystem include%s
> > +%(cc1_cpu) %{static-pie:-fPIE} -nostdinc -isystem $incdir -isystem include%s
> 
> The intention of the compiler driver option -static-pie is that it only
> affects linking options (-static -pie --no-dynamic-linker -z text), not compile options (-fPIE).

yes.

the spec file cannot be reliable because the default
toolchain config is not visible to the spec file
logic, so for non-basic use we recommend to build a
musl based cross toolchain.

> 
> (I don't know why -z text (which is not too relevant) ended up in GCC's default specs.
>  Anyway, I followed suit for clang: https://reviews.llvm.org/D62606)

because it's easy to get text relocs by mistake
(compiling without -fPIE but linking static pie)
and text relocs are always wrong for static pie
(neither glibc nor musl plans to support them).

> > *link_libgcc:
> > -L$libdir -L .%s
> > @@ -17,13 +17,13 @@ cat <<EOF
> > libgcc.a%s %:if-exists(libgcc_eh.a%s)
> > 
> > *startfile:
> > -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
> > +%{shared:;static:$libdir/crt1.o%s; static-pie:$libdir/rcrt1.o%s; pie:$libdir/Scrt1.o%s; :$libdir/crt1.o%s} $libdir/crti.o%s %{static:crtbeginT.o%s; shared|static-pie|pie:crtbeginS.o%s; :crtbegin.o%s}
> > 
> > *endfile:
> > -crtendS.o%s $libdir/crtn.o
> > +%{static:crtend.o%s; shared|static-pie|pie:crtendS.o%s; :crtend.o%s} $libdir/crtn.o%s
> > 
> > *link:
> > --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
> > +%{!r:--build-id} --no-add-needed %{!static|static-pie:--eh-frame-hdr} --hash-style=gnu %{shared:-shared} %{!shared:%{!static:%{!static-pie:%{rdynamic:-export-dynamic} -dynamic-linker $ldso}} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker -z text}}
> > 
> > *esp_link:
> > 
> > -- 
> > 2.25.2
> >