@@ -386,6 +386,16 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
+ifeq (yes,$(enable-static-pie))
+pic-default = -DPIC
+pie-default = $(pie-ccflag)
+ifeq (yes,$(have-static-pie))
+default-pie-ldflag = -static-pie
+else
+default-pie-ldflag = -Wl,-pie,--no-dynamic-linker,--eh-frame-hdr,-z,text
+endif
+endif
+
# If lazy relocations are disabled, add the -z now flag. Use
# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
# test modules.
@@ -435,6 +445,7 @@ endif
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(default-pie-ldflag) \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
$(addprefix $(csu-objpfx),$(static-start-installed-name)) \
$(+preinit) $(+prectorT) \
@@ -651,8 +662,13 @@ endif
+prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
# Variants of the two previous definitions for statically linking programs.
+ifeq (yes,$(enable-static-pie))
++prectorT = $(+prectorS)
++postctorT = $(+postctorS)
+else
+prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
+postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+endif
csu-objpfx = $(common-objpfx)csu/
elf-objpfx = $(common-objpfx)elf/
@@ -973,7 +989,7 @@ libtypes = $(foreach o,$(object-suffixes-for-libc),$(libtype$o))
all-object-suffixes := .o .os .oS
object-suffixes :=
CPPFLAGS-.o = $(pic-default)
-CFLAGS-.o = $(filter %frame-pointer,$(+cflags))
+CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default)
libtype.o := lib%.a
object-suffixes += .o
ifeq (yes,$(build-shared))
@@ -998,7 +1014,7 @@ ifeq (yes,$(build-profile))
all-object-suffixes += .op
object-suffixes += .op
CPPFLAGS-.op = -DPROF $(pic-default)
-CFLAGS-.op = -pg
+CFLAGS-.op = -pg $(pie-default)
libtype.op = lib%_p.a
endif
@@ -236,6 +236,9 @@
/* Build glibc with tunables support. */
#define HAVE_TUNABLES 0
+/* Define if static PIE is enabled. */
+#define ENABLE_STATIC_PIE 0
+
/* Some compiler options may now allow to use ebp in __asm__ (used mainly
in i386 6 argument syscall issue). */
#define CAN_USE_REGISTER_ASM_EBP 0
@@ -767,6 +767,7 @@ with_default_link
enable_sanity_checks
enable_shared
enable_profile
+enable_static_pie
enable_timezone_tools
enable_hardcoded_path_in_tests
enable_stackguard_randomization
@@ -1424,6 +1425,7 @@ Optional Features:
in special situations) [default=yes]
--enable-shared build shared library [default=yes if GNU ld]
--enable-profile build profiled library [default=no]
+ --enable-static-pie build static executables as PIE [default=no]
--disable-timezone-tools
do not install timezone tools [default=install]
--enable-hardcoded-path-in-tests
@@ -3372,6 +3374,13 @@ else
profile=no
fi
+# Check whether --enable-static-pie was given.
+if test "${enable_static_pie+set}" = set; then :
+ enableval=$enable_static_pie; static_pie=$enableval
+else
+ static_pie=no
+fi
+
# Check whether --enable-timezone-tools was given.
if test "${enable_timezone_tools+set}" = set; then :
enableval=$enable_timezone_tools; enable_timezone_tools=$enableval
@@ -5994,6 +6003,62 @@ fi
$as_echo "$libc_linker_feature" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linker that supports --no-dynamic-linker" >&5
+$as_echo_n "checking for linker that supports --no-dynamic-linker... " >&6; }
+libc_linker_feature=no
+if test x"$gnu_ld" = x"yes"; then
+ libc_linker_check=`$LD -v --help 2>/dev/null | grep "\--no-dynamic-linker"`
+ if test -n "$libc_linker_check"; then
+ cat > conftest.c <<EOF
+int _start (void) { return 42; }
+EOF
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
+ -Wl,--no-dynamic-linker -nostdlib -nostartfiles
+ -fPIC -shared -o conftest.so conftest.c
+ 1>&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }
+ then
+ libc_linker_feature=yes
+ fi
+ rm -f conftest*
+ fi
+fi
+if test $libc_linker_feature = yes; then
+ libc_cv_no_dynamic_linker=yes
+else
+ libc_cv_no_dynamic_linker=no
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5
+$as_echo "$libc_linker_feature" >&6; }
+config_vars="$config_vars
+have-no-dynamic-linker = $libc_cv_no_dynamic_linker"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -static-pie" >&5
+$as_echo_n "checking for -static-pie... " >&6; }
+if ${libc_cv_static_pie+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if { ac_try='${CC-cc} -static-pie -xc /dev/null -S -o /dev/null'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ libc_cv_static_pie=yes
+else
+ libc_cv_static_pie=no
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_static_pie" >&5
+$as_echo "$libc_cv_static_pie" >&6; }
+config_vars="$config_vars
+have-static-pie = $libc_cv_static_pie"
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fpie" >&5
$as_echo_n "checking for -fpie... " >&6; }
if ${libc_cv_fpie+:} false; then :
@@ -6888,6 +6953,19 @@ fi
$as_echo "$libc_cv_pie_default" >&6; }
+if test "$static_pie" = yes; then
+ # The linker must support --no-dynamic-linker.
+ if test "$libc_cv_no_dynamic_linker" != yes; then
+ as_fn_error $? "linker support for --no-dynamic-linker needed" "$LINENO" 5
+ fi
+ # Default to PIE.
+ libc_cv_pie_default=yes
+ $as_echo "#define ENABLE_STATIC_PIE 1" >>confdefs.h
+
+fi
+config_vars="$config_vars
+enable-static-pie = $static_pie"
+
@@ -176,6 +176,11 @@ AC_ARG_ENABLE([profile],
[build profiled library @<:@default=no@:>@]),
[profile=$enableval],
[profile=no])
+AC_ARG_ENABLE([static-pie],
+ AC_HELP_STRING([--enable-static-pie],
+ [build static executables as PIE @<:@default=no@:>@]),
+ [static_pie=$enableval],
+ [static_pie=no])
AC_ARG_ENABLE([timezone-tools],
AC_HELP_STRING([--disable-timezone-tools],
[do not install timezone tools @<:@default=install@:>@]),
@@ -1460,6 +1465,19 @@ LIBC_LINKER_FEATURE([-z execstack], [-Wl,-z,execstack],
[libc_cv_z_execstack=yes], [libc_cv_z_execstack=no])
AC_SUBST(libc_cv_z_execstack)
+LIBC_LINKER_FEATURE([--no-dynamic-linker],
+ [-Wl,--no-dynamic-linker],
+ [libc_cv_no_dynamic_linker=yes],
+ [libc_cv_no_dynamic_linker=no])
+LIBC_CONFIG_VAR([have-no-dynamic-linker], [$libc_cv_no_dynamic_linker])
+
+AC_CACHE_CHECK(for -static-pie, libc_cv_static_pie, [dnl
+LIBC_TRY_CC_OPTION([-static-pie],
+ [libc_cv_static_pie=yes],
+ [libc_cv_static_pie=no])
+])
+LIBC_CONFIG_VAR([have-static-pie], [$libc_cv_static_pie])
+
AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl
LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no])
])
@@ -1962,6 +1980,17 @@ fi
rm -f conftest.*])
AC_SUBST(libc_cv_pie_default)
+if test "$static_pie" = yes; then
+ # The linker must support --no-dynamic-linker.
+ if test "$libc_cv_no_dynamic_linker" != yes; then
+ AC_MSG_ERROR([linker support for --no-dynamic-linker needed])
+ fi
+ # Default to PIE.
+ libc_cv_pie_default=yes
+ AC_DEFINE(ENABLE_STATIC_PIE)
+fi
+LIBC_CONFIG_VAR([enable-static-pie], [$static_pie])
+
AC_SUBST(profile)
AC_SUBST(static_nss)
@@ -141,6 +141,8 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
__libc_multiple_libcs = &_dl_starting_up && !_dl_starting_up;
#ifndef SHARED
+ _dl_relocate_static_pie ();
+
char **ev = &argv[argc + 1];
__environ = ev;
@@ -114,6 +114,8 @@ __libc_setup_tls (void)
size_t tcb_offset;
const ElfW(Phdr) *phdr;
+ struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
+
/* Look through the TLS segment if there is any. */
if (_dl_phdr != NULL)
for (phdr = _dl_phdr; phdr < &_dl_phdr[_dl_phnum]; ++phdr)
@@ -122,7 +124,7 @@ __libc_setup_tls (void)
/* Remember the values we need. */
memsz = phdr->p_memsz;
filesz = phdr->p_filesz;
- initimage = (void *) phdr->p_vaddr;
+ initimage = (void *) phdr->p_vaddr + main_map->l_addr;
align = phdr->p_align;
if (phdr->p_align > max_align)
max_align = phdr->p_align;
@@ -163,8 +165,6 @@ __libc_setup_tls (void)
_dl_static_dtv[0].counter = (sizeof (_dl_static_dtv) / sizeof (_dl_static_dtv[0])) - 2;
// _dl_static_dtv[1].counter = 0; would be needed if not already done
- struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
-
/* Initialize the TLS block. */
#if TLS_TCB_AT_TP
_dl_static_dtv[2].pointer.val = ((char *) tlsblock + tcb_offset
@@ -26,7 +26,11 @@
#include <sys/param.h>
#include <stdint.h>
#include <ldsodefs.h>
-#include <dl-machine.h>
+#if ENABLE_STATIC_PIE
+# include "dynamic-link.h"
+#else
+# include <dl-machine.h>
+#endif
#include <libc-lock.h>
#include <dl-cache.h>
#include <dl-librecon.h>
@@ -199,7 +203,9 @@ const ElfW(Ehdr) *_dl_sysinfo_dso;
struct link_map *_dl_sysinfo_map;
-# include "get-dynamic-info.h"
+# if !ENABLE_STATIC_PIE
+# include "get-dynamic-info.h"
+# endif
#endif
#include "setup-vdso.h"
@@ -303,6 +309,35 @@ _dl_aux_init (ElfW(auxv_t) *av)
}
#endif
+#if ENABLE_STATIC_PIE
+/* Relocate static executable with PIE. */
+
+void
+_dl_relocate_static_pie (void)
+{
+# define STATIC_PIE_BOOTSTRAP
+# define RESOLVE_MAP(sym, version, flags) (&_dl_main_map)
+# include "dynamic-link.h"
+
+ /* Figure out the run-time load addres of static PIE. */
+ _dl_main_map.l_addr = elf_machine_load_address ();
+
+ /* Read our own dynamic section and fill in the info array. */
+ _dl_main_map.l_ld = ((void *) _dl_main_map.l_addr
+ + elf_machine_dynamic ());
+ elf_get_dynamic_info (&_dl_main_map, NULL);
+
+# ifdef ELF_MACHINE_BEFORE_RTLD_RELOC
+ ELF_MACHINE_BEFORE_RTLD_RELOC (_dl_main_map.l_info);
+# endif
+
+ /* Relocate ourselves so we can do normal function calls and
+ data access using the global offset table. */
+ ELF_DYNAMIC_RELOCATE (&_dl_main_map, 0, 0, 0);
+ _dl_main_map.l_relocated = 1;
+}
+#endif
+
void
internal_function
@@ -95,7 +95,7 @@ elf_machine_lazy_rel (struct link_map *map,
#ifdef RESOLVE_MAP
-# ifdef RTLD_BOOTSTRAP
+# if defined RTLD_BOOTSTRAP || defined STATIC_PIE_BOOTSTRAP
# define ELF_DURING_STARTUP (1)
# else
# define ELF_DURING_STARTUP (0)
@@ -38,7 +38,7 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
typedef Elf64_Xword d_tag_utype;
#endif
-#ifndef RTLD_BOOTSTRAP
+#if !defined RTLD_BOOTSTRAP && !defined STATIC_PIE_BOOTSTRAP
if (dyn == NULL)
return;
#endif
@@ -139,9 +139,11 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
/* Only the bind now flags are allowed. */
assert (info[VERSYMIDX (DT_FLAGS_1)] == NULL
|| (info[VERSYMIDX (DT_FLAGS_1)]->d_un.d_val & ~DF_1_NOW) == 0);
+ /* Flags must not be set for ld.so. */
assert (info[DT_FLAGS] == NULL
|| (info[DT_FLAGS]->d_un.d_val & ~DF_BIND_NOW) == 0);
- /* Flags must not be set for ld.so. */
+#endif
+#if defined RTLD_BOOTSTRAP || defined STATIC_PIE_BOOTSTRAP
assert (info[DT_RUNPATH] == NULL);
assert (info[DT_RPATH] == NULL);
#else
@@ -1069,6 +1069,13 @@ extern void _dl_determine_tlsoffset (void) internal_function attribute_hidden;
stack protector, among other things). */
void __libc_setup_tls (void);
+# if ENABLE_STATIC_PIE
+/* Relocate static executable with PIE. */
+void _dl_relocate_static_pie (void) attribute_hidden;
+# else
+# define _dl_relocate_static_pie()
+# endif
+
/* Initialization of libpthread for statically linked applications.
If libpthread is not linked in, this is an empty function. */
void __pthread_initialize_minimal (void) weak_function;
@@ -85,6 +85,39 @@ if test x"$build_mathvec" = xnotset; then
build_mathvec=yes
fi
+if test "$static_pie" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for linker static PIE support" >&5
+$as_echo_n "checking for linker static PIE support... " >&6; }
+if ${libc_cv_ld_static_pie+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat > conftest.s <<\EOF
+ .text
+ .global _start
+ .weak foo
+_start:
+ leaq foo(%rip), %rax
+EOF
+ libc_cv_pie_option="-Wl,-pie"
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostartfiles -nostdlib $no_ssp $libc_cv_pie_option conftest.s 1>&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ libc_cv_ld_static_pie=yes
+ else
+ libc_cv_ld_static_pie=no
+ fi
+rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ld_static_pie" >&5
+$as_echo "$libc_cv_ld_static_pie" >&6; }
+ if test "$libc_cv_ld_static_pie" != yes; then
+ as_fn_error $? "linker support for static PIE needed" "$LINENO" 5
+ fi
+fi
+
$as_echo "#define PI_STATIC_AND_HIDDEN 1" >>confdefs.h
@@ -44,6 +44,28 @@ if test x"$build_mathvec" = xnotset; then
build_mathvec=yes
fi
+dnl Check if linker supports static PIE.
+if test "$static_pie" = yes; then
+ AC_CACHE_CHECK(for linker static PIE support, libc_cv_ld_static_pie, [dnl
+cat > conftest.s <<\EOF
+ .text
+ .global _start
+ .weak foo
+_start:
+ leaq foo(%rip), %rax
+EOF
+ libc_cv_pie_option="-Wl,-pie"
+ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostartfiles -nostdlib $no_ssp $libc_cv_pie_option conftest.s 1>&AS_MESSAGE_LOG_FD); then
+ libc_cv_ld_static_pie=yes
+ else
+ libc_cv_ld_static_pie=no
+ fi
+rm -f conftest*])
+ if test "$libc_cv_ld_static_pie" != yes; then
+ AC_MSG_ERROR([linker support for static PIE needed])
+ fi
+fi
+
dnl It is always possible to access static and hidden symbols in an
dnl position independent way.
AC_DEFINE(PI_STATIC_AND_HIDDEN)