The -static overrides the -pie and binaries aren't position independent
anymore. Use -static-pie instead which would produce a static and
position independent binary. This has been caught by clang's warnings:
clang: warning: argument unused during compilation: '-pie'
[-Wunused-command-line-argument]
Tested with both gcc and clang after this change.
Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
Signed-off-by: Muhammad Usama Anjum <[email protected]>
---
Changes since v1:
- Remove unneeded comment
---
tools/testing/selftests/exec/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/exec/Makefile b/tools/testing/selftests/exec/Makefile
index fb4472ddffd81..3c79ec9bf780f 100644
--- a/tools/testing/selftests/exec/Makefile
+++ b/tools/testing/selftests/exec/Makefile
@@ -29,8 +29,8 @@ $(OUTPUT)/execveat.denatured: $(OUTPUT)/execveat
cp $< $@
chmod -x $@
$(OUTPUT)/load_address_4096: load_address.c
- $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x1000 -pie -static $< -o $@
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x1000 -static-pie $< -o $@
$(OUTPUT)/load_address_2097152: load_address.c
- $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x200000 -pie -static $< -o $@
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x200000 -static-pie $< -o $@
$(OUTPUT)/load_address_16777216: load_address.c
- $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x1000000 -pie -static $< -o $@
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,max-page-size=0x1000000 -static-pie $< -o $@
--
2.39.2
On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> The -static overrides the -pie and binaries aren't position independent
> anymore. Use -static-pie instead which would produce a static and
> position independent binary. This has been caught by clang's warnings:
>
> clang: warning: argument unused during compilation: '-pie'
> [-Wunused-command-line-argument]
>
> Tested with both gcc and clang after this change.
>
> Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> Signed-off-by: Muhammad Usama Anjum <[email protected]>
Thanks for this!
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <[email protected]> wrote:
>
> On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> > The -static overrides the -pie and binaries aren't position independent
> > anymore. Use -static-pie instead which would produce a static and
> > position independent binary. This has been caught by clang's warnings:
> >
> > clang: warning: argument unused during compilation: '-pie'
> > [-Wunused-command-line-argument]
> >
> > Tested with both gcc and clang after this change.
> >
> > Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> > Signed-off-by: Muhammad Usama Anjum <[email protected]>
>
> Thanks for this!
>
> Reviewed-by: Kees Cook <[email protected]>
>
> --
> Kees Cook
GCC versions before 8.1 do not support -static-pie,
while https://www.kernel.org/doc/html/next/process/changes.html says
the minimal version is GCC 5.1.
Is this a problem?
If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
(PIC), using -static-pie looks good to me.
--
宋方睿
On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
> On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <[email protected]> wrote:
> >
> > On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> > > The -static overrides the -pie and binaries aren't position independent
> > > anymore. Use -static-pie instead which would produce a static and
> > > position independent binary. This has been caught by clang's warnings:
> > >
> > > clang: warning: argument unused during compilation: '-pie'
> > > [-Wunused-command-line-argument]
> > >
> > > Tested with both gcc and clang after this change.
> > >
> > > Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> > > Signed-off-by: Muhammad Usama Anjum <[email protected]>
> >
> > Thanks for this!
> >
> > Reviewed-by: Kees Cook <[email protected]>
> >
> > --
> > Kees Cook
>
> GCC versions before 8.1 do not support -static-pie,
> while https://www.kernel.org/doc/html/next/process/changes.html says
> the minimal version is GCC 5.1.
> Is this a problem?
>
> If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
> (PIC), using -static-pie looks good to me.
Should we use this alternative, which may be more portable?
https://lore.kernel.org/all/[email protected]/
-Kees
--
Kees Cook
On Mon, May 6, 2024 at 5:05 PM Kees Cook <[email protected]> wrote:
>
> On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
> > On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <[email protected]> wrote:
> > >
> > > On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> > > > The -static overrides the -pie and binaries aren't position independent
> > > > anymore. Use -static-pie instead which would produce a static and
> > > > position independent binary. This has been caught by clang's warnings:
> > > >
> > > > clang: warning: argument unused during compilation: '-pie'
> > > > [-Wunused-command-line-argument]
> > > >
> > > > Tested with both gcc and clang after this change.
> > > >
> > > > Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> > > > Signed-off-by: Muhammad Usama Anjum <[email protected]>
> > >
> > > Thanks for this!
> > >
> > > Reviewed-by: Kees Cook <[email protected]>
> > >
> > > --
> > > Kees Cook
> >
> > GCC versions before 8.1 do not support -static-pie,
> > while https://www.kernel.org/doc/html/next/process/changes.html says
> > the minimal version is GCC 5.1.
> > Is this a problem?
> >
> > If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
> > (PIC), using -static-pie looks good to me.
>
> Should we use this alternative, which may be more portable?
> https://lore.kernel.org/all/[email protected]/
>
> -Kees
s/-fPIE -static/-static/ then it looks good to me:)
-static creates a position-dependent executable.
It doesn't matter whether the compiler uses -fno-pic/-fpie/-fpic
codegen, so -fPIE can be removed.
--
宋方睿
On 5/6/24 5:14 PM, Fangrui Song wrote:
> On Mon, May 6, 2024 at 5:05 PM Kees Cook <[email protected]> wrote:
>>
>> On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
>>> On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <[email protected]> wrote:
>>>>
>>>> On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
>>>>> The -static overrides the -pie and binaries aren't position independent
>>>>> anymore. Use -static-pie instead which would produce a static and
>>>>> position independent binary. This has been caught by clang's warnings:
>>>>>
>>>>> clang: warning: argument unused during compilation: '-pie'
>>>>> [-Wunused-command-line-argument]
>>>>>
>>>>> Tested with both gcc and clang after this change.
>>>>>
>>>>> Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
>>>>> Signed-off-by: Muhammad Usama Anjum <[email protected]>
>>>>
>>>> Thanks for this!
>>>>
>>>> Reviewed-by: Kees Cook <[email protected]>
>>>>
>>>> --
>>>> Kees Cook
>>>
>>> GCC versions before 8.1 do not support -static-pie,
>>> while https://www.kernel.org/doc/html/next/process/changes.html says
>>> the minimal version is GCC 5.1.
>>> Is this a problem?
>>>
>>> If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
>>> (PIC), using -static-pie looks good to me.
>>
>> Should we use this alternative, which may be more portable?
>> https://lore.kernel.org/all/[email protected]/
>>
>> -Kees
>
> s/-fPIE -static/-static/ then it looks good to me:)
hmm, maybe that is better, considering that -static-pie is relatively
new (as you pointed out in the other thread), and would break the
minimum kernel gcc version requirements.
>
> -static creates a position-dependent executable.
> It doesn't matter whether the compiler uses -fno-pic/-fpie/-fpic
> codegen, so -fPIE can be removed.
>
This is something I'd have to take your word for. The whole PIE
story not completely clear to me, but if you're sure it is not
required here, then of course leaving it out entirely works nicely...
thanks,
--
John Hubbard
NVIDIA