diff mbox series

[v10,6/7] Add --disable-default-dt-relr

Message ID 20220414232129.1886210-7-hjl.tools@gmail.com
State New
Headers show
Series Support DT_RELR relative relocation format | expand

Commit Message

H.J. Lu April 14, 2022, 11:21 p.m. UTC
Enable DT_RELR in glibc shared libraries and position independent
executables (PIE) automatically if linker supports -z pack-relative-relocs.

Also add a new configuration option, --disable-default-dt-relr, to
avoid DT_RELR usage in glibc shared libraries and PIEs.
---
 INSTALL             |  6 ++++++
 Makeconfig          | 19 +++++++++++++++++++
 Makerules           |  2 ++
 configure           | 18 ++++++++++++++++++
 configure.ac        | 13 +++++++++++++
 elf/Makefile        |  4 +++-
 manual/install.texi |  5 +++++
 7 files changed, 66 insertions(+), 1 deletion(-)

Comments

Adhemerval Zanella Netto April 20, 2022, 5:49 p.m. UTC | #1
On 14/04/2022 20:21, H.J. Lu wrote:
> Enable DT_RELR in glibc shared libraries and position independent
> executables (PIE) automatically if linker supports -z pack-relative-relocs.
> 
> Also add a new configuration option, --disable-default-dt-relr, to
> avoid DT_RELR usage in glibc shared libraries and PIEs.

Patch looks ok but I am trying to see which would be a usercase for the
--disable-default-dt-relr since loader and libc are tied together and
we don't really support mixing up build with different configure
options (although in practice I think most combination would work).

I take that DT_RELR is always an improvement for shared libraries and
PIE, specially the ones with a lot o irelative relocations.

> ---
>  INSTALL             |  6 ++++++
>  Makeconfig          | 19 +++++++++++++++++++
>  Makerules           |  2 ++
>  configure           | 18 ++++++++++++++++++
>  configure.ac        | 13 +++++++++++++
>  elf/Makefile        |  4 +++-
>  manual/install.texi |  5 +++++
>  7 files changed, 66 insertions(+), 1 deletion(-)
> 
> diff --git a/INSTALL b/INSTALL
> index 63c022d6b9..4a6506f11f 100644
> --- a/INSTALL
> +++ b/INSTALL
> @@ -133,6 +133,12 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
>       used with the GCC option, -static-pie, which is available with GCC
>       8 or above, to create static PIE.
>  
> +'--disable-default-dt-relr'
> +     Don't enable DT_RELR in glibc shared libraries and position
> +     independent executables (PIE). By default, DT_RELR is enabled in

Two space after period.

> +     glibc shared libraries and position independent executables on
> +     targets that support it.
> +
>  '--enable-cet'
>  '--enable-cet=permissive'
>       Enable Intel Control-flow Enforcement Technology (CET) support.
> diff --git a/Makeconfig b/Makeconfig
> index 0aa5fb0099..b75f28f837 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -358,6 +358,23 @@ else
>  real-static-start-installed-name = $(static-start-installed-name)
>  endif
>  
> +# Linker option to enable and disable DT-RELR.
> +ifeq ($(have-dt-relr),yes)
> +dt-relr-ldflag = -Wl,-z,pack-relative-relocs
> +no-dt-relr-ldflag = -Wl,-z,nopack-relative-relocs
> +else
> +dt-relr-ldflag =
> +no-dt-relr-ldflag =
> +endif
> +
> +# Default linker option for DT-RELR.
> +ifeq (yes,$(build-dt-relr-default))
> +default-rt-relr-ldflag = $(dt-relr-ldflag)
> +else
> +default-rt-relr-ldflag = $(no-dt-relr-ldflag)
> +endif
> +LDFLAGS-rtld += $(default-rt-relr-ldflag)
> +
>  relro-LDFLAGS = -Wl,-z,relro
>  LDFLAGS.so += $(relro-LDFLAGS)
>  LDFLAGS-rtld += $(relro-LDFLAGS)
> @@ -413,6 +430,7 @@ link-extra-libs-tests = $(libsupport)
>  # Command for linking PIE programs with the C library.
>  ifndef +link-pie
>  +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \
> +	     $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
>  	     -Wl,-O1 -nostdlib -nostartfiles \
>  	     $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
>  	     $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
> @@ -445,6 +463,7 @@ endif
>  ifndef +link-static
>  +link-static-before-inputs = -nostdlib -nostartfiles -static \
>  	      $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
> +	      $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
>  	      $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F))  \
>  	      $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
>  	      $(+preinit) $(+prectorT)
> diff --git a/Makerules b/Makerules
> index 428464f092..7c1da551bf 100644
> --- a/Makerules
> +++ b/Makerules
> @@ -536,6 +536,7 @@ lib%.so: lib%_pic.a $(+preinit) $(+postinit) $(link-libc-deps)
>  define build-shlib-helper
>  $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
>  	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \
> +	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
>  	  $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
>  	  $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
>  	  -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
> @@ -595,6 +596,7 @@ endef
>  define build-module-helper
>  $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
>  	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \
> +	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
>  	  -B$(csu-objpfx) $(load-map-file) \
>  	  $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \
>  	  $(link-test-modules-rpath-link) \
> diff --git a/configure b/configure
> index c0c2246597..d230c2c673 100755
> --- a/configure
> +++ b/configure
> @@ -767,6 +767,7 @@ enable_sanity_checks
>  enable_shared
>  enable_profile
>  enable_default_pie
> +enable_default_dt_relr
>  enable_timezone_tools
>  enable_hardcoded_path_in_tests
>  enable_hidden_plt
> @@ -1424,6 +1425,7 @@ Optional Features:
>    --enable-profile        build profiled library [default=no]
>    --disable-default-pie   Do not build glibc programs and the testsuite as PIE
>                            [default=no]
> +  --disable-dt-relr       Do not enable DT_RELR in glibc[default=no]
>    --disable-timezone-tools
>                            do not install timezone tools [default=install]
>    --enable-hardcoded-path-in-tests
> @@ -3440,6 +3442,13 @@ else
>    default_pie=yes
>  fi
>  
> +# Check whether --enable-default-dt-relr was given.
> +if test "${enable_default_dt_relr+set}" = set; then :
> +  enableval=$enable_default_dt_relr; default_dt_relr=$enableval
> +else
> +  default_dt_relr=yes
> +fi
> +
>  # Check whether --enable-timezone-tools was given.
>  if test "${enable_timezone_tools+set}" = set; then :
>    enableval=$enable_timezone_tools; enable_timezone_tools=$enableval
> @@ -7092,6 +7101,15 @@ fi
>  config_vars="$config_vars
>  enable-static-pie = $libc_cv_static_pie"
>  
> +# Disable build-dt-relr-default if linker does not support it or if glibc
> +# is configured with --disable-default-dt-relr.
> +build_dt_relr_default=$default_dt_relr
> +if test "x$build_dt_relr_default" != xno; then
> +  build_dt_relr_default=$libc_cv_dt_relr
> +fi
> +config_vars="$config_vars
> +build-dt-relr-default = $build_dt_relr_default"
> +
>  # Set the `multidir' variable by grabbing the variable from the compiler.
>  # We do it once and save the result in a generated makefile.
>  libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
> diff --git a/configure.ac b/configure.ac
> index 66cad71431..1aa152b901 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -197,6 +197,11 @@ AC_ARG_ENABLE([default-pie],
>  			     [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]),
>  	      [default_pie=$enableval],
>  	      [default_pie=yes])
> +AC_ARG_ENABLE([default-dt-relr],
> +	      AS_HELP_STRING([--disable-dt-relr],
> +			     [Do not enable DT_RELR in glibc@<:@default=no@:>@]),

Missing space after 'glibc'.

> +	      [default_dt_relr=$enableval],
> +	      [default_dt_relr=yes])
>  AC_ARG_ENABLE([timezone-tools],
>  	      AS_HELP_STRING([--disable-timezone-tools],
>  			     [do not install timezone tools @<:@default=install@:>@]),
> @@ -1878,6 +1883,14 @@ if test "$libc_cv_static_pie" = "yes"; then
>  fi
>  LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
>  
> +# Disable build-dt-relr-default if linker does not support it or if glibc
> +# is configured with --disable-default-dt-relr.
> +build_dt_relr_default=$default_dt_relr
> +if test "x$build_dt_relr_default" != xno; then
> +  build_dt_relr_default=$libc_cv_dt_relr
> +fi
> +LIBC_CONFIG_VAR([build-dt-relr-default], [$build_dt_relr_default])
> +
>  # Set the `multidir' variable by grabbing the variable from the compiler.
>  # We do it once and save the result in a generated makefile.
>  libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
> diff --git a/elf/Makefile b/elf/Makefile
> index 07ac9ec3ef..bf8a61dc30 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -1603,6 +1603,7 @@ $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so
>  
>  $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so
>  	$(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \
> +		  $(default-rt-relr-ldflag) \
>  		  -L$(subst :, -L,$(rpath-link)) \
>  		  -Wl,-rpath-link=$(rpath-link) \
>  		  $< -Wl,-F,$(objpfx)filtmod2.so
> @@ -2402,7 +2403,7 @@ $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so
>  # artificial, large note in tst-big-note-lib.o and invalidate the
>  # test.
>  $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o
> -	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $<
> +	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $(default-rt-relr-ldflag) $<
>  
>  $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so
>  
> @@ -2711,6 +2712,7 @@ $(objpfx)tst-ro-dynamic: $(objpfx)tst-ro-dynamic-mod.so
>  $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \
>    tst-ro-dynamic-mod.map
>  	$(LINK.o) -nostdlib -nostartfiles -shared -o $@ \
> +		$(default-rt-relr-ldflag) \
>  		-Wl,--script=tst-ro-dynamic-mod.map \
>  		$(objpfx)tst-ro-dynamic-mod.os
>  
> diff --git a/manual/install.texi b/manual/install.texi
> index 29c52f2927..04ea996561 100644
> --- a/manual/install.texi
> +++ b/manual/install.texi
> @@ -161,6 +161,11 @@ and architecture support it, static executables are built as static PIE and the
>  resulting glibc can be used with the GCC option, -static-pie, which is
>  available with GCC 8 or above, to create static PIE.
>  
> +@item --disable-default-dt-relr
> +Don't enable DT_RELR in glibc shared libraries and position independent
> +executables (PIE).  By default, DT_RELR is enabled in glibc shared
> +libraries and position independent executables on targets that support it.
> +
>  @item --enable-cet
>  @itemx --enable-cet=permissive
>  Enable Intel Control-flow Enforcement Technology (CET) support.  When
H.J. Lu April 22, 2022, 6:41 p.m. UTC | #2
On Wed, Apr 20, 2022 at 10:49 AM Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
>
>
> On 14/04/2022 20:21, H.J. Lu wrote:
> > Enable DT_RELR in glibc shared libraries and position independent
> > executables (PIE) automatically if linker supports -z pack-relative-relocs.
> >
> > Also add a new configuration option, --disable-default-dt-relr, to
> > avoid DT_RELR usage in glibc shared libraries and PIEs.
>
> Patch looks ok but I am trying to see which would be a usercase for the
> --disable-default-dt-relr since loader and libc are tied together and
> we don't really support mixing up build with different configure
> options (although in practice I think most combination would work).
>
> I take that DT_RELR is always an improvement for shared libraries and
> PIE, specially the ones with a lot o irelative relocations.

This is an option.  I don't mind dropping it.

> > ---
> >  INSTALL             |  6 ++++++
> >  Makeconfig          | 19 +++++++++++++++++++
> >  Makerules           |  2 ++
> >  configure           | 18 ++++++++++++++++++
> >  configure.ac        | 13 +++++++++++++
> >  elf/Makefile        |  4 +++-
> >  manual/install.texi |  5 +++++
> >  7 files changed, 66 insertions(+), 1 deletion(-)
> >
> > diff --git a/INSTALL b/INSTALL
> > index 63c022d6b9..4a6506f11f 100644
> > --- a/INSTALL
> > +++ b/INSTALL
> > @@ -133,6 +133,12 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
> >       used with the GCC option, -static-pie, which is available with GCC
> >       8 or above, to create static PIE.
> >
> > +'--disable-default-dt-relr'
> > +     Don't enable DT_RELR in glibc shared libraries and position
> > +     independent executables (PIE). By default, DT_RELR is enabled in
>
> Two space after period.

This is a generated file.   The original change in manual/install.texi
has 2 spaces.

> > +     glibc shared libraries and position independent executables on
> > +     targets that support it.
> > +
> >  '--enable-cet'
> >  '--enable-cet=permissive'
> >       Enable Intel Control-flow Enforcement Technology (CET) support.
> > diff --git a/Makeconfig b/Makeconfig
> > index 0aa5fb0099..b75f28f837 100644
> > --- a/Makeconfig
> > +++ b/Makeconfig
> > @@ -358,6 +358,23 @@ else
> >  real-static-start-installed-name = $(static-start-installed-name)
> >  endif
> >
> > +# Linker option to enable and disable DT-RELR.
> > +ifeq ($(have-dt-relr),yes)
> > +dt-relr-ldflag = -Wl,-z,pack-relative-relocs
> > +no-dt-relr-ldflag = -Wl,-z,nopack-relative-relocs
> > +else
> > +dt-relr-ldflag =
> > +no-dt-relr-ldflag =
> > +endif
> > +
> > +# Default linker option for DT-RELR.
> > +ifeq (yes,$(build-dt-relr-default))
> > +default-rt-relr-ldflag = $(dt-relr-ldflag)
> > +else
> > +default-rt-relr-ldflag = $(no-dt-relr-ldflag)
> > +endif
> > +LDFLAGS-rtld += $(default-rt-relr-ldflag)
> > +
> >  relro-LDFLAGS = -Wl,-z,relro
> >  LDFLAGS.so += $(relro-LDFLAGS)
> >  LDFLAGS-rtld += $(relro-LDFLAGS)
> > @@ -413,6 +430,7 @@ link-extra-libs-tests = $(libsupport)
> >  # Command for linking PIE programs with the C library.
> >  ifndef +link-pie
> >  +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \
> > +          $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> >            -Wl,-O1 -nostdlib -nostartfiles \
> >            $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
> >            $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
> > @@ -445,6 +463,7 @@ endif
> >  ifndef +link-static
> >  +link-static-before-inputs = -nostdlib -nostartfiles -static \
> >             $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
> > +           $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> >             $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F))  \
> >             $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
> >             $(+preinit) $(+prectorT)
> > diff --git a/Makerules b/Makerules
> > index 428464f092..7c1da551bf 100644
> > --- a/Makerules
> > +++ b/Makerules
> > @@ -536,6 +536,7 @@ lib%.so: lib%_pic.a $(+preinit) $(+postinit) $(link-libc-deps)
> >  define build-shlib-helper
> >  $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
> >         $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \
> > +       $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> >         $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
> >         $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
> >         -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
> > @@ -595,6 +596,7 @@ endef
> >  define build-module-helper
> >  $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
> >         $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \
> > +       $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
> >         -B$(csu-objpfx) $(load-map-file) \
> >         $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \
> >         $(link-test-modules-rpath-link) \
> > diff --git a/configure b/configure
> > index c0c2246597..d230c2c673 100755
> > --- a/configure
> > +++ b/configure
> > @@ -767,6 +767,7 @@ enable_sanity_checks
> >  enable_shared
> >  enable_profile
> >  enable_default_pie
> > +enable_default_dt_relr
> >  enable_timezone_tools
> >  enable_hardcoded_path_in_tests
> >  enable_hidden_plt
> > @@ -1424,6 +1425,7 @@ Optional Features:
> >    --enable-profile        build profiled library [default=no]
> >    --disable-default-pie   Do not build glibc programs and the testsuite as PIE
> >                            [default=no]
> > +  --disable-dt-relr       Do not enable DT_RELR in glibc[default=no]
> >    --disable-timezone-tools
> >                            do not install timezone tools [default=install]
> >    --enable-hardcoded-path-in-tests
> > @@ -3440,6 +3442,13 @@ else
> >    default_pie=yes
> >  fi
> >
> > +# Check whether --enable-default-dt-relr was given.
> > +if test "${enable_default_dt_relr+set}" = set; then :
> > +  enableval=$enable_default_dt_relr; default_dt_relr=$enableval
> > +else
> > +  default_dt_relr=yes
> > +fi
> > +
> >  # Check whether --enable-timezone-tools was given.
> >  if test "${enable_timezone_tools+set}" = set; then :
> >    enableval=$enable_timezone_tools; enable_timezone_tools=$enableval
> > @@ -7092,6 +7101,15 @@ fi
> >  config_vars="$config_vars
> >  enable-static-pie = $libc_cv_static_pie"
> >
> > +# Disable build-dt-relr-default if linker does not support it or if glibc
> > +# is configured with --disable-default-dt-relr.
> > +build_dt_relr_default=$default_dt_relr
> > +if test "x$build_dt_relr_default" != xno; then
> > +  build_dt_relr_default=$libc_cv_dt_relr
> > +fi
> > +config_vars="$config_vars
> > +build-dt-relr-default = $build_dt_relr_default"
> > +
> >  # Set the `multidir' variable by grabbing the variable from the compiler.
> >  # We do it once and save the result in a generated makefile.
> >  libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
> > diff --git a/configure.ac b/configure.ac
> > index 66cad71431..1aa152b901 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -197,6 +197,11 @@ AC_ARG_ENABLE([default-pie],
> >                            [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]),
> >             [default_pie=$enableval],
> >             [default_pie=yes])
> > +AC_ARG_ENABLE([default-dt-relr],
> > +           AS_HELP_STRING([--disable-dt-relr],
> > +                          [Do not enable DT_RELR in glibc@<:@default=no@:>@]),
>
> Missing space after 'glibc'.

Fixed in v11.

>
> > +           [default_dt_relr=$enableval],
> > +           [default_dt_relr=yes])
> >  AC_ARG_ENABLE([timezone-tools],
> >             AS_HELP_STRING([--disable-timezone-tools],
> >                            [do not install timezone tools @<:@default=install@:>@]),
> > @@ -1878,6 +1883,14 @@ if test "$libc_cv_static_pie" = "yes"; then
> >  fi
> >  LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
> >
> > +# Disable build-dt-relr-default if linker does not support it or if glibc
> > +# is configured with --disable-default-dt-relr.
> > +build_dt_relr_default=$default_dt_relr
> > +if test "x$build_dt_relr_default" != xno; then
> > +  build_dt_relr_default=$libc_cv_dt_relr
> > +fi
> > +LIBC_CONFIG_VAR([build-dt-relr-default], [$build_dt_relr_default])
> > +
> >  # Set the `multidir' variable by grabbing the variable from the compiler.
> >  # We do it once and save the result in a generated makefile.
> >  libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
> > diff --git a/elf/Makefile b/elf/Makefile
> > index 07ac9ec3ef..bf8a61dc30 100644
> > --- a/elf/Makefile
> > +++ b/elf/Makefile
> > @@ -1603,6 +1603,7 @@ $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so
> >
> >  $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so
> >       $(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \
> > +               $(default-rt-relr-ldflag) \
> >                 -L$(subst :, -L,$(rpath-link)) \
> >                 -Wl,-rpath-link=$(rpath-link) \
> >                 $< -Wl,-F,$(objpfx)filtmod2.so
> > @@ -2402,7 +2403,7 @@ $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so
> >  # artificial, large note in tst-big-note-lib.o and invalidate the
> >  # test.
> >  $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o
> > -     $(LINK.o) -shared -o $@ $(LDFLAGS.so) $<
> > +     $(LINK.o) -shared -o $@ $(LDFLAGS.so) $(default-rt-relr-ldflag) $<
> >
> >  $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so
> >
> > @@ -2711,6 +2712,7 @@ $(objpfx)tst-ro-dynamic: $(objpfx)tst-ro-dynamic-mod.so
> >  $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \
> >    tst-ro-dynamic-mod.map
> >       $(LINK.o) -nostdlib -nostartfiles -shared -o $@ \
> > +             $(default-rt-relr-ldflag) \
> >               -Wl,--script=tst-ro-dynamic-mod.map \
> >               $(objpfx)tst-ro-dynamic-mod.os
> >
> > diff --git a/manual/install.texi b/manual/install.texi
> > index 29c52f2927..04ea996561 100644
> > --- a/manual/install.texi
> > +++ b/manual/install.texi
> > @@ -161,6 +161,11 @@ and architecture support it, static executables are built as static PIE and the
> >  resulting glibc can be used with the GCC option, -static-pie, which is
> >  available with GCC 8 or above, to create static PIE.
> >
> > +@item --disable-default-dt-relr
> > +Don't enable DT_RELR in glibc shared libraries and position independent
> > +executables (PIE).  By default, DT_RELR is enabled in glibc shared
                                      There are 2 spaces here.
> > +libraries and position independent executables on targets that support it.
> > +
> >  @item --enable-cet
> >  @itemx --enable-cet=permissive
> >  Enable Intel Control-flow Enforcement Technology (CET) support.  When

Thanks.
diff mbox series

Patch

diff --git a/INSTALL b/INSTALL
index 63c022d6b9..4a6506f11f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -133,6 +133,12 @@  if 'CFLAGS' is specified it must enable optimization.  For example:
      used with the GCC option, -static-pie, which is available with GCC
      8 or above, to create static PIE.
 
+'--disable-default-dt-relr'
+     Don't enable DT_RELR in glibc shared libraries and position
+     independent executables (PIE). By default, DT_RELR is enabled in
+     glibc shared libraries and position independent executables on
+     targets that support it.
+
 '--enable-cet'
 '--enable-cet=permissive'
      Enable Intel Control-flow Enforcement Technology (CET) support.
diff --git a/Makeconfig b/Makeconfig
index 0aa5fb0099..b75f28f837 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -358,6 +358,23 @@  else
 real-static-start-installed-name = $(static-start-installed-name)
 endif
 
+# Linker option to enable and disable DT-RELR.
+ifeq ($(have-dt-relr),yes)
+dt-relr-ldflag = -Wl,-z,pack-relative-relocs
+no-dt-relr-ldflag = -Wl,-z,nopack-relative-relocs
+else
+dt-relr-ldflag =
+no-dt-relr-ldflag =
+endif
+
+# Default linker option for DT-RELR.
+ifeq (yes,$(build-dt-relr-default))
+default-rt-relr-ldflag = $(dt-relr-ldflag)
+else
+default-rt-relr-ldflag = $(no-dt-relr-ldflag)
+endif
+LDFLAGS-rtld += $(default-rt-relr-ldflag)
+
 relro-LDFLAGS = -Wl,-z,relro
 LDFLAGS.so += $(relro-LDFLAGS)
 LDFLAGS-rtld += $(relro-LDFLAGS)
@@ -413,6 +430,7 @@  link-extra-libs-tests = $(libsupport)
 # Command for linking PIE programs with the C library.
 ifndef +link-pie
 +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \
+	     $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
 	     -Wl,-O1 -nostdlib -nostartfiles \
 	     $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
 	     $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
@@ -445,6 +463,7 @@  endif
 ifndef +link-static
 +link-static-before-inputs = -nostdlib -nostartfiles -static \
 	      $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \
+	      $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
 	      $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F))  \
 	      $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \
 	      $(+preinit) $(+prectorT)
diff --git a/Makerules b/Makerules
index 428464f092..7c1da551bf 100644
--- a/Makerules
+++ b/Makerules
@@ -536,6 +536,7 @@  lib%.so: lib%_pic.a $(+preinit) $(+postinit) $(link-libc-deps)
 define build-shlib-helper
 $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
 	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \
+	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
 	  $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
 	  $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
 	  -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
@@ -595,6 +596,7 @@  endef
 define build-module-helper
 $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
 	  $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \
+	  $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(default-rt-relr-ldflag)) \
 	  -B$(csu-objpfx) $(load-map-file) \
 	  $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \
 	  $(link-test-modules-rpath-link) \
diff --git a/configure b/configure
index c0c2246597..d230c2c673 100755
--- a/configure
+++ b/configure
@@ -767,6 +767,7 @@  enable_sanity_checks
 enable_shared
 enable_profile
 enable_default_pie
+enable_default_dt_relr
 enable_timezone_tools
 enable_hardcoded_path_in_tests
 enable_hidden_plt
@@ -1424,6 +1425,7 @@  Optional Features:
   --enable-profile        build profiled library [default=no]
   --disable-default-pie   Do not build glibc programs and the testsuite as PIE
                           [default=no]
+  --disable-dt-relr       Do not enable DT_RELR in glibc[default=no]
   --disable-timezone-tools
                           do not install timezone tools [default=install]
   --enable-hardcoded-path-in-tests
@@ -3440,6 +3442,13 @@  else
   default_pie=yes
 fi
 
+# Check whether --enable-default-dt-relr was given.
+if test "${enable_default_dt_relr+set}" = set; then :
+  enableval=$enable_default_dt_relr; default_dt_relr=$enableval
+else
+  default_dt_relr=yes
+fi
+
 # Check whether --enable-timezone-tools was given.
 if test "${enable_timezone_tools+set}" = set; then :
   enableval=$enable_timezone_tools; enable_timezone_tools=$enableval
@@ -7092,6 +7101,15 @@  fi
 config_vars="$config_vars
 enable-static-pie = $libc_cv_static_pie"
 
+# Disable build-dt-relr-default if linker does not support it or if glibc
+# is configured with --disable-default-dt-relr.
+build_dt_relr_default=$default_dt_relr
+if test "x$build_dt_relr_default" != xno; then
+  build_dt_relr_default=$libc_cv_dt_relr
+fi
+config_vars="$config_vars
+build-dt-relr-default = $build_dt_relr_default"
+
 # Set the `multidir' variable by grabbing the variable from the compiler.
 # We do it once and save the result in a generated makefile.
 libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
diff --git a/configure.ac b/configure.ac
index 66cad71431..1aa152b901 100644
--- a/configure.ac
+++ b/configure.ac
@@ -197,6 +197,11 @@  AC_ARG_ENABLE([default-pie],
 			     [Do not build glibc programs and the testsuite as PIE @<:@default=no@:>@]),
 	      [default_pie=$enableval],
 	      [default_pie=yes])
+AC_ARG_ENABLE([default-dt-relr],
+	      AS_HELP_STRING([--disable-dt-relr],
+			     [Do not enable DT_RELR in glibc@<:@default=no@:>@]),
+	      [default_dt_relr=$enableval],
+	      [default_dt_relr=yes])
 AC_ARG_ENABLE([timezone-tools],
 	      AS_HELP_STRING([--disable-timezone-tools],
 			     [do not install timezone tools @<:@default=install@:>@]),
@@ -1878,6 +1883,14 @@  if test "$libc_cv_static_pie" = "yes"; then
 fi
 LIBC_CONFIG_VAR([enable-static-pie], [$libc_cv_static_pie])
 
+# Disable build-dt-relr-default if linker does not support it or if glibc
+# is configured with --disable-default-dt-relr.
+build_dt_relr_default=$default_dt_relr
+if test "x$build_dt_relr_default" != xno; then
+  build_dt_relr_default=$libc_cv_dt_relr
+fi
+LIBC_CONFIG_VAR([build-dt-relr-default], [$build_dt_relr_default])
+
 # Set the `multidir' variable by grabbing the variable from the compiler.
 # We do it once and save the result in a generated makefile.
 libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
diff --git a/elf/Makefile b/elf/Makefile
index 07ac9ec3ef..bf8a61dc30 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -1603,6 +1603,7 @@  $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so
 
 $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so
 	$(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \
+		  $(default-rt-relr-ldflag) \
 		  -L$(subst :, -L,$(rpath-link)) \
 		  -Wl,-rpath-link=$(rpath-link) \
 		  $< -Wl,-F,$(objpfx)filtmod2.so
@@ -2402,7 +2403,7 @@  $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so
 # artificial, large note in tst-big-note-lib.o and invalidate the
 # test.
 $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o
-	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $<
+	$(LINK.o) -shared -o $@ $(LDFLAGS.so) $(default-rt-relr-ldflag) $<
 
 $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so
 
@@ -2711,6 +2712,7 @@  $(objpfx)tst-ro-dynamic: $(objpfx)tst-ro-dynamic-mod.so
 $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \
   tst-ro-dynamic-mod.map
 	$(LINK.o) -nostdlib -nostartfiles -shared -o $@ \
+		$(default-rt-relr-ldflag) \
 		-Wl,--script=tst-ro-dynamic-mod.map \
 		$(objpfx)tst-ro-dynamic-mod.os
 
diff --git a/manual/install.texi b/manual/install.texi
index 29c52f2927..04ea996561 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -161,6 +161,11 @@  and architecture support it, static executables are built as static PIE and the
 resulting glibc can be used with the GCC option, -static-pie, which is
 available with GCC 8 or above, to create static PIE.
 
+@item --disable-default-dt-relr
+Don't enable DT_RELR in glibc shared libraries and position independent
+executables (PIE).  By default, DT_RELR is enabled in glibc shared
+libraries and position independent executables on targets that support it.
+
 @item --enable-cet
 @itemx --enable-cet=permissive
 Enable Intel Control-flow Enforcement Technology (CET) support.  When