Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
>gcc-6.3
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 10605

PostPosted: Thu May 18, 2017 2:00 am    Post subject: Reply with quote

Traditionally, non-PIE x86 embeds the address of the global as a literal in the instruction. That is fine if the shared object loads at the expected address. If it does not, then all the global references (and frequently this would be hundreds or thousands of sites) need to be fixed by the loader. PIE x86 uses ebx as the PIE offset register and expresses the address of the global as a function of that register, where that register is loaded with a value derived from the shared object's address, thus making it position independent, so there are no sites to fix. So yes, using PIE on x86 costs an otherwise-general-purpose register that, if it were not used for PIE, could be used for arithmetic or pointer operations related to program logic.

On amd64, globals are typically indexed directly off rip, which is already "busy" as the program counter register, so it is effectively zero cost, because the program could not repurpose rip even if it were not being used for globals. For the other architectures, the question is not specifically about 32-bit vs 64-bit, but about how they address global variables. It's probably fair to assume that most 64-bit systems will use some variant of the amd64 design, where globals are accessed as a 32-bit offset off a register instead of using a 64-bit literal address. Other 32-bit systems might follow the amd64 design due to decisions by their respective designers, in which case they too would have zero-register-cost PIE. From a quick read about ARM, it looks like they use register-relative addressing on 32-bit. This makes sense, since they prefer to have fixed width instructions, and the instruction is not wide enough to encode both a command code and a full 32-bit address.

This also means that ct85711 is correct about people using x86 Linux on a 64-bit CPU. The issue is not what the CPU can do, but about the instructions used. Any x86 PIE Linux has the PIE limitations, whether run on an old i686, a modern x86_64 in IA32 emulation mode, or a virtual machine (possibly with an exotic host architecture) emulating x86.

ct85711: you can use a hardened profile without a hardened kernel (though you get less than full protection that way). If you want to use PIE, I think using a hardened profile would be the easiest way to enable it.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 37768
Location: 56N 3W

PostPosted: Thu May 18, 2017 7:34 am    Post subject: Reply with quote

ct85711,

Nothing broke here going from -pie to pie on amd64 /no-multilib/ nor or arm64 but I did do a full emerge -e world.

With an amd64 multilib system, it was more problematic.
I had to add -fPIC to CFLAGS to get almost anything to build.

Its not quite that clear cut, since I moved to gcc-7.1 at the same time.

I should have migrated that multilib system to no-multilib, since in the 6 years its been running, its never run any 32 bit code.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1178

PostPosted: Thu May 18, 2017 2:54 pm    Post subject: Reply with quote

Hu wrote:
ct85711: you can use a hardened profile without a hardened kernel (though you get less than full protection that way). If you want to use PIE, I think using a hardened profile would be the easiest way to enable it.

Thanks Hu, this lets me know that an PIE profile for non-hardened systems isn't available yet. Frankly, I am not worried much about the protection, as my threat profile isn't concerned about the host, but more of remote threats. So for me, hardened profile and hardened kernel adds little benefit. Most of the desire of using PIE is to test it out on my machine, and help test for potential breakage if the devs transition the profiles to start using PIE.

NeddySeagoon wrote:
Nothing broke here going from -pie to pie on amd64 /no-multilib/ nor or arm64 but I did do a full emerge -e world.

With an amd64 multilib system, it was more problematic.
I had to add -fPIC to CFLAGS to get almost anything to build.

Its not quite that clear cut, since I moved to gcc-7.1 at the same time.

I should have migrated that multilib system to no-multilib, since in the 6 years its been running, its never run any 32 bit code.

Thank you for testing and letting me know, as this indicates that this will explode right away in my face, as I am using multilib system. Right now, I am still on gcc-6, and I need to see if switching to a non-multilib system for me is feasible or not. A lot of it is that I need to go through and see what all 32bit code I am still using and what can go away. I already moved away the main ones that would have restricted me, so this may be something that I can go ahead and migrate over. I know I was already intending to do a full emerge -e world, when I do such a big change to the overall system.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5598

PostPosted: Fri May 19, 2017 5:31 am    Post subject: Reply with quote

NeddySeagoon wrote:
I had to add -fPIC to CFLAGS to get almost anything to build.

This is strange. I am running amd64 multilib and did never needed -fPIC for any package. The only package which required -no-pie is clisp which apparently internally does a lot of ugly things.
Perhaps you did not start with a recompilation of glibc which is the main provider of static libs unless you use a lot of USE=static-libs.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 37768
Location: 56N 3W

PostPosted: Fri May 19, 2017 9:31 am    Post subject: Reply with quote

mv,

I went straight for
Code:
emerge -e @world
which just worked on no-multilib.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5598

PostPosted: Fri May 19, 2017 12:07 pm    Post subject: Reply with quote

NeddySeagoon wrote:
I went straight for
Code:
emerge -e @world
which just worked on no-multilib.

The problem with -e @world is that glibc is never listed as an explicit dependency (because it belongs to @system), and that the order of the packages in @system is not well-defined (perhaps even the dependencies of some packages from @system might be emerged before system in some cases)
Back to top
View user's profile Send private message
Naib
Advocate
Advocate


Joined: 21 May 2004
Posts: 4894
Location: Removed by Neddy

PostPosted: Sun May 21, 2017 5:49 pm    Post subject: Reply with quote

gold linker is causing some issues as well by the way
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 37768
Location: 56N 3W

PostPosted: Sun May 21, 2017 5:53 pm    Post subject: Reply with quote

Naib,

That's separate to gcc though. Its its own can of worms.
It has got better with newer binutils.

My arm64 rebuild has been running 7 days 24/7 and its still not done.
During the day, my amd64 has been helping out.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Naib
Advocate
Advocate


Joined: 21 May 2004
Posts: 4894
Location: Removed by Neddy

PostPosted: Sun May 21, 2017 5:56 pm    Post subject: Reply with quote

oh I know, just wanted to report it here just incase other are finding issues with GCC-7.1 while the issue could be elsewhere. I am not sure why samba compiled fine when I 1st did and emerge -e world, but this 2nd pass is causing some interesting failures. just reverted to old linker and samba compiles fine, going to emerge -e world to catch the others
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5598

PostPosted: Sun May 21, 2017 6:48 pm    Post subject: Reply with quote

Naib wrote:
why samba compiled fine when I 1st did and emerge -e world

Perhaps your emerge -e @world did not --exclude binutils? When binutils are emerged, your gold linker is set back to bfd until you manually set the gold linker again…
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 37768
Location: 56N 3W

PostPosted: Sun May 21, 2017 7:03 pm    Post subject: Reply with quote

mv,

Or you set the gold linker to be the default in /etc/portage/env/
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5598

PostPosted: Sun May 21, 2017 7:08 pm    Post subject: Reply with quote

NeddySeagoon wrote:
Or you set the gold linker to be the default in /etc/portage/env/

Do you mean like this, or do you know a better way?
Back to top
View user's profile Send private message
Naib
Advocate
Advocate


Joined: 21 May 2004
Posts: 4894
Location: Removed by Neddy

PostPosted: Sun May 21, 2017 7:47 pm    Post subject: Reply with quote

what I had was via this. https://wiki.gentoo.org/wiki/Gold

A few ebuilds force BFD

Quote:
Messages generated by process 16188 on 2017-04-27 00:11:39 BST for package media-libs/libmypaint-1.3.0:

WARN: configure
Forcing usage of the BFD linker instead of GOLD



Quote:

Messages generated by process 11137 on 2017-04-29 17:08:44 BST for package sys-boot/grub-2.02:

WARN: configure
Forcing usage of the BFD linker instead of GOLD

Quote:

Messages generated by process 6187 on 2017-05-01 09:35:49 BST for package sys-libs/glibc-2.24-r1:

WARN: configure
Forcing usage of the BFD linker instead of GOLD
Forcing usage of the BFD linker instead of GOLD



I think I might emerge -e @world again for a final pass, without gold
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 37768
Location: 56N 3W

PostPosted: Sun May 21, 2017 8:38 pm    Post subject: Reply with quote

mv,

As explained at the bottom of the Gold Linker wiki page.

There is also -fuse-ld=gold which I think goes in CFLAGS.
I've not tried it.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5598

PostPosted: Mon May 22, 2017 3:23 am    Post subject: Reply with quote

NeddySeagoon wrote:
As explained at the bottom of the Gold Linker wiki page.

Thanks. This is much better than the mentioned hack.
Quote:
There is also -fuse-ld=gold which I think goes in CFLAGS.

The oppsite (-fuse-ld=bfd) is useful in the few cases where gold breaks. In fact, it is even used in some ebuilds. However, I would not rely on the opposite, since there may be some packages which do not honour CFLAGS throughout.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum