Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent ex

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent ex

From:	Blue Swirl
Subject:	Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts
Date:	Sun, 20 Nov 2011 17:34:50 +0000

On Sun, Nov 20, 2011 at 09:11, Avi Kivity <address@hidden> wrote:
> On 11/15/2011 08:12 PM, Avi Kivity wrote:
>> Change the default on x86 Linux hosts to building PIE (position
>> independent executables); instead of restricting the option to
>> user-only targets, apply it to all targets.
>>
>> In addition, set the relocation sections to read-only (relro) when
>> available; this reduces the attack surface by disallowing changes to
>> relocation tables at runtime.
>>
>> While PIE reduces performance and relro increases load time, it
>> greatly improves security, with the potential to reduce a code
>> execution vulnerability to a self denial of service.
>>
>> Non-x86 are not changed, as they require TCG changes; neither are
>> non-Linux, due to lack of test coverage.
>>
>>
>
> Ping.

I tested the patch on OpenBSD 5.0/Sparc64 with --enable-pie, but the
resulting executables crash immediately. Maybe the PIE binaries are
not supported by the Sparc64 kernel or ld.so, some PIE support was
added in 4.4.

It looks like the support for PIE executables was only added to GDB
7.1. For example Debian stable:

GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 2092

warning: The current binary is a PIE (Position Independent Executable), which
GDB does NOT currently support.  Most debugger features will fail if used
in this session.

Reading symbols from /src/qemu/obj-amd64/i386-softmmu/qemu-system-i386...done.
0x00007f6f08ccf8d3 in ?? ()
(gdb) b do_interrupt
Cannot access memory at address 0x2136c0

Perhaps developers or users inclined to debug can be assumed to have a
recent GDB. Though on OpenBSD, GDB is pretty old 6.3.

Another issue is that this creates a point for bisection where
crossing it, all objects must be thrown away. We have a few other such
points already due to generated file name clashes so this has not been
a blocking issue.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Avi Kivity, 2011/11/15
- Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Avi Kivity, 2011/11/20
  - Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Blue Swirl <=
    - Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Avi Kivity, 2011/11/21
    - Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Brad Smith, 2011/11/29
- Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts, Anthony Liguori, 2011/11/21

Prev by Date: Re: [Qemu-devel] [PATCH] linux-user: fix QEMU_STRACE=1 segfault
Next by Date: Re: [Qemu-devel] Status of the SH4 / ARM7 emulators
Previous by thread: Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts
Next by thread: Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts
Index(es):
- Date
- Thread