On Mon, May 6, 2024 at 5:05 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
The -static overrides the -pie and binaries aren't position independent
anymore. Use -static-pie instead which would produce a static and
position independent binary. This has been caught by clang's warnings:
clang: warning: argument unused during compilation: '-pie'
[-Wunused-command-line-argument]
Tested with both gcc and clang after this change.
Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
Signed-off-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
Thanks for this!
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
--
Kees Cook
GCC versions before 8.1 do not support -static-pie,
while https://www.kernel.org/doc/html/next/process/changes.html says
the minimal version is GCC 5.1.
Is this a problem?
If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
(PIC), using -static-pie looks good to me.
Should we use this alternative, which may be more portable?
https://lore.kernel.org/all/20240504022301.35250-1-jhubbard@xxxxxxxxxx/
-Kees
s/-fPIE -static/-static/ then it looks good to me:)
-static creates a position-dependent executable.
It doesn't matter whether the compiler uses -fno-pic/-fpie/-fpic
codegen, so -fPIE can be removed.