From nobody Sun Jan 23 10:25:44 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3E2A7197B20F; Sun, 23 Jan 2022 10:25:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JhTlv2pf0z4Z8C; Sun, 23 Jan 2022 10:25:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642933547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8A8IoBNumGU029AtXHkFgKbnsCJRTcr7kpCReS7FKsw=; b=xarKnPeYjV5pguasLbUhpeuAg2tP8PkSClw6SGTqzPJfkXpNmL2FojpKcdJb+NG7ENiXfz erBBMP3BsynMS84uOrdsesI2tmRc8+XQplOaKiOX7gQZsKs4MbTwMYTlP4zeqSrt4/V8v+ vcQJjPno73QsPrz8dzdN2aIgYmzuwJpR8hC7dIJaWa66TG0ImBaIJIlS+1BZLc2zYPgKaX 5jalgpclnY1ypYWw89O08qazhnLt8qC7Q0SpODZFxW6QDd8r/sM/uhLMvOMSfA9WRB/b37 HXmWxIhycvIbfjB8dh7leNH+mTb3c7G/G9UPeP3wBR0ublKAUEkLIvSwjs9C8w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EDB4520D92; Sun, 23 Jan 2022 10:25:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20NAPiN8088407; Sun, 23 Jan 2022 10:25:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20NAPiBg088406; Sun, 23 Jan 2022 10:25:44 GMT (envelope-from git) Date: Sun, 23 Jan 2022 10:25:44 GMT Message-Id: <202201231025.20NAPiBg088406@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Marcin Wojtas Subject: git: 396e9f259d96 - stable/13 - Enable PIE by default on 64-bit architectures List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mw X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 396e9f259d9629c5f5fa8dd65d39d21621af30fc Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642933547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8A8IoBNumGU029AtXHkFgKbnsCJRTcr7kpCReS7FKsw=; b=VegvnBITA2NvED/3pl/z1xKhdBCtM5HbfRbcC8dOj/8sNndkZrbSJrPz1/7fcH/viF7/3B ZnG6ANPOzE5tRcL2lZLS4lB20TuDPJgSC+dLaQ05rrLka4dh3N+Ps6T0NQrgx398G08bZG hneTLchUTvnacIlRCoXRFDwjU6Ub5MhP5EFt0N2uFB8IaZfTy0t1X+tuP0kttNeSENTugN bjXITRBqW/gKl6T8rHNmziiWua6AXzrnUtrmynIxEyt4dbUReLIGIwvZMGZqMK1Yud2eA0 mwXwFudwP89ub2rAAFybUy0GFRuA+/GISCX9LkIX9cC2Oo5vsR99A/SkR9ClfA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642933547; a=rsa-sha256; cv=none; b=HscOrtLgN0dOGQ7I0p+aKyq5Ok35uJMdexkNLaRj2SvbbK4SzRUJEyJMabgTyYmi2qg9rR Ie3N0OT6wiH8AwR7J+kIHJA4sPjbt3H6odLYK6/QIWkI8anCxV83AUf3TC6t5NIphfXpoo 5ekuCAtL+efIxnJwa7iIOW0vT3p8oqHVq/GfNew/kq1jw78F7z9G6t4GVR47UbHf/4SgPB m1AAohfkaRCDtoq8psgu9a+wTAmeW4Kh9gY1F+gqsTfuymC8p7JR+KShBtG3zLxQrHHchc P3piscDKVxofT0ZVU5Ixe4m/aIgEph4GahFJpVevB/BbQENRbb3N9mEfSg2HIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by mw: URL: https://cgit.FreeBSD.org/src/commit/?id=396e9f259d9629c5f5fa8dd65d39d21621af30fc commit 396e9f259d9629c5f5fa8dd65d39d21621af30fc Author: Marcin Wojtas AuthorDate: 2021-01-22 12:13:03 +0000 Commit: Marcin Wojtas CommitDate: 2022-01-23 10:09:54 +0000 Enable PIE by default on 64-bit architectures This patch adds Position Independent Executables (PIE) flags for building OS. It allows to enable the ASLR feature based only on the sysctl knobs, without need to rebuild the image. Tests showed that no problems with stability / performance degradation were seen when using PIEs with ASLR disabled. The change is limited only for 64-bit architectures. Use bsd.opts.mk instead of the src.opts.mk in order to satisfy all build dependencies related to MK_PIE. Reviewed by: emaste, imp Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D28328 (cherry picked from commit 9a227a2fd642ec057a0ec70d67d5699d65553294) --- share/mk/bsd.opts.mk | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/share/mk/bsd.opts.mk b/share/mk/bsd.opts.mk index 934f3d36df77..33d843593427 100644 --- a/share/mk/bsd.opts.mk +++ b/share/mk/bsd.opts.mk @@ -75,7 +75,6 @@ __DEFAULT_NO_OPTIONS = \ INIT_ALL_PATTERN \ INIT_ALL_ZERO \ INSTALL_AS_USER \ - PIE \ MANSPLITPKG \ RETPOLINE \ STALE_STAGED @@ -86,6 +85,21 @@ __DEFAULT_DEPENDENT_OPTIONS = \ STAGING_PROG/STAGING \ STALE_STAGED/STAGING \ +# +# Default to disabling PIE on 32-bit architectures. The small address space +# means that ASLR is of limited effectiveness, and it may cause issues with +# some memory-hungry workloads. +# +.if ${MACHINE_ARCH} == "armv6" || ${MACHINE_ARCH} == "armv7" \ + || ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "mips" \ + || ${MACHINE_ARCH} == "mipsel" || ${MACHINE_ARCH} == "mipselhf" \ + || ${MACHINE_ARCH} == "mipshf" || ${MACHINE_ARCH} == "mipsn32" \ + || ${MACHINE_ARCH} == "mipsn32el" || ${MACHINE_ARCH} == "powerpc" \ + || ${MACHINE_ARCH} == "powerpcspe" +__DEFAULT_NO_OPTIONS+= PIE +.else +__DEFAULT_YES_OPTIONS+=PIE +.endif .include