From owner-freebsd-toolchain@freebsd.org Fri Aug 26 16:48:33 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07929B7502C for ; Fri, 26 Aug 2016 16:48:33 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C6521B7 for ; Fri, 26 Aug 2016 16:48:32 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-pa0-x230.google.com with SMTP id fi15so28802802pac.1 for ; Fri, 26 Aug 2016 09:48:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=GbBvh0CS8fNW05MHv8yh2h5UnW3ejT9DSkH0L1xSfvs=; b=LSBqnUi0vb6EMPkOvQQ1lvt1Pb3iBv5/APJj1GyudyCI7Lz3PSQqeOjoQIOC0JfX24 aKNZdBumGE2UIeZOU+Rj9NqMWuyvBcWhJj8C8kg4cpnc/bc3eZ2UJK211y0O7XVpfyS3 ScSAeeqfCQQBEgqgVcg1KRAMoXt9lwQnqp9Xh4SvB8iUCRwJPyQL/lds45ty2AwAKlAk EgeKREZMXE4ddYKPCFzInzZ9L/ntR3D/lgp/KeT/gdZ2+nsJGADlW5DsQC0Z4J2pLUFx lQUBe1SIsDSynnBVxc8pMdSB8AJqxla8BUiDDu/4gIHcmMO7SSlLyY3EmXeS1oT9lCyT 60lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=GbBvh0CS8fNW05MHv8yh2h5UnW3ejT9DSkH0L1xSfvs=; b=Zw9FDYKZpcA46cAi1+xCqtsJOXqNQFqotiXnso+/OO7w1XjPN7iIaCtGS/+Jlqbzb1 njCcoV2lBS1E5QRRgI4oAY+natX90rn1DqmZsILYM+C27679hYD+6c7VBvNHzMBouzrY u6iVnFY6SWKXRW4IWT/KjnJUfK/zazuSv6BC+S3EqetwAdZUdI5gfIHuLcpWwcyuj1qZ D/BAfx34yVQtRGarBCccPiPLc+SJgQSrqLhBi6Rt9zRR1GjI4a4sVqK7FP1rkvto+VbI Q2Y0awfplvKVGE+YLUYB6K8ECkKFC+Hl/OCk66OcHSsETDZbohXyI3ZIiiFl4MWthxa1 Wzwg== X-Gm-Message-State: AE9vXwN3RunpgRV2gSR1psgShIErxZ+KE97EEK04Y+brI1+9iBkwjp2kA66DgTTfoJyvgw== X-Received: by 10.66.169.68 with SMTP id ac4mr7706450pac.85.1472230112280; Fri, 26 Aug 2016 09:48:32 -0700 (PDT) Received: from autobvt-1p7qt1t.corp.netflix.com ([69.53.245.200]) by smtp.gmail.com with ESMTPSA id tr1sm30052934pab.19.2016.08.26.09.48.30 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 26 Aug 2016 09:48:30 -0700 (PDT) Subject: Re: Time to enable partial relro Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: multipart/signed; boundary="Apple-Mail=_7348908C-1D39-41E3-AA39-FA85F423750A"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail From: Warner Losh In-Reply-To: Date: Fri, 26 Aug 2016 10:48:29 -0600 Cc: Warner Losh , Konstantin Belousov , "freebsd-toolchain@FreeBSD.org" Message-Id: References: <20160826105618.GS83214@kib.kiev.ua> To: Pedro Giffuni X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2016 16:48:33 -0000 --Apple-Mail=_7348908C-1D39-41E3-AA39-FA85F423750A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Aug 26, 2016, at 9:14 AM, Pedro Giffuni wrote: >=20 > Hello; >=20 > On 08/26/16 10:06, Warner Losh wrote: >> On Fri, Aug 26, 2016 at 9:00 AM, Pedro Giffuni = wrote: >>>=20 >>>=20 >>> On 08/26/16 05:56, Konstantin Belousov wrote: >>>>=20 >>>> On Thu, Aug 25, 2016 at 05:50:31PM -0500, Pedro Giffuni wrote: >>>>>=20 >>>>> Hello; >>>>>=20 >>>>> GNU RELRO support was committed in r230784 (2012-01-30) but we = never >>>>> enabled it by default. >>>>>=20 >>>>> There was some discussion about it on >>>>> https://reviews.freebsd.org/D3001 >>>>>=20 >>>>> By now, all Linux distributions, NetBSD and DragonFly support it = and >>>>> it is the default for most systems in binutils 2.27. >>>>>=20 >>>>> This doesn't affect performance, I ran it through an exp-run last >>>>> year, no other OS has had issues etc ... seems safe and can be >>>>> disabled if needed when linking. >>>>=20 >>>> Exp-run does not test anything interesting about relro. If all = testing >>>> that was done is basically just an exp-run, then there was no = useful >>>> runtime testing done. >>>>=20 >>>=20 >>> The exp-run does cover Java and other VM-type thingies that = bootstrap. >>> For upstream binutils this is now the default (at least for linux, >>> they never ask us if we want to follow). So the change has been = tested >>> extensively but perhaps not on cases that are relevant to us. >>>=20 >>> Note that the "fix" for any port is ultimately trivial: >>> LDFLAGS+=3D "-z norelro" >>>=20 >>>>>=20 >>>>> I think it's time to enable it be default in our base binutils. If >>>>> there are no objections, I will just commit the attached patch = over >>>>> the weekend. >>>>=20 >>>>=20 >>>> There are objections, the change must be runtime tested on large = and >>>> representative set of real-world applications before turning the = knob. >>>>=20 >>>=20 >>> You are not giving any hint on what would be a "representative set = of >>> real-world applications". Given that you committed the initial = support your >>> objection stands very high and is a blocker. :( >>>=20 >>> As I see it committing it now would give ample time to test this in = current >>> before it hits any release. If you want more extensive testing = merging it in >>> -stable right after the 11-Release is guaranteed to help >>> weed out any remaining update ports may need. >>=20 >> I'd say a minimum is 'buildworld' + a test boot on at least Intel = (i386 and >> amd64), armv6 and mips (both 32-bit and 64-bit) before we proceed. = How >> many of those have we done? >>=20 >=20 > I have been running it my desktop (amd64) for a year now. I can test = i386 in a VM but I doubt it will affect anything. The issue, and it's = probably kib's worry are some rarely used but important ports. Stuff = like erlang, or virtualbox maybe, but as I wrote, the fix (if needed) > is trivial by adding a flag to the link command. >=20 > FWIW, but it is largely irrelevant to us, RELRO is the default on > OpenBSD and there is no way out of it there. What I=E2=80=99m worried about is that our run time linker may get the = RELRO stuff wrong and that=E2=80=99s a very platform specific thing and = needs to be validated. I also share Kib=E2=80=99s worry about different = ports being broken, but that=E2=80=99s a different issue. Recent = compilers have broken our run time linker on mips, for example, because = they generate new / different relocations than those before. It=E2=80=99s = easy enough to test to make sure that we=E2=80=99re good on at least the = fairly active platforms (i386, amd64, armv6, mips and mips64) to make = sure that nothing bad happens. The others can be tested in due time = (though the powerpc ones likely can be tested easily enough by the = powerpc guys since they are quite active). I get very nervous when I see =E2=80=9Cshould work=E2=80=9D or =E2=80=9Csh= ould be platform independent=E2=80=9D for such a low-level thing. Warner --Apple-Mail=_7348908C-1D39-41E3-AA39-FA85F423750A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXwHLdAAoJEGwc0Sh9sBEARkQP/jN4/Y0azhX4ASQW5PU97z+u ee5nWbUqVlJCRzpeTl33sHBuBmAbq/nrkcOyDtsMz9jWkvl0/Ei7/6FpkYyYJk8b Ret06oB/2Ia7KO2Hajj/4yS5g13tRm4tHnzZZi+1KMsEBI/VNIeJRWgPN1o/4cre yByqpAZzgaf8X5C4SHydAzruVlmZLaJ+AJ53mWNoBj45xRw96yUDxx4MQ5KSntkZ SDbXUCno9OyPq4PblnO7Ai8PIAhgPdPU0Z/p3mV2QguCoz20POa2Y7x1Y/xZoIO8 fp1iHXgdAJVyS4LgrosdpE7hb1Qpzu6HWa+vXVKDGzRA8+ocn35IYLKQ3a1B2vci O1vLGRfEbB7KtgqWfoJcvGhLggphxBo3N/z2qlldYbSu24Z8maiD1hU6SiKuZVbL 3DwRrIlxhr7Bhf0kqoZFTNvNUyQWdx8uvynXgrEOa/95m16VWfYsT4RYeKFrrwLp KhngSl13k4UFv8s84Qs6nn6msX6+YQ2RPporrFTAMyqJ7QjV5SslXdn7U7uYXelm 0oAd8EB3ZK6QifqMuJbqTPgVS2ZHEqsQL+0LlTV410oAT8JeH7Xe8TiSW+1/ppkU PskA9qfKgD+Oi7pJAWFBoSLZ0notSVhxuZ6igYaAd5nx3zVbWDgvquU08xrGR5W2 9VABo2uEEsMlhW6oswem =9UzM -----END PGP SIGNATURE----- --Apple-Mail=_7348908C-1D39-41E3-AA39-FA85F423750A--