Enabling static-pie for musl #70740
Enabling static-pie for musl #70740
Conversation
|
r? @estebank (rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
Note that the cc @rust-lang/release Do we have any requirements for the GCC version that we depend on for linking? |
|
I don't think we have any stated policy on GCC support. ISTR there was some other flag that we try and fallback if not supported, but I don't remember what that was. |
|
I agree that we don't have a stated policy, but GCC 8 seems too recent; based on https://gcc.gnu.org/releases.html it was released May 2, 2018 -- that's just under a year ago. I assume that means that it's not available in long term stable distros, though maybe those sorts of distributions don't support musl anyway? It would be helpful to determine what configurations this drops support for it (i.e. where is GCC prior to 8 the latest available, I guess?) |
|
The other flag I was thinking of is |
|
GCC 7 is the default on Ubuntu 18.04 LTS and derivatives. GCC 8 is the default on Debian 10, RHEL/CentOS 8, Alpine 3.11. GCC 9 is the default on Fedora 31 and Ubuntu 20.04 LTS. (source) With the same retry on unknown argument strategy as |
|
☔ The latest upstream changes (presumably #70826) made this pull request unmergeable. Please resolve the merge conflicts. |
|
Sorry I unfortunately don't have the bandwidth to review a change like this, @cuviper would you mind taking over? |
yeah, replacing |
|
@cuviper do you have a CI for some of the musl targets? |
|
@haraldh look in |
|
Lol... the |
|
All right. First draft on resetting the arguments, if |
This comment has been minimized.
This comment has been minimized.
Fix src/test/run-make/static-pie/test-aslr.rs Might be subject to the birthday paradox occasionally, causing spurious failures. Addresses: rust-lang#70740 (review)
Fix src/test/run-make/static-pie/test-aslr.rs Might be subject to the birthday paradox occasionally, causing spurious failures. Addresses: rust-lang#70740 (review)
according to various people on tech-pkg@, there are no problems with
the Firefox build
Version 1.46.0 (2020-08-27)
==========================
Language
--------
- [`if`, `match`, and `loop` expressions can now be used in const functions.][72437]
- [Additionally you are now also able to coerce and cast to slices (`&[T]`) in
const functions.][73862]
- [The `#[track_caller]` attribute can now be added to functions to use the
function's caller's location information for panic messages.][72445]
- [Recursively indexing into tuples no longer needs parentheses.][71322] E.g.
`x.0.0` over `(x.0).0`.
- [`mem::transmute` can now be used in static and constants.][72920] **Note**
You currently can't use `mem::transmute` in constant functions.
Compiler
--------
- [You can now use the `cdylib` target on Apple iOS and tvOS platforms.][73516]
- [Enabled static "Position Independent Executables" by default
for `x86_64-unknown-linux-musl`.][70740]
Libraries
---------
- [`mem::forget` is now a `const fn`.][73887]
- [`String` now implements `From<char>`.][73466]
- [The `leading_ones`, and `trailing_ones` methods have been stabilised for all
integer types.][73032]
- [`vec::IntoIter<T>` now implements `AsRef<[T]>`.][72583]
- [All non-zero integer types (`NonZeroU8`) now implement `TryFrom` for their
zero-able equivalent (e.g. `TryFrom<u8>`).][72717]
- [`&[T]` and `&mut [T]` now implement `PartialEq<Vec<T>>`.][71660]
- [`(String, u16)` now implements `ToSocketAddrs`.][73007]
- [`vec::Drain<'_, T>` now implements `AsRef<[T]>`.][72584]
Stabilized APIs
---------------
- [`Option::zip`]
- [`vec::Drain::as_slice`]
Cargo
-----
Added a number of new environment variables that are now available when
compiling your crate.
- [`CARGO_BIN_NAME` and `CARGO_CRATE_NAME`][cargo/8270] Providing the name of
the specific binary being compiled and the name of the crate.
- [`CARGO_PKG_LICENSE`][cargo/8325] The license from the manifest of the package.
- [`CARGO_PKG_LICENSE_FILE`][cargo/8387] The path to the license file.
Compatibility Notes
-------------------
- [The target configuration option `abi_blacklist` has been renamed
to `unsupported_abis`.][74150] The old name will still continue to work.
- [Rustc will now warn if you cast a C-like enum that implements `Drop`.][72331]
This was previously accepted but will become a hard error in a future release.
- [Rustc will fail to compile if you have a struct with
`#[repr(i128)]` or `#[repr(u128)]`.][74109] This representation is currently only
allowed on `enum`s.
- [Tokens passed to `macro_rules!` are now always captured.][73293] This helps
ensure that spans have the correct information, and may cause breakage if you
were relying on receiving spans with dummy information.
- [The InnoSetup installer for Windows is no longer available.][72569] This was
a legacy installer that was replaced by a MSI installer a few years ago but
was still being built.
- [`{f32, f64}::asinh` now returns the correct values for negative numbers.][72486]
- [Rustc will no longer accept overlapping trait implementations that only
differ in how the lifetime was bound.][72493]
- [Rustc now correctly relates the lifetime of an existential associated
type.][71896] This fixes some edge cases where `rustc` would erroneously allow
you to pass a shorter lifetime than expected.
- [Rustc now dynamically links to `libz` (also called `zlib`) on Linux.][74420]
The library will need to be installed for `rustc` to work, even though we
expect it to be already available on most systems.
- [Tests annotated with `#[should_panic]` are broken on ARMv7 while running
under QEMU.][74820]
- [Pretty printing of some tokens in procedural macros changed.][75453] The
exact output returned by rustc's pretty printing is an unstable
implementation detail: we recommend any macro relying on it to switch to a
more robust parsing system.
[75453]: rust-lang/rust#75453
[74820]: rust-lang/rust#74820
[74420]: rust-lang/rust#74420
[74109]: rust-lang/rust#74109
[74150]: rust-lang/rust#74150
[73862]: rust-lang/rust#73862
[73887]: rust-lang/rust#73887
[73466]: rust-lang/rust#73466
[73516]: rust-lang/rust#73516
[73293]: rust-lang/rust#73293
[73007]: rust-lang/rust#73007
[73032]: rust-lang/rust#73032
[72920]: rust-lang/rust#72920
[72569]: rust-lang/rust#72569
[72583]: rust-lang/rust#72583
[72584]: rust-lang/rust#72584
[72717]: rust-lang/rust#72717
[72437]: rust-lang/rust#72437
[72445]: rust-lang/rust#72445
[72486]: rust-lang/rust#72486
[72493]: rust-lang/rust#72493
[72331]: rust-lang/rust#72331
[71896]: rust-lang/rust#71896
[71660]: rust-lang/rust#71660
[71322]: rust-lang/rust#71322
[70740]: rust-lang/rust#70740
[cargo/8270]: rust-lang/cargo#8270
[cargo/8325]: rust-lang/cargo#8325
[cargo/8387]: rust-lang/cargo#8387
[`Option::zip`]: https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.zip
[`vec::Drain::as_slice`]: https://doc.rust-lang.org/stable/std/vec/struct.Drain.html#method.as_slice
Pkgsrc changes:
* Portability patches for Illumos have been intregrated upstream,
so are no longer needed in pkgsrc.
* Adjust one other patch, and update vendor/libc cargo checksum.
Upstream changes:
Version 1.46.0 (2020-08-27)
==========================
Language
--------
- [`if`, `match`, and `loop` expressions can now be used in const functions.]
[72437]
- [Additionally you are now also able to coerce and cast to slices (`&[T]`) in
const functions.][73862]
- [The `#[track_caller]` attribute can now be added to functions to use the
function's caller's location information for panic messages.][72445]
- [Recursively indexing into tuples no longer needs parentheses.][71322] E.g.
`x.0.0` over `(x.0).0`.
- [`mem::transmute` can now be used in static and constants.][72920] **Note**
You currently can't use `mem::transmute` in constant functions.
Compiler
--------
- [You can now use the `cdylib` target on Apple iOS and tvOS platforms.][73516]
- [Enabled static "Position Independent Executables" by default
for `x86_64-unknown-linux-musl`.][70740]
Libraries
---------
- [`mem::forget` is now a `const fn`.][73887]
- [`String` now implements `From<char>`.][73466]
- [The `leading_ones`, and `trailing_ones` methods have been stabilised for all
integer types.][73032]
- [`vec::IntoIter<T>` now implements `AsRef<[T]>`.][72583]
- [All non-zero integer types (`NonZeroU8`) now implement `TryFrom` for their
zero-able equivalent (e.g. `TryFrom<u8>`).][72717]
- [`&[T]` and `&mut [T]` now implement `PartialEq<Vec<T>>`.][71660]
- [`(String, u16)` now implements `ToSocketAddrs`.][73007]
- [`vec::Drain<'_, T>` now implements `AsRef<[T]>`.][72584]
Stabilized APIs
---------------
- [`Option::zip`]
- [`vec::Drain::as_slice`]
Cargo
-----
Added a number of new environment variables that are now available when
compiling your crate.
- [`CARGO_BIN_NAME` and `CARGO_CRATE_NAME`][cargo/8270] Providing the name of
the specific binary being compiled and the name of the crate.
- [`CARGO_PKG_LICENSE`][cargo/8325] The license from the manifest of the
package.
- [`CARGO_PKG_LICENSE_FILE`][cargo/8387] The path to the license file.
Compatibility Notes
-------------------
- [The target configuration option `abi_blacklist` has been renamed
to `unsupported_abis`.][74150] The old name will still continue to work.
- [Rustc will now warn if you have a C-like enum that implements `Drop`.][72331]
This was previously accepted but will become a hard error in a future release.
- [Rustc will fail to compile if you have a struct with
`#[repr(i128)]` or `#[repr(u128)]`.][74109] This representation is currently
only allowed on `enum`s.
- [Tokens passed to `macro_rules!` are now always captured.][73293] This helps
ensure that spans have the correct information, and may cause breakage if you
were relying on receiving spans with dummy information.
- [The InnoSetup installer for Windows is no longer available.][72569] This was
a legacy installer that was replaced by a MSI installer a few years ago but
was still being built.
- [`{f32, f64}::asinh` now returns the correct values for negative numbers.]
[72486]
- [Rustc will no longer accept overlapping trait implementations that only
differ in how the lifetime was bound.][72493]
- [Rustc now correctly relates the lifetime of an existential associated
type.][71896] This fixes some edge cases where `rustc` would erroneously
allow you to pass a shorter lifetime than expected.
- [Rustc now dynamically links to `libz` (also called `zlib`) on Linux.][74420]
The library will need to be installed for `rustc` to work, even though we
expect it to be already available on most systems.
- [Tests annotated with `#[should_panic]` are broken on ARMv7 while running
under QEMU.][74820]
- [Pretty printing of some tokens in procedural macros changed.][75453] The
exact output returned by rustc's pretty printing is an unstable
implementation detail: we recommend any macro relying on it to switch to a
more robust parsing system.
[75453]: rust-lang/rust#75453
[74820]: rust-lang/rust#74820
[74420]: rust-lang/rust#74420
[74109]: rust-lang/rust#74109
[74150]: rust-lang/rust#74150
[73862]: rust-lang/rust#73862
[73887]: rust-lang/rust#73887
[73466]: rust-lang/rust#73466
[73516]: rust-lang/rust#73516
[73293]: rust-lang/rust#73293
[73007]: rust-lang/rust#73007
[73032]: rust-lang/rust#73032
[72920]: rust-lang/rust#72920
[72569]: rust-lang/rust#72569
[72583]: rust-lang/rust#72583
[72584]: rust-lang/rust#72584
[72717]: rust-lang/rust#72717
[72437]: rust-lang/rust#72437
[72445]: rust-lang/rust#72445
[72486]: rust-lang/rust#72486
[72493]: rust-lang/rust#72493
[72331]: rust-lang/rust#72331
[71896]: rust-lang/rust#71896
[71660]: rust-lang/rust#71660
[71322]: rust-lang/rust#71322
[70740]: rust-lang/rust#70740
[cargo/8270]: rust-lang/cargo#8270
[cargo/8325]: rust-lang/cargo#8325
[cargo/8387]: rust-lang/cargo#8387
[`Option::zip`]: https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.zip
[`vec::Drain::as_slice`]: https://doc.rust-lang.org/stable/std/vec/struct.Drain.html#method.as_slice
It looks like Rust 1.46 introduced a default static PIE link mode for x86_64-unknown-linux-musl that is not compatible with our epic hacks to get a static binary going. Work around them. Cf: rust-lang/rust#70740
|
Is there any way of doing a static PIE no-std? I want to make a relocatable kernel, people keep telling me it isn't possible with rust. |
I'm working on this with @joshtriplett. Stay tuned! |
|
I actually have a working static PIE Linux binary with https://gist.github.com/Amanieu/588e3f9d330019c5d39f3ce60e8e0aae |
|
Perhaps I'm missing something, but why does static PIE requires any special actions with Do you have to avoid linking in CRT objects for some other reasons, or have custom |
|
@petrochenkov Yes. You want to link nothing and provide your own @joshtriplett will be writing up an MCP for a new architecture called |
|
@npmccallum Yes you explained it well. Currently my config is: The issue I am running into is the absolute addresses for GOT or in .data.rel.ro, Technically I could translate these at runtime but I would prefer not too and my .data.rel.ro contains 0x10 and 0x18 sized entries so there isn't really a good way of parsing @haraldh The issue is not loading, but actually getting rust to compile it as a static PIE. I already have #![no_main] in my code, but I will try some of the suggested flags. I almost feel like the -pic option shouldn't be the only option. Would it make more sense to have -pie and not compile when it is not possible rather than just "upgrading" from pic to pie essentially hidden from the user? |
|
The absolute address in the GOT are fixed-up at runtime by processing the relocations with the code I posted. This needs to be done very early during program startup before the code tries to perform GOT accesses. |
|
@Amanieu I am already doing this, but why couldn't these just be relative addresses from the start of a section? And sure I can do the GOT but what about .data.rel.ro which contains vtables, string references, and other stuff which contains absolute addresses which is translatable... but for some reason mine contains 0x10 byte and 0x18 byte entries (rel and rela) |
This is a static PIE, or at least the standard way to implement it in current toolchains (C/C++ including). (I can't answer right now why more relative addresses are not introduced during codegen instead, perhaps there are technical reasons, or perhaps it's just a to avoid "one more way to codegen things".) |
|
That said, when we are generating code for a rlib we don't know that the rlib will be used for executables only, so codegen will effectively use |
|
@petrochenkov Realistically if string refs, vtables, GOT, and whatever else that is currently absolute could simply be changed to relative and the instructions that use them be relative, arguably there might be some additional overhead but really nothing much. But also lets say the only way of doing this is manually translating at runtime how can I even do that when .data.rel.ro is labeled SHT_PROGBITS (not SHT_REL or SHT_RELA) and contains both 0x10 and 0x18 sized entries. There is no way to tell the size of these so no good way of parsing this. Theoretically I could determine the start of the entry by checking if the 8 byte value is in the range of valid addresses, but its definitely a bad way of handling this. |
|
@petrochenkov |
|
Looks like there's already an open issue about the rlib problem - #87934. |
|
that looks to be what I am looking for. Thanks! |
and make it the default for the x86_64-unknown-linux-musl target
This is a quick implementation for #70693
Opening it as a draft PR to gather some feedback, before I put more work in it.
Closes #70693
Closes #53968