(ino_t/off_t validation) |
|||
Line 21: | Line 21: | ||
* Enable position-independent executables (PIE) by default for all applications, using <code>-fpie -pie</code>. | * Enable position-independent executables (PIE) by default for all applications, using <code>-fpie -pie</code>. | ||
* Switch to SSE 2 for floating-point calculations, using <code>-msse2 -mfpmath=sse</code>. | * Switch to SSE 2 for floating-point calculations, using <code>-msse2 -mfpmath=sse</code>. | ||
* Make <code>off_t</code> and <code>ino_t</code> 64 bit by default | * Make <code>off_t</code> and <code>ino_t</code> 64 bit by default (even on 32-bit architectures) | ||
[https://gcc.gnu.org/ml/gcc-patches/2014-12/msg00445.html Copy relocations support in GCC] and binutils makes the performance on x86_64 of PIE literally zero for many programs. | [https://gcc.gnu.org/ml/gcc-patches/2014-12/msg00445.html Copy relocations support in GCC] and binutils makes the performance on x86_64 of PIE literally zero for many programs. | ||
SSE 2 was introduced in 2000, almost 15 years ago, and all current IA-32 implementations known to the proponent (which meet Fedora's other requirements, such as support for atomic instructions) support it. | SSE 2 was introduced in 2000, almost 15 years ago, and all current IA-32 implementations known to the proponent (which meet Fedora's other requirements, such as support for atomic instructions) support it. | ||
== Benefit to Fedora == | == Benefit to Fedora == |
Revision as of 11:55, 19 January 2015
Modernise GCC Flags
Summary
Update the default GCC flags to reflect current architecture requirements and compiler capabilities.
Owner
- Name: Florian Weimer
- Email: fweimer@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 22
- Last updated: 2014-12-15
- Tracker bug:
Detailed Description
The following changes are propsoed.
- Enable position-independent executables (PIE) by default for all applications, using
-fpie -pie
. - Switch to SSE 2 for floating-point calculations, using
-msse2 -mfpmath=sse
. - Make
off_t
andino_t
64 bit by default (even on 32-bit architectures)
Copy relocations support in GCC and binutils makes the performance on x86_64 of PIE literally zero for many programs.
SSE 2 was introduced in 2000, almost 15 years ago, and all current IA-32 implementations known to the proponent (which meet Fedora's other requirements, such as support for atomic instructions) support it.
Benefit to Fedora
PIE-by-default provides better address-space randomization (ASLR).
SSE 2 slightly increases performance of floating-point heavy code.
SSE 2 support brings simplifications to code generators, and many upstreams have expressed a desire to deprecate i387 support:
Scope
- Proposal owners: If this proposal is accepted, a patch for
redhat-rpm-config
will have to be written.
- Other developers:
redhat-rpm-config
needs to be updated accordingly. Some tools which do not recognize PIE binaries (such as Nautilus, see [bug 737849]) will have to be fixed.
- Release engineering: This change requires a mass rebuild with new binutils and GCC 5.0.
- Policies and guidelines: Packages which follow the guidelines will automatically inherit the flags from
redhat-rpm-config
.
Upgrade/compatibility impact
Hardware which does not support SSE 2 will not be able to run Fedora binaries. For current hardware, the update will be transparent.
How To Test
PIE support is visible using file
. It will display (among other things)
ELF 32-bit LSB shared object
instead of:
ELF 32-bit LSB executable
SSE 2 support will be exercised during regular installation testing.
64-bit ino_t
/off_t
can be validated to some extent by checking for references to 32-bit interfaces such as fstat
.
User Experience
Ideally, users will not observe any change.
Dependencies
This change depends on GCC 5.0 and binutils 2.25.
Contingency Plan
- Contingency mechanism: If binutils 2.25 does not make it into Fedora 22, the copy-relocations optimization can be dropped.
- Contingency deadline: before the last mass rebuild
- Blocks release? No.
- Blocks product? No.
Documentation
From an upstream perspective, these changes are very minor, so there is no extensive documentation.
- Copy relocations support in GCC (spread across many months)
- Copy relocations support in binutils
- GCC documentation for target code generation flags
Release Notes
- Natively-compiled Fedora programs are now position-independent executables by default. This provides better address space randomization (ASLR) and therefore improved security hardening.
- Fedora for i386 now requires a CPU with SSE 2 support.