From Fedora Project Wiki

Revision as of 12:31, 19 January 2015 by Fweimer (talk | contribs) (Move to Fedora 23)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Modernise GCC Flags

Summary

Update the default GCC flags to reflect current architecture requirements and compiler capabilities.

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-01-19
  • Tracker bug:

Detailed Description

The following changes are propsoed.

  • Enable position-independent executables (PIE) by default for all applications, using -fpie -pie.
  • Switch to SSE 2 for floating-point calculations, using -msse2 -mfpmath=sse.
  • Make off_t and ino_t 64 bit by default (even on 32-bit architectures)

Copy relocations support in GCC and binutils makes the performance on x86_64 of PIE literally zero for many programs.

SSE 2 was introduced in 2000, almost 15 years ago, and all current IA-32 implementations known to the proponent (which meet Fedora's other requirements, such as support for atomic instructions) support it.

Benefit to Fedora

PIE-by-default provides better address-space randomization (ASLR).

SSE 2 slightly increases performance of floating-point heavy code.

SSE 2 support brings simplifications to code generators, and many upstreams have expressed a desire to deprecate i387 support:

64 bit inode values in file systems are increasingly 64 bit by default, and using a 32-bit ino_t type introduces spurious failures, even for programs which have not explicitly enabled 64-bit file system interfaces because they deemed that unnecessary considering their typical input file sizes. Several libraries use off_t in public headers, which currently leads to ABI bugs because this type can have different definitions depending on whether Large File Support is enabled or not.

Scope

  • Proposal owners: If this proposal is accepted, a patch for redhat-rpm-config will have to be written.
  • Other developers: redhat-rpm-config needs to be updated accordingly. Some tools which do not recognize PIE binaries (such as Nautilus, see [bug 737849]) will have to be fixed.
  • Release engineering: This change requires a mass rebuild with new binutils and GCC 5.0.
  • Policies and guidelines: Packages which follow the guidelines will automatically inherit the flags from redhat-rpm-config.

Upgrade/compatibility impact

Hardware which does not support SSE 2 will not be able to run Fedora binaries. For current hardware, the update will be transparent.

How To Test

PIE support is visible using file. It will display (among other things)

ELF 32-bit LSB shared object

instead of:

ELF 32-bit LSB executable

SSE 2 support will be exercised during regular installation testing.

64-bit ino_t/off_t can be validated to some extent by checking for references to 32-bit interfaces such as fstat.

User Experience

Ideally, users will not observe any change.

Dependencies

This change depends on GCC 5 and binutils 2.26.

Contingency Plan

  • Contingency mechanism: If binutils 2.26 does not make it into Fedora 23, the copy-relocations optimization can be dropped.
  • Contingency deadline: before the last mass rebuild
  • Blocks release? No.
  • Blocks product? No.

Documentation

From an upstream perspective, these changes are very minor, so there is no extensive documentation.

Release Notes

  • Natively-compiled Fedora programs are now position-independent executables by default. This provides better address space randomization (ASLR) and therefore improved security hardening.
  • Fedora for i386 now requires a CPU with SSE 2 support.