On Wed, 24 Aug 2022 at 13:05, Pedro Falcato <pedro.falc...@gmail.com> wrote: > > Hi, > > So, what's your suggestion? Do you want me to add that to my package as well? > > There is obviously a huge problem with EDK2 build tools not knowing what a > damn runtime library is.
The real problem here is that someone decided that, instead of implementing proper support for PE/COFF executables in binutils and GCC [for certain architectures: most notably ARM and arm64 today, but also Itanium], it is OK to use a toolchain that targets an entirely different execution environment (ELF on Linux, for example), and hack some scaffolding around its output looks like PE/COFF to the extent required by EFI. Of course, this entirely falls apart with any kind of runtime library: this also affects memcpy() and memset(), for instance, and on ARM32, a slew of __aeabi_xxx runtime routines that the architecture specifies for ELF targets. And we cannot actually use the toolchain provided versions either, as they may contain syscalls or other codegen that depends on the toolchain's target ABI. > I personally don't think it's appropriate for me to say "I want my package > built with the stack protector", particularly because my package shouldn't > know what a damn stack protector is, and whoever is building it knows best, > and because of that this should be dealt with by the build system itself (and > no, setting it up in a platform dsc isn't a correct approach, since my > package should be buildable standalone). And what if someone doesn't want the > stack protector? Do they just create a new AARCH64_GCC5_NOSSP toolchain and > build it with that? Do they just sed AARCH64_GCC5 to use > -fno-stack-protector? Do they just limit themselves to toolchains without > default SSP? IMO the correct way to go about things is to have the build > tools automatically insert dependencies on runtime libraries and have a way > to tag a toolchain such that you can easily selectively enable > instrumentation (such as the SSP, UBSAN, ASAN, etc) and build them in any > combination. > In my opinion, adding stack protector support like this was a mistake. What we need is a single intrinsics library, where every arch/toolchain combo can provide all the stuff that might be needed. If structured correctly (i.e., use separate objects and rely on LD garbage collection), this will only pull in the code that is actually needed at link time, and will get rid of these errors. As for overriding the use of the stack protector: this can be done from a DSC file, by appending -f[no]-stack-protector to the global CC flags. In general, choice of compiler options is a DSC level choice, so it is not something you typically need to worry about at the package level. Building the *SAN pieces like this requires extensive runtime support anyway, and so I don't see those being supported soon - someone needs to port the runtime library first. > Anyway, </rant>. I'll defer to your experience with the EDK2 build system for > a solution. > I propose adding the library class resolution to the DSC - it will only take effect when the stack protector is actually enabled. Then, if you feel generous, you can add a DEFINE that can be set from the build command line to control stack protector support, but I personally wouldn't bother. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92752): https://edk2.groups.io/g/devel/message/92752 Mute This Topic: https://groups.io/mt/93135586/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
