RFR(M): 8187045: [linux] Not all libraries in the VM are linked with -z,noexecstack
goetz.lindenmaier at sap.com
Tue Sep 5 08:04:57 UTC 2017
thanks for looking at my change!
> Hi Goetz,
> On 1/09/2017 11:05 PM, Lindenmaier, Goetz wrote:
> > Hi,
> > I found that not all libraries are linked with -z,noexecstack.
> > This lead to errors with our linuxppc64 build. The linker omitted
> > the flag altogether, which is interpreted as a lib with execstack.
> > This change contains a small test that scans all libraries in the tested VM
> > to have the noexecstack flag set. It utilizes the elf parser in the VM for this.
> > Further -z,noexecstack is now passed to all libraries.
> > Please review this change. I please need a sponsor.
> > http://cr.openjdk.java.net/~goetz/wr17/8187045-
> So IIUC presently we only set noexecstack for gcc on linux when building
> libjvm - via the JVM_LDFLAGS settings.
> With this change we also set it for building JDK libraries via the
> LDFLAGS_JDKLIB setting. But this seems to be unconditional, not limited
> to gcc and linux ??
LDFLAGS_NO_EXEC_STACK="-Wl,-z,noexecstack" is only assigned on linux,
on other platforms its empty.
> In addition we want to build libjsig with noexecstack, and we do that by
> exposing LDFLAGS_NO_EXEC_STACK in spec.gmk, and using it in
> CompileLibjsig.gmk. I don't have an issue with the use of noexecstack
> but I think it could just have been hard-wired for linux just as the
> bulk of the flags set in that file are. Granted you copied what is done
> for LDFLAGS_HASH_STYLE - but in that case I'm assuming it is important
> that the same hash style be used throughout. Anyway minor stylistic nit
> which may be moot soon as once we have the consolidated repo I think
> libjsig could be handled the same as others libs?
I had hoped to find a location where flags that should be used in all linking
steps are assembled. Noexecstack should really be set in any lib we build.
But I didn't find that, so I implemented it as with the HASH_STYLE. I don't
really like it this way because if a new lib is added it might be forgotten
to add the noexecstack.
But I assume after the repo consolidation the build will be reshaped,
so now is not the right time to seek for optimal setups.
> Test changes look okay to me.
> > Best regards,
> > Goetz.
More information about the build-dev