You are not logged in.

#1 2017-01-10 07:16:57

adamlau
Member
Registered: 2009-01-30
Posts: 418

GCC 6.3.1: PIE + isl

1. Can gcc be built with PIE?

CFLAGS+=' -fPIE'
CXXFLAGS=+=' -fPIE'

...is a no go according to checksec. Or should GCC be built with ---enable-default-pie and then used to rebuild itself?

2. Why _islver=0.16.1 and not _islver=0.18?


Arch Linux + sway
Debian Testing + GNOME/sway
NetBSD 64-bit + Xfce

Offline

#2 2017-01-10 11:59:02

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: GCC 6.3.1: PIE + isl

Using --enable-default-pie results in binutils having very broken test suite.   isl-0.16.1 is the latest version approved by gcc when gcc-6.x was released.

Offline

#3 2017-01-10 18:43:45

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

Allan wrote:

Using --enable-default-pie results in binutils having very broken test suite.   isl-0.16.1 is the latest version approved by gcc when gcc-6.x was released.

but ignoring the test suit, is there another issue with binutisl (or others)?


Well, I suppose that this is somekind of signature, no?

Offline

#4 2017-01-10 21:27:40

adamlau
Member
Registered: 2009-01-30
Posts: 418

Re: GCC 6.3.1: PIE + isl

adamlau wrote:

1. Can gcc be built with PIE?

Since we are already passing --disable-libstdcxx-pch enabling -fPIE appears to be trivial:

# gcc/gcc/Makefile.in

# We don't want to compile the compilers with -fPIE, it make PCH fail.
COMPILER += $(NO_PIE_CFLAGS)

# Link with -no-pie since we compile the compiler with -fno-PIE.
LINKER += $(NO_PIE_FLAG)

Last edited by adamlau (2017-01-11 20:41:22)


Arch Linux + sway
Debian Testing + GNOME/sway
NetBSD 64-bit + Xfce

Offline

#5 2017-01-11 00:09:36

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: GCC 6.3.1: PIE + isl

Build gcc with --enable-default-pie, then build binutils.  If you get the test suite passing, then I will enable it offically.

Offline

#6 2017-01-11 20:46:18

adamlau
Member
Registered: 2009-01-30
Posts: 418

Re: GCC 6.3.1: PIE + isl

I have more failures than expected in a custom environment:

$ grep Error check-pie.log   
make[5]: *** [Makefile:6521: script_test_3] Error 1
make[5]: *** [Makefile:4056: tls_phdrs_script_test] Error 1
make[5]: *** [Makefile:4080: tls_script_test] Error 1
make[5]: *** [Makefile:6525: script_test_4] Error 1
make[5]: *** [Makefile:6533: script_test_6] Error 1
make[5]: *** [Makefile:6538: script_test_7] Error 1
make[5]: *** [Makefile:6542: script_test_8] Error 1
make[5]: *** [Makefile:5791: icf_virtual_function_folding_test] Error 1
make[5]: *** [Makefile:4230: weak_unresolved_symbols_test] Error 1
make[5]: *** [Makefile:5956: weak_alias_test_5.so] Error 1
make[5]: *** [Makefile:3801: initpri2] Error 1
make[5]: *** [Makefile:3834: many_sections_test] Error 1
make[5]: *** [Makefile:6332: flagstest_compress_debug_sections_and_build_id_tree] Error 1
make[5]: *** [Makefile:4011: script_test_1] Error 1
make[5]: *** [Makefile:6508: justsyms_lib] Error 1
make[5]: *** [Makefile:4032: script_test_2] Error 1
make[5]: *** [Makefile:3369: binary_test] Error 1
make[5]: *** [Makefile:3408: ehdr_start_test_3] Error 1
make[5]: *** [Makefile:7035: incremental_test_2] Error 1
make[5]: *** [Makefile:7042: incremental_test_3] Error 1
make[5]: *** [Makefile:7049: incremental_test_4] Error 1
make[5]: *** [Makefile:7058: incremental_test_5] Error 1
make[5]: *** [Makefile:7067: incremental_test_6] Error 1
make[5]: *** [Makefile:7074: incremental_copy_test] Error 1
make[5]: *** [Makefile:7080: incremental_common_test_1] Error 1
make[5]: *** [Makefile:7086: incremental_comdat_test_1] Error 1
make[5]: *** [Makefile:5695: incremental_test] Error 1
make[5]: *** [Makefile:5733: icf_test] Error 1
make[5]: *** [Makefile:5739: icf_keep_unique_test] Error 1
make[5]: *** [Makefile:5745: icf_safe_test] Error 1
make[5]: *** [Makefile:5755: icf_safe_so_test] Error 1
make[5]: *** [Makefile:5769: final_layout] Error 1
make[5]: *** [Makefile:5777: text_section_no_grouping] Error 1
make[5]: *** [Makefile:5795: icf_preemptible_functions_test] Error 1
make[5]: *** [Makefile:5801: icf_string_merge_test] Error 1
make[5]: *** [Makefile:5809: icf_sht_rel_addend_test] Error 1
make[5]: *** [Makefile:5976: copy_test_protected.err] Error 1
make[5]: *** [Makefile:6529: script_test_5] Error 1
make[5]: *** [Makefile:6549: script_test_9] Error 1
make[5]: *** [Makefile:6796: hidden_test] Error 1
make[5]: *** [Makefile:6965: memory_test] Error 1
make[5]: *** [Makefile:6975: memory_test_2] Error 1
make[5]: *** [Makefile:6979: gdb_index_test_1] Error 1
make[5]: *** [Makefile:6985: gdb_index_test_2] Error 1
make[5]: *** [Makefile:6991: gdb_index_test_2_gabi] Error 1
make[5]: *** [Makefile:6997: gdb_index_test_3] Error 1
make[5]: *** [Makefile:7003: gdb_index_test_4] Error 1
make[5]: *** [Makefile:6615: plugin_test_1] Error 1
make[5]: *** [Makefile:6619: plugin_test_2] Error 1
make[5]: *** [Makefile:6623: plugin_test_3] Error 1
make[5]: *** [Makefile:6627: plugin_test_4] Error 1
make[5]: *** [Makefile:6636: plugin_test_6] Error 1
make[5]: *** [Makefile:6640: plugin_test_7] Error 1
make[5]: *** [Makefile:6685: plugin_test_10] Error 1
make[5]: *** [Makefile:6689: plugin_test_11] Error 1
make[5]: *** [Makefile:6696: plugin_test_start_lib] Error 1
make[5]: *** [Makefile:6726: plugin_test_tls] Error 1
make[5]: *** [Makefile:6958: start_lib_test] Error 1
make[5]: *** [Makefile:6742: plugin_final_layout] Error 1
make[5]: *** [Makefile:6755: plugin_layout_with_alignment] Error 1
make[5]: *** [Makefile:6634: plugin_test_5] Error 1
make[4]: *** [Makefile:5520: check-am] Error 2
make[3]: *** [Makefile:5524: check] Error 2
make[4]: *** [Makefile:813: ld1] Error 1
make[4]: *** [Makefile:828: ld4] Error 1
make[4]: *** [Makefile:825: ld3] Error 1
make[3]: *** [Makefile:1205: check-am] Error 2
make[2]: *** [Makefile:940: check-recursive] Error 1
make[1]: *** [Makefile:6134: check-gold] Error 2
make[5]: *** [Makefile:3646: check-DEJAGNU] Error 1
make[4]: *** [Makefile:1940: check-am] Error 2
make[3]: *** [Makefile:1780: check-recursive] Error 1
make[2]: *** [Makefile:1942: check] Error 2
make[1]: *** [Makefile:7547: check-ld] Error 2
make: *** [Makefile:2206: do-check] Error 2
		=== ld Summary ===

# of expected passes		1696
# of unexpected failures	33
# of expected failures		57
# of untested testcases		1
# of unsupported tests		12
/tmp/binutils-pie/src/binutils-build/ld/ld-new 2.27

--enable-default-pie doesn't make a difference with my broken setup. I need to get a vanilla Arch env up first.

$ grep Error check-nopie.log   
make[5]: *** [Makefile:6521: script_test_3] Error 1
make[5]: *** [Makefile:4056: tls_phdrs_script_test] Error 1
make[5]: *** [Makefile:4080: tls_script_test] Error 1
make[5]: *** [Makefile:6525: script_test_4] Error 1
make[5]: *** [Makefile:6533: script_test_6] Error 1
make[5]: *** [Makefile:6538: script_test_7] Error 1
make[5]: *** [Makefile:6542: script_test_8] Error 1
make[5]: *** [Makefile:5791: icf_virtual_function_folding_test] Error 1
make[5]: *** [Makefile:4230: weak_unresolved_symbols_test] Error 1
make[5]: *** [Makefile:5956: weak_alias_test_5.so] Error 1
make[5]: *** [Makefile:3801: initpri2] Error 1
make[5]: *** [Makefile:3834: many_sections_test] Error 1
make[5]: *** [Makefile:6332: flagstest_compress_debug_sections_and_build_id_tree] Error 1
make[5]: *** [Makefile:4011: script_test_1] Error 1
make[5]: *** [Makefile:6508: justsyms_lib] Error 1
make[5]: *** [Makefile:4032: script_test_2] Error 1
make[5]: *** [Makefile:3369: binary_test] Error 1
make[5]: *** [Makefile:3408: ehdr_start_test_3] Error 1
make[5]: *** [Makefile:7035: incremental_test_2] Error 1
make[5]: *** [Makefile:7042: incremental_test_3] Error 1
make[5]: *** [Makefile:7049: incremental_test_4] Error 1
make[5]: *** [Makefile:7058: incremental_test_5] Error 1
make[5]: *** [Makefile:7067: incremental_test_6] Error 1
make[5]: *** [Makefile:7074: incremental_copy_test] Error 1
make[5]: *** [Makefile:7080: incremental_common_test_1] Error 1
make[5]: *** [Makefile:7086: incremental_comdat_test_1] Error 1
make[5]: *** [Makefile:5695: incremental_test] Error 1
make[5]: *** [Makefile:5733: icf_test] Error 1
make[5]: *** [Makefile:5739: icf_keep_unique_test] Error 1
make[5]: *** [Makefile:5745: icf_safe_test] Error 1
make[5]: *** [Makefile:5777: text_section_no_grouping] Error 1
make[5]: *** [Makefile:5795: icf_preemptible_functions_test] Error 1
make[5]: *** [Makefile:5801: icf_string_merge_test] Error 1
make[5]: *** [Makefile:5809: icf_sht_rel_addend_test] Error 1
make[5]: *** [Makefile:5976: copy_test_protected.err] Error 1
make[5]: *** [Makefile:6529: script_test_5] Error 1
make[5]: *** [Makefile:6549: script_test_9] Error 1
make[5]: *** [Makefile:6796: hidden_test] Error 1
make[5]: *** [Makefile:6965: memory_test] Error 1
make[5]: *** [Makefile:6975: memory_test_2] Error 1
make[5]: *** [Makefile:6979: gdb_index_test_1] Error 1
make[5]: *** [Makefile:6985: gdb_index_test_2] Error 1
make[5]: *** [Makefile:6991: gdb_index_test_2_gabi] Error 1
make[5]: *** [Makefile:6997: gdb_index_test_3] Error 1
make[5]: *** [Makefile:7003: gdb_index_test_4] Error 1
make[5]: *** [Makefile:6615: plugin_test_1] Error 1
make[5]: *** [Makefile:6619: plugin_test_2] Error 1
make[5]: *** [Makefile:6623: plugin_test_3] Error 1
make[5]: *** [Makefile:6627: plugin_test_4] Error 1
make[5]: *** [Makefile:6636: plugin_test_6] Error 1
make[5]: *** [Makefile:6640: plugin_test_7] Error 1
make[5]: *** [Makefile:6685: plugin_test_10] Error 1
make[5]: *** [Makefile:6689: plugin_test_11] Error 1
make[5]: *** [Makefile:6696: plugin_test_start_lib] Error 1
make[5]: *** [Makefile:6726: plugin_test_tls] Error 1
make[5]: *** [Makefile:6958: start_lib_test] Error 1
make[5]: *** [Makefile:6742: plugin_final_layout] Error 1
make[5]: *** [Makefile:6755: plugin_layout_with_alignment] Error 1
make[5]: *** [Makefile:6634: plugin_test_5] Error 1
make[4]: *** [Makefile:5520: check-am] Error 2
make[3]: *** [Makefile:5524: check] Error 2
make[4]: *** [Makefile:813: ld1] Error 1
make[4]: *** [Makefile:828: ld4] Error 1
make[4]: *** [Makefile:825: ld3] Error 1
make[3]: *** [Makefile:1205: check-am] Error 2
make[2]: *** [Makefile:940: check-recursive] Error 1
make[1]: *** [Makefile:6134: check-gold] Error 2
make[5]: *** [Makefile:3646: check-DEJAGNU] Error 1
make[4]: *** [Makefile:1940: check-am] Error 2
make[3]: *** [Makefile:1780: check-recursive] Error 1
make[2]: *** [Makefile:1942: check] Error 2
make[1]: *** [Makefile:7547: check-ld] Error 2
make: *** [Makefile:2206: do-check] Error 2
		=== ld Summary ===

# of expected passes		1696
# of unexpected failures	33
# of expected failures		57
# of untested testcases		1
# of unsupported tests		12
/tmp/binutils-nopie/src/binutils-build/ld/ld-new 2.27

Arch Linux + sway
Debian Testing + GNOME/sway
NetBSD 64-bit + Xfce

Offline

#7 2017-01-11 23:51:25

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: GCC 6.3.1: PIE + isl

> grep Error binutils-2.27-1-x86_64-check.log 
make[3]: [Makefile:140: site.exp] Error 2 (ignored)
make[3]: [Makefile:141: site.exp] Error 1 (ignored)

> grep Error binutils-2.27-1.90-x86_64-check.log 
make[3]: [Makefile:140: site.exp] Error 2 (ignored)
make[3]: [Makefile:141: site.exp] Error 1 (ignored)
make[5]: *** [Makefile:7038: incremental_test_2] Error 1
make[5]: *** [Makefile:7062: incremental_test_5] Error 1
make[5]: *** [Makefile:7009: ehdr_start_test_4] Error 1
make[4]: *** [Makefile:5520: check-am] Error 2
make[3]: *** [Makefile:5524: check] Error 2
make[2]: *** [Makefile:940: check-recursive] Error 1
make[1]: *** [Makefile:6135: check-gold] Error 2
make[5]: *** [Makefile:3646: check-DEJAGNU] Error 1
make[4]: *** [Makefile:1940: check-am] Error 2
make[3]: *** [Makefile:1780: check-recursive] Error 1
make[2]: *** [Makefile:1942: check] Error 2
make[1]: *** [Makefile:7548: check-ld] Error 2
make: *** [Makefile:2207: do-check] Error 2

First is the current package in the repos - looking all good!  Second is binutils built with gcc with --enable-default-pie...

Offline

#8 2017-01-12 09:45:18

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

Is there any uptream bug or distro specific bug out there? maybe it can give a hint or even contain a patch.


Well, I suppose that this is somekind of signature, no?

Offline

#9 2017-01-20 13:53:30

phoenix
Member
Registered: 2015-03-28
Posts: 18

Re: GCC 6.3.1: PIE + isl

Can't binutils just be compiled with the -nopie flag? It sucks when one package blocks changes for the whole distribution.
Have you guys compared your findings to how Hardened Gentoo or Fedora deal with this?

Offline

#10 2017-01-20 19:19:40

umyscoog
Member
Registered: 2016-11-25
Posts: 3

Re: GCC 6.3.1: PIE + isl

It doesn't need -no-pie flag as it compiles perfectly with --enable-default-pie version of gcc (however downgrade flex to 2.6.1 is needed, see https://github.com/westes/flex/issues/154 )

These errors are coming from testsuite which expects default options ( so without --enable-default-pie)

In the end nobody cares about it and I don't think Arch should stay behind everyone else, here some errors from debian sid binutils official buildlog:

make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build-single] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.s390x] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.ppc64el] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.powerpc] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mips] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mipsel] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.alpha] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.hppa] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.m68k] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-binutils] Error 2
make[5]: *** [check-DEJAGNU] Error 1
make[4]: *** [check-am] Error 2
make[3]: *** [check-recursive] Error 1
make[2]: *** [check-gas] Error 2
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mips64] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-binutils] Error 2
make[5]: *** [check-DEJAGNU] Error 1
make[4]: *** [check-am] Error 2
make[3]: *** [check-recursive] Error 1
make[2]: *** [check-gas] Error 2
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mips64el] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.powerpcspe] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.ppc64] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.sh4] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.sparc64] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mipsn32] Error 2 (ignored)
make[6]: *** [check-DEJAGNU] Error 1
make[5]: *** [check-am] Error 2
make[4]: *** [check-recursive] Error 1
make[3]: *** [check] Error 2
make[2]: *** [check-ld] Error 2
make[1]: *** [do-check] Error 2
make: [stamps/build.mipsn32el] Error 2 (ignored)

Someone could report it at https://sourceware.org/bugzilla/ but testsuites errors are usually low priority for upstream.

Last edited by umyscoog (2017-01-24 11:31:45)

Offline

#11 2017-01-27 18:31:13

QuackDonkey
Member
Registered: 2017-01-27
Posts: 24

Re: GCC 6.3.1: PIE + isl

I  opened an upstream issue. There is one patch already proposed. Everyone who's interested please test it and provide your input there. Buildlog with failed tests needed.

https://sourceware.org/bugzilla/show_bug.cgi?id=21090

Last edited by QuackDonkey (2017-01-27 18:47:13)

Offline

#12 2017-01-28 05:24:11

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

QuackDonkey wrote:

I  opened an upstream issue. There is one patch already proposed. Everyone who's interested please test it and provide your input there. Buildlog with failed tests needed.

https://sourceware.org/bugzilla/show_bug.cgi?id=21090

Nop in my case the patch not solve the bug and aparently reading the bug it not fix it either... maybe is intended to fail?


Well, I suppose that this is somekind of signature, no?

Offline

#13 2017-01-28 11:44:09

QuackDonkey
Member
Registered: 2017-01-27
Posts: 24

Re: GCC 6.3.1: PIE + isl

Yeah, it didn't help. I attached some logs which should provide better guidance about what's going on. It's very plausible those are false positives as errors happens in debian and fedora builds too and it didn't stop them from enabling PIE by default.

Offline

#14 2017-01-31 08:03:53

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

Aparently Fedora concider those as false positives, or at less that what I can read in the net... should Arch do the same?


Well, I suppose that this is somekind of signature, no?

Offline

#15 2017-01-31 10:09:38

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,407
Website

Re: GCC 6.3.1: PIE + isl

If upstream doesn't consider them false positives, we should we? Anyway quite pointless continuing this discussion here, it's all in the bug report above (QuackDonkey, thanks for opening it).


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

#16 2017-01-31 16:34:16

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: GCC 6.3.1: PIE + isl

I'd like to point out this in the bug report:

the failures you report in the description are due to an internal error in the gold linker

Not so much false positives then...

Offline

#17 2017-02-01 13:12:30

QuackDonkey
Member
Registered: 2017-01-27
Posts: 24

Re: GCC 6.3.1: PIE + isl

There is a new patch and upstream considers this bug as resolved.

EDIT: reopened

@Allan can I have your opinion about this?

Those are my results from current master git binutils:

binutils-git/gcc 6.3.1/pie disabled default:

readelf: Error: the PHDR segment is not covered by a LOAD segment
make[5]: *** [Makefile:3653: check-DEJAGNU] Error 1
make[4]: *** [Makefile:1919: check-am] Error 2
make[3]: *** [Makefile:1759: check-recursive] Error 1
make[2]: *** [Makefile:1921: check] Error 2
make[1]: *** [Makefile:7513: check-ld] Error 2
make[3]: [Makefile:140: site.exp] Error 2 (ignored)
make[3]: [Makefile:141: site.exp] Error 1 (ignored)
make: *** [Makefile:2176: do-check] Error 2

# of expected passes        1778
# of unexpected failures    1
# of expected failures        57
# of untested testcases        1
# of unsupported tests        12
/build/binutils-git/src/binutils-build/ld/ld-new 2.28.51.20170201

binutils-git/gcc 6.3.1/pie enabled default:

make[5]: *** [Makefile:7239: incremental_test_2] Error 1
make[5]: *** [Makefile:7263: incremental_test_5] Error 1
make[5]: *** [Makefile:7278: incremental_copy_test] Error 1
make[5]: *** [Makefile:7284: incremental_common_test_1] Error 1
readelf: Error: the PHDR segment is not covered by a LOAD segment
make[4]: *** [Makefile:5675: check-am] Error 2
make[3]: *** [Makefile:5679: check] Error 2
make[2]: *** [Makefile:941: check-recursive] Error 1
make[1]: *** [Makefile:6100: check-gold] Error 2
make[5]: *** [Makefile:3653: check-DEJAGNU] Error 1
make[4]: *** [Makefile:1919: check-am] Error 2
make[3]: *** [Makefile:1759: check-recursive] Error 1
make[2]: *** [Makefile:1921: check] Error 2
make[1]: *** [Makefile:7513: check-ld] Error 2
make[3]: [Makefile:140: site.exp] Error 2 (ignored)
make[3]: [Makefile:141: site.exp] Error 1 (ignored)
make: *** [Makefile:2176: do-check] Error 2

# of expected passes        1762
# of unexpected failures    17
# of expected failures        57
# of untested testcases        1
# of unsupported tests        12
/build/binutils-git/src/binutils-build/ld/ld-new 2.28.51.20170201

after additional Nick patch:

# of expected passes        1768
# of unexpected failures    11
# of expected failures        57
# of untested testcases        1
# of unsupported tests        12
/build/binutils-git/src/binutils-build/ld/ld-new 2.28.51.20170201

Note that libiberty/testsuite/test-pexecute always crash on my system (in a clean chroot). Anyone can confirm those? I would like to see someone else post his logs to be sure I'm not fooling myself.

Last edited by QuackDonkey (2017-02-01 16:34:19)

Offline

#18 2017-02-19 07:16:53

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

It happend to me, I tried in a clean chroot and in a runing system with same results.


Well, I suppose that this is somekind of signature, no?

Offline

#19 2017-04-16 10:49:51

QuackDonkey
Member
Registered: 2017-01-27
Posts: 24

Re: GCC 6.3.1: PIE + isl

This is my last post on forum. I wish all the best for all users and maintainers. I hope we will get this issue resolved soon. Here's quote from my bugreport which is a summary of current situation:

There was intent to do this before, see https://lists.archlinux.org/pipermail/a … 28405.html but it stalled. Now with new maintainer on board we could make it finally happen.

Debian and Alpine distributions enabled this already so we can use their effort as a guidance. Here are buildlog from official Debian package https://buildd.debian.org/status/logs.p … arch=amd64 and Alpine PKGBUILD https://git.alpinelinux.org/cgit/aports … D?h=master .

There are potential issues with binutils package which were reported upstream here https://sourceware.org/bugzilla/show_bug.cgi?id=21090 . I don't think upstream see this as something serious. We can consult again with Debian buildlog https://buildd.debian.org/status/logs.p … arch=amd64 and Alpine PKGBUILD https://git.alpinelinux.org/cgit/aports … D?h=master . Our new maintainer as a fellow Alpinist probably has more knowledge on that matter.

Enabling PIE is very important from security perspective as it enable use of ASLR https://en.wikipedia.org/wiki/Address_s … domization

Offline

#20 2017-06-30 11:48:38

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: GCC 6.3.1: PIE + isl

As per https://lists.archlinux.org/pipermail/a … 28903.html it appears PIE will become enabled by default.
Will any of the other flags listed in https://github.com/pid1/test-sec-flags/ … /FLAGS.rst be added?
Will LTO be enabled to offset the slight performance penalty incurred?
Edit:
As fstack-check seems currently to have multiple known issues that would seem self explanatory not to use for now.

Last edited by loqs (2017-06-30 12:28:17)

Offline

#21 2018-01-22 07:27:38

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 1,022

Re: GCC 6.3.1: PIE + isl

I wonder now if -mindirect-branch=thunk will be added to when gcc 7.3 get released since is a mitigation to Spectre yet the flag is not by default.


Well, I suppose that this is somekind of signature, no?

Offline

#22 2018-01-22 10:57:03

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: GCC 6.3.1: PIE + isl

Jristz wrote:

I wonder now if -mindirect-branch=thunk will be added to when gcc 7.3 get released since is a mitigation to Spectre yet the flag is not by default.

7.2.1+20180116-1 has mindirect-branch.

Offline

Board footer

Powered by FluxBB