Debian gcc's is nowdays compiled with --enable-default-pie which means it does
-fPIE by default. This breaks atleast x86-64 compiles.
This is the third attempt to fix it, this time by using runtime detection of
the -fno-PIE compiler switch (it was introduced in gcc 3.4, min required gcc is
currently 3.2) so it can be backported to the stable kernels.
As noted by Al this won't fix `git bisect' of stable kernels prio this commit.
However using always a wrapper around gcc which adds -fno-PIE is not sollution
I want to rely in future.
Sebastian
If the gcc is configured to do -fPIE by default then the build aborts
later with:
| Unsupported relocation type: unknown type rel type name (29)
Tagging it stable so it is possible to compile recent stable kernels as
well.
Cc: [email protected]
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
arch/x86/purgatory/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile
index ac58c1616408..555b9fa0ad43 100644
--- a/arch/x86/purgatory/Makefile
+++ b/arch/x86/purgatory/Makefile
@@ -16,6 +16,7 @@ KCOV_INSTRUMENT := n
KBUILD_CFLAGS := -fno-strict-aliasing -Wall -Wstrict-prototypes -fno-zero-initialized-in-bss -fno-builtin -ffreestanding -c -MD -Os -mcmodel=large
KBUILD_CFLAGS += -m$(BITS)
+KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
$(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE
$(call if_changed,ld)
--
2.10.2
Adding -no-PIE to the fstack protector check. -no-PIE was introduced
before -fstack-protector so there is no need for a runtime check.
Without it the build stops:
|Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong available but compiler is broken
due to -mcmodel=kernel + -fPIE if -fPIE is enabled by default.
Tagging it stable so it is possible to compile recent stable kernels as
well.
Cc: [email protected]
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
scripts/gcc-x86_64-has-stack-protector.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/gcc-x86_64-has-stack-protector.sh b/scripts/gcc-x86_64-has-stack-protector.sh
index 973e8c141567..17867e723a51 100755
--- a/scripts/gcc-x86_64-has-stack-protector.sh
+++ b/scripts/gcc-x86_64-has-stack-protector.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
+echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
if [ "$?" -eq "0" ] ; then
echo y
else
--
2.10.2
Debian started to build the gcc with -fPIE by default so the kernel
build ends before it starts properly with:
|kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
Also add to KBUILD_AFLAGS due to:
|gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S
|arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic
Tagging it stable so it is possible to compile recent stable kernels as
well.
Cc: [email protected]
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Makefile b/Makefile
index a2650f9c6a25..d61145ebf498 100644
--- a/Makefile
+++ b/Makefile
@@ -622,6 +622,8 @@ include arch/$(SRCARCH)/Makefile
KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
+KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
+KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
KBUILD_CFLAGS += $(call cc-option,-ffunction-sections,)
--
2.10.2
On Fri, Nov 04, 2016 at 07:39:37PM +0100, Sebastian Andrzej Siewior wrote:
> Debian gcc's is nowdays compiled with --enable-default-pie which means it does
> -fPIE by default. This breaks atleast x86-64 compiles.
> This is the third attempt to fix it, this time by using runtime detection of
> the -fno-PIE compiler switch (it was introduced in gcc 3.4, min required gcc is
> currently 3.2) so it can be backported to the stable kernels.
> As noted by Al this won't fix `git bisect' of stable kernels prio this commit.
> However using always a wrapper around gcc which adds -fno-PIE is not sollution
> I want to rely in future.
A wrapper around gcc which adds -fno-PIE doesn't work for the HOSTCC
builds, anyway:
% gcc -fno-PIE -o /tmp/hello /tmp/hello.c
/usr/bin/ld: /tmp/cckzDf9X.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Alas, the only workaround I've found which doesn't involve bisecting
the kernel is to add "CC=gcc-5" to the Makefile invocation (assuming
gcc-5 is installed of course).
- Ted
On 11/04/16 11:39, Sebastian Andrzej Siewior wrote:
> Debian gcc's is nowdays compiled with --enable-default-pie which means it does
> -fPIE by default. This breaks atleast x86-64 compiles.
> This is the third attempt to fix it, this time by using runtime detection of
> the -fno-PIE compiler switch (it was introduced in gcc 3.4, min required gcc is
> currently 3.2) so it can be backported to the stable kernels.
> As noted by Al this won't fix `git bisect' of stable kernels prio this commit.
> However using always a wrapper around gcc which adds -fno-PIE is not sollution
> I want to rely in future.
>
> Sebastian
>
We don't support gcc < 3.4 on x86 platforms; I'm pretty sure it is broken.
-hpa
On Fri, Nov 04, 2016 at 07:39:37PM +0100, Sebastian Andrzej Siewior wrote:
> Debian gcc's is nowdays compiled with --enable-default-pie which means it does
Ho humm, there it is:
$ gcc -### /usr/include/stdlib.h 2>&1 | grep -o -- "--enable-default-pie"
--enable-default-pie
For all three:
Tested-by: Borislav Petkov <[email protected]>
That is, if that "fun" of building gcc with it doesn't get undone...
Thanks.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
On Fri, Nov 04, 2016 at 07:39:38PM +0100, Sebastian Andrzej Siewior wrote:
> Debian started to build the gcc with -fPIE by default so the kernel
> build ends before it starts properly with:
> |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
>
> Also add to KBUILD_AFLAGS due to:
>
> |gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S
> |arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic
>
> Tagging it stable so it is possible to compile recent stable kernels as
> well.
>
> Cc: [email protected]
> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
> ---
> Makefile | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/Makefile b/Makefile
> index a2650f9c6a25..d61145ebf498 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -622,6 +622,8 @@ include arch/$(SRCARCH)/Makefile
> KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
> KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
> KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
> +KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
> +KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
Bad compiler. No pie for you.
I applied this one to kbuild.git. How about 2/3 and 3/3. Will these be
merged via tip.git or shall I apply them as well?
Thanks,
Michal
On Fri, 2016-11-04 at 19:39 +0100, Sebastian Andrzej Siewior wrote:
> Debian gcc's is nowdays compiled with --enable-default-pie which means it does
> -fPIE by default. This breaks atleast x86-64 compiles.
> This is the third attempt to fix it, this time by using runtime detection of
> the -fno-PIE compiler switch (it was introduced in gcc 3.4, min required gcc is
> currently 3.2) so it can be backported to the stable kernels.
> As noted by Al this won't fix `git bisect' of stable kernels prio this commit.
> However using always a wrapper around gcc which adds -fno-PIE is not sollution
> I want to rely in future.
I applied the previous version of "kbuild: add -fno-PIE" plus
"scripts/has-stack-protector: add -fno-PIE" to the Debian kernel
package of v4.9-rc3 and built with gcc-6, and the results of auto-
building so far are (from
<https://buildd.debian.org/status/package.php?p=linux&suite=experimental>):
Debian Description Result
name
----------------------------------------------
amd64 x86_64 OK
arm64 ARMv8 OK
armel ARMv5 pending
armhf ARMv7 pending
i386 i686 OK
mips MIPS{32,64}r2 big-endian OK
mipsel MIPS{32,64}r2 little-endian pending
mips64el MIPS64r2, little-endian pending
ppc64el POWER8, little-endian OK
s390x s390x OK
PIE has not been enabled by default on other Debian architectures. The
build failures on hppa and sparc64 are unrelated.
We do enable CONFIG_KEXEC_FILE on amd64 so I don't know how why that
build succeeded without "x86/kexec: add -fno-PIE".
Ben.
--
Ben Hutchings
For every complex problem
there is a solution that is simple, neat, and wrong.
* Michal Marek <[email protected]> wrote:
> On Fri, Nov 04, 2016 at 07:39:38PM +0100, Sebastian Andrzej Siewior wrote:
> > Debian started to build the gcc with -fPIE by default so the kernel
> > build ends before it starts properly with:
> > |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
> >
> > Also add to KBUILD_AFLAGS due to:
> >
> > |gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S
> > |arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic
> >
> > Tagging it stable so it is possible to compile recent stable kernels as
> > well.
> >
> > Cc: [email protected]
> > Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
> > ---
> > Makefile | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/Makefile b/Makefile
> > index a2650f9c6a25..d61145ebf498 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -622,6 +622,8 @@ include arch/$(SRCARCH)/Makefile
> > KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
> > KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
> > KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
> > +KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
> > +KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
>
> Bad compiler. No pie for you.
>
> I applied this one to kbuild.git. How about 2/3 and 3/3. Will these be
> merged via tip.git or shall I apply them as well?
I'd suggest applying them to the kbuild tree, as they are related.
Thanks,
Ingo
Dne 9.11.2016 v 07:10 Ingo Molnar napsal(a):
>
> * Michal Marek <[email protected]> wrote:
>
>> On Fri, Nov 04, 2016 at 07:39:38PM +0100, Sebastian Andrzej Siewior wrote:
>>> Debian started to build the gcc with -fPIE by default so the kernel
>>> build ends before it starts properly with:
>>> |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
>>>
>>> Also add to KBUILD_AFLAGS due to:
>>>
>>> |gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S
>>> |arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic
>>>
>>> Tagging it stable so it is possible to compile recent stable kernels as
>>> well.
>>>
>>> Cc: [email protected]
>>> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
>>> ---
>>> Makefile | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/Makefile b/Makefile
>>> index a2650f9c6a25..d61145ebf498 100644
>>> --- a/Makefile
>>> +++ b/Makefile
>>> @@ -622,6 +622,8 @@ include arch/$(SRCARCH)/Makefile
>>> KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
>>> KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
>>> KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
>>> +KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
>>> +KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
>>
>> Bad compiler. No pie for you.
>>
>> I applied this one to kbuild.git. How about 2/3 and 3/3. Will these be
>> merged via tip.git or shall I apply them as well?
>
> I'd suggest applying them to the kbuild tree, as they are related.
OK, done.
Michal
* Michal Marek <[email protected]> wrote:
> >>> +++ b/Makefile
> >>> @@ -622,6 +622,8 @@ include arch/$(SRCARCH)/Makefile
> >>> KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
> >>> KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
> >>> KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
> >>> +KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
> >>> +KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
> >>
> >> Bad compiler. No pie for you.
> >>
> >> I applied this one to kbuild.git. How about 2/3 and 3/3. Will these be
> >> merged via tip.git or shall I apply them as well?
> >
> > I'd suggest applying them to the kbuild tree, as they are related.
>
> OK, done.
Thanks!
Ingo