On Tue, Oct 18, 2016 at 9:56 AM, Greg KH <gre...@linuxfoundation.org> wrote:
> On Tue, Oct 18, 2016 at 09:48:17AM -0600, Shuah Khan wrote:
>> On Tue, Oct 18, 2016 at 9:37 AM, Greg KH <gre...@linuxfoundation.org> wrote:
>> > On Tue, Oct 18, 2016 at 09:24:20AM -0600, Shuah Khan wrote:
>> >> After upgrading to Ubuntu 16.10, I can't build kernels anymore unless
>> >> the following patch is applied to the kernel Makefile. A word of
>> >> caution for anybody that is planning to update their development
>> >> systems.
>> >> https://patchwork.ozlabs.org/patch/616621/
>> >> Please refer to the Ubuntu 16.10 release notes for more details.
>> >> https://wiki.ubuntu.com/YakketyYak/ReleaseNotes#GCC
>> >> Ubuntu is recommended applying this patch for building Linux kernels.
>> >> I am not sure this is the right way to go. I am hoping this is
>> >> work-around and patching the kernel Makefile will not be the solution
>> >> going forward.
>> >> I haven't seen any patch sent upstream to make this change, so I still
>> >> hope this is a temporary work-around. Maybe be there is patch that
>> >> came through and you are aware of this problem?
>> > Does commit 6d92bc9d483a solve this issue for you? That should have
>> > resolved a -pie issue, back in 4.6, or is this something else?
>> This is a new problem because of a change Ubuntu made in their gcc
>> version 6.2.0 20161005 (Ubuntu 6.2.0-5ubuntu12) it appears.
>> The Ubuntu 16.10 release notes says:
>> "We have modified GCC to by-default compile programs with position
>> independent executable support to improve the security benefits
>> provided by
>> Address Space Layout Randomization.
>> This may cause difficulty when trying to compile Linux kernels that
>> still need this patch applied.
>> Other programs may experience other problems; some debugging
>> guidelines are at https://wiki.ubuntu.com/SecurityTeam/PIE"
>> The above clearly states a patch needs to applied to the Linux Kernel
>> makefile. This patch forces no-pie for distro compilers that enable
>> pie by default
>> The error I am seeing on 4.9-rc1 is:
>> CHK include/config/kernel.release
>> Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong
>> not supported by compiler
>> Makefile:1058: recipe for target 'prepare-compiler-check' failed
>> make: *** [prepare-compiler-check] Error 1
>> I think CONFIG_CC_STACKPROTECTOR_STRONG is enabled in most distro
>> configs. So I am not why this should fail now.
>> Here is the Ubuntu recommended patch for easy reference: (note cut and
>> paste - probably won't apply) -
> Did you follow up with Steve about this? Seems odd that no one ever
> followed up on it.
I ran into this just yesterday and found the patch this morning. I can
contact Steve and get more information on this.