On 22/02/2020 11:10, Felix Fietkau wrote: > On 2020-02-22 09:54, Stijn Tintel wrote: >> On 20/02/2020 11:56, Petr Štetiar wrote: >>> This activates PIE ASLR support by default when the regular option is >>> selected. >>> >> Unfortunately this seems to break build on x86/64: >> >> x86_64-openwrt-linux-musl-gcc -O2 -pipe -fno-caller-saves -fno-plt >> -fhonour-copts -Wno-error=unused-but-set-variable >> -Wno-error=unused-result >> -ffile-prefix-map=/home/stijn/Development/LEDE/source/build_dir/target-x86_64_musl/linux-x86_64/ppp-default/ppp-2.4.8=ppp-2.4.8 >> -Wformat -Werror=format-security -fpic -fstack-protector-strong >> -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -ffunction-sections >> -fdata-sections -flto -DHAVE_PATHS_H -DHAVE_MMAP -I../include >> '-DDESTDIR="/usr"' -DCHAPMS=1 -DMPPE=1 -DHAS_SHADOW -DHAVE_CRYPT_H=1 >> -DUSE_CRYPT=1 -DPLUGIN -DPPP_FILTER -DPPP_PRECOMPILED_FILTER >> -I/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/include >> -DINET6=1 -DMAXOCTETS >> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib >> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/lib >> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/usr/lib >> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/lib >> -fpic >> -specs=/home/stijn/Development/LEDE/source/include/hardened-ld-pie.specs >> -znow -zrelro -Wl,--gc-sections -flto -fuse-linker-plugin -Wl,-E -o >> pppd main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o >> ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o eap.o >> chap-md5.o session.o md4.o chap_ms.o sha1.o pppcrypt.o pcap_pcc.o >> ipv6cp.o eui64.o -lcrypt -ldl >> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a >> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld: >> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a(bpf_filter.c.o): >> relocation R_X86_64_32S against `.rodata' can not be used when making a >> PIE object; recompile with -fPIC >> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld: >> final link failed: nonrepresentable section on output >> collect2: error: ld returned 1 exit status >> >> So NACK from me until this is fixed. > This one can most likely be fixed by setting PKG_ASLR_PIE_REGULAR:=1 in > libpcap as well. That way -fPIC gets passed for the static library build. > Interesting. I've added this in the libpcap Makefile and that seems to fix it. But I am actually building with CONFIG_PKG_ASLR_PIE_ALL=y, so would assume it would enable PIE even if PKG_ASLR_PIE_REGULAR is not set in the Makefile. Anyway, I'll send a patch for libpcap, thanks for the suggestion.
Stijn _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
