Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-31 Thread Jose R R 
On Mon, Oct 31, 2016 at 12:31 AM, Konstantin Demin  wrote:
> I have tested several scenarios and "KCPPFLAGS=-fno-PIE" does that
> trick much better :-)
>
> --
> SY,
> Konstantin Demin
uname -a
Linux cohuatlicue 4.7.10.tezcatlipoca #1 SMP PREEMPT Mon Oct 31
09:47:07 PDT 2016 x86_64 GNU/Linux

i.e., Aufs4/Reiser4 kernel re-built with your suggestion, as:

time KCPPFLAGS="-fno-PIE" fakeroot make-kpkg
--append-to-version=.tezcatlipoca --stem gcc6-aufs4+reiser4m -j8
--initrd kernel_image kernel_headers

Thanks again, Konstantin.


Best Professional Regards.

-- 
Jose R R
http://metztli.it
-
Try at no charge http://b2evolution.net for http://OpenShift.com PaaS
-
from our GitHub http://Nepohualtzintzin.com repository. Cloud the easy way!
-

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-29 Thread Jose R R 
On Tue, Oct 25, 2016 at 3:46 PM, Konstantin Demin  wrote:
>>> But does this generate the same output as without -enable-default-pie?
>>> Some parts of the kernel do use -fpic or -fPIC. Which directive prevails?
>
> If you call gcc with "-O3 -O0 -O1", only "-O1" option is make sence.
> See attachments from recent build log (roughly speaking, Linux 4.8.4,
> "make V=1" with gcc 6.2.0-9, but actually it's heavily customized
> Debian src:linux with 3rd pty patches and custom configs).
>
>>> I'm currently looking for correct way to do this trick.
> Patch is available and (at least) works for me on amd64 and i386, ref msg #51
Thanks!!!

I just built my Aufs4/Reiser4-patched kernel 4.7.10 from pristine
source at kernel.org as:

time KCFLAGS="-fno-PIC -fno-PIE" fakeroot make-kpkg
--append-to-version=.huitzilopochtli --stem gcc6-aufs4+reiser4m -j8
--initrd kernel_image kernel_headers

Otherwise I was getting error:
[...]
  UPD include/generated/uapi/linux/version.h
  CHK include/generated/utsrelease.h
  UPD include/generated/utsrelease.h
  CC  kernel/bounds.s
kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
 /*

make[3]: *** [kernel/bounds.s] Error 1
Kbuild:45: recipe for target 'kernel/bounds.s' failed
make[2]: *** [prepare0] Error 2
Makefile:1033: recipe for target 'prepare0' failed
make[2]: Leaving directory '/usr/src/build/tekitl-4.7.10/build/linux-4.7.10'
make[1]: *** [debian/stamp/conf/kernel-conf] Error 2
debian/ruleset/targets/common.mk:194: recipe for target
'debian/stamp/conf/kernel-conf' failed
make[1]: Leaving directory '/usr/src/build/tekitl-4.7.10/build/linux-4.7.10'
make: *** [debian/stamp/conf/minimal_debian] Error 2
/usr/share/kernel-package/ruleset/minimal.mk:93: recipe for target
'debian/stamp/conf/minimal_debian' failed


Best Professional Regards.

-- 
Jose R R
http://metztli.it
-
Try at no charge http://b2evolution.net for http://OpenShift.com PaaS
-
from our GitHub http://Nepohualtzintzin.com repository. Cloud the easy way!
-

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-25 Thread Konstantin Demin 
>> But does this generate the same output as without -enable-default-pie?
>> Some parts of the kernel do use -fpic or -fPIC. Which directive prevails?

If you call gcc with "-O3 -O0 -O1", only "-O1" option is make sence.
See attachments from recent build log (roughly speaking, Linux 4.8.4,
"make V=1" with gcc 6.2.0-9, but actually it's heavily customized
Debian src:linux with 3rd pty patches and custom configs).

>> I'm currently looking for correct way to do this trick.
Patch is available and (at least) works for me on amd64 and i386, ref msg #51

-- 
SY,
Konstantin Demin
gcc-6
-Wp,-MD,arch/x86/entry/vdso/.vdso-image-64.o.d
-nostdinc
-isystem
/usr/lib/gcc/x86_64-linux-gnu/6/include
-I/<>/arch/x86/include
-I./arch/x86/include/generated/uapi
-I./arch/x86/include/generated
-I/<>/include
-I./include
-I/<>/arch/x86/include/uapi
-I/<>/include/uapi
-I./include/generated/uapi
-include /<>/include/linux/kconfig.h
-I/<>/arch/x86/entry/vdso
-Iarch/x86/entry/vdso
-D__KERNEL__
-Wall
-Wundef
-Wstrict-prototypes
-Wno-trigraphs
-fno-strict-aliasing
-fno-common
-Werror-implicit-function-declaration
-Wno-format-security
-std=gnu89
-mno-sse
-mno-mmx
-mno-sse2
-mno-3dnow
-mno-avx
-m64
-falign-jumps=1
-falign-loops=1
-mno-80387
-mno-fp-ret-in-387
-mpreferred-stack-boundary=3
-mskip-rax-setup
-mtune=generic
-mno-red-zone
-mcmodel=kernel
-DCONFIG_X86_X32_ABI
-DCONFIG_AS_CFI=1
-DCONFIG_AS_CFI_SIGNAL_FRAME=1
-DCONFIG_AS_CFI_SECTIONS=1
-DCONFIG_AS_FXSAVEQ=1
-DCONFIG_AS_SSSE3=1
-DCONFIG_AS_CRC32=1
-DCONFIG_AS_AVX=1
-DCONFIG_AS_AVX2=1
-DCONFIG_AS_SHA1_NI=1
-DCONFIG_AS_SHA256_NI=1
-pipe
-Wno-sign-compare
-fno-asynchronous-unwind-tables
-O2
-fplugin=./scripts/gcc-plugins/cyc_complexity_plugin.so
-fomit-frame-pointer
-DCC_HAVE_ASM_GOTO
-fno-PIC
-fno-PIE
-DKBUILD_BASENAME='"vdso_image_64"'
-DKBUILD_MODNAME='"vdso_image_64"'
-c
-o arch/x86/entry/vdso/.tmp_vdso-image-64.o
arch/x86/entry/vdso/vdso-image-64.cgcc-6
-Wp,-MD,arch/x86/entry/vdso/.vclock_gettime.o.d
-nostdinc
-isystem
/usr/lib/gcc/x86_64-linux-gnu/6/include
-I/<>/arch/x86/include
-I./arch/x86/include/generated/uapi
-I./arch/x86/include/generated
-I/<>/include
-I./include
-I/<>/arch/x86/include/uapi
-I/<>/include/uapi
-I./include/generated/uapi
-include /<>/include/linux/kconfig.h
-I/<>/arch/x86/entry/vdso
-Iarch/x86/entry/vdso
-D__KERNEL__
-Wall
-Wundef
-Wstrict-prototypes
-Wno-trigraphs
-fno-strict-aliasing
-fno-common
-Werror-implicit-function-declaration
-Wno-format-security
-std=gnu89
-mno-sse
-mno-mmx
-mno-sse2
-mno-3dnow
-mno-avx
-m64
-falign-jumps=1
-falign-loops=1
-mno-80387
-mno-fp-ret-in-387
-mpreferred-stack-boundary=3
-mskip-rax-setup
-mtune=generic
-mno-red-zone
-mcmodel=kernel
-DCONFIG_X86_X32_ABI
-DCONFIG_AS_CFI=1
-DCONFIG_AS_CFI_SIGNAL_FRAME=1
-DCONFIG_AS_CFI_SECTIONS=1
-DCONFIG_AS_FXSAVEQ=1
-DCONFIG_AS_SSSE3=1
-DCONFIG_AS_CRC32=1
-DCONFIG_AS_AVX=1
-DCONFIG_AS_AVX2=1
-DCONFIG_AS_SHA1_NI=1
-DCONFIG_AS_SHA256_NI=1
-pipe
-Wno-sign-compare
-fno-asynchronous-unwind-tables
-O2
-fomit-frame-pointer
-DCC_HAVE_ASM_GOTO
-fno-PIC
-fno-PIE
-mcmodel=small
-fPIC
-O2
-fasynchronous-unwind-tables
-m64
-fno-stack-protector
-fno-omit-frame-pointer
-foptimize-sibling-calls
-DDISABLE_BRANCH_PROFILING
-DBUILD_VDSO
-DKBUILD_BASENAME='"vclock_gettime"'
-DKBUILD_MODNAME='"vclock_gettime"'
-c
-o arch/x86/entry/vdso/.tmp_vclock_gettime.o
/<>/arch/x86/entry/vdso/vclock_gettime.c

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-25 Thread Jörg-Volker Peetz 
On Thu, 20 Oct 2016 18:13:05 -0500 "S. R. Wright"  wrote:
> I agree.  When the version changes from 6.2.0-6 to 6.2.0-7,  only bug 
> fixes should be included,  not changes in functionality.  In this case 
> setting enable-default-pie essentially broke backwards compatibility.  
> Kernel code that built in -6 failed to build in -7.  That, I agree,  
> should be considered a bug,  and the change should be rolled back.
> 
> -- sRw

I support this statement about changing functionality of such an important tool.
At least a recipe how to get the old behavior should be documented.

> 
> On 10/20/2016 05:49 PM, Ben Hutchings wrote:
> > On Fri, 2016-10-21 at 01:21 +0300, Konstantin Demin wrote:
> >> It's not a GCC bug but kind of new feature.
> > It's a bug when a compiler fails to compile valid code.
> >
> > Ben.
> >
> >> Take a look at this changelog entry:
> >>   gcc-6 (6.2.0-7) unstable; urgency=medium
> >>
> >> [ Matthias Klose ]
> >> * Configure with --enable-default-pie and pass -z now when pie is 
> >> enabled;
> >>   on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x.
> >>   Closes: #835148.
> >>
> >> Starting at gcc 6.2.0-7 we must provide "-fno-PIE -fno-PIC" in
> >> beginning of CFLAGS to build kernel successfully.
> >>

But does this generate the same output as without -enable-default-pie?
Some parts of the kernel do use -fpic or -fPIC. Which directive prevails?

> >> I'm currently looking for correct way to do this trick.

Regards,
jvp.

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread Eric Valette 

On 21/10/2016 16:36, Ben Hutchings wrote:

On Fri, 2016-10-21 at 12:40 +0300, Konstantin Demin wrote:




I disagree: you fix debian code but upstream kernel is also affected.
I wanted to compile the upstream 4.4.26 for the COW fixe and cannot.
Please revert.



It is absolutely supported (so long as you enable the necessary
features) and is common practice.  However, any bugs in some other
version of the kernel should not be assigned to src:linux.


Thanks Ben. BTW : I was originally arguing against the move to linux:src 
for a bug I opened on gcc because I was compiling upstream vanilla 
kernel code. (I never open a bug in linux:src as I barely use it except 
at first install).


I also dislike, gcc advocates forcibly merging bugs people have 
discovered rebuilding debian kernel from source and bug discovered 
compiling upstream vanilla kernel from source not even flagging them 
"upstream".


Nice game : they broke gcc with their patches (even if for possible good 
technical security reasons), and then, when bug are detected, even if 
bug report (like mine) explicitly specified upstream vanilla kernel code 
they reaffect it to linux:src asking for someone else to clean up the mess.


I do think (like you wrote elsewhere) that fixing debian kernel build is 
not a solution: until the needed patches are applied upstream, tagged 
for stable and have been propagated to the various LTS kernel,theses 
patches needs to be reverted.



-- eric

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread Ben Hutchings 
On Fri, 2016-10-21 at 12:40 +0300, Konstantin Demin wrote:
> > > 
> > 
> > I disagree: you fix debian code but upstream kernel is also affected.
> > I wanted to compile the upstream 4.4.26 for the COW fixe and cannot.
> > Please revert.
> 
> 
> $ rmadison linux
> linux  | 4.5.5-1  | unstable| source
> linux  | 4.5.5-1  | unstable-debug  | source
> linux  | 4.6.4-1  | unstable| source
> linux  | 4.6.4-1  | unstable-debug  | source
> linux  | 4.7.5-1~bpo8+2   | jessie-backports| source
> linux  | 4.7.5-1  | unstable| source
> linux  | 4.7.6-1  | testing | source
> linux  | 4.7.8-1~bpo8+1   | buildd-jessie-backports | source
> linux  | 4.7.8-1~bpo8+1   | jessie-backports| source
> linux  | 4.7.8-1  | buildd-unstable | source
> linux  | 4.7.8-1  | unstable| source
> linux  | 4.7.8-1  | unstable-debug  | source
> 
> You should be noted that building kernel from vanilla source isn't
> good idea in Debian.
[...]

It is absolutely supported (so long as you enable the necessary
features) and is common practice.  However, any bugs in some other
version of the kernel should not be assigned to src:linux.

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of
them.



signature.asc
Description: This is a digitally signed message part

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread eric2.valette 

  
  
On 10/21/2016 11:43 AM, Eric Valette
  wrote:

On 10/21/2016 11:40 AM, Konstantin Demin wrote:
  
  

  I disagree: you fix debian code but
upstream kernel is also affected.

I wanted to compile the upstream 4.4.26 for the COW fixe and
cannot.

Please revert.

  


$ rmadison linux

linux  | 4.5.5-1  | unstable   
| source

linux  | 4.5.5-1  | unstable-debug 
| source

linux  | 4.6.4-1  | unstable   
| source

linux  | 4.6.4-1  | unstable-debug 
| source

linux  | 4.7.5-1~bpo8+2   | jessie-backports   
| source

linux  | 4.7.5-1  | unstable   
| source

linux  | 4.7.6-1  | testing
| source

linux  | 4.7.8-1~bpo8+1   | buildd-jessie-backports
| source

linux  | 4.7.8-1~bpo8+1   | jessie-backports   
| source

linux  | 4.7.8-1  | buildd-unstable
| source

linux  | 4.7.8-1  | unstable   
| source

linux  | 4.7.8-1  | unstable-debug 
| source


You should be noted that building kernel from vanilla source
isn't

good idea in Debian.

  
  
  Except I have been doing this for nearly 10 years...
  
  
  I don't see any 4.4 branch in Debian
sources, but you may use git tag

"debian/4.4.6-1" as base for your own work/fork.

  
  
  I'm not using debian kernel nor want to use them. I want a
  compiler able to compile upstream code without modifications.
  
  
  And I want LTS kernel to get fixes as soon as they appear without
  being forced to move to non LTS versions.
  
  
  -- eric
  
  


And BTW, I just checked linux linux git today and
the code is not there so gcc does not compile upstream kernel.
Period. So the new ciomplier breaks upstream compilation using
valid compilation flags.
  
-- eric


-- 
Eric Valette
Orange Lab Product and Services
Homebox Etudes Architecture et Développement 
Architecte Livebox et Set Top Box
tél : (+33) 2 99 12 45 71
mél : 

  _

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread Eric Valette 

On 10/21/2016 11:40 AM, Konstantin Demin wrote:

I disagree: you fix debian code but upstream kernel is also affected.
I wanted to compile the upstream 4.4.26 for the COW fixe and cannot.
Please revert.


$ rmadison linux
linux  | 4.5.5-1  | unstable| source
linux  | 4.5.5-1  | unstable-debug  | source
linux  | 4.6.4-1  | unstable| source
linux  | 4.6.4-1  | unstable-debug  | source
linux  | 4.7.5-1~bpo8+2   | jessie-backports| source
linux  | 4.7.5-1  | unstable| source
linux  | 4.7.6-1  | testing | source
linux  | 4.7.8-1~bpo8+1   | buildd-jessie-backports | source
linux  | 4.7.8-1~bpo8+1   | jessie-backports| source
linux  | 4.7.8-1  | buildd-unstable | source
linux  | 4.7.8-1  | unstable| source
linux  | 4.7.8-1  | unstable-debug  | source

You should be noted that building kernel from vanilla source isn't
good idea in Debian.


Except I have been doing this for nearly 10 years...


I don't see any 4.4 branch in Debian sources, but you may use git tag
"debian/4.4.6-1" as base for your own work/fork.


I'm not using debian kernel nor want to use them. I want a compiler able 
to compile upstream code without modifications.


And I want LTS kernel to get fixes as soon as they appear without being 
forced to move to non LTS versions.


-- eric

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread Konstantin Demin 
>> I disagree: you fix debian code but upstream kernel is also affected.
>> I wanted to compile the upstream 4.4.26 for the COW fixe and cannot.
>> Please revert.

$ rmadison linux
linux  | 4.5.5-1  | unstable| source
linux  | 4.5.5-1  | unstable-debug  | source
linux  | 4.6.4-1  | unstable| source
linux  | 4.6.4-1  | unstable-debug  | source
linux  | 4.7.5-1~bpo8+2   | jessie-backports| source
linux  | 4.7.5-1  | unstable| source
linux  | 4.7.6-1  | testing | source
linux  | 4.7.8-1~bpo8+1   | buildd-jessie-backports | source
linux  | 4.7.8-1~bpo8+1   | jessie-backports| source
linux  | 4.7.8-1  | buildd-unstable | source
linux  | 4.7.8-1  | unstable| source
linux  | 4.7.8-1  | unstable-debug  | source

You should be noted that building kernel from vanilla source isn't
good idea in Debian.
I don't see any 4.4 branch in Debian sources, but you may use git tag
"debian/4.4.6-1" as base for your own work/fork.

Happy hacking!

PS:
I can't understand why you're mixing GCC 6.x release (_unstable_) and
Linux kernel 4.4.x long-term support (_stable_).
If you're targeting on stable workflow, use GCC 5.x or even 4.9.x
instead of 6.x branch.

-- 
SY,
Konstantin Demin

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-21 Thread Eric Valette 

  
  
On 10/21/2016 01:45 AM, Konstantin
  Demin wrote:


  2016-10-21 1:49 GMT+03:00 Ben Hutchings :

  
It's a bug when a compiler fails to compile valid code.

Ben.

--
Ben Hutchings
Never put off till tomorrow what you can avoid all together.

  
  
Dear Ben, there are no actual bug in compiler, just a caveat to work with it.

Some time ago i had experience to build fully hardened nginx build,
and I was forced to build shared libraries with -fPIC but not -fPIE
due to linker errors.

Solution was to separate build to executable only and shared-libraries only;
this is semi-true: executable is successfully linked with -fPIC flag,
but it's not used in packaging because of executable already built with -fPIE.

This bug report is just another round of game with compiler/linker flags.
In my turn, I would rather define protective flags to provide backward
and forward compatibility.



I disagree: you fix debian code but upstream kernel is also
affected. I wanted to compile the upstream 4.4.26 for the COW fixe
and cannot.
Please revert.

-- eric

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-20 Thread Konstantin Demin 
2016-10-21 1:49 GMT+03:00 Ben Hutchings :
> It's a bug when a compiler fails to compile valid code.
>
> Ben.
>
> --
> Ben Hutchings
> Never put off till tomorrow what you can avoid all together.

Dear Ben, there are no actual bug in compiler, just a caveat to work with it.

Some time ago i had experience to build fully hardened nginx build,
and I was forced to build shared libraries with -fPIC but not -fPIE
due to linker errors.

Solution was to separate build to executable only and shared-libraries only;
this is semi-true: executable is successfully linked with -fPIC flag,
but it's not used in packaging because of executable already built with -fPIE.

This bug report is just another round of game with compiler/linker flags.
In my turn, I would rather define protective flags to provide backward
and forward compatibility.

-- 
SY,
Konstantin Demin
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -168,6 +168,7 @@ else
 	echo 'override CROSS_COMPILE = $$(DEB_HOST_GNU_TYPE)-' >> '$(DIR)/.kernelvariables'
 	echo 'endif' >> '$(DIR)/.kernelvariables'
 endif
+	echo 'KCFLAGS += -fno-PIC -fno-PIE' >> '$(DIR)/.kernelvariables'
 ifdef CFLAGS_KERNEL
 	echo 'CFLAGS_KERNEL += $(CFLAGS_KERNEL)' >> '$(DIR)/.kernelvariables'
 	echo 'CFLAGS_MODULE += $(CFLAGS_KERNEL)' >> '$(DIR)/.kernelvariables'
 endif

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-20 Thread S. R. Wright 
I agree.  When the version changes from 6.2.0-6 to 6.2.0-7,  only bug 
fixes should be included,  not changes in functionality.  In this case 
setting enable-default-pie essentially broke backwards compatibility.  
Kernel code that built in -6 failed to build in -7.  That, I agree,  
should be considered a bug,  and the change should be rolled back.


-- sRw

On 10/20/2016 05:49 PM, Ben Hutchings wrote:

On Fri, 2016-10-21 at 01:21 +0300, Konstantin Demin wrote:

It's not a GCC bug but kind of new feature.

It's a bug when a compiler fails to compile valid code.

Ben.


Take a look at this changelog entry:
  gcc-6 (6.2.0-7) unstable; urgency=medium

[ Matthias Klose ]
* Configure with --enable-default-pie and pass -z now when pie is enabled;
  on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x.
  Closes: #835148.

Starting at gcc 6.2.0-7 we must provide "-fno-PIE -fno-PIC" in
beginning of CFLAGS to build kernel successfully.

I'm currently looking for correct way to do this trick.

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-20 Thread Ben Hutchings 
On Fri, 2016-10-21 at 01:21 +0300, Konstantin Demin wrote:
> It's not a GCC bug but kind of new feature.

It's a bug when a compiler fails to compile valid code.

Ben.

> Take a look at this changelog entry:
>  gcc-6 (6.2.0-7) unstable; urgency=medium
> 
>    [ Matthias Klose ]
>    * Configure with --enable-default-pie and pass -z now when pie is enabled;
>  on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x.
>  Closes: #835148.
> 
> Starting at gcc 6.2.0-7 we must provide "-fno-PIE -fno-PIC" in
> beginning of CFLAGS to build kernel successfully.
> 
> I'm currently looking for correct way to do this trick.
> 
> 
-- 
Ben Hutchings
Never put off till tomorrow what you can avoid all together.



signature.asc
Description: This is a digitally signed message part

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-20 Thread Konstantin Demin 
It's not a GCC bug but kind of new feature.

Take a look at this changelog entry:
 gcc-6 (6.2.0-7) unstable; urgency=medium

   [ Matthias Klose ]
   * Configure with --enable-default-pie and pass -z now when pie is enabled;
 on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x.
 Closes: #835148.

Starting at gcc 6.2.0-7 we must provide "-fno-PIE -fno-PIC" in
beginning of CFLAGS to build kernel successfully.

I'm currently looking for correct way to do this trick.

-- 
SY,
Konstantin Demin

Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled

2016-10-19 Thread S R Wright 

Package: gcc-6
Version: 6.2.0-7

Kernel building with stack protection enabled breaks with 6.2.0-7, whereas 
identical .config works using 6.2.0-6:

output:

make[2]: Leaving directory '/usr/src/linux-4.8.1'
makeARCH=x86_64 prepare
make[2]: Entering directory '/usr/src/linux-4.8.1'
scripts/kconfig/conf  --silentoldconfig Kconfig
  SYSTBL  arch/x86/entry/syscalls/../../include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/asm/unistd_64_x32.h
  SYSTBL  arch/x86/entry/syscalls/../../include/generated/asm/syscalls_64.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_64.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_x32.h
  HOSTCC  arch/x86/tools/relocs_32.o
  HOSTCC  arch/x86/tools/relocs_64.o
  HOSTCC  arch/x86/tools/relocs_common.o
  HOSTLD  arch/x86/tools/relocs
  CHK include/config/kernel.release
  UPD include/config/kernel.release
Cannot use CONFIG_CC_STACKPROTECTOR_REGULAR: -fstack-protector not supported by 
compiler
Makefile:1048: recipe for target 'prepare-compiler-check' failed
make[2]: *** [prepare-compiler-check] Error 1
make[2]: Leaving directory '/usr/src/linux-4.8.1'
debian/ruleset/targets/common.mk:194: recipe for target 
'debian/stamp/conf/kernel-conf' failed
make[1]: *** [debian/stamp/conf/kernel-conf] Error 2
make[1]: Leaving directory '/usr/src/linux-4.8.1'
/usr/share/kernel-package/ruleset/minimal.mk:93: recipe for target 
'debian/stamp/conf/minimal_debian' failed
make: *** [debian/stamp/conf/minimal_debian] Error 2
Failed to create a ./debian directory: No such file or directory at 
/usr/bin/make-kpkg line 970.

relevant .config section:

CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
CONFIG_CC_STACKPROTECTOR_REGULAR=y
# CONFIG_CC_STACKPROTECTOR_STRONG is not set

-- sRw