linux 5.10.14+
Hello dear kernel maintainers! I would like to ask you to revert upstream commit 9c8bb3eac0 "objtool: Don't fail the kernel build on fatal errors" in upcoming Debian's kernel package because I suppose that it's better for all of us to get FTBFS than kernel panic somewhat later. Of course, it's just my opinion. -- SY, Konstantin Demin
Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled
>> But does this generate the same output as without -enable-default-pie? >> Some parts of the kernel do use -fpic or -fPIC. Which directive prevails? If you call gcc with "-O3 -O0 -O1", only "-O1" option is make sence. See attachments from recent build log (roughly speaking, Linux 4.8.4, "make V=1" with gcc 6.2.0-9, but actually it's heavily customized Debian src:linux with 3rd pty patches and custom configs). >> I'm currently looking for correct way to do this trick. Patch is available and (at least) works for me on amd64 and i386, ref msg #51 -- SY, Konstantin Demin gcc-6 -Wp,-MD,arch/x86/entry/vdso/.vdso-image-64.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/6/include -I/<>/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/<>/include -I./include -I/<>/arch/x86/include/uapi -I/<>/include/uapi -I./include/generated/uapi -include /<>/include/linux/kconfig.h -I/<>/arch/x86/entry/vdso -Iarch/x86/entry/vdso -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -O2 -fplugin=./scripts/gcc-plugins/cyc_complexity_plugin.so -fomit-frame-pointer -DCC_HAVE_ASM_GOTO -fno-PIC -fno-PIE -DKBUILD_BASENAME='"vdso_image_64"' -DKBUILD_MODNAME='"vdso_image_64"' -c -o arch/x86/entry/vdso/.tmp_vdso-image-64.o arch/x86/entry/vdso/vdso-image-64.cgcc-6 -Wp,-MD,arch/x86/entry/vdso/.vclock_gettime.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/6/include -I/<>/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/<>/include -I./include -I/<>/arch/x86/include/uapi -I/<>/include/uapi -I./include/generated/uapi -include /<>/include/linux/kconfig.h -I/<>/arch/x86/entry/vdso -Iarch/x86/entry/vdso -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -O2 -fomit-frame-pointer -DCC_HAVE_ASM_GOTO -fno-PIC -fno-PIE -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 -fno-stack-protector -fno-omit-frame-pointer -foptimize-sibling-calls -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO -DKBUILD_BASENAME='"vclock_gettime"' -DKBUILD_MODNAME='"vclock_gettime"' -c -o arch/x86/entry/vdso/.tmp_vclock_gettime.o /<>/arch/x86/entry/vdso/vclock_gettime.c
Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled
>> I disagree: you fix debian code but upstream kernel is also affected. >> I wanted to compile the upstream 4.4.26 for the COW fixe and cannot. >> Please revert. $ rmadison linux linux | 4.5.5-1 | unstable| source linux | 4.5.5-1 | unstable-debug | source linux | 4.6.4-1 | unstable| source linux | 4.6.4-1 | unstable-debug | source linux | 4.7.5-1~bpo8+2 | jessie-backports| source linux | 4.7.5-1 | unstable| source linux | 4.7.6-1 | testing | source linux | 4.7.8-1~bpo8+1 | buildd-jessie-backports | source linux | 4.7.8-1~bpo8+1 | jessie-backports| source linux | 4.7.8-1 | buildd-unstable | source linux | 4.7.8-1 | unstable| source linux | 4.7.8-1 | unstable-debug | source You should be noted that building kernel from vanilla source isn't good idea in Debian. I don't see any 4.4 branch in Debian sources, but you may use git tag "debian/4.4.6-1" as base for your own work/fork. Happy hacking! PS: I can't understand why you're mixing GCC 6.x release (_unstable_) and Linux kernel 4.4.x long-term support (_stable_). If you're targeting on stable workflow, use GCC 5.x or even 4.9.x instead of 6.x branch. -- SY, Konstantin Demin
Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled
2016-10-21 1:49 GMT+03:00 Ben Hutchings <b...@decadent.org.uk>: > It's a bug when a compiler fails to compile valid code. > > Ben. > > -- > Ben Hutchings > Never put off till tomorrow what you can avoid all together. Dear Ben, there are no actual bug in compiler, just a caveat to work with it. Some time ago i had experience to build fully hardened nginx build, and I was forced to build shared libraries with -fPIC but not -fPIE due to linker errors. Solution was to separate build to executable only and shared-libraries only; this is semi-true: executable is successfully linked with -fPIC flag, but it's not used in packaging because of executable already built with -fPIE. This bug report is just another round of game with compiler/linker flags. In my turn, I would rather define protective flags to provide backward and forward compatibility. -- SY, Konstantin Demin --- a/debian/rules.real +++ b/debian/rules.real @@ -168,6 +168,7 @@ else echo 'override CROSS_COMPILE = $$(DEB_HOST_GNU_TYPE)-' >> '$(DIR)/.kernelvariables' echo 'endif' >> '$(DIR)/.kernelvariables' endif + echo 'KCFLAGS += -fno-PIC -fno-PIE' >> '$(DIR)/.kernelvariables' ifdef CFLAGS_KERNEL echo 'CFLAGS_KERNEL += $(CFLAGS_KERNEL)' >> '$(DIR)/.kernelvariables' echo 'CFLAGS_MODULE += $(CFLAGS_KERNEL)' >> '$(DIR)/.kernelvariables' endif
Bug#841368: gcc-6 6.2.0-7 breaks kernel build if stack protection is enabled
It's not a GCC bug but kind of new feature. Take a look at this changelog entry: gcc-6 (6.2.0-7) unstable; urgency=medium [ Matthias Klose ] * Configure with --enable-default-pie and pass -z now when pie is enabled; on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x. Closes: #835148. Starting at gcc 6.2.0-7 we must provide "-fno-PIE -fno-PIC" in beginning of CFLAGS to build kernel successfully. I'm currently looking for correct way to do this trick. -- SY, Konstantin Demin