Re: Compiling libc with LTO

2018-03-05 Thread Dimitry Andric 
On 5 Mar 2018, at 00:11, Shawn Webb  wrote:
> 
> I'm working on Cross-DSO CFI support in HardenedBSD. I've noticed
> certain libraries do not like to be compiled with -flto, libc being
> one of them. I'm scratching my head a bit, but unsure where to go from
> here, so a little direction would be helpful.
> 
> In the hardened/current/cross-dso-cfi feature branch of the
> hardenedBSD-playground repo[1], ld.lld, llvm-ar, llvm-nm, and
> llvm-objdump are the default ld, ar/ranlib, nm, and objdump
> respectively. The first step for Cross-DSO CFI support is compiling
> all shared and static libraries with LTO.
> 
> I'm curious if this is a shortcoming of ld.lld and I should file a bug
> with the llvm project (if one's not already filed). I've heard that
> someone got FreeBSD compiled with LTO already, so I'm hoping to borrow
> some of their expertise.
> 
> Here's a log of the build (warning: large file):
> https://gist.githubusercontent.com/anonymous/f8617d629fd054479142cc4b6de3581e/raw/b94579fac987556c01ae0aab7e2943d25d27bcc4/libc.log
> 
> Essentially, the erroring lines are:
> 
> /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
> swapcontext.pico: symbol swapcontext@@@FBSD_1.2 has undefined version 
> @FBSD_1.2
> /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
> openat.pico: symbol openat@@@FBSD_1.2 has undefined version @FBSD_1.2
> /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
> setcontext.pico: symbol setcontext@@@FBSD_1.2 has undefined version @FBSD_1.2

I can at least reproduce these errors, and it seems strange that the
symbols in question end up with three @ signs, e.g. the LLVM IR in
swapcontext.pico has:

module asm ".ident\09\22$FreeBSD$\22"
module asm ".weak __swapcontext"
module asm ".equ __swapcontext, __sys_swapcontext"
module asm ".symver __impl_swapcontext, swapcontext@FBSD_1.0"
module asm ".weak __impl_swapcontext"
module asm ".equ __impl_swapcontext, swapcontext"
module asm ".symver swapcontext, swapcontext@@@FBSD_1.2"

It seems the linker has special handling for @@@, as per:

https://github.com/llvm-mirror/lld/blob/master/ELF/SymbolTable.cpp#L320

but I am unsure as to why this does not appear to work with -flto.
Maybe Rafael has any ideas?

-Dimitry



signature.asc
Description: Message signed with OpenPGP

Compiling libc with LTO

2018-03-04 Thread Shawn Webb 
Hey All,

I'm working on Cross-DSO CFI support in HardenedBSD. I've noticed
certain libraries do not like to be compiled with -flto, libc being
one of them. I'm scratching my head a bit, but unsure where to go from
here, so a little direction would be helpful.

In the hardened/current/cross-dso-cfi feature branch of the
hardenedBSD-playground repo[1], ld.lld, llvm-ar, llvm-nm, and
llvm-objdump are the default ld, ar/ranlib, nm, and objdump
respectively. The first step for Cross-DSO CFI support is compiling
all shared and static libraries with LTO.

I'm curious if this is a shortcoming of ld.lld and I should file a bug
with the llvm project (if one's not already filed). I've heard that
someone got FreeBSD compiled with LTO already, so I'm hoping to borrow
some of their expertise.

Here's a log of the build (warning: large file):
https://gist.githubusercontent.com/anonymous/f8617d629fd054479142cc4b6de3581e/raw/b94579fac987556c01ae0aab7e2943d25d27bcc4/libc.log

Essentially, the erroring lines are:

/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
swapcontext.pico: symbol swapcontext@@@FBSD_1.2 has undefined version @FBSD_1.2
/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
openat.pico: symbol openat@@@FBSD_1.2 has undefined version @FBSD_1.2
/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
setcontext.pico: symbol setcontext@@@FBSD_1.2 has undefined version @FBSD_1.2

[1]: 
https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/current/cross-dso-cfi

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:+1 443-546-8752
GPG Key ID:  0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


signature.asc
Description: PGP signature