Ticket #3668 (closed bug: fixed)

Opened 4 years ago

Last modified 3 years ago

PIE-enabled hardened gcc might broke GHC.

Reported by: secludedsage Owned by:
Priority: normal Milestone:
Component: Compiler Version: 6.10.4
Keywords: Cc: kolmodin@…
Operating System: Linux Architecture: x86
Type of failure: None/Unknown Difficulty:
Test Case: Blocked By:
Blocking: Related Tickets:

Description (last modified by igloo) (diff) 

emerge --info:
Portage 2.1.7.4 (hardened/linux/x86/10.0/desktop, gcc-4.3.4, glibc-2.10.1-r0, 2.6.31-11-generic i686)
=================================================================
System uname: Linux-2.6.31-11-generic-i686-Genuine_Intel-R-_CPU_T2050_@_1.60GHz-with-gentoo-2.0.1
Timestamp of tree: Sat, 14 Nov 2009 05:45:01 +0000
app-shells/bash:     4.0_p35
dev-lang/python:     2.6.4, 3.1.1-r1
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.5.2-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.20
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="*"
MAKEOPTS="-j3"

While I am building yi-editor, I get: 

Building yi-0.6.1...
[  1 of 119] Compiling System.FriendlyPath ( System/FriendlyPath.hs,
dist/build/System/FriendlyPath.o )
[  2 of 119] Compiling Shim.ProjectContent ( Shim/ProjectContent.hs,
dist/build/Shim/ProjectContent.o )
[  3 of 119] Compiling Parser.Incremental ( Parser/Incremental.hs,
dist/build/Parser/Incremental.o )
[  4 of 119] Compiling Data.Trie        ( Data/Trie.hs, dist/build/Data/Trie.o
)
[  5 of 119] Compiling Data.DelayList   ( Data/DelayList.hs,
dist/build/Data/DelayList.o )
[  6 of 119] Compiling Data.Rope        ( Data/Rope.hs, dist/build/Data/Rope.o
)
[  7 of 119] Compiling Data.Prototype   ( Data/Prototype.hs,
dist/build/Data/Prototype.o )
[  8 of 119] Compiling HConf.Utils      ( HConf/Utils.hs,
dist/build/HConf/Utils.o )
[  9 of 119] Compiling HConf.Paths      ( HConf/Paths.hs,
dist/build/HConf/Paths.o )
[ 10 of 119] Compiling Paths_yi         ( dist/build/autogen/Paths_yi.hs,
dist/build/Paths_yi.o )
[ 11 of 119] Compiling HConf            ( HConf.hs, dist/build/HConf.o )
[ 12 of 119] Compiling Yi.Char.Unicode  ( Yi/Char/Unicode.hs,
dist/build/Yi/Char/Unicode.o )
[ 13 of 119] Compiling Yi.UI.Common[boot] ( Yi/UI/Common.hs-boot,
dist/build/Yi/UI/Common.o-boot )
[ 14 of 119] Compiling Yi.String        ( Yi/String.hs, dist/build/Yi/String.o
)
[ 15 of 119] Compiling Yi.Monad         ( Yi/Monad.hs, dist/build/Yi/Monad.o )
[ 16 of 119] Compiling Yi.Keymap.Completion ( Yi/Keymap/Completion.hs,
dist/build/Yi/Keymap/Completion.o )
[ 17 of 119] Compiling Yi.Editor[boot]  ( Yi/Editor.hs-boot,
dist/build/Yi/Editor.o-boot )
[ 18 of 119] Compiling Yi.Debug         ( Yi/Debug.hs, dist/build/Yi/Debug.o )
[ 19 of 119] Compiling Yi.Prelude       ( Yi/Prelude.hs,
dist/build/Yi/Prelude.o )
[ 20 of 119] Compiling Yi.Dynamic       ( Yi/Dynamic.hs,
dist/build/Yi/Dynamic.o )
[ 21 of 119] Compiling Yi.Event         ( Yi/Event.hs, dist/build/Yi/Event.o )
[ 22 of 119] Compiling Yi.Interact      ( Yi/Interact.hs,
dist/build/Yi/Interact.o )
[ 23 of 119] Compiling Yi.Keymap[boot]  ( Yi/Keymap.hs-boot,
dist/build/Yi/Keymap.o-boot )
[ 24 of 119] Compiling Yi.Style         ( Yi/Style.hs, dist/build/Yi/Style.o )
[ 25 of 119] Compiling Yi.Style.Library ( Yi/Style/Library.hs,
dist/build/Yi/Style/Library.o )
[ 26 of 119] Compiling Yi.Interpreter   ( Yi/Interpreter.hs,
dist/build/Yi/Interpreter.o )
[ 27 of 119] Compiling Shim.Utils       ( Shim/Utils.hs,
dist/build/Shim/Utils.o )
[ 28 of 119] Compiling Shim.CabalInfo   ( Shim/CabalInfo.hs,
dist/build/Shim/CabalInfo.o )
[ 29 of 119] Compiling Yi.Buffer.Misc[boot] ( Yi/Buffer/Misc.hs-boot,
dist/build/Yi/Buffer/Misc.o-boot )
[ 30 of 119] Compiling Yi.Buffer.Basic  ( Yi/Buffer/Basic.hs,
dist/build/Yi/Buffer/Basic.o )
ghc: /usr/lib/ghc-6.10.4/ghc-prim-0.1.0.0/HSghc-prim-0.1.0.0.o: unknown symbol
`_GLOBAL_OFFSET_TABLE_'
Loading package ghc-prim ... linking ... ghc: unable to load package `ghc-prim'

mk/build.mk: 

# Gentoo changes
docdir = /usr/share/doc/ghc-6.10.4
htmldir = /usr/share/doc/ghc-6.10.4
SRC_HC_OPTS+= -optc-march=native -opta-march=native -optc-nopie -optl-nopie -optc-fno-PIE -opta-Wa,--noexecstack
SRC_CC_OPTS+=-O2 -march=native -pipe -nopie -Wa,--noexecstack
XMLDocWays=
HADDOCK_DOCS=NO
SRC_HC_OPTS+=-w

Attachments

1.log.bz2 Download (117.3 KB) - added by secludedsage 4 years ago.
build.log of GHC, which shows the related information about building ghc-prim.

Change History

Changed 4 years ago by secludedsage

gcc -dumpspecs: *asm: %{v:-V} %{Qy:} %{!Qn:-Qy} %{n} %{T} %{Ym,*} %{Yd,*} %{Wa,*:%*}

*asm_debug: %{gstabs*:--gstabs}%{!gstabs*:%{g*:--gdwarf2}} %{fdebug-prefix-map=*:--debug-prefix-map %*}

*asm_final:

*asm_options: %{--target-help:%:print-asm-header()} %a %Y %{c:%W{o*}%{!o*:-o %w%b%O}}%{!c:-o %d%w%u%O}

*invoke_as: %{!S:-o %|.s |

as %(asm_options) %|.s %A }

*cpp: %{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}

*cpp_options: %(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w} %{f*} %{g*:%{!g0:%{!fno-working-directory:-fworking-directory}}} %{O*} %{undef} %{save-temps:-fpch-preprocess}

*cpp_debug_options: %{d*}

*cpp_unique_options: %{C|CC:%{!E:%eGCC does not support -C or -CC without -E}} %{!Q:-quiet} %{nostdinc*} %{C} %{CC} %{v} %{I*&F*} %{P} %I %{MD:-MD %{!o:%b.d}%{o*:%.d%*}} %{MMD:-MMD %{!o:%b.d}%{o*:%.d%*}} %{M} %{MM} %{MF*} %{MG} %{MP} %{MQ*} %{MT*} %{!E:%{!M:%{!MM:%{!MT:%{!MQ:%{MD|MMD:%{o*:-MQ %*}}}}}}} %{remap} %{g3|ggdb3|gstabs3|gcoff3|gxcoff3|gvms3:-dD} %{H} %C %{D*&U*&A*} %{i*} %Z %i %{fmudflap:-D_MUDFLAP -include mf-runtime.h} %{fmudflapth:-D_MUDFLAP -D_MUDFLAPTH -include mf-runtime.h} %{!D_FORTIFY_SOURCE:%{!D_FORTIFY_SOURCE=*:%{!U_FORTIFY_SOURCE:-D_FORTIFY_SOURCE=2}}} %{E|M|MM:%W{o*}}

*trad_capable_cpp: cc1 -E %{traditional|ftraditional|traditional-cpp:-traditional-cpp}

*cc1: %(cc1_cpu) %{profile:-p}%{!DKERNEL: %(cc1_pie) %(cc1_ssp) } %(cc1_strict)

*cc1_options: %{pg:%{fomit-frame-pointer:%e-pg and -fomit-frame-pointer are incompatible}} %{shared:%{static|pie|fPIE|fpie|fno-PIC|fno-pic:%e-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic are incompatible}} %{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible}} %1 %{!Q:-quiet} -dumpbase %B %{d*} %{m*} %{a*} %{c|S:%{o*:-auxbase-strip %*}%{!o*:-auxbase %b}}%{!c:%{!S:-auxbase %b}} %{g*} %{O*} %{W*&pedantic*} %{w} %{std*&ansi&trigraphs} %{v:-version} %{pg:-p} %{p} %{f*} %{undef} %{Qn:-fno-ident} %{--help:--help} %{--target-help:--target-help} %{--help=*:--help=%(VALUE)} %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}} %{fsyntax-only:-o %j} %{-param*} %{fmudflap|fmudflapth:-fno-builtin -fno-merge-constants} %{coverage:-fprofile-arcs -ftest-coverage}

*cc1plus:

*link_gcc_c_sequence: %{static:--start-group} %G %L %{static:--end-group}%{!static:%G}

*link_ssp: %{fstack-protector:}

*endfile: %{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} %{mpc32:crtprec32.o%s} %{mpc64:crtprec64.o%s} %{mpc80:crtprec80.o%s} %(endfile_pie_gen) crtn.o%s

*link: %{!static:--eh-frame-hdr} -m %(link_emulation) %{shared:-shared} %{!shared: %{!ibcs: %{!static: %{rdynamic:-export-dynamic} %{!dynamic-linker:-dynamic-linker %(dynamic_linker)}} %{static:-static}}}

*lib: %{pthread:-lpthread} %{shared:-lc} %{!shared:%{mieee-fp:-lieee} %{profile:-lc_p}%{!profile:-lc}}

*mfwrap:

%{static: %{fmudflap|fmudflapth: --wrap=malloc --wrap=free --wrap=calloc --wrap=realloc --wrap=mmap --wrap=munmap --wrap=alloca} %{fmudflapth: --wrap=pthread_create}} %{fmudflap|fmudflapth: --wrap=main}

*mflib: %{fmudflap|fmudflapth: -export-dynamic}

*link_gomp:

*libgcc: %{static|static-libgcc:-lgcc -lgcc_eh}%{!static:%{!static-libgcc:%{!shared-libgcc:-lgcc --as-needed -lgcc_s --no-as-needed}%{shared-libgcc:-lgcc_s%{!shared: -lgcc}}}}

*startfile: %(ld_pie_crtfile_gen) crti.o%s %(startfile_pie_t_gen)

*switches_need_spaces:

*cross_compile: 0

*version: 4.3.4

*multilib: . ;

*multilib_defaults:

*multilib_extra:

*multilib_matches:

*multilib_exclusions:

*multilib_options:

*linker: collect2

*link_libgcc: %D

*md_exec_prefix:

*md_startfile_prefix:

*md_startfile_prefix_1:

*startfile_prefix_spec:

*sysroot_spec: --sysroot=%R

*sysroot_suffix_spec:

*sysroot_hdrs_suffix_spec:

*asm_pie: %{pie:-K PIC}

*ld_pie_crtfile_gen: %(crtfile_pie_gen)

*crtfile_gen: %{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}}

*crtfile_pie_gen: %{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s} }

*startfile_pie_t_gen: %{shared|pie:crtbeginS.o%s;static:crtbeginT.o%s;:crtbegin.o%s}

*startfile_pie_gen: %{shared|pie:crtbeginS.o%s;:crtbegin.o%s}

*endfile_pie_gen: %{shared|pie:crtendS.o%s;:crtend.o%s}

*cc1_ssp:

*cc1_ssp_all:

*cc1_pie: %{pie:-fPIE}

*cc1_strict:

*link_now:

*link_pie: %{pie:-pie}

*cc1_cpu: %{mcpu=*:-mtune=%* %n-mcpu=' is deprecated. Use -mtune=' or '-march=' instead. } %<mcpu=* %{mintel-syntax:-masm=intel %n-mintel-syntax' is deprecated. Use -masm=intel' instead. } %{mno-intel-syntax:-masm=att %n-mno-intel-syntax' is deprecated. Use -masm=att' instead. }%{march=native:%<march=native %:local_cpu_detect(arch) %{!mtune=*:%<mtune=native %:local_cpu_detect(tune)}} %{mtune=native:%<mtune=native %:local_cpu_detect(tune)}

*link_emulation: elf_i386

*dynamic_linker: %{muclibc:%{mglibc:%e-mglibc and -muclibc used together}/lib/ld-uClibc.so.0;:/lib/ld-linux.so.2}

*link_command: %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %(link_pie) %(link_now) %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r} %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}} %{static:} %{L*} %(mfwrap) %(link_libgcc) %o %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)} %(mflib) %{fprofile-arcs|fprofile-generate|coverage:-lgcov} %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} %{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}}

Changed 4 years ago by secludedsage

I am sorry that I pasted so much since I do not know how to organise these information.

I am using Hardened Gentoo and going to try yi-editor. However, I got the error pasted above while compiling yi-editor. While talking on IRC (#gentoo-haskell and #haskell) I was told that this might be caused by a broken toolchain. Since ebuild write -nopie to mk/build.mk, personally I think PIE things should be avoided. But the result is at least ghc-prim is still built with PIE enabled.

Thank you.

Changed 4 years ago by secludedsage

build.log of GHC, which shows the related information about building ghc-prim.

Changed 4 years ago by igloo

  • failure set to None/Unknown
  • description modified (diff)

Changed 4 years ago by secludedsage

Line 2735 in the build.log, I notice: /usr/bin/ld -x -r -o dist/build/HSghc-prim-0.1.0.0.o dist/build/GHC/Bool.o dist/build/GHC/Generics.o dist/build/GHC/Ordering.o dist/build/GHC/PrimopWrappers.o dist/build/GHC/IntWord32.o dist/build/GHC/IntWord64.o dist/build/GHC/Tuple.o dist/build/GHC/Types.o dist/build/GHC/Unit.o find dist/build -name "*_stub.o" -print dist/build/cbits/longlong.o

without -nopie from the build.mk's -optl-nopie. Is this the problem?

Changed 4 years ago by igloo

I don't know, but you probably need to add -nopie to SRC_LD_OPTS.

Changed 4 years ago by secludedsage

Well, I add "SRC_LD_OPTS+= -fno-PIE" here and the build failed at:

== make boot - --no-print-directory -r --jobserver-fds=3,4 - --jobserver-fds=3,4 -j;

in /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/utils/genapply

/var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -c GenApply?.hs -o GenApply?.o -ohi GenApply?.hi /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -M -dep-makefile .depend -osuf o -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp GenApply?.hs /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -o genapply -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -fno-PIE GenApply?.o ghc: unrecognised flags: -fno-PIE Usage: For basic information, try the `--help' option. make[2]: *** [genapply] Error 1 Failed making boot in genapply: 1 make[1]: *** [boot] Error 1 make: *** [stage1] Error 1

notice that -fno-PIE is directly sent here, unlike other commands listed above. Why it is sent here? SRC_LD_OPTS should be sent directly to ld, shouldn't it?

Changed 4 years ago by secludedsage 

------------------------------------------------------------------------
== make boot - --no-print-directory -r --jobserver-fds=3,4 - --jobserver-fds=3,4 -j;
 in /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/utils/genapply
------------------------------------------------------------------------
/var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp    -c GenApply.hs -o GenApply.o  -ohi GenApply.hi
/var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -M -dep-makefile .depend  -osuf o -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf    -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp GenApply.hs
/var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -o genapply -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp    -fno-PIE   GenApply.o   
ghc: unrecognised flags: -fno-PIE
Usage: For basic information, try the `--help' option.
make[2]: *** [genapply] Error 1
Failed making boot in genapply: 1
make[1]: *** [boot] Error 1
make: *** [stage1] Error 1

reformatted, sorry

Changed 4 years ago by secludedsage

I don't see any direct information about SRC_LD_OPTS. (Wiki pointed config.mk.in and it says SRC_P_OPTS, but no examples) I tried SRC_LD_OPTS+= -Wl,-nopie and get following: 

------------------------------------------------------------------------
== make boot -r --jobserver-fds=3,4 -j;
 in /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/includes
------------------------------------------------------------------------
Creating ghcplatform.h...
Creating ghcautoconf.h...
Done.
Done.
gcc -O -O2 -march=native -pipe -nopie -Wa,--noexecstack -DTABLES_NEXT_TO_CODE -I. -I../rts    -c mkDerivedConstants.c -o mkDerivedConstants.o
../utils/mkdependC/mkdependC -f .depend     -- -O -O2 -march=native -pipe -nopie -Wa,--noexecstack -DTABLES_NEXT_TO_CODE -I. -I../rts    -- mkDerivedConstants.c shell-tools.c 
gcc -o mkGHCConstants.o -O -O2 -march=native -pipe -nopie -Wa,--noexecstack -DTABLES_NEXT_TO_CODE -I. -I../rts    -c mkDerivedConstants.c  -DGEN_HASKELL
gcc -o mkGHCConstants -O -O2 -march=native -pipe -nopie -Wa,--noexecstack -DTABLES_NEXT_TO_CODE -I. -I../rts    -Wl,-nopie   mkGHCConstants.o
/usr/lib/gcc/i686-pc-linux-gnu/4.3.4/../../../../i686-pc-linux-gnu/bin/ld: cannot find -lgcc_s
collect2: ld returned 1 exit status
make[1]: *** [mkGHCConstants] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [stage1] Error 1

Changed 3 years ago by secludedsage

@igloo: i talked to dcoutts and was told to ask you how you set the -optc-m32 stuff for OS X. He said that you will point me the right file to modify and to solve this problem.

Thank you.

Changed 3 years ago by secludedsage

  • status changed from new to closed
  • resolution set to fixed

sed -i -e "s|wrapped|wrapped ${GHC_CFLAGS}|" ${S}/ghc/ghc.wrapper"

This solve it. It is a wrapper problem which is somehow Gentoo specific. Thanks for igloo.

Changed 3 years ago by simonpj

Great that this is unblocked, but is there anything we should do to GHC or its build system to stop it happening again?

Simon

Changed 3 years ago by kolmodin

We've had similar patches like this in previous ghc versions for Gentoo, but with ghc 6.10.4 it somehow slipped away.

I don't know if it can be solved in the build system in another way. The flags we put into ${GHC_CFLAGS} is currently parts the users' ${CFLAGS}, mostly to do with the arch and ABI flags. Then for hardend we add -nopie, for gccs with stack protectors we turn that off.

For ppc64 we need -mminimal-toc, and for earlier ghc versions we've passed the -Wa,--noexecstack flag due to QA in Gentoo.

These are flags we always want in place, thus it's natural to put it in the ghc wrapper.

To see more details on how all this funny business comes together, see the ghc-6.12rc2 ebuild:  http://code.haskell.org/gentoo/gentoo-haskell/dev-lang/ghc/ghc-6.12.0.20091121.ebuild

Changed 3 years ago by kolmodin

  • cc kolmodin@… added
Note: See TracTickets for help on using tickets.