PIENotes
|
Size: 10366
Comment:
|
Size: 11535
Comment: more triage
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 114: | Line 114: |
| * kernel aslr issue | |
| Line 115: | Line 116: |
| * kernel aslr issue | |
| Line 116: | Line 118: |
| * unknown test failure (endianness test issue?) | |
| Line 117: | Line 120: |
| * kernel aslr issue (pkg install phase) | |
| Line 119: | Line 123: |
| * kernel aslr issue (pkg install phase) | |
| Line 120: | Line 125: |
| * kernel aslr issue | |
| Line 121: | Line 127: |
| * kernel aslr issue | |
| Line 124: | Line 131: |
| * kernel aslr issue | |
| Line 125: | Line 133: |
| * kernel aslr issue | |
| Line 130: | Line 139: |
| * kernel aslr issue (pkg install phase) | |
| Line 131: | Line 141: |
| * {{{/usr/bin/ld: -r and -pie may not be used together}}} during go module build | |
| Line 133: | Line 144: |
| * kernel aslr issue | |
| Line 135: | Line 147: |
| * {{{/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcheck.a(check.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC}}} | |
| Line 136: | Line 149: |
| * kernel aslr issue | |
| Line 137: | Line 151: |
| * kernel aslr issue | |
| Line 139: | Line 154: |
| * kernel aslr issue | |
| Line 141: | Line 157: |
| * kernel aslr issue | |
| Line 143: | Line 160: |
| * kernel aslr issue (pkg install phase) | |
| Line 144: | Line 162: |
| * kernel aslr issue | |
| Line 147: | Line 166: |
| * kernel aslr issue (pkg install phase) | |
| Line 148: | Line 168: |
| * kernel aslr issue (pkg install phase) | |
| Line 150: | Line 171: |
| * kernel aslr issue | |
| Line 152: | Line 174: |
| * kernel aslr issue | |
| Line 153: | Line 176: |
| * {{{/usr/include/efi/x86_64/efibind.h:86:24: fatal error: stdint.h: No such file or directory}}} ? | |
| Line 156: | Line 180: |
| * kernel aslr issue | |
| Line 158: | Line 183: |
| * kernel aslr issue (pkg install) | |
| Line 164: | Line 190: |
| * kernel aslr issue | |
| Line 166: | Line 193: |
| * kernel aslr issue |
Notes about enabling PIE by default in gcc for amd64
The following is my notes about landing PIE in 16.04.
In the gcc-5, there are two additional patches added to enable this, the first is applying the patch H.J. Lu landed in gcc trunk (https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=223796), which allows gcc to be configured with -pie on by default (and adds the disabling option -no-pie). The second patch changes the arguments passed to the linker (ld) to enable -z now (aka Immediate Binding) when -pie is enabled on amd64.
Build Testing
A first round of building testing was done in the gcc-pie-amd64 PPA, attempting to build most of main that has architecture specific components (i.e. build architecture 'all' or 'amd64'). The vast majority of packages succeeded to build.
(I also enabled the ppa in a xenial desktop VM and basic testing showed no problems.)
I'll capture the failures I see and the solutions to them
kernel aslr issue for kernel in vivid (3.19) and older
In build testing, one of the issues discovered is an (as yet unknown) issue with the kernel's handling of PIE+aslr binaries for kernels older than 4.2 (i.e. vivid and older). This manifests when bash is built with pie enabled and then is used to build some other packages; frequently an error like:
bash: xmalloc: .././locale.c:81: cannot allocate 2 bytes (0 bytes allocated)
is seen in the build logs. Unfortuantely, the buildds are running a mix of 3.13 and 3.19 kernels. Building with bash reverted to non-pie works around the issue. I verified that it's a kernel issue by reproducing the issue locally in an sbuild with bash+pie on a host running trusty, reproducing the build failure and then rebooting into the linux-lts-wily kernel, redoing the build, and seeing it succeed.
This issue affects the following package build failures (from below)
- aalib
- cdebconf-terminal
- cloog-ppl
- cpio
- cwidget
- dbus-c++
- ecryptfs-utils
- elfutils
- evolution-data-server
- firefox
- git
- glade
- libmnl
- p11-kit
- shadow
- util-linux
raw list of build failures (w/arches)
aalib (amd64)
- kernel aslr issue
camlp5 (amd64)
/usr/bin/ld: /usr/lib/ocaml/libasmrun.a(roots.o): relocation R_X86_64_32 against `caml_frametable' can not be used when making a shared object; recompile with -fPIC
cdebconf-terminal (amd64))
- kernel aslr issue
- checkbox (both)
- click (both)
cloog-ppl (amd64)
- kernel aslr issue
cmake (amd64)
- cpio(amd64)
- corosync (i386)
cwidget (amd64)
- kernel aslr issue
dbus-c++ (amd64)
- kernel aslr issue
ecryptfs-utils (amd64)
- kernel aslr issue
elfutils (amd64)
- kernel aslr issue
emacs24 (amd64)
- unknown problem with pie (fails with wily build host, too)
erlang (amd64)
- unknown error occurs in documentation build
- evolution (i386, dependency issue)
evolution-data-server (amd64)
- kernel aslr issue
- fcitx-qt5 (both)
findlib (amd64)
/usr/bin/ld: /usr/lib/ocaml/libcamlrun.a(stacks.o): relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC
firefox (amd64)
- kernel aslr issue
git (amd64)
- kernel aslr issue
glade (amd64)
- kernel aslr issue (at pkg install phase)
- gnome-control-center (i386, dependency issue on libgnome-desktop-3-dev)
gnome-desktop3 (amd64)
- kernel aslr issue
- gnome-settings-daemon (i386)
gnome-vfs (amd64)
- kernel aslr issue (pkg install phase)
- golang (both)
golang-race-detector-runtime (amd64)
==5011==ERROR: ThreadSanitizer failed to allocate 0x4000 (16384) bytes at address 1fc448bf40000 (errno: 12)
- gparted (both)
- grantlee (both)
graphviz (amd64)
- kernel aslr issue (pkg install phase)
- grep (i386)
grub2 (amd64)
/usr/bin/ld: -r and -pie may not be used together
gtk+2.0 (amd64)
- kernel aslr issue
gtkmm2.4 (amd64)
- kernel aslr issue (pkg install phase)
gtkspell (amd64)
- kernel aslr issue
hardening-wrapper (amd64)
- fails in no-hardening testcase, needs to know about pie by default and no-pie
- ibus (both)
icu (amd64)
- kernel aslr issue
indent (amd64)
- kernel aslr issue
jack-audio-connection-kit (amd64)
- kernel aslr issue
keyutils (amd64)
- unknown test failure (endianness test issue?)
libbit-vector-perl (amd64)
- kernel aslr issue (pkg install phase)
- libcmis (both)
libhybris (amd64)
- kernel aslr issue (pkg install phase)
liblangtag (amd64)
- kernel aslr issue
libmnl (amd64)
- kernel aslr issue
- libprelude (both)
- libreoffice (both)
librevenge (amd64)
- kernel aslr issue
libunwind (amd64)
- kernel aslr issue
- libvigraimpex (both)
- libxdmcp (both)
- libxfont (both)
- libxi (both)
libxml-libxml-perl (amd64)
- kernel aslr issue (pkg install phase)
lxd (amd64)
/usr/bin/ld: -r and -pie may not be used together during go module build
- mir (i386)
mono (amd64)
- kernel aslr issue
- nautilus (i386)
netcfg (amd64)
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/libcheck.a(check.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
nmap (amd64)
- kernel aslr issue
openipmi (amd64)
- kernel aslr issue
- oxide-qt (i386)
p11-kit (amd64)
- kernel aslr issue
- phonon-backend-gstreamer (both)
pidgin (amd64)
- kernel aslr issue
- procps (both)
python-cryptography (amd64)
- kernel aslr issue (pkg install phase)
qemu (amd64)
- kernel aslr issue
qtbase-opensource-src (amd64)
- Fails in mimetype test because it's looking for an executable type, but the pie binaries look like shared libraries
qtgraphicaleffects-opensource-src (amd64)
- kernel aslr issue (pkg install phase)
qtsensors-opensource-src (amd64)
- kernel aslr issue (pkg install phase)
- qtsvg-opensource-src (both)
rpm (amd64)
- kernel aslr issue
- sendmail (both)
shadow (amd64)
- kernel aslr issue
shim (amd64)
/usr/include/efi/x86_64/efibind.h:86:24: fatal error: stdint.h: No such file or directory ?
- sosreport (both)
- subversion (both)
swedish (amd64)
- kernel aslr issue
- syslinux (both)
systemtap (amd64)
- kernel aslr issue (pkg install)
- telepathy-glib (i386)
- totem (i386)
- ubuntu-app-launch (both)
- ubuntu-drivers-common (both)
- unity (i386)
util-linux (amd64)
- kernel aslr issue
- whois (both)
xfsprogs (amd64)
- kernel aslr issue
SteveBeattie/PIENotes (last edited 2015-12-03 09:15:31 by sbeattie)