lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87eg37niky.fsf@turtle.gmx.de>
Date:   Sun, 23 Oct 2016 18:19:57 +0200
From:   Sven Joachim <svenjoac@....de>
To:     Adam Borowski <kilobyte@...band.pl>
Cc:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Michal Marek <mmarek@...e.com>, linux-kbuild@...r.kernel.org,
        linux-kernel@...r.kernel.org, ben@...adent.org.uk
Subject: Re: [RFC PATCH] kbuild: add -fno-PIE

On 2016-10-21 23:21 +0200, Adam Borowski wrote:

> On Fri, Oct 21, 2016 at 01:16:00PM +0200, Sebastian Andrzej Siewior wrote:
>> Debian started to build the gcc with --enable-default-pie by default
>
> To be exact: this is since gcc-6 6.2.0-7 dated Tue, 18 Oct 2016 13:53:00 +0200
> on amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x.
>
>> so the kernel build ends before it starts properly with:
>> |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode
>> 
>> Is this okay or do we want some kind of check to see if -fno-PIE is supported?
>> It is mentioned in the 4.4.7 gcc manpage is it is not *that* new :)
>
> A naive "git log -Sno-PIE" on gcc sources shows commit 3e7f6cce[1] from Feb
> 2004, and as gcc automatically supports no-XXX whenever XXX is added, it
> appears the option is older than that.

Testing on Debian 3.1 (sarge) chroot, it seems that GCC 3.4 is the first
release to accept -fPIE/-fno-PIE.  Which could be a problem since
according to Documentation/Changes GCC 3.2 is sufficient to build the
kernel.

>> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
>> ---
>>  Makefile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/Makefile b/Makefile
>> index bf6e44a421df..97296d66b586 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -398,7 +398,7 @@ KBUILD_CPPFLAGS := -D__KERNEL__
>>  KBUILD_CFLAGS   := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
>>  		   -fno-strict-aliasing -fno-common \
>>  		   -Werror-implicit-function-declaration \
>> -		   -Wno-format-security \
>> +		   -Wno-format-security -fno-PIE \
>>  		   -std=gnu89
>>  
>>  KBUILD_AFLAGS_KERNEL :=
>> -- 
>> 2.9.3
>
> The patch works for me.  I haven't done any but most trivial testing,
> though.
>
>
> [1]. Using the https://gcc.gnu.org/git/gcc.git git gateway, commit hashes
> may be different elsewhere.

Cheers,
       Sven

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ