lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 10 Nov 2017 10:43:25 +0100
From:   Jiri Olsa <jolsa@...hat.com>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Jiri Olsa <jolsa@...nel.org>, lkml <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        David Ahern <dsahern@...il.com>,
        Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: [PATCH 2/3] perf tools: Fix build for hardened environments

On Thu, Nov 09, 2017 at 09:52:12AM -0300, Arnaldo Carvalho de Melo wrote:
> Em Thu, Nov 09, 2017 at 08:36:22AM +0100, Jiri Olsa escreveu:
> > On Wed, Nov 08, 2017 at 01:03:21PM -0300, Arnaldo Carvalho de Melo wrote:
> > > Em Wed, Nov 08, 2017 at 11:27:38AM +0100, Jiri Olsa escreveu:
> > > > From: Jiri Olsa <jolsa@...hat.com>
> > > > 
> > > > On Fedora systems the perl and python CFLAGS/LDFLAGS include the
> > > > hardened specs from redhat-rpm-config package. We apply them only
> > > > for perl/python objects, which makes them not compatible with the
> > > > rest of the objects and the build fails with:
> > > > 
> > > >   /usr/bin/ld: perf-in.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
> > > >   /usr/bin/ld: libperf.a(libperf-in.o): relocation R_X86_64_32S against `.text' can not be used when making a shared object; recompile with -fPIC
> > > >   /usr/bin/ld: final link failed: Nonrepresentable section on output
> > > >   collect2: error: ld returned 1 exit status
> > > >   make[2]: *** [Makefile.perf:507: perf] Error 1
> > > >   make[1]: *** [Makefile.perf:210: sub-make] Error 2
> > > >   make: *** [Makefile:69: all] Error 2
> > > > 
> > > > Mainly it's caused by perl/python objects being compiled with:
> > > > 
> > > >   -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> > > > 
> > > > which prevent the final link impossible, because it will check
> > > > for 'proper' objects with following option:
> > > > 
> > > >   -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
> > > > 
> > > > Fixing this by using the perl/python CFLAGS/LDFLAGS options
> > > > for all the objects.
> > > 
> > > Humm, so we're basically using the hardened config only we build with
> > > PERL or PYTHON, should we use that always, i.e. ask the distro what set
> > > of flags we should use?
> > 
> > right, I think this needs to be detected like we do for features,
> > since there maybe some supported gcc versions to detect
> 
> Right, since we want to honour what the distro makers decided was the
> best set for them, and to be able to link with other libraries, etc.
> 
> But then I think this should be done more explicitely, right? Do you
> envision some way to do that without having to try to build perl or
> python, that may not be installed, etc?
> 

I'll check on it.. I think we could use feature detection and
enable that by default and add NO_HARDENED_BUILD variable as
we do for features.. and detect that python/perl or whatever
else is using that and warn

> Of course users wanting to use something different may just set CFLAGS
> and be done with it, in which case I think this should also affect the
> perl and python CFLAGS, removing that distro specific stuff since the
> user is changing something different.

yep

jirka

Powered by blists - more mailing lists