| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0c6ff7bb-8a22-403d-b015-aa20c907df8f@nvidia.com> Date: Mon, 19 Aug 2024 12:41:55 -0700 From: John Hubbard <jhubbard@...dia.com> To: Muhammad Usama Anjum <Usama.Anjum@...labora.com>, Kees Cook <keescook@...omium.org> CC: "H . J . Lu" <hjl.tools@...il.com>, Chris Kennelly <ckennelly@...gle.com>, Eric Biederman <ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>, Fangrui Song <maskray@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Yang Yingliang <yangyingliang@...wei.com>, <linux-mm@...ck.org>, <linux-kselftest@...r.kernel.org>, Mike Rapoport <rppt@...nel.org>, "Rui Salvaterra" <rsalvaterra@...il.com>, Victor Stinner <vstinner@...hat.com>, "Jan Palus" <jpalus@...tmail.com>, Al Viro <viro@...iv.linux.org.uk>, "Christian Brauner" <brauner@...nel.org>, Jan Kara <jack@...e.cz>, <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH 1/3] selftests/exec: Build both static and non-static load_address tests On 8/18/24 8:55 PM, Muhammad Usama Anjum wrote: > On 8/7/24 3:22 PM, Muhammad Usama Anjum wrote: >> On 5/9/24 11:16 AM, Kees Cook wrote: >>> On Wed, May 08, 2024 at 07:54:13PM -0700, John Hubbard wrote: >>>> Didn't we learn recently, though, that -static-pie is gcc 8.1+, while the >>>> kernel's minimum gcc version is 5? >>> >>> Yes, that's true. If we encounter anyone trying to build the selftests >>> with <8.1 I think we'll have to add a compiler version test in the >>> Makefile to exclude the static pie tests. >>> >>> There's also the potential issue with arm64 builds that caused the >>> original attempt at -static. We'll likely need an exclusion there too. >>> >> I'm not getting failures for arm64 instead for arm. I'm trying to find >> this "rcrt1.o" file. Does anybody have any idea if this error can be >> resolved by missing file or is it something arm-linux-gnueabihf >> toolchain doesn't support? > Do you have any idea? Yes, I took a closer look just now: > >> >> make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- >> arm-linux-gnueabihf-gcc -Wall -Wno-nonnull -D_GNU_SOURCE= >> -Wl,-z,max-page-size=0x1000 \ >> -fPIE -static-pie load_address.c -o >> /home/usama/repos/kernel/linux_mainline/tools/testing/selftests/exec/load_address.static.0x1000 >> /usr/lib/gcc-cross/arm-linux-gnueabihf/12/../../../../arm-linux-gnueabihf/bin/ld: >> cannot find rcrt1.o: No such file or directory >> collect2: error: ld returned 1 exit status >> make: *** [Makefile:39: >> /home/usama/repos/kernel/linux_mainline/tools/testing/selftests/exec/load_address.static.0x1000] >> Error 1 > This appears to be because that particular cross compiler setup (the libc part of the installation) fails to include rcrt1.o. I was able to reproduce this on Ubuntu 23.04, using their standard arm cross compilation packages for gcc and libc. Also, -static-pie is what is causing the linker to look for rcrt1.o. If you change the invocation from "-static-pie" to "-static -pie", then linking succeeds. Putting all of this together, I think we were are seeing is that even though "-static-pie" was added to gcc 8.1+, and even though the cross-compiler installation here shows gcc 12.3.0, the libc support for that feature is lagging. In other words, the cross installation of libc is effectively at something earlier than gcc 8.1's needs. So I think this means that we need to fix up the distros'packages, and meanwhile, fall back to something like "-static-pie" for selftests. thanks, -- John Hubbard NVIDIA
Powered by blists - more mailing lists