lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0c6ff7bb-8a22-403d-b015-aa20c907df8f@nvidia.com>
Date: Mon, 19 Aug 2024 12:41:55 -0700
From: John Hubbard <jhubbard@...dia.com>
To: Muhammad Usama Anjum <Usama.Anjum@...labora.com>, Kees Cook
	<keescook@...omium.org>
CC: "H . J . Lu" <hjl.tools@...il.com>, Chris Kennelly <ckennelly@...gle.com>,
	Eric Biederman <ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>,
	Fangrui Song <maskray@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>,
	Yang Yingliang <yangyingliang@...wei.com>, <linux-mm@...ck.org>,
	<linux-kselftest@...r.kernel.org>, Mike Rapoport <rppt@...nel.org>, "Rui
 Salvaterra" <rsalvaterra@...il.com>, Victor Stinner <vstinner@...hat.com>,
	"Jan Palus" <jpalus@...tmail.com>, Al Viro <viro@...iv.linux.org.uk>,
	"Christian Brauner" <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
	<linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
	<linux-hardening@...r.kernel.org>
Subject: Re: [PATCH 1/3] selftests/exec: Build both static and non-static
 load_address tests

On 8/18/24 8:55 PM, Muhammad Usama Anjum wrote:
> On 8/7/24 3:22 PM, Muhammad Usama Anjum wrote:
>> On 5/9/24 11:16 AM, Kees Cook wrote:
>>> On Wed, May 08, 2024 at 07:54:13PM -0700, John Hubbard wrote:
>>>> Didn't we learn recently, though, that -static-pie is gcc 8.1+, while the
>>>> kernel's minimum gcc version is 5?
>>>
>>> Yes, that's true. If we encounter anyone trying to build the selftests
>>> with <8.1 I think we'll have to add a compiler version test in the
>>> Makefile to exclude the static pie tests.
>>>
>>> There's also the potential issue with arm64 builds that caused the
>>> original attempt at -static. We'll likely need an exclusion there too.
>>>
>> I'm not getting failures for arm64 instead for arm. I'm trying to find
>> this "rcrt1.o" file. Does anybody have any idea if this error can be
>> resolved by missing file or is it something arm-linux-gnueabihf
>> toolchain doesn't support?
> Do you have any idea?

Yes, I took a closer look just now:

> 
>>
>> make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf-
>> arm-linux-gnueabihf-gcc -Wall -Wno-nonnull -D_GNU_SOURCE=
>> -Wl,-z,max-page-size=0x1000 \
>>          -fPIE -static-pie load_address.c -o
>> /home/usama/repos/kernel/linux_mainline/tools/testing/selftests/exec/load_address.static.0x1000
>> /usr/lib/gcc-cross/arm-linux-gnueabihf/12/../../../../arm-linux-gnueabihf/bin/ld:
>> cannot find rcrt1.o: No such file or directory
>> collect2: error: ld returned 1 exit status
>> make: *** [Makefile:39:
>> /home/usama/repos/kernel/linux_mainline/tools/testing/selftests/exec/load_address.static.0x1000]
>> Error 1
> 

This appears to be because that particular cross compiler setup
(the libc part of the installation) fails to include rcrt1.o. I was
able to reproduce this on Ubuntu 23.04, using their standard arm
cross compilation packages for gcc and libc.

Also, -static-pie is what is causing the linker to look for rcrt1.o.
If you change the invocation from "-static-pie" to "-static -pie",
then linking succeeds.

Putting all of this together, I think we were are seeing is that
even though "-static-pie" was added to gcc 8.1+, and even though
the cross-compiler installation here shows gcc 12.3.0, the libc
support for that feature is lagging. In other words, the cross
installation of libc is effectively at something earlier than
gcc 8.1's needs.

So I think this means that we need to fix up the distros'packages,
and meanwhile, fall back to something like "-static-pie" for
selftests.

thanks,
-- 
John Hubbard
NVIDIA
  



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ