ref. also bugs #29958, #30359, #43440, #55900, #70342, #74601 possibly also #34712, #34785, #43314 (many of these are resolved fixed by filtering PIC) Affected package: linux26-headers, linux-headers Affected systems: x86 with PIC (includes all x86 hardened) /usr/include/asm/unistd.h, brought in on i386 systems from <syscall.h>, provides macros for making "int $0x80" calls. These macros fail to preserve %%ebx, so anything that tries to use them will fail if trying to build PIC. This affects the build-ability of a slew of packages, some of which have been fixed by filtering PIC. Some have been fixed by disabling associated functionality. I'll attach a patch to /usr/include/asm/i386/unistd.h for testing. Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.51-r15 (default-linux/x86/2004.3, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.6.10-hardened-r3 i686) ================================================================= System uname: 2.6.10-hardened-r3 i686 AMD Athlon(tm) XP 3200+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Nov 9 2004, 21:31:00)] ccache version 2.3 [enabled] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -pipe -O2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -pipe -O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.linux.ee/pub/gentoo/distfiles/ http://ftp.easynet.nl/mirror/gentoo/ http://ftp.heanet.ie/pub/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow X aalib acl acpi alsa apm arts avi berkdb bidi bitmap-fonts cdr crypt cups dhc-fqdn directfbdlloader doc dvb dvd dvdr encode esd f77 faad fam ffmpeg flac font-server foomaticdb fortran gcj gdbm gif gnome gpm gstreamer gtk gtk2 guile hardened imagemagick imlib ipv6 java javamail jce jikes jpeg junit kde kerberos libg++ libwww mad mbox mikmod mmx motif mozilla mpeg mpeg4 mysql ncurses nls odbc oggvorbis opengl osspam pdflib perl pic pie png postgres python qt quicktime readline ruby samba sdl slang speex spell sse ssl svga tcltk tcpd tiff truetype truetype-fonts trusted type1-fonts unicode usb v4l v4l2 wxwindows xinerama xml2 xmms xosd xprint xv xvid zlib linguas_en-gb linguas_en linguas_de linguas_es linguas_it linguas_fr" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS
Created attachment 49816 [details, diff] provides pic-aware versions of the macros Needs critical review; in particular could someone check I haven't got any of the parameter numbers wrong.
Created attachment 49817 [details] Simple compilation test file for compiling to see the errors, to review the generated assembler etc.
Created attachment 49826 [details, diff] provides pic-aware versions of the macros, with the instruction parameter ordering correct this time
Mike, mind testing these out?
What do you think of this pic patch? Seems safe?
So far this patch along with another flag-o-matic patch has cleared up many of the existing problems with hardened things. I think it wins my vote and might even be proper for upstream.
Added in linux-headers-2.6.10 and solar's added it to 2.4; I guess this can be marked as FIXED.
sorry for not getting back sooner, but yes, it looks quite good, nice job :)
*** Bug 82964 has been marked as a duplicate of this bug. ***
