I get the error below when I try to emerge xen on my hardened gentoo install running on an Athlon-XP system. It looks very similiar the following dev86 bug, that has since been resolved: http://bugs.gentoo.org/show_bug.cgi?id=111257 emerge xen ... gcc -nostdinc -fno-builtin -fno-common -fno-strict-aliasing -iwithprefix include -Wall -Werror -Wno-pointer-arith -pipe -I/var/tmp/portage/xen -3.0.0_pre20051027/work/xen-unstable-20051027/xen/include -I/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/include/asm- x86/mach-generic -I/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/include/asm-x86/mach-default -O3 -fomit-frame-pointer -msoft-float -m32 -march=i686 -DNDEBUG -c event_channel.c -o event_channel.o gcc -nostdinc -fno-builtin -fno-common -fno-strict-aliasing -iwithprefix include -Wall -Werror -Wno-pointer-arith -pipe -I/var/tmp/portage/xen -3.0.0_pre20051027/work/xen-unstable-20051027/xen/include -I/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/include/asm- x86/mach-generic -I/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/include/asm-x86/mach-default -O3 -fomit-frame-pointer -msoft-float -m32 -march=i686 -DNDEBUG -c grant_table.c -o grant_table.o grant_table.c: In function `gnttab_transfer': grant_table.c:760: error: can't find a register in class `BREG' while reloading `asm' make[1]: *** [grant_table.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/common' make: *** [/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen/xen] Error 2 make: Leaving directory `/var/tmp/portage/xen-3.0.0_pre20051027/work/xen-unstable-20051027/xen' !!! ERROR: app-emulation/xen-3.0.0_pre20051027 failed. !!! Function src_compile, Line 41, Exitcode 2 !!! compiling xen failed !!! If you need support, post the topmost build error, NOT this status message. Reproducible: Always Steps to Reproduce: 1.emerge xen 2. 3. Actual Results: Compile failed Expected Results: emerged xen successfully emerge --info Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r3, 2.6.11-1.1369_FC4 i686) ================================================================= System uname: 2.6.11-1.1369_FC4 i686 AMD Athlon(TM) XP 2200+ Gentoo Base System version 1.6.13 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -fno-ident -fomit-frame-pointer -momit-leaf-frame-pointer -mno-tls-direct-seg-refs" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe -fno-ident -fomit-frame-pointer -momit-leaf-frame-pointer -mno-tls-direct-seg-refs -fvisibility-inlines-hidden" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X acl acpi alsa apm arts bash-completion berkdb bzip2 caps cdr crypt curl dlloader dri dvd dvdr expat gdbm gif gpm hardened java jpeg ldap lm_sensors mmap mmx ncurses nls nptl pam pcre perl pic png python readline sockets sse ssl tcltk tcpd tiff truetype udev userlocales wifi x86 zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
There's a lot of architecture-specific stuff going on in xen, and it doesn't conform to the PIC ABI - I'd guess it probably shouldn't, anyway. I think the most sensible approach here is to switch off PIE, as it's probably not sensible anyway since Xen starts outside of Linux. Try: CFLAGS="-nopie" emerge xen and report back.
same problem here. solved switching gcc to hardenednopiessp profile gcc-config i686-pc-linux-gnu-3.3.6-hardenednopiessp source /etc/profile emerge xen
Changing the CFLAGS as suggested in comment #1 didn't seem to affect anything. I will try changing the gcc profile per comment #2 tonight.
Michael - did you see exactly the same error with CFLAGS=-nopie, and did you see '-nopie' on the compilation lines as the app built? Can you post the tail of the output of the build that failed with CFLAGS=-nopie?
in response to #4 CFLAGS="-nopie -fno-stack-protector -fno-stack-protector-all" won't work. grep -1 CFLAGS `equery which xen` unset CFLAGS make ${myopt} -C xen || die "compiling xen failed"
Hmm, I tried hardenednopiessp, and even tried downgrading to gcc 3.3.6 and using that profile and I still get the exact same results.
Thanks Fabrio; I missed that. Chris, adding 'filter-flags -fPIE -fstack-protector' after the 'unset CFLAGS' in src_compiler() will do the trick (with 'inherit flag-o-matic' of course). While you're at it, could you consider using 'strip-flags' from flag-o-matic instead of 'unset CFLAGS'? Michael; I don't understand what's happening for you - sounds like switching compilers isn't getting the results it should. To check the compiler has the pie/ssp stuff switched off do: echo | gcc -dM -E - | grep -E 'PIC|SSP' if you've successfully obtained the nopiessp compiler, the result should be nothing, whereas with the hardened compiler you'd see: ----- #define __SSP__ 1 #define __SSP_ALL__ 2 #define __PIC__ 1 -----
Hrmm, for gcc 3.3.6 I get __PIC__ defined, for gcc 3.4.4 I get all three. The commands I used and their output are below. Is my gcc configuration hosed somehow? tourian ~ # gcc-config i686-pc-linux-gnu-3.3.6-hardenednopiessp * Switching native-compiler to i686-pc-linux-gnu-3.3.6-hardenednopiessp [ ok ] * If you intend to use the gcc from the new profile in an already * running shell, please remember to do: * # source /etc/profile tourian ~ # . /etc/profile tourian ~ # echo | gcc -dM -E - | grep -E 'PIC|SSP' #define __PIC__ 1 tourian ~ # gcc-config i686-pc-linux-gnu-3.4.4-hardenednopiessp * Switching native-compiler to i686-pc-linux-gnu-3.4.4-hardenednopiessp [ ok ] * If you intend to use the gcc from the new profile in an already * running shell, please remember to do: * # source /etc/profile tourian ~ # . /etc/profile tourian ~ # echo | gcc -dM -E - | grep -E 'PIC|SSP' #define __SSP__ 1 #define __SSP_ALL__ 2 #define __PIC__ 1
xen-3 is supposed to do this anyway: # Disable PIE/SSP if GCC supports them. They can break us. CFLAGS += $(call test-gcc-flag,-nopie) CFLAGS += $(call test-gcc-flag,-fno-stack-protector) CFLAGS += $(call test-gcc-flag,-fno-stack-protector-all) (from xen/arch/x86/Rules.mk) I'm not sure why these flags don't appear in 'gcc -v --help' on Gentoo. ? Anyway, the latest ebuild explicitly removes them. Also there is a USE flag 'cflags' to force using the /etc/make.conf CFLAGS rather than xen defaults.
Micheal - yes, looks like your gcc configs are hosed. Raise a separate bug, assigned to toolchain@gentoo.org, and we'll work it there.
*** Bug 114716 has been marked as a duplicate of this bug. ***
