make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o closure.o closure.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o error.o error.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o lalr.o lalr.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o lr0.o lr0.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o main.o main.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o mkpar.o mkpar.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o output.o output.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o reader.o reader.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o skeleton.o skeleton.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o symtab.o symtab.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o verbose.o verbose.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o warshall.o warshall.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -o ocamlyacc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleton.o symtab.o verbose.o warshall.o main.o: In function `create_file_names': main.c:(.text+0x643): warning: the use of `mktemp' is dangerous, better use `mkstemp' make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' cp yacc/ocamlyacc boot/ocamlyacc cd stdlib; make COMPILER=../boot/ocamlc all make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmi` -c pervasives.mli make[1]: *** [pervasives.cmi] Killed make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' make: *** [coldstart] Error 2 !!! ERROR: dev-lang/ocaml-3.08.4 failed. Call stack: ebuild.sh, line 1531: Called dyn_compile ebuild.sh, line 931: Called src_compile ocaml-3.08.4.ebuild, line 52: Called die !!! (no error message) !!! If you need support, post the topmost build error, and the call stack if relevant. # tail -f /var/log/kern.log May 26 13:21:30 Atlantis ocamlrun[961]: segfault at ffffffff8715f0f4 rip ffffffff8715f0f4 rsp 000077d46d2a24b0 error 14 May 26 13:21:30 Atlantis PAX: execution attempt in: <NULL>, 00000000-00000000 00000000 May 26 13:21:30 Atlantis PAX: terminating task: /var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/boot/ocamlrun(ocamlrun):961, uid/euid: 0/0, PC: ffffffff8715f0f4, SP: 000077d46d2a24b0 May 26 13:21:30 Atlantis PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? May 26 13:21:30 Atlantis PAX: bytes at SP-8: 00000aa28715d788 00002f91d98973c8 00002f91d962307c 000000000001d7ef 0000000000000040 0000000000000021 0000000000000034 0000000000000000 0000000000000000 00000aa28726dde8 00002f91d989a010 Portage 2.1_rc2-r3 (hardened/amd64, gcc-3.4.4, glibc-2.3.6-r4, 2.6.16-hardened-r6-Teo x86_64) ================================================================= System uname: 2.6.16-hardened-r6-Teo x86_64 AMD Sempron(tm) Processor 3000+ Gentoo Base System version 1.12.0 ccache version 2.4 [enabled] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r1 dev-util/confcache: 0.4.2-r1 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O3 -ftracer -pipe -msse3" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O3 -ftracer -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache confcache distcc distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://mirror.switch.ch/mirror/gentoo/ http://gentoo.ngi.it/ http://distfiles.gentoo.org" LANG="it_IT.UTF-8" LC_ALL="it_IT.UTF-8" LINGUAS="it" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl amd64 bash-completion berkdb bzip2 crypt dlloader gmp gnutls gpm hardened idn ipv6 jpeg justify lm_sensors mailwrapper mysql ncurses nls nptl pam pic png readline samba snmp ssl tcpd truetype unicode userlocales xml zlib elibc_glibc kernel_linux linguas_it userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
It is my understanding that dev-lang/ocaml creates code on the fly and executes it (JIT/shellcode). With a PaX enabled kernel this would always fail as the goal of the PaX project is to protect programs from doing exactly this. If you don't care and wish to permit this behavior then you can probably paxctl/chpax the ocamlrun util.
Builds fine on x86 with PaX enabled here, so looks like an AMD64 issue rather than a PaX issue. The PaX report seems to indicate a null pointer dereference problem - the executable was killed when trying to execute address 0.
(In reply to comment #2) > executable was killed when trying to execute address 0. No it wasn't - I was talking from the wrong end, again. PC was ffffffff8715f0f4, which is not code space so it definitely looks like a 64-bit error.
to me it looks like some int->long signed extension where someone stored a function ptr in that int previously and ended up losing the high 32 bits. get a coredump and look at it in gdb, it'll probably be simple to find the culprit function ptr (turn off ASLR for easier reproduction).
Do we think this bug should occur on a standard amd64 as well then?
I have another amd64, whithout hardened, and it works. [cut] gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -c -o warshall.o warshall.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -o ocamlyacc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleton.o symtab.o verbose.o warshall.o main.o: In function `create_file_names': main.c:(.text+0x1b5): warning: the use of `mktemp' is dangerous, better use `mkstemp' make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' cp yacc/ocamlyacc boot/ocamlyacc cd stdlib; make COMPILER=../boot/ocamlc all make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmi` -c pervasives.mli ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmo` -c pervasives.ml [cut] Portage 2.1_rc2-r3 (default-linux/amd64/2006.0, gcc-4.1.1, glibc-2.4-r2, 2.6.16-gentoo-r8-Teo x86_64) ================================================================= System uname: 2.6.16-gentoo-r8-Teo x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Gentoo Base System version 1.12.0 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r1 dev-util/confcache: 0.4.2-r1 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O3 -ftracer -pipe -msse3" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/grass60/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/spool/PBS" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=athlon64 -O3 -ftracer -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache confcache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://mirror.switch.ch/mirror/gentoo/ http://gentoo.ngi.it/ http://distfiles.gentoo.org" LANG="it_IT.UTF-8" LC_ALL="it_IT.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="it" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages-p2" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X a52 aac aalib acl acpi alsa apache2 arts audiofile avi bash-completion berkdb bitmap-fonts blas bzip2 caps cdparanoia cdr cli crypt ctype cups curl curlwrappers dba dbus dri dts dvd dvdr dvdread eds emboss encode esd exif expat ffmpeg fftw flac flash foomaticdb fortran ftp gcj gd gdbm gif gmp gnome gnutls gpm gstreamer gtk gtk2 gtkhtml hal iconv idn imagemagick imap imlib iodbc ipv6 isdnlog java javascript jpeg jpeg2k kde kdeenablefinal lapack lcms ldap libcaca libedit libgda lm_sensors lzw lzw-tiff mad mailwrapper matroska mbox mhash ming mng motif mp3 mpeg mysql ncurses netcdf nis nls nptl nsplugin odbc offensive ogg opengl pam pcntl pcre pdf pdflib perl php png posix postgres ppds pppd prelude python qt quicktime readline reflection samba sasl scanner sdl session simplexml slang slp smartcard sndfile snmp sockets socks5 speex spell spl sqlite ssl svg sysvipc szip tcltk tcpd tetex theora threads tidy tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis wmf xine xml xml2 xmlrpc xmms xorg xosd xpm xprint xsl xv xvid zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux linguas_it userland_GNU video_cards_nvidia video_cards_vesa video_cards_vga video_cards_fbdev" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #6) > I have another amd64, whithout hardened, and it works. > > Portage 2.1_rc2-r3 (default-linux/amd64/2006.0, gcc-4.1.1, glibc-2.4-r2, > 2.6.16-gentoo-r8-Teo x86_64) can you try it with gcc-3.4.4 as well?
(In reply to comment #5) > Do we think this bug should occur on a standard amd64 as well then? i'd say yes but it may also be a compiler problem, let's see if different gcc versions behave differently on non-hardened (with that said, looking at a coredump is still the best approach).
(In reply to comment #7) > can you try it with gcc-3.4.4 as well? Not now, but I have gcc (GCC) 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9) Copyright (C) 2006 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. with x86_64-pc-linux-gnu-3.4.6 it works [cut] gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -c -o warshall.o warshall.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -o ocamlyacc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleton.o symtab.o verbose.o warshall.o main.o: In function `create_file_names': main.c:(.text+0x5cf): warning: the use of `mktemp' is dangerous, better use `mkstemp' make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' cp yacc/ocamlyacc boot/ocamlyacc cd stdlib; make COMPILER=../boot/ocamlc all make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmi` -c pervasives.mli ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmo` -c pervasives.ml [cut] with x86_64-pc-linux-gnu-3.4.6-hardened [cut] gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o warshall.o warshall.c gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -o ocamlyacc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleton.o symtab.o verbose.o warshall.o main.o: In function `create_file_names': main.c:(.text+0x643): warning: the use of `mktemp' is dangerous, better use `mkstemp' make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' cp yacc/ocamlyacc boot/ocamlyacc cd stdlib; make COMPILER=../boot/ocamlc all make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmi` -c pervasives.mli make[1]: *** [pervasives.cmi] Segmentation fault make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' make: *** [coldstart] Error 2 !!! ERROR: dev-lang/ocaml-3.08.4 failed. Call stack: ebuild.sh, line 1531: Called dyn_compile ebuild.sh, line 931: Called src_compile ocaml-3.08.4.ebuild, line 52: Called die !!! (no error message) !!! If you need support, post the topmost build error, and the call stack if relevant.
looks like a hardened gcc issue then, a gdb/coredump session is inavoidable...
Looks like ssp is already filtered via ebuild-o-magic. But can you try with each of the gcc provided specs to help narrow it down. gcc-config -l gcc-config <number> . /etc/profile emerge dev-lang/ocaml <repeat as needed> # Also could you try relaxing your CFLAGS to just "-O2 -pipe"
On the non-hardened system [1] x86_64-pc-linux-gnu-3.4.6 OK [2] x86_64-pc-linux-gnu-3.4.6-hardened KO [3] x86_64-pc-linux-gnu-3.4.6-hardenednopie OK [4] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp OK [5] x86_64-pc-linux-gnu-3.4.6-hardenednossp KO [6] x86_64-pc-linux-gnu-4.1.1 OK On the hardened system [1] x86_64-pc-linux-gnu-3.4.6 KO [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie OK [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp OK [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp KO [5] x86_64-pc-linux-gnu-3.4.6-vanilla OK
seems like PIE's triggering something bad.
I think we've seen PIE cause this sort of thing before, but can't put my finger on it right now.
Here is another "me too": gcc -O -DNDEBUG -fno-defer-pop -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=k8 -O2 -pipe -fno-stack-protector -o ocamlyacc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleton.o symtab.o verbose.o warshall.o main.o: In function `create_file_names': main.c:(.text+0x63e): warning: the use of `mktemp' is dangerous, better use `mkstemp' make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/yacc' cp yacc/ocamlyacc boot/ocamlyacc cd stdlib; make COMPILER=../boot/ocamlc all make[1]: Entering directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' ../boot/ocamlrun ../boot/ocamlc -g -warn-error A -nostdlib `./Compflags pervasives.cmi` -c pervasives.mli make[1]: *** [pervasives.cmi] Segmentation fault make[1]: Leaving directory `/var/tmp/portage/ocaml-3.08.4/work/ocaml-3.08.4/stdlib' make: *** [coldstart] Error 2 !!! ERROR: dev-lang/ocaml-3.08.4 failed. Call stack: ebuild.sh, line 1539: Called dyn_compile ebuild.sh, line 939: Called src_compile ocaml-3.08.4.ebuild, line 52: Called die # dmesg | tail ocamlrun[27973]: segfault at 0000000055572841 rip 0000000055572841 rsp 00007fffff849780 error 14 This is with gcc version x86_64-pc-linux-gnu-3.4.5 (not hardened) running on an AMD64. # emerge --info Portage 2.1 (default-linux/amd64/2006.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.16-gentoo-r9 x86_64) ================================================================= System uname: 2.6.16-gentoo-r9 x86_64 AMD Athlon(tm) 64 Processor 3800+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/gcc-config: 1.3.13-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/fax /var/bind /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks fixpackages metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.osuosl.org/" MAKEOPTS="-j2" PKGDIR="/var/pkgdir" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://vangelis.dmj.nu/gentoo-portage" USE="amd64 apache2 avi bash-completion berkdb bitmap-fonts bzip2 cli crypt ctype cups curl dcc dri eds emboss encode fam fax foomaticdb fortran gd gdbm gif gmp gstreamer hardened hardenedphp idn imlib isdnlog jpeg ldap logrotate logwatch lzw lzw-tiff mhash mp3 mpeg mysql ncurses nls no-htdocs nptl pcre pdflib perl png posix ppds python quicktime readline reflection rrdtool samba scanner sdl session slp spl ssl swat syslog tcpd tiff urandom usb xml xorg xv zlib elibc_glibc kernel_linux userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
same problem with dev-lang/ocaml-3.09.2
(In reply to comment #15) Sorry my error, I was using the hardened version of gcc. After changing to x86_64-pc-linux-gnu-3.4.5-vanilla the compilation of ocaml went OK. --Dan
dev-lang/ocaml-3.09.3 doesn't work cd asmrun; make meta.o dynlink.o make[1]: Entering directory `/var/tmp/portage/ocaml-3.09.3/work/ocaml-3.09.3/asmrun' ln -s ../byterun/meta.c meta.c gcc -I../byterun -DCAML_NAME_SPACE -DNATIVE_CODE -DTARGET_amd64 -DSYS_linux -O -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o meta.o meta.c ln -s ../byterun/dynlink.c dynlink.c gcc -I../byterun -DCAML_NAME_SPACE -DNATIVE_CODE -DTARGET_amd64 -DSYS_linux -O -Wall -D_FILE_OFFSET_BITS=64 -D_REENTRANT -march=athlon64 -O2 -ftracer -pipe -msse3 -fno-stack-protector -c -o dynlink.o dynlink.c make[1]: Leaving directory `/var/tmp/portage/ocaml-3.09.3/work/ocaml-3.09.3/asmrun' boot/ocamlrun ./ocamlopt -nostdlib -I stdlib -ccopt "-Wl,-E" -o ocamlc.opt \ utils/misc.cmx utils/tbl.cmx utils/config.cmx utils/clflags.cmx utils/terminfo.cmx utils/ccomp.cmx utils/warnings.cmx utils/consistbl.cmx parsing/linenum.cmx parsing/location.cmx parsing/longident.cmx parsing/syntaxerr.cmx parsing/parser.cmx parsing/lexer.cmx parsing/parse.cmx parsing/printast.cmx typing/unused_var.cmx typing/ident.cmx typing/path.cmx typing/primitive.cmx typing/types.cmx typing/btype.cmx typing/oprint.cmx typing/subst.cmx typing/predef.cmx typing/datarepr.cmx typing/env.cmx typing/typedtree.cmx typing/ctype.cmx typing/printtyp.cmx typing/includeclass.cmx typing/mtype.cmx typing/includecore.cmx typing/includemod.cmx typing/parmatch.cmx typing/typetexp.cmx typing/stypes.cmx typing/typecore.cmx typing/typedecl.cmx typing/typeclass.cmx typing/typemod.cmx bytecomp/lambda.cmx bytecomp/printlambda.cmx bytecomp/typeopt.cmx bytecomp/switch.cmx bytecomp/matching.cmx bytecomp/translobj.cmx bytecomp/translcore.cmx bytecomp/translclass.cmx bytecomp/translmod.cmx bytecomp/simplif.cmx bytecomp/runtimedef.cmx bytecomp/meta.cmx bytecomp/instruct.cmx bytecomp/bytegen.cmx bytecomp/printinstr.cmx bytecomp/opcodes.cmx bytecomp/emitcode.cmx bytecomp/bytesections.cmx bytecomp/dll.cmx bytecomp/symtable.cmx bytecomp/bytelink.cmx bytecomp/bytelibrarian.cmx bytecomp/bytepack ager.cmx driver/pparse.cmx driver/errors.cmx driver/compile.cmx driver/main_args.cmx driver/main.cmx \ asmrun/meta.o asmrun/dynlink.o -cclib "-lm -ldl -lcurses -lpthread" /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/ocaml-3.09.3/temp/camlstartup38ccda.o: relocation R_X86_64_32S against `caml_curry2_1' can not be used when making a shared object; recompile with -fPIC /var/tmp/portage/ocaml-3.09.3/temp/camlstartup38ccda.o: could not read symbols: Bad value collect2: ld returned 1 exit status Error during linking make: *** [ocamlc.opt] Error 2 !!! ERROR: dev-lang/ocaml-3.09.3 failed. Call stack: ebuild.sh, line 1546: Called dyn_compile ebuild.sh, line 937: Called src_compile ocaml-3.09.3.ebuild, line 52: Called die !!! (no error message) !!! If you need support, post the topmost build error, and the call stack if relevant.
There is a very little probability ocaml will ever work with a hardened gcc given it manages its memory itself using a garbage collector.
(In reply to comment #19) > There is a very little probability ocaml will ever work with a hardened gcc > given it manages its memory itself using a garbage collector. gc has nothing to do with hardened (gcc) or this bug. what happens here is that ocaml builds some assembly code at compile time (asmcomp/amd64/emit.mlp +390 seems to be the culprit in case anyone wants to investigate it further) that is not PIC (by design i assume, but upstream can tell for sure) which then gets linked into a PIE, except amd64 is more strict about mixing PIC/non-PIC and the linker doesn't allow it. quick fix is to switch to a gcc profile that doesn't produce PIE (i think some Xorg ebuilds do that already). the other problem reported in comment #1 seems to have been fixed since, at least i could successfully emerge ocaml-3.09.3 without any PaX kills (and a non-PIE profile).
How is hardened supposed to cope with a program that executes things in memory (which were potentially created by the program itself) ? With garbage collection and higher order functions i doubt PaX can do much, so how does it work ?
(In reply to comment #20) > quick fix is to switch to a gcc profile that doesn't > produce PIE (i think some Xorg ebuilds do that already). Yes, I don't have any problem with gcc-vanilla
(In reply to comment #21) > How is hardened supposed to cope with a program that executes things in memory > (which were potentially created by the program itself) ? With garbage > collection and higher order functions i doubt PaX can do much, so how does it > work ? this bug is not about runtime code generation issues but bugs/features that manifest during the ocaml build process, that's why i said that the garbage collector and other features like runtime code generation had nothing to with this. but now that you asked ;-): i doubt PaX stops gc from working (at most if it relies on non-randomized addresses it can fail, but that'd manifest under vanilla kernels too these days, so i guess it'd be fixed by now). runtime code generation is simple to handle: paxctl -m (preferably the ebuild should do it, there's bug #148170 about that issue in general).
So where are we standing on this? I can contact upstream if you want me to, but I'm far from an expert on PIC issues.
(In reply to comment #24) > So where are we standing on this? I can contact upstream if you want me to, but > I'm far from an expert on PIC issues. i think telling upstream about comment #20 should get them started, based on that info they can at least tell us if they're even interested in fixing this kind of problem or not. otherwise ocaml will have to follow the Xorg server/driver path and switch the gcc profile during compilation.
@hardenend: does this still happen with >=3.10.0 ? since we forced linking with -nopie due to ocaml producing its own non pic asm, this should be fixed; but I am not 100% sure and can't remember what was the outcome.
(In reply to comment #26) > @hardenend: does this still happen with >=3.10.0 ? > since we forced linking with -nopie due to ocaml producing its own non pic asm, > this should be fixed; but I am not 100% sure and can't remember what was the > outcome. > supposedly fixed then...
