Linking bin/nmblookup Compiling utils/pdbedit.c Linking bin/pdbedit Compiling utils/smbpasswd.c Linking bin/smbpasswd Compiling rpcclient/rpcclient.c Compiling rpcclient/cmd_lsarpc.c Compiling rpcclient/cmd_samr.c Compiling rpcclient/cmd_spoolss.c rpcclient/cmd_spoolss.c: In function `display_reg_value': rpcclient/cmd_spoolss.c:666: internal compiler error: in add_insn_before, at emit-rtl.c:3580 Please submit a full bug report, with preprocessed source if appropriate. See <URL:http://bugs.gentoo.org/> for instructions. Preprocessed source stored into /var/tmp/portage/samba-3.0.0-r1/temp/ccRyjFok.out file, please attach this to your bugreport make: *** [rpcclient/cmd_spoolss.o] Error 1 !!! ERROR: net-fs/samba-3.0.0-r1 failed. !!! Function src_compile, Line 155, Exitcode 2 !!! SAMBA pieces emerge info output: Portage 2.0.49-r7 (default-x86-1.4, gcc-3.3.1, glibc-2.3.2-r1, 2.6.0-test6) ================================================================= System uname: 2.6.0-test6 i686 Celeron (Coppermine) distcc 2.11 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=pentium3 -pipe -fstack-protector" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/home/distfiles" FEATURES="autoaddcvs -sandbox ccache userpriv" GENTOO_MIRRORS="http://gentoo.conectium.com http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gentoo.linux.no http://gentoo.mirrors.pair.com http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/home/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm avi crypt cups encode foomaticdb gif jpeg libwww mad mmx mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib alsa gdbm berkdb slang readline aalib bonobo svga ggi java guile X sdl gpm tcpd pam ssl perl python esd imlib oggvorbis gtk qt motif opengl ldap cdr acpi acpi4linux apache2 clamav cscope ethereal gd imap innodb ipv6 jikes justify lcms lids maildir md5sum mozilla moznocompose moznoirc moznomail mule nptl offensive pic ppds samba sasl skey slp snmp sse tiff usb vim-with-x xface xml -kde -gnome -libg++ -mikmod -arts"
Created attachment 18692 [details] The output file indicated in the error gziped
rpcclient/cmd_spoolss.c:666: internal compiler error: ^^^ this bug is too freaky for me ;-) but seriously, i dont think i can fix this. im not so sure it's really related to linux-2.6.x either. please try to post to bigs.samba.org and provide them your compiler/binutils/glibc versions etc, plus the .out file. perhaps Azarah or other toolchain people on the Gentoo team might have an idea about this. i really dont know much about the internals of compilers and ICE....
I wonder if this is an -fstack-protector problem, since I get it, too, and I'm running 2.4.20 kernel. (I've seen some other GCC 3.3.1 bugs with -fstack-protector.)
Hmm, might be -- I get it too on 2.4.x, but the local fix I've been using for a while is far too incorrect and ugly to comment on further. Will try an -fno-stack-protector build.
When I removed -fstack-protector, it compiled successfully. Therefore, I suggest excluding -fstack-protector from the CCFLAGS.
Oops. I meant CFLAGS, not CCFLAGS. (My thinko.)
Isnt that something, builds ok there now. Hrpmph. I guess it would nice to isolate exactly what is going on since it appears to affect only one single function!
I believe something's wrong with GCC (when stack-protector is used). The same situation (internal compiler error) occurs elsewhere. See bug 28728 for another example. Someday I hope to learn enough to debug GCC, but I'm not there yet! ;-)
Ok maybe this sound weird but i have made some tests with kumba on IRC, and i added to my base CFLAGS: "-O3 -march=pentium3 -pipe -fomit-frame-pointer -fstack-protector" these two flags "-ffast-math -fforce-addr" and now samba compiles. Samba also compiled removing the -fstack-protector without adding the last two flags.
Im testing a small fix for this at the moment. Involves compiling/installing one .c/.o file, and editing the gcc-installed specs file. Thereby allowing the use of -fstack-protector to build this. I dont wish to filter -fstack-protector, Id actually prefer to have SAMBA built with this flag.... will report results shortly.
Didnt work. Something is wacky with display_reg_value() in cmd_spoolss.c. filtering -fstack-protector for this one function is a bit harsh I still think though. Hmm.
Donny, as per Comment #9, maybe instead of filtering -fstack-protector, add -ffast-math and -fforce-addr to the CFLAGS in the ebuild instead? (i.e., via append-flags)
Donny: According to Howard Golden's comments on Bug #28728, -fforce-addr does the magic that lets -fstack-protector work. He's confirmed it on mjpegtools, and I believe he'll give word if it also lets Mozilla compila. Both of which segfault with -fstack-protector if -fforce-addr is not specified. -ffast-math might be safer to leave off to keep in line with IEEE math standards. Also CC'ing the hardened people on this, as they will likely find it of interest.
I guess all we can do is either: - filter -fstack-protector - add -fforce-addr How about the filter option then? I could live with that...
I'm up for adding -fforce-addr to the ebuild as a temporary measure. If you read Comment #20 on Bug #28728, it appears this is a bug in propolice, and the propolice architect, Dr. Hiroaki Etoh, has said he'll try to get a fix for it eventually. Once this fix gets released, we can get it in a new gcc snapshot and give it a run to see if it resolves the issues. For adding -fforce-addr to the ebuild, I'd suggest doing a check of the CFLAGS to see if -fstack-protector is in them, and if so, append-flags "-fforce-addr:. Otherwise, we leaves CFLAGS alone. This avoids any possible issues that may arise with the use of -fforce-addr to user's machines, although I myself haven't noticed any issues directly relating to -fforce-addr, and gcc's manual even hints at it being rather safe.
Users of the stable gcc 3.2.3 are not encountering this bug are they? If not then perhaps checking gcc --version | head -n 1 | awk '{print $3}' and then filtering from there would be the ideal way to go.. But I'm sure you had already planned for that :) As a rule of thumb just about anything that opens a socket to the outside world is something that we would want to protect with PaX & propolice(ssp). PaX prevents real buffer & heap overflows by limiting arbitrary read/write/execution access of the processes memory and propolice(ssp) to protect from the return-to-libc style attacks.
If they are not used together then its almost as good as nothing at all.
I have just posted Dr. Etoh's patch to propolice to bug 28728. So you might want to try it with your gcc. I'm going to do so here, but it will take a while to test. I experienced frequent lockups in mozilla-1.4 when compiled with both -fstack-protector and -fforce-addr. I don't know if this was caused by either of those flags or not. See my comments to bug 28728. I'm passing this along so you can be aware of a *possible* gotcha with either of these flags. Does anyone know how stable -fstack-protector and -fforce-addr are? (Why isn't -fforce-addr included with -O2? From the documentation of -fforce-addr, it appears to be "safe." See my colloquy with Andy Dustman in bug 28728.)
Update the name of the bug
This still is a issue with gcc version 3.2.3 (stable) ... is there a propolice patch available for this version?
Addl info requested by Alexander: Compiling rpcclient/cmd_spoolss.c rpcclient/cmd_spoolss.c: In function `display_reg_value': rpcclient/cmd_spoolss.c:666: Internal compiler error in add_insn_before, at emit-rtl.c:3567 Please submit a full bug report, with preprocessed source if appropriate. See <URL:http://bugs.gentoo.org/> for instructions. make: *** [rpcclient/cmd_spoolss.o] Error 1 !!! ERROR: net-fs/samba-3.0.0-r1 failed. !!! Function src_compile, Line 160, Exitcode 2 !!! SAMBA pieces Portage 2.0.49-r15 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.22-ac4) ================================================================= System uname: 2.4.22-ac4 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.3.10 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=pentium3 -fstack-protector -funroll-loops -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=pentium3 -fstack-protector -funroll-loops -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="sandbox ccache autoaddcvs" GENTOO_MIRRORS="http://www.gtlib.cc.gatech.edu/pub/gentoo ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/ http://gentoo.mirrors.pair.com/ ftp://gentoo.mirrors.pair.com/ http://gentoo.seren.com/gentoo rsync://gentoo.seren.com/gentoo http://gentoo.noved.org/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm arts avi crypt cups encode foomaticdb gif imlib jpeg libg++ mad mikmod motif mpeg ncurses nls oggvorbis opengl pdflib png quicktime sdl spell truetype xml2 xmms xv zlib gdbm berkdb slang readline tcpd libwww perl python -X -gtk -gtk2 -gnome -alsa -qt -kde -gpm -svga apache2 gd mysql ldap kerberos threads freedts xml pam samba sasl ssl unicode"
19:51:14 <@pappy-> 20:50:25 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # readelf -s $(which smbd)| grep __guard 19:51:14 <@pappy-> 3599: 00000000 32 OBJECT GLOBAL DEFAULT UND __guard@GLIBC_2.3.2 (10) 19:51:27 <@pappy-> 20:50:32 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # readelf -s $(which smbd)| grep __stack_smash 19:51:27 <@pappy-> 3725: 00000000 530 FUNC GLOBAL DEFAULT UND __stack_smash_handler@GLIBC_2.3.2 (10) 19:51:39 <@pappy-> >>> net-fs/samba-3.0.0-r1 merged. 20:51:21 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # hcc -l glibc: GNU C Library stable release version 2.3.2, by Roland McGrath et al. glibc: Compiled by GNU CC version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice). gcc: gcc version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice) ld: GNU ld version 2.14.90.0.7 20031029 config: hcc-3.3.2.0-x86 - /etc/hcc.conf *cpp: %{posix:-D_POSIX_SOURCE} %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!yet_exec: %{!nopie: -D__PIC__ -D__pic__}} } } } } } } } %{pthread:-D_REENTRANT} -- *cc1: %(cc1_cpu) %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!yet_exec: %{!nopie: -fPIC}} %{!yno_propolice: -fstack-protector -fstack-protector-all -fforce-addr} } } } } } } } %{profile:-p} -- *endfile: %{static|yet_exec|D__KERNEL__|DIN_GCC: crtend.o%s} %{!static: %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: crtendS.o%s}}}} crtn.o%s -- *link: %{!static:--eh-frame-hdr} -m elf_i386 %{shared:-shared} %{!shared: %{!ibcs: %{!static: %{rdynamic:-export-dynamic} %{!dynamic-linker:-dynamic-linker /lib/ld-linux.so.2}} %{static:-static}}} %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!shared: %{!Bshareable: %{!i: %{!r: %{!yet_exec: %{!nopie: -pie -z combreloc}} } } } } } } } } } } } -- *startfile: %{!shared: %{pg:gcrt1.o%s} %{!pg:%{p:gcrt1.o%s} %{!p:%{profile:gcrt1.o%s} %{!profile: %{static|yet_exec|D__KERNEL__|DIN_GCC: crt1.o%s} %{!static: %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: Scrt1.o%s}}}} }}}} crti.o%s %{static:crtbeginT.o%s} %{!static: %{yet_exec|D__KERNEL__|DIN_GCC: crtbegin.o%s} %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: crtbeginS.o%s}}} } cannot be reproduced here please confirm again after updating to gcc and glibc with guard and etc-update and hcc -a to make hardened-gcc happy
Dave: the Samba error your reporting sounds rather familiar. I notice it looks like you're running an old gcc version. The patch that I know of that resolved this kind of error when into gcc-3.3.1-r5, if I recall correctly. You can try updating to the latest gcc (~3.3.2), and recompile samba, *OR* add the -fforce-addr flag to your CFLAGS, which should get around the issue.
Joshua: I'm using -fforce-addr for now. I have some app testing to do with this system before I switch gcc versions.. I'll probably upgrade gcc before I start working with etdyn. . Thanks
close and WONTFIX use latest gcc please or -fforce-addr to circumvent propolice problems with old gcc TIA, Alex