When emerging yaboot on a hardened ppc system using gcc-4.4.4-r3, compiling fails with undefined reference to `__stack_chk_fail_local'. It looks like the stack-protector flag is sneaking in somewhere. Reproducible: Always Steps to Reproduce: 1. Make sure you're using hardened/linux/powerpc/ppc32/10.0 2. Make sure you're gcc-config is powerpc-unknown-linux-gnu-4.4.4 3. emerge yaboot Actual Results: Compilation fails with powerpc-unknown-linux-gnu-gcc -Os -fno-stack-protector -Wall -I/usr/include -o util/addnote util/addnote.c util/addnote.c: In function 'main': util/addnote.c:168: warning: pointer targets in passing argument 1 of 'strcpy' differ in signedness /usr/include/bits/string3.h:105: note: expected 'char * __restrict__' but argument is of type 'unsigned char *' util/addnote.c:183: warning: pointer targets in passing argument 1 of 'strcpy' differ in signedness /usr/include/bits/string3.h:105: note: expected 'char * __restrict__' but argument is of type 'unsigned char *' ld -Ttext 0x200000 -Bstatic second/crt0.o second/yaboot.o second/cache.o second/prom.o second/file.o second/partition.o second/fs.o second/cfg.o second/setjmp.o second/cmdline.o second/fs_of.o second/fs_ext2.o second/fs_iso.o second/iso_util.o lib/nosys.o lib/string.o lib/strtol.o lib/vsprintf.o lib/ctype.o lib/malloc.o lib/strstr.o lib/ssp.o second/md5.o second/fs_xfs.o second/fs_reiserfs.o -lext2fs `powerpc-unknown-linux-gnu-gcc -print-libgcc-file-name` -o second/yaboot /usr/lib/libext2fs.a(namei.o): In function `follow_link': (.text+0x1bc): undefined reference to `__stack_chk_fail_local' /usr/lib/libext2fs.a(namei.o): In function `open_namei': (.text+0x3c8): undefined reference to `__stack_chk_fail_local' /usr/lib/libext2fs.a(namei.o): In function `ext2fs_follow_link': (.text+0x4b0): undefined reference to `__stack_chk_fail_local' /usr/lib/libext2fs.a(namei.o): In function `ext2fs_namei_follow': (.text+0x5b0): undefined reference to `__stack_chk_fail_local' /usr/lib/libext2fs.a(namei.o): In function `ext2fs_namei': (.text+0x6b0): undefined reference to `__stack_chk_fail_local' /usr/lib/libext2fs.a(block.o):(.text+0x58): more undefined references to `__stack_chk_fail_local' follow ld: second/yaboot: hidden symbol `__stack_chk_fail_local' isn't defined make: *** [yaboot] Error 1 Expected Results: Compilation should succeed. There should be no reference to __stack_chk_fail_local because the yaboot-nopiessp.patch adds -fno-stack-protector to the CFLAGS.
gentoo-ppc / # emerge --info Portage 2.1.8.3 (hardened/linux/powerpc/ppc32/10.0, gcc-4.4.4, glibc-2.11.2-r0, 2.6.32-gentoo-r7 ppc) ================================================================= System uname: Linux-2.6.32-gentoo-r7-ppc-7450,_altivec_supported-with-gentoo-1.12.13 Timestamp of tree: Sat, 19 Jun 2010 10:00:01 +0000 app-shells/bash: 4.0_p37 dev-lang/python: 2.6.5-r2 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.65 sys-devel/automake: 1.6.3-r1, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.3.4, 4.4.4-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="ppc" ACCEPT_LICENSE="* -@EULA" CBUILD="powerpc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=powerpc -mtune=powerpc -fno-strict-aliasing -pipe" CHOST="powerpc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -mcpu=powerpc -mtune=powerpc -fno-strict-aliasing -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://192.168.100.9/pub/gentoo" LDFLAGS="-Wl,-O1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/hardened-development" SYNC="rsync://192.168.100.7/portage" USE="acl berkdb bzip2 cli cracklib crypt cups cxx dri gdbm gpm hardened iconv modules mudflap ncurses nls nptl nptlonly openmp pam pcre perl pic ppc pppd python readline reflection session spl ssl sysfs tcpd urandom xorg zlib" ALSA_CARDS="aoa aoa-fabric-layout aoa-onyx aoa-soundbus aoa-soundbus-i2s aoa-tas aoa-toonie powermac usb-audio via82xx" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint mach64 mga nv r128 radeon savage tdfx trident voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Please note above that I was using gcc-4.4.4-r3 from the old hardened-dev overlay, but its identical to gcc-4.4.4-r1 on currently on the tree. To be sure, I dumped the overlay and switch to gcc-4.4.4-r1 and got the same result as above. I'm also attaching the build.log below.
Created attachment 235989 [details] build.log
Created attachment 236083 [details, diff] patch for gcc-4 stub for __stack_chk_fail_local Zorry noticed that the yaboot-nopiessp.patch addresses the older gcc-3 ssp and not the newer gcc-4 ssp. The approach in the patch is to use a stub function, so I wrote a patch to do the same for __stack_chk_fail_local which is the missing symbol. With this patch, yaboot compiles fine and the elf binaries run fine, but because my ppc hardware is flaky, I couldn't not definitively test whether or not mkofboot and ybin format and install the bootstrap correctly.
(In reply to comment #4) > Created an attachment (id=236083) [details] > patch for gcc-4 stub for __stack_chk_fail_local > > Zorry noticed that the yaboot-nopiessp.patch addresses the older gcc-3 ssp and > not the newer gcc-4 ssp. The approach in the patch is to use a stub function, > so I wrote a patch to do the same for __stack_chk_fail_local which is the > missing symbol. With this patch, yaboot compiles fine and the elf binaries run > fine, but because my ppc hardware is flaky, I couldn't not definitively test > whether or not mkofboot and ybin format and install the bootstrap correctly. > Works for me. I've added it in yaboot-1.3.14-r2.ebuild
and closing as fixed
Created attachment 401564 [details] build log
