PCH was problematic with hardened-sources because of the restrictions they added on mmap. As these are no longer available on any supported kernel We should remove the masking of PCH from: * features/hardened/use.mask * hardened/linux/use.mask (I'm excluding uclibc and musl as I'm unsure if PCH has additional problems on these two).
https://bugs.ruby-lang.org/issues/16694 still seems open. It looks like the hardening related issues to do with ASLR are gone now (even though it still leads to unstable PCH files, obviously), so I guess a mask specifically in hardened profiles could be removed, but I'm going to mask it in general anyway due to how fragile it is. I suppose any ebuilds with USE=pch should also have USE=pax-kernel or something and REQUIRED_USE based on it before we drop this.
Zorry mentioned some stuff in #gentoo-hardened after I commented: - GCC test suite may still fail with PaX kernels: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52194 - GCC likely "works" for now because it's built without PIE: https://github.com/gcc-mirror/gcc/blob/7adcbafe45f8001b698967defe682687b52c0007/gcc/Makefile.in#L273 ># We don't want to compile the compilers with -fPIE, it make PCH fail. >COMPILER += $(NO_PIE_CFLAGS) ># Link with -no-pie since we compile the compiler with -fno-PIE. >LINKER += $(NO_PIE_FLAG)
PCH is now masked on all profiles but we can consider dropping the hardened-specific mask independently (it'd still remain masked though) just for correctness, but we need to address my previous comment first (basically the issues Zorry noticed). I honestly don't think there's much value in this in light of the fact it's now globally masked so I'm going to call it WONTFIX unless someone wants to take up working on it. 1. From fb809aeadee57ffa24591e60cfb41aecd4823090 Mon Sep 17 00:00:00 2001 From: Sam James <sam@gentoo.org> Date: Wed, 12 Jan 2022 01:16:55 +0000 Subject: [PATCH] profiles/base: [QA] mask USE=pch PCH is notoriously fragile & unstable. It often leads to (unclear) build failures and has questionable value in terms of performance, at least for the general case. Users are free to unmask it if they wish at their own risk. Bug: https://bugs.gentoo.org/753323 Bug: https://bugs.gentoo.org/822690 Signed-off-by: Sam James <sam@gentoo.org> 2. From 8c4774042b7fdfb08e525d8af4b7912f26a2fdce Mon Sep 17 00:00:00 2001 From: Sam James <sam@gentoo.org> Date: Wed, 12 Jan 2022 02:04:15 +0000 Subject: [PATCH] profiles/base: [QA] unmask PCH for current GCCs to avoid rebuilds There's no need to force people to rebuild their current GCC just to turn off PCH. Adding this because of the previous change adding pch to use.mask. Signed-off-by: Sam James <sam@gentoo.org>
