Scott ~ # gcc-config -l [1] x86_64-pc-linux-gnu-3.3.3 [2] x86_64-pc-linux-gnu-3.4.0 [3] x86_64-pc-linux-gnu-3.4.1 [4] x86_64-pc-linux-gnu-3.4.2 [5] x86_64-pc-linux-gnu-3.4.3-20050110 * [6] x86_64-pc-linux-gnu-3.4.3-20050110-hardenednopie [7] x86_64-pc-linux-gnu-3.4.3-20050110-hardenednossp [8] x86_64-pc-linux-gnu-3.4.3-20050110-vanilla #5 produces some software that segfaults, i.e. joe (see bug 88203), and/or makes executables that can't be debugged with gdb (see bug 91259). #8 produces binaries that don't segfault and they work fine in gdb. below are the spec differences between 5 and 8, as you might surmise, i'm looking intently at the stack smashing differences. i have also included an example test.c file and the assembler output differences. this will probably go upstream unless i'm missing a clue here but i generally don't think software should be breaking. Scott ~ # diff -ruN /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3-20050110/vanilla.specs /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3-20050110/specs --- /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3-20050110/vanilla.specs 2005-04-08 03:48:43.000000000 -0400 +++ /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3-20050110/specs 2005-04-08 03:48:43.000000000 -0400 @@ -30,7 +30,7 @@ cc1 -E %{traditional|ftraditional|traditional-cpp:-traditional-cpp} *cc1: -%(cc1_cpu) %{profile:-p} %{m32: %{!msse2:-mno-sse2} } %{!D__KERNEL__: %{!static: %{!fno-PIC: %{!fno-pic: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: %{pie: %{!fPIC:%{!fpic:-fPIE}}} } } } } } } } } %{!nostdlib: %{fstack-protector: -fstack-protector %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all:-fstack-protector-all}} } } } } +%(cc1_cpu) %{profile:-p} %{m32: %{!msse2:-mno-sse2} } %{!D__KERNEL__: %{!static: %{!fno-PIC: %{!fno-pic: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: %{!nopie: %{!fPIC:%{!fpic:-fPIE}}} } } } } } } } } %{!nostdlib: %{!fno-stack-protector: -fstack-protector %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all:-fstack-protector-all}} } } } } *cc1_options: %{pg:%{fomit-frame-pointer:%e-pg and -fomit-frame-pointer are incompatible}} %{shared:%{static|pie|fPIE|fpie|fno-PIC|fno-pic|nopie:%e-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic|nopie are incompatible}} %{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible}} %1 %{!Q:-quiet} -dumpbase %B %{d*} %{m*} %{a*} %{c|S:%{o*:-auxbase-strip %*}%{!o*:-auxbase %b}}%{!c:%{!S:-auxbase %b}} %{g*} %{O*} %{W*&pedantic*} %{w} %{std*} %{ansi} %{v:-version} %{pg:-p} %{p} %{f*} %{undef} %{Qn:-fno-ident} %{--help:--help} %{--target-help:--target-help} %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}} %{fsyntax-only:-o %j} %{-param*} @@ -42,7 +42,7 @@ %{static:--start-group} %G %L %{static:--end-group}%{!static:%G} *endfile: -%{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s +%{static|nopie:crtend.o%s;:crtendS.o%s} crtn.o%s *link: %{!static:--eh-frame-hdr} %{!m32:-m elf_x86_64} %{m32:-m elf_i386} %{shared:-shared} %{!shared: %{!static: %{rdynamic:-export-dynamic} %{m32:%{!dynamic-linker:-dynamic-linker /lib/ld-linux.so.2}} %{!m32:%{!dynamic-linker:-dynamic-linker /lib64/ld-linux-x86-64.so.2}}} %{static:-static}} @@ -54,7 +54,7 @@ %{static|static-libgcc:-lgcc -lgcc_eh}%{!static:%{!static-libgcc:%{!shared:%{!shared-libgcc:-lgcc -lgcc_eh}%{shared-libgcc:-lgcc_s%M -lgcc}}%{shared:%{shared-libgcc:-lgcc_s%M}%{!shared-libgcc:-lgcc}}}} *startfile: -%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} +%{!shared: %{pg|p|profile:gcrt1.o%s;static|nopie:crt1.o%s;:Scrt1.o%s}} crti.o%s %{static:crtbeginT.o%s;nopie:crtbegin.o%s;:crtbeginS.o%s} *switches_need_spaces: @@ -120,5 +120,5 @@ } *link_command: -%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %{pie: %{!static: %{!A: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: -pie} } } } } } } } %{nopie: } %{relro: -z relro} %{norelro: } %{now: -z now} %{nonow: } %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r} %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}} %{static:} %{L*} %(link_libgcc) %o %{fprofile-arcs|fprofile-generate:-lgcov} %{!nostdlib:%{!nodefaultlibs:%(link_gcc_c_sequence)}} %{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}} +%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %{!nopie: %{!static: %{!A: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: -pie} } } } } } } } %{pie: } %{!norelro: -z relro} %{relro: } %{!nonow: -z now} %{now: } %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r} %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}} %{static:} %{L*} %(link_libgcc) %o %{fprofile-arcs|fprofile-generate:-lgcov} %{!nostdlib:%{!nodefaultlibs:%(link_gcc_c_sequence)}} %{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}} Scott tmp # cat test.c #include <stdio.h> int main() { fprintf(stdout, "ehlo\n"); exit(0); } Scott tmp # diff -ruN test.a-vanilla test.a-gentoo --- test.a-vanilla 2005-05-03 03:19:05.000000000 -0400 +++ test.a-gentoo 2005-05-03 03:21:17.000000000 -0400 @@ -7,6 +7,7 @@ .Ldebug_line0: .text .Ltext0: +.globl __stack_smash_handler .section .rodata .LC0: .string "ehlo\n" @@ -21,15 +22,22 @@ .LCFI0: movq %rsp, %rbp .LCFI1: + subq $16, %rsp +.LCFI2: + .loc 1 3 0 + movq __guard@GOTPCREL(%rip), %rax + movq (%rax), %rax + movq %rax, -16(%rbp) .loc 1 4 0 - movq stdout(%rip), %rcx + movq stdout@GOTPCREL(%rip), %rax + movq (%rax), %rcx movl $5, %edx movl $1, %esi - movl $.LC0, %edi - call fwrite + leaq .LC0(%rip), %rdi + call fwrite@PLT .loc 1 5 0 movl $0, %edi - call exit + call exit@PLT .LFE2: .size main, .-main .section .debug_frame,"",@progbits @@ -73,10 +81,12 @@ .LSCIE1: .long 0x0 .byte 0x1 - .string "" + .string "zR" .uleb128 0x1 .sleb128 -8 .byte 0x10 + .uleb128 0x1 + .byte 0x1b .byte 0xc .uleb128 0x7 .uleb128 0x8 @@ -88,8 +98,9 @@ .long .LEFDE1-.LASFDE1 .LASFDE1: .long .LASFDE1-.Lframe1 - .quad .LFB2 - .quad .LFE2-.LFB2 + .long .LFB2-. + .long .LFE2-.LFB2 + .uleb128 0x0 .byte 0x4 .long .LCFI0-.LFB2 .byte 0xe and the obligatory einfo again Scott tmp # emerge info Portage 2.0.51.20-r5 (default-linux/amd64/2005.0, gcc-3.4.3-20050110-vanilla, glibc-2.3.5-r0, 2.6.12-rc2 x86_64) ================================================================= System uname: 2.6.12-rc2 x86_64 AMD Opteron(tm) Processor 148 Gentoo Base System version 1.6.11 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.3 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=opteron -O2 -g -pipe " CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=opteron -O2 -g -pipe " DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks keeptemp keepwork sandbox strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 GAPING_SECURITY_HOLE X X509 a52 aac aalib acpi acpi4linux aim alsa aotuv apache2 arts artswrappersuid artworkextra asterisk atm audiofile avantgo avi bash-completion bluetooth bonobo bzip2 bzlib c++ cairo caps cdda cddb cdf cdio cdparanoia cdr chipcard chroot clearcase codecs crypt css cups curl curlwrappers dar64 dba dbx devfs26 dga dio distcache djbfft dlloader dnd dpms dts dv dvb dvd dvdr dvdread dxr3 edl eds elf emoticon emul-linux encode erandom escreen ethereal exif extensions faac faad fam fame fax ffmpeg fftw flac flash flexresp fmod font-server foomaticdb fpx freetts freetype ftp ftruncate gd gdbm geoip gif gimp gimpprint glade glgd glitz glut gmail gmp gnokii gphoto2 gpm gps graphviz gs gsl gsm gstreamer gtk gtk2 gtkhtml guile hal hardened hardenedphp hbci hdf hdf5 high-ints howl icq ide idea idled ieee1394 imagemagick imap imlib imlib2 inline ipv6 irda irmc j2ee jabber jack jack-tmpfs java javacomm javamail javascript jbig jp2 jpeg jpeg2k junit kadu-modules kadu-voice kcal kde kdepim kdexdeltas koffice-plugin lcms ldap libgd libgda libsamplerate libwww lirc live lm_sensors logrotate ltsp lzo lzw lzw-tiff mad mbox mbrola mcal md5sum memlimit mhash mikmod mime mimencode ming mixer mjpeg mmap mng monkey mozcalendar mozdevelop moznoirc mozp3p mozsvg mp3 mpeg mpeg2 mpeg4 mpi mplayer mpm-leader mpm-metux mpm-peruser mpm-prefork mpm-threadpool mpm-worker msdav msn multicall mythtv nagios-dns nagios-ntp nagios-ping nagios-ssh nas ncurses netcdf network nls no-old-linux nopri nozaptel nptl nptlonly ntlm nvidia nviz oav objc odbc offensive ofx ogg openal openexr opengl operanom2 oscar oss pam pam_timestamp parse-clocks pcap pcapnav pcntl pcre pda pdflib perl pg-hier pg-vacuumdelay php pic pie plotutils png pnp portaudio posix postgres ppds pthreads python quotes readline real remote rtc samba scanner sdl serial session shared sharedext sharedmem slang smime sms sndfile snmp snortsam soap sockets socks5 soundtouch sox speex spell spl sql ssl stats stream subversion svg sysfs sysvipc t1lib tabs tcpd tga theora threads thumbnail tidy tiff timidity tokenizer tos transcode transparent-proxy truetype truetype-fonts ttcp type1 type1-fonts underscores ups usb userlocales uudeview v4l v4l2 vcd vidix vmdbpostgres vorbis wddx wifi wma123 wmf xface xgetdefault xine xinerama xml xml2 xmlrpc xmms xosd xpm xprint xrandr xscreensaver xsl xslt xv xvid xvmc yahoo yaz yv12 zeroconf zlib zvbi userland_GNU kernel_linux libc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Could you try gcc-3.4.4-r1 and let us know if you still have issues?
w.r.t. using gdb on code built with the hardened compiler, this is a known limitation of gdb in that it cannot debug PIEs. See the hardened faq http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardeneddebug (I haven't tried gdb-6.4 yet to see if this has changed). w.r.t. segfaults - each segfault has to be dealt with on a case-by-case basis. This is frequently due to ssp, which we know doesn't work perfectly with some C++ at least. Realistically we're not likely to fix such problems, and the workaround is to switch off ssp for the relevant applications: CFLAGS="-fno-stack-protector" emerge foo is a workaround for users. w.r.t. the 'test.c' program - well that works fine. All observed output is as expected. If this were to segfault there would be something to worry about. I see little point in doing much with a bug that says, like this one, "hardened gcc breaks lots of stuff".
re your comment. #1, this is nice. back when i asked the questions about this and when i filed the bug, nobody could come up with an answer or even come close to an explanation. #2, this isn't c++, it's basic C. it is also -O2 not -O3 as is referenced by the hardened FAQ. #3, the test.c was a ref. program showing some differences. #4, it's easy to denigrate bug reports half a year later after everyone has figured things out. why do people refuse to post bug reports and gripe about the rudeness of those who reply like this. literally, at that point in time, hardened gcc was breaking a bunch of packages and nobody knew how to solve it. if someone did know, they didn't feel like sharing. as time went on, both gcc and packages got fixed. gcc no longer emitted broken code on some of those packages and some of those packages got inherently flawed code fixed. Mark, joe and hardened gcc are living happily together now as are the other 17 packages i had problems with. thank you for checking. gcc since that version has been better and i currently have 3.4.4-r1 installed.
Reopening...
To mark fixed. Thanks for your response.
(In reply to comment #3) > #1, this is nice. back when i asked the questions about this and when i filed > the bug, nobody could come up with an answer or even come close to an > explanation. I suspect this bug got lost in the fog, probably because it didn't identify a specific problem when initially raised (it just referred to other bugs that were already marked invalid). It would be better to ask general questions like the ones posed here on the hardened mailing list (i.e. "how do I debug programs built with the hardened compiler?", "Lots of stuff segfaults when built with the hardened compiler - help!"). Re bug #88203 (joe) - you marked that bug RESOLVED/INVALID which implies the bug was not a bug in the first place, so we won't have looked at that further. Similarly with bug #91259. In future, if a package fails when built with the hardened compiler, re-assign the bug to the hardened team rather than just closing it. In order to find problems with the hardened compiler, we need to know which packages fail with it and where. Closing all the related bugs and raising just one that says "gcc is broken!" doesn't help us to narrow down the problem; we're a very small team and can't watch everything on bugzilla. > #2, this isn't c++, it's basic C. it is also -O2 not -O3 as is referenced by > the hardened FAQ. As far as this bug is concerned, you didn't identify a specific failure. You've also put two completely separate issues together. It appears you posted test.c in relation to debugging PIEs, but that's not clear from this bug. This bug says 'gcc is broken' yet the test code you supplied works fine, so there's nothing much to be done. > #3, the test.c was a ref. program showing some differences. But to what purpose, since it doesn't fail? It would have been better to have continued the "unable to debug" problem on bug #91259 where you initially raised it. > #4, it's easy to denigrate bug reports half a year later after everyone has > figured things out. why do people refuse to post bug reports and gripe about > the rudeness of those who reply like this. Calm down please. What seems to have happend here is that you asked the original questions in ways that fell under our radar. I posted about the PIE debug issue to the forums in January 2005 (http://forums.gentoo.org/viewforum-f-8.html), and the hardened team were capable of answering that issue well before then, because I got that answer from them when I started. > > literally, at that point in time, hardened gcc was breaking a bunch of packages > and nobody knew how to solve it. if someone did know, they didn't feel like > sharing. as time went on, both gcc and packages got fixed. gcc no longer > emitted broken code on some of those packages and some of those packages got > inherently flawed code fixed. If anything got fixed, it was most likely to have been due to upstream development (either GCC, ssp or package authors) rather than anything we did. I can assure you there is no conspiracy trying to keep things secret from you. > Mark, joe and hardened gcc are living happily together now as are the other 17 > packages i had problems with. thank you for checking. gcc since that version > has been better and i currently have 3.4.4-r1 installed. 17 packages! How can we be expected to investigate something if you don't tell us you have such problems. It would have been much better to have listed these 17 packages on your bug report, along with details about how they failed.
