Summary: | (toolchain) gnat-3.4.3 ebuild fails due on hardened gentoo due to execution attempt in stage2/gnat1 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Kevin F. Quinn (RETIRED) <kevquinn> |
Component: | [OLD] Development | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Kevin F. Quinn (RETIRED)
2004-12-13 23:57:59 UTC
Ok; managed to get it to build by adding chpax/paxctl into gcc/ada/Make-lang.in near line 270: # Needs to be built with CC=gcc # Since the RTL should be built with the latest compiler, remove the # stamp target in the parent directory whenever gnat1 is rebuilt gnat1$(exeext): $(TARGET_ADA_SRCS) $(GNAT1_OBJS) $(ADA_BACKEND) $(LIBDEPS) $(CC) $(ALL_CFLAGS) $(LDFLAGS) -o $@ $(GNAT1_OBJS) $(ADA_BACKEND) $(LIBS) \ $(SYSLIBS) /sbin/chpax -pemsrx $@ /sbin/paxctl -pemsrx $@ $(RM) stamp-gnatlib2 stamp-tools The 3.4.1 ebuild has the same issue. I tried just setting '-m' but it wasn't enough. Something the compiler does requires executable stack - this wasn't the case with gnat3.15p (based on gcc 2.8.1). This also means that anything built with the compiler also needs executable stack. There are also textrels in the Ada libraries, fwiw. A rummage around the place seems to indicate that gnat is expected to need executable stack - seems a bit duff to me. While chpax/paxctl-ing at least gets things running, I'd prefer to find out where the executable stack stuff is coming from, so as to removeit. Perhaps it's generating a different style of trampoline that PaX isn't emulating. Er, it occurs to me that of course gnatgcc won't be hardened-friendly; it doesn't have any of the patches put into the gentoo gcc. I'll have a go at putting various patches for gcc that may be relevant into the gnat build, and see what happens. Update: Managed to merge a bunch of the gcc stuff into the gnat ebuild; it built the stage1 compiler ok, but it fell over a little while later. Here's the compilation line that failed: # pwd /var/tmp/portage/gnat-3.4.3/work/build/gcc # stage1/xgcc -Bstage1/ -B/usr/i686-pc-linux-gnu/bin/ -c -g -O2 -gnatpg -gnata -I- -I. -Iada -I/var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-except.adb -o ada/a-except.o /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-exextr.adb: In function `Ada.Exceptions.Exception_Traces.To_Stderr': /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-exextr.adb:215: error: sweep_string_in_operand: unknown fp usage (insn 94 93 95 (set (reg:SI 2 cx) (reg/f:SI 54 virtual-stack-vars)) -1 (nil) (nil)) +===========================GNAT BUG DETECTED==============================+ | 3.4.3 20041125 (, ssp-3.4.3-0, pie-8.7.7) (i686-pc-linux-gnu) GCC error: | | in sweep_string_in_operand, at protector.c:1550 | | Error detected at a-exextr.adb:215:8 | | Please submit a bug report; see http://gcc.gnu.org/bugs.html. | | Include the entire contents of this bug box in the report. | | Include the exact gcc or gnatmake command that you entered. | | Also include sources listed below in gnatchop format | | (concatenated together with no headers between files). | +==========================================================================+ Please include these source files with error report Note that list may not be accurate in some cases, so please double check that the problem can still be reproduced with the set of files listed. compilation abandoned which looks like the code generator has tried to do something the stack protector doesn't expect. Here's the bit of Ada code: procedure To_Stderr (S : String) is procedure put_char_stderr (C : int); pragma Import (C, put_char_stderr, "put_char_stderr"); begin for J in 1 .. S'Length loop if S (J) /= ASCII.CR then put_char_stderr (Character'Pos (S (J))); end if; end loop; end To_Stderr; where 215:8 is the "T" in "end To_Stderr;". Ada type "String" is a sort of character array. I take it that the error means there's something about the way Ada strings are referenced on the frame that protector didn't understand. I'm not competent to go any further with that, really. I'll have a go at building gnat with pie etc but not ssp... Note to myself - probably needs ssp fixed for bug #74457 Closing this bug as the PaX issue is being dealt with (bug #64373, bug #111340) Integration with gcc SSP patches postponed for now. |