Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 460356 - hardened-sources-3.8.0: doesn't build with hardened GCC due to Plugin Support missing on arm
Summary: hardened-sources-3.8.0: doesn't build with hardened GCC due to Plugin Support...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: ARM Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Kernel Team (OBSOLETE)
Depends on:
Reported: 2013-03-04 23:47 UTC by Delete ME
Modified: 2014-09-14 00:05 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

kernel-3.8.config.vanilla (kernel-3.8.config.vanilla,50.71 KB, text/plain)
2013-03-04 23:47 UTC, Delete ME
kernel-3.8.config.hardened (kernel-3.8.config.hardened,53.81 KB, text/plain)
2013-03-04 23:48 UTC, Delete ME

Note You need to log in before you can comment on or make changes to this bug.
Description Delete ME 2013-03-04 23:47:05 UTC
- Solid Run CuBox ( 1 GB version, ARMv7
- Hardened Sources 3.8 with PAX/GrSecurity enabled doesn't build due to GCC Plugin Support missing
- error message:

cubox linux # make -j2 zImage
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf --silentoldconfig Kconfig
# configuration written to .config
Makefile:629: *** Your gcc installation does not support plugins.  If the necessary headers for plugin support are missing, they should be installed.  On Debian, apt-get install gcc-<ver>-plugin-dev.  If you choose to ignore this error and lessen the improvements provided by this patch, re-run make with the DISABLE_PAX_PLUGINS=y argument..  Schluss.

- installed gcc:

cubox linux # emerge -1pav gcc

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] sys-devel/gcc-4.6.3:4.6  USE="cxx hardened mudflap nls nptl openmp (-altivec) -doc (-fixed-point) -fortran -gcj -graphite -gtk (-libssp) (-multilib) -multislot -nopie -nossp -objc -objc++ -objc-gc {-test} -vanilla" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

cubox linux # gcc-config -l
 [1] armv7a-hardfloat-linux-gnueabi-4.6.3 *
 [2] armv7a-hardfloat-linux-gnueabi-4.6.3-hardenednopie
 [3] armv7a-hardfloat-linux-gnueabi-4.6.3-hardenednopiessp
 [4] armv7a-hardfloat-linux-gnueabi-4.6.3-hardenednossp
 [5] armv7a-hardfloat-linux-gnueabi-4.6.3-vanilla

-used profile:

cubox linux # eselect profile list
Available profile symlink targets:
  [1]   default/linux/arm/13.0
  [2]   default/linux/arm/13.0/desktop
  [3]   default/linux/arm/13.0/desktop/gnome
  [4]   default/linux/arm/13.0/desktop/kde
  [5]   default/linux/arm/13.0/developer
  [6]   default/linux/arm/13.0/armv4
  [7]   default/linux/arm/13.0/armv4/desktop
  [8]   default/linux/arm/13.0/armv4/desktop/gnome
  [9]   default/linux/arm/13.0/armv4/desktop/kde
  [10]  default/linux/arm/13.0/armv4/developer
  [11]  default/linux/arm/13.0/armv4t
  [12]  default/linux/arm/13.0/armv4t/desktop
  [13]  default/linux/arm/13.0/armv4t/desktop/gnome
  [14]  default/linux/arm/13.0/armv4t/desktop/kde
  [15]  default/linux/arm/13.0/armv4t/developer
  [16]  default/linux/arm/13.0/armv5te
  [17]  default/linux/arm/13.0/armv5te/desktop
  [18]  default/linux/arm/13.0/armv5te/desktop/gnome
  [19]  default/linux/arm/13.0/armv5te/desktop/kde
  [20]  default/linux/arm/13.0/armv5te/developer
  [21]  default/linux/arm/13.0/armv6j
  [22]  default/linux/arm/13.0/armv6j/desktop
  [23]  default/linux/arm/13.0/armv6j/desktop/gnome
  [24]  default/linux/arm/13.0/armv6j/desktop/kde
  [25]  default/linux/arm/13.0/armv6j/developer
  [26]  default/linux/arm/13.0/armv7a
  [27]  default/linux/arm/13.0/armv7a/desktop
  [28]  default/linux/arm/13.0/armv7a/desktop/gnome
  [29]  default/linux/arm/13.0/armv7a/desktop/kde
  [30]  default/linux/arm/13.0/armv7a/developer
  [31]  hardened/linux/arm/armv7a *
  [32]  hardened/linux/uclibc/arm/armv7a

- emerge info:

cubox linux # emerge --info
Portage (hardened/linux/arm/armv7a, gcc-4.6.3, glibc-2.15-r3, 3.8.0-v4 armv7l)
System uname: Linux-3.8.0-v4-armv7l-with-gentoo-2.1
KiB Mem:     1031440 total,    860076 free
KiB Swap:    1000444 total,   1000444 free
Timestamp of tree: Mon, 04 Mar 2013 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.22
distcc 3.1 armv7a-hardfloat-linux-gnueabi [enabled]
app-shells/bash:          4.2_p37
dev-lang/python:          2.7.3-r2, 3.2.3
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.69
sys-devel/automake:       1.11.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo
CFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard"
FCFLAGS="-O2 -pipe -march=armv7-a"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch webrsync-gpg"
FFLAGS="-O2 -pipe -march=armv7-a"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="acl arm berkdb bzip2 cli cracklib crypt cxx dri gdbm gpm hardened iconv ipv6 modules mudflap ncurses nls nptl openmp pam pax_kernel pcre pic readline session ssl tcpd unicode urandom zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="exynos fbdev omap omapfb dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

- currently i use the vanilla kernel 3.8.0 (3.8.2)
- installed hardened sources:

cubox linux # emerge -1pav hardened-sources

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ~] sys-kernel/hardened-sources-3.8.0-r1:3.8.0-r1  USE="-build -deblob -symlink" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

- vanilla + hardened kernel config is attached
- kernel compile procedure, native:

make distclean
make menuconfig
make -j2 zImage
make -j2 dtbs
cd arch/arm/boot
cat zImage dts/dove-cubox.dtb > zImage.cubox
mkimage -A arm -O linux -C none  -T kernel -a 0x00008000 -e 0x00008000 -n none -d zImage.cubox uImage
cd ../../..
make -j2 modules
make -j2 modules_install
cp arch/arm/boot/uImage /boot/

- kernel compilation using distcc doesn't work, so i can only compile the kernel native (about 2 hours) or via cross compile on my core i7 (up to 3-5 minutes)

Reproducible: Always
Comment 1 Delete ME 2013-03-04 23:47:49 UTC
Created attachment 340980 [details]
Comment 2 Delete ME 2013-03-04 23:48:07 UTC
Created attachment 340982 [details]
Comment 3 Anthony Basile gentoo-dev 2013-03-05 00:10:41 UTC
wow!  This is brave :)

I don't know why plugin support would fail on arm while the equivalent in amd64 or x86 is fine.  Is it possible that arm gcc doesn't have plugin support yet?
Comment 4 PaX Team 2013-03-05 01:06:28 UTC
(In reply to comment #3)
> Is it possible that arm gcc doesn't have plugin support yet?

the PaX gcc plugins work fine on arm (i test them with a cross compiler) but there's indeed a problem with the gcc plugin headers installation in that on arm (or maybe just on a cross compiler) a few needed files don't get installed and one has to manually copy them from the gcc source tree to the installed plugin headers. this is not a gentoo specific problem, it happens with upstream as well. i guess one of these days i'll have to open a bug about this, in the meantime either disable the gcc plugins in PaX or keep compiling a plugin by hand and you'll see the missing includes that you can then copy from the gcc source tree.
Comment 5 Radoslaw Madej (radegand) 2013-03-05 21:58:46 UTC
I hit the same problem with gcc 4.6.3 and 4.7.2 on the Raspberry Pi (armv6 hardfloat). Following pipacs suggestions I've copied the missing files, which turned out to be arm-cores.def and vxworks-dummy.h from the gcc source and now the kernel is compiling... :)
Comment 6 Hinnerk van Bruinehsen 2013-04-17 23:38:52 UTC
I can also confirm that copying these two files fixes the issue.
It also seems to be fixed upstream in gcc 4.8.x

Further reference is for example found here:
Comment 7 Anthony Basile gentoo-dev 2014-09-14 00:05:20 UTC
Looks like this is fixed.