547040 – >=sys-devel/gcc-4.9: add USE=vtv to control vtable support

Bug 547040 - >=sys-devel/gcc-4.9: add USE=vtv to control vtable support

Summary: >=sys-devel/gcc-4.9: add USE=vtv to control vtable support

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Development (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	544980
	Show dependency tree

Reported:	2015-04-19 02:11 UTC by Justin N. Ferguson
Modified:	2016-09-28 19:37 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Justin N. Ferguson 2015-04-19 02:11:06 UTC

After upgrading the compiler to GCC 4.9.2 (stock 64-bit profile/not hardened), I noted that support for libvtv was by default compiled in. However, when attempting to utilize it I was met with a host of symbol resolution related errors all tying back to the files vtv_start.o, vtv_start_preinit.o, vtv_end.o and vtv_end_preinit.o.

The problem appears to be related to the absence of the flag "--enable-vtable-verify=yes" during compilation despite having "--enable-libvtv" specified. This results in the required files not being included after installation. 

I would happily provide a dump of the resolution errors, however, I have fixed the compiler and sitting through another recompile is just not what I'd like to be doing at present.

Locally, I was able to fix this issue by via by the EXTRA_ECONF variable and passing "--enable-vtable-verify=yes". I would expect that changing the build process to specify this option would rectify the issue.

vtable verification is actually fairly important from a security perspective.

Reproducible: Always

Steps to Reproduce:
1. emerge =sys-devel/gcc-4.9.2 && gcc-config ...
2. echo 'int main(void) {}' > example.cpp
3. g++ -o example example.cpp -fvtable-verify=std
Actual Results:  
A litany of symbol resolution errors

Expected Results:  
A compiled program linked against libvtv

Comment 1 Justin N. Ferguson 2015-04-19 15:55:52 UTC

While writing a patch to GCC to address this issue,  I forgot to run autoreconf and ended up with a toolchain that exactly emulates the issue:

$ ./usr/x86_64-pc-linux-gnu/gcc-bin/4.9.2/g++ -o tmp tmp.cpp -fvtable-verify=yes
/usr/bin/ld: cannot find vtv_start.o: No such file or directory
$ find /var/tmp/chroot-work/ -name vtv_start.o 
$

Comment 2 SpanKY gentoo-dev

2016-05-04 23:16:43 UTC

i'll add a USE=vtv flag to control libvtv and the the vtable-verify configure flags and default it to on -- the build overhead should be trivial and the runtime overhead (when not using vtable) should be non-existent.

looks like we'll want to mask it on non-x86 targets just so users don't get confused.

Comment 3 SpanKY gentoo-dev

2016-05-09 02:19:49 UTC

should be all set now:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f4dd949d7671bd86610836d5ac270430be37a4c

Comment 4 gentoo_usr 2016-05-15 09:29:53 UTC

Is it intentional that the USE flag 'vtv' is masked on amd64 hardened profile (more precisely hardened/linux/amd64/selinux)?

If not, please remove the masking.

Here is the list of profiles included/parented for a selection of different hardened profiles on amd64. Note that the profile 'default/linux/amd64', which unmasks the USE flag 'vtv', is not amongst them.



/usr/portage/profiles/hardened/linux/amd64/selinux
->
/usr/portage/profiles/base
/usr/portage/profiles/default/linux
/usr/portage/profiles/arch/base
/usr/portage/profiles/features/multilib
/usr/portage/profiles/features/multilib/lib32
/usr/portage/profiles/arch/amd64
/usr/portage/profiles/releases
/usr/portage/profiles/releases/13.0
/usr/portage/profiles/hardened/linux
/usr/portage/profiles/hardened/linux/amd64
/usr/portage/profiles/features/selinux
/usr/portage/profiles/hardened/linux/amd64/selinux



/usr/portage/profiles/hardened/linux/amd64
->
/usr/portage/profiles/base
/usr/portage/profiles/default/linux
/usr/portage/profiles/arch/base
/usr/portage/profiles/features/multilib
/usr/portage/profiles/features/multilib/lib32
/usr/portage/profiles/arch/amd64
/usr/portage/profiles/releases
/usr/portage/profiles/releases/13.0
/usr/portage/profiles/hardened/linux
/usr/portage/profiles/hardened/linux/amd64



/usr/portage/profiles/hardened/linux/musl/amd64
->
/usr/portage/profiles/base
/usr/portage/profiles/default/linux
/usr/portage/profiles/hardened/linux/musl
/usr/portage/profiles/hardened/linux/musl/amd64


/usr/portage/profiles/hardened/linux/amd64/no-multilib/selinux
->
/usr/portage/profiles/base
/usr/portage/profiles/default/linux
/usr/portage/profiles/arch/base
/usr/portage/profiles/features/multilib
/usr/portage/profiles/features/multilib/lib32
/usr/portage/profiles/arch/amd64
/usr/portage/profiles/releases
/usr/portage/profiles/releases/13.0
/usr/portage/profiles/hardened/linux
/usr/portage/profiles/hardened/linux/amd64
/usr/portage/profiles/features/64bit-native
/usr/portage/profiles/hardened/linux/amd64/no-multilib
/usr/portage/profiles/features/selinux
/usr/portage/profiles/hardened/linux/amd64/no-multilib/selinux

Comment 5 Magnus Granberg gentoo-dev

2016-09-28 19:37:18 UTC

Fixed in the hardened profile
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=851733e06b7240fe71c08374135c362bebed495d