Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 563576 - app-emulation/xen-tools-{4.5.1-r3,4.6.0} failed compilation/linking with USE="ovmf" on hardened profile
Summary: app-emulation/xen-tools-{4.5.1-r3,4.6.0} failed compilation/linking with USE=...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 3 votes (vote)
Assignee: The Gentoo Linux Hardened Team
Depends on:
Reported: 2015-10-20 16:12 UTC by Jiří Moravec
Modified: 2018-01-03 21:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Patch for -fPIC in xen-tools with ovmf (file_563576.txt,788 bytes, patch)
2016-04-12 17:58 UTC, zehfox+gentoo
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jiří Moravec 2015-10-20 16:12:28 UTC
xen-tools compilation with enabled "ovmf" on hardened profile failed:

make[8]: Entering directory '/var/tmp/portage/app-emulation/xen-tools-4.5.1-r3/work/xen-4.5.1/tools/firmware/ovmf-dir-remote/BaseTools/Source/C/GnuGenBootSector'
mkdir ../bin
x86_64-pc-linux-gnu-gcc  -c -MD -fshort-wchar -fno-strict-aliasing -Wall -Wno-error -Wno-unused-but-set-variable -Wno-deprecated-declarations -nostdlib -c -g  -I .. -I ../Include/Common -I ../Include/ -I ../Include/IndustryStandard -I ../Common/ -I .. -I . -I ../Include/X64/  GnuGenBootSector.c -o GnuGenBootSector.o
x86_64-pc-linux-gnu-gcc -o ../bin/GnuGenBootSector  GnuGenBootSector.o -L../libs -lCommon
/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.3/../../../../x86_64-pc-linux-gnu/bin/ld: GnuGenBootSector.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
GnuGenBootSector.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
../Makefiles/app.makefile:24: recipe for target '../bin/GnuGenBootSector' failed
make[8]: *** [../bin/GnuGenBootSector] Error 1
make[8]: Leaving directory '/var/tmp/portage/app-emulation/xen-tools-4.5.1-r3/work/xen-4.5.1/tools/firmware/ovmf-dir-remote/BaseTools/Source/C/GnuGenBootSector'

x86_64-pc-linux-gnu-4.9.3-hardenednopiessp are without problem...

Reproducible: Always

Steps to Reproduce:
1. hardened profile, gcc with full pie and ssp
2. USE="ovmf" emerge -v1 app-emulation/xen-tools
Actual Results:  
failed with "GnuGenBootSector.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC"

Expected Results:  
compilation/linking success

Portage 2.2.23 (python 2.7.10-final-0, hardened/linux/amd64, gcc-4.9.3, glibc-2.20-r2, 4.2.3-x1 x86_64)
                         System Settings
System uname: Linux-4.2.3-x1-x86_64-AMD_FX-tm-8350_Eight-Core_Processor-with-gentoo-2.2
KiB Mem:    16366964 total,   4833608 free
KiB Swap:   50331632 total,  49543604 free
Timestamp of repository gentoo: Tue, 20 Oct 2015 07:30:01 +0000
sh bash 4.3_p42
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
ccache version 3.2.4 [enabled]
app-shells/bash:          4.3_p42::gentoo
dev-java/java-config:     2.2.0::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.10::gentoo, 3.4.3::gentoo
dev-util/ccache:          3.2.4::gentoo
dev-util/cmake:           3.3.1-r1::gentoo
dev-util/pkgconfig:       0.28-r3::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.18.3::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.4_p6-r2::gentoo, 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.9.3::jim-private, 5.2.0::jim-private
sys-devel/gcc-config:     1.8::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.2::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo

    location: /usr/portage/ebuilds
    sync-type: rsync
    sync-uri: rsync://
    priority: -1000

    location: /usr/portage/overlays/layman/openstreetmap
    masters: gentoo
    priority: 0

    location: /usr/portage/overlays/layman/gentoo-el
    masters: gentoo
    priority: 1

    location: /usr/portage/overlays/layman/java
    masters: gentoo
    priority: 2

    location: /usr/portage/overlays/layman/seden
    masters: gentoo
    priority: 3

    location: /usr/portage/overlays/layman/sunrise
    masters: gentoo
    priority: 4

    location: /usr/portage/overlays/layman/x11
    masters: gentoo
    priority: 5

    location: /usr/portage/overlays/layman/bliss-overlay
    masters: gentoo
    priority: 6

    location: /usr/portage/overlays/layman/ROKO__
    masters: gentoo
    priority: 7

    location: /usr/portage/overlays/layman/grub2-themes
    masters: gentoo
    priority: 8

    location: /usr/portage/overlays/layman/zugaina
    masters: gentoo
    priority: 9

    location: /usr/portage/overlays/layman/init6
    masters: gentoo
    priority: 10

    location: /usr/portage/overlays/jim
    masters: gentoo
    priority: 11

    location: /usr/portage/overlays/crossdev
    masters: gentoo
    priority: 12

CFLAGS="-march=native -O2 -pipe -mtune=native -mvzeroupper -fno-lto -fdiagnostics-color=auto"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe -mtune=native -mvzeroupper -fno-lto -fdiagnostics-color=auto"
EMERGE_DEFAULT_OPTS="--keep-going --ask-enter-invalid --quiet-build=y --quiet-fail=y --jobs=8 --load-average=7.8 --autounmask-keep-masks"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -O2 -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -fno-lto"
MAKEOPTS="-j8 -l7.8"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="7zip X aac acl acpi alsa amd64 bash-completion berkdb bzip2 cairo caps cli cracklib crypt cxx dbus dri dvd egl encode evdev faac faad fbcon fbcondecor fbsplash ffmpeg fftw flac gallium gdbm gif glamor gnutls gpm gtk hardened hvm iconv id3tag iproute2 ipv6 java java6 jpeg jpeg2k justify kde kerberos lzma lzo mad matroska mmx mmxext mng mod modules mp3 mp4 mpeg mpeg2 mpeg4 multilib mysql ncurses netlink nfs nfsv3 nfsv4 nls nptl nsplugin ntfs ogg openal opengl openmp ovmf pam pax_kernel pcre pdf perl php pic pie png python qt3support qt4 qt5 rdp readline samba sdl sdl2 seccomp semantic-desktop session slang sse sse2 ssl ssp svg tcpd theora tiff truetype unicode urandom usb userlocales vdpau vlc vnc vorbis vpx webkit webp x264 x265 xattr xen xml xtpax xv xvmc zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_fcgi proxy_ftp proxy_http" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx fma3 fma4 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 xop" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc efi-64 xen" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="cs" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="i386 x86_64 or32 ppc64" QEMU_USER_TARGETS="i386 x86_64 or32 ppc64" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="radeon r600 radeonsi amdgpu" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

                        Package Settings

app-emulation/xen-tools-4.6.0::gentoo was built with the following:
USE="hvm ovmf pam python system-qemu system-seabios -api -custom-cflags -debug -doc -flask -ocaml -pygrub -qemu -screen -static-libs" ABI_X86="64" PYTHON_TARGETS="python2_7"
CXXFLAGS="-march=native -O2 -pipe -mtune=native -mvzeroupper -fno-lto -fdiagnostics-color=auto -fno-strict-overflow"
Comment 1 Ilya Yesin 2016-01-03 17:02:51 UTC
Same output for app-emulation/xen-tools-4.5.2-r2
Comment 2 zehfox+gentoo 2016-04-10 15:52:47 UTC
Still a problem on amd64 hardened.
Comment 3 zehfox+gentoo 2016-04-12 17:58:05 UTC
Created attachment 430246 [details, diff]
Patch for -fPIC in xen-tools with ovmf
Comment 4 zehfox+gentoo 2016-04-12 18:19:24 UTC
Build system in ovmf requires python2, used eselect to select python2 as global python. Probably should make a patch that fixes this in the makefile.

USE="ovmf" depends on nasm.
Comment 5 Mekong 2016-09-14 12:28:49 UTC
ovmf can not be built with pie you need to switch gcc profile to hardenednopie for this specific package.
Comment 6 dmw 2016-10-16 07:23:06 UTC
This problem also occurs with app-emulation/xen-tools-4.6.3-r1
Comment 7 dmw 2016-10-23 06:03:09 UTC
(In reply to Mekong from comment #5)
> ovmf can not be built with pie you need to switch gcc profile to
> hardenednopie for this specific package.

How do you switch this gcc profile?
Comment 8 Mekong 2016-12-14 19:47:23 UTC
Sorry for the late reply, I don't check this regularly. I don't use ovmf with xen, but use with qemu and by chance found this post.

Use "gcc-config" to switch your gcc profile. This is the easy way but this is for every packages.

After this you may want to switch gcc profile per package . This is a bit more complicate. You create a file 
"/etc/portage/env/app-emulation/xen-tools" and copy GCC_SPECS line from your gcc hardenednopie profile under directory "/etc/env.d/gcc/" 

Example: GCC_SPECS="/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.3/hardenednopie.specs"
Comment 9 Radoslaw Szkodzinski 2017-09-30 04:51:35 UTC
This is back with 4.8.1 if ever fixed, but new GCC 6.x do not have switchable profiles anymore.

Results in error containing:
  /var/tmp/portage/app-emulation/xen-tools-4.8.1-r1/work/xen-4.8.1/tools/firmware/ovmf-dir-remote/Build/OvmfX64/RELEASE_GCC44/X64/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Madt.dll unsupported ELF EM_X86_64 relocation 0x1d.
Comment 10 Magnus Granberg gentoo-dev 2017-09-30 16:47:41 UTC
Xen looks like it fail with gcc 6.X to that have pie default enable in default profile. Do upsteam have any fix for it? Is not only Gentoo have PIE enable as default.
Comment 11 Spooky Ghost 2018-01-03 21:22:24 UTC
The fix for bug #640162 solved this issue for me with xen-tools-4.9.1-r1 + gcc 6.4 and USE=ovmf.  (The fix actually seems to be committed in 2bfd1dc774e87e20ccd6f77a4847ec7126501e43 not 57e910ccaa98ba21cfc65419508e3695828f5b28)