The stage-2 gnat1 executable gets killed by PaX due to an execution attempt when compiling a-charac.ads. Normally I use the stable gcc (3.3.4); I tried switching to gcc 3.4.3, but this gave the same results. Reproducible: Always Steps to Reproduce: 1.Find a box with PaX enabled in the kernel 2.emerge =dev-lang/gnat-3.43 3. Actual Results: After emerge: ... stage2/xgcc -Bstage2/ -B/usr/i686-pc-linux-gnu/bin/ -c -g -O2 -gnatpg -gnata -I- -I. -Iada -I/var/tmp/portage/gnat-3.43/work/gcc-3.4.3/gcc/ada /var/tmp/portage/gnat-3.43/work/gcc-3.4.3/gcc/ada/ada.ads -o ada/ada.o stage2/xgcc -Bstage2/ -B/usr/i686-pc-linux-gnu/bin/ -c -g -O2 -gnatpg -gnata -I- -I. -Iada -I/var/tmp/portage/gnat-3.43/work/gcc-3.4.3/gcc/ada /var/tmp/portage/gnat-3.43/work/gcc-3.4.3/gcc/ada/a-charac.ads -o ada/a-charac.o xgcc: Internal error: Killed (program gnat1) Please submit a full bug report. See <URL:http://gcc.gnu.org/bugs.html> for instructions. make[2]: *** [ada/a-charac.o] Error 1 make[2]: *** Waiting for unfinished jobs.... xgcc: Internal error: Killed (program gnat1) Please submit a full bug report. See <URL:http://gcc.gnu.org/bugs.html> for instructions. make[2]: *** [ada/ada.o] Error 1 make[2]: Leaving directory `/var/tmp/portage/gnat-3.43/work/build/gcc' make[1]: *** [stage3_build] Error 2 make[1]: Leaving directory `/var/tmp/portage/gnat-3.43/work/build/gcc' make: *** [bootstrap] Error 2 and in /var/log/messages: Dec 14 08:37:27 uStarGen2 PAX: execution attempt in: <anonymous mapping>, 5f7f8000-5f802000 5f7f8000 Dec 14 08:37:27 uStarGen2 PAX: terminating task: /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/gnat1(gnat1):11392, uid/euid: 0/0, PC: 5f7fd390, SP: 5f7fd2fc Dec 14 08:37:27 uStarGen2 PAX: bytes at PC: b9 b0 d3 7f 5f e9 b6 12 93 a8 00 00 01 00 00 00 b9 b0 d3 7f Dec 14 08:37:27 uStarGen2 PAX: bytes at SP: 08123327 00000002 00000001 5f7fd358 000009ed 00000000 00000001 5f7fd34400000000 00000002 5f7fd370 5f7fd348 081233e8 00000001 00000000 00000004 5f7fd350 00000002 5f7fd360 5f7fd3c8 Dec 14 08:37:27 uStarGen2 PAX: execution attempt in: <anonymous mapping>, 5869f000-586a9000 5869f000 Dec 14 08:37:27 uStarGen2 PAX: terminating task: /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/gnat1(gnat1):2170, uid/euid: 0/0, PC: 586a4940, SP: 586a489c Dec 14 08:37:27 uStarGen2 PAX: bytes at PC: b9 50 49 6a 58 e9 86 9c a8 af 6a 58 00 49 6a 58 8e 05 00 00 Dec 14 08:37:27 uStarGen2 PAX: bytes at SP: 08123344 00000002 00000003 586a48b8 083fc022 00000003 00000001 586a48e400000000 00000003 586a4910 586a48e8 081233e8 00000001 00000000 242f8dbc 586a48f0 00000003 586a4900 586a4968 Dec 14 08:37:27 uStarGen2 grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/gnat1[gnat1:2170] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/xgcc[xgcc:21160] uid/euid:0/0 gid/egid:0/0 Dec 14 08:37:27 uStarGen2 grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/gnat1[gnat1:11392] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/gnat-3.43/work/build/gcc/stage2/xgcc[xgcc:18400] uid/euid:0/0 gid/egid:0/0 Expected Results: clean ebuild Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.4.3, glibc-2.3.4.20040808-r1, 2.6.7-hardened-r16 i686) ================================================================= System uname: 2.6.7-hardened-r16 i686 AMD Athlon(tm) XP 3200+ Gentoo Base System version 1.4.16 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -pipe -O2" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -pipe -O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.linux.ee/pub/gentoo/distfiles/ http://ftp.easynet.nl/mirror/gentoo/ http://ftp.heanet.ie/pub/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X aalib acl acpi alsa apm arts avi berkdb bidi bitmap-fonts cdr crypt cups dhc-fqdn directfb dlloader doc dvd dvdr encode esd f77 faad fam flac font-server foomaticdb fortran gcj gdbm gif gnome gpm gstreamer gtk gtk2 guile hardened imagemagick imlib java javamail jce jikes jpeg junit kde kerberos libg++ libwww mad mbox mikmod mmx motif mozilla mpeg mpeg4 mysql ncurses nls odbc oggvorbis opengl oss pam pdflib perl pic pie png postgres python qt quicktime readline ruby samba sdl slang speex spell sse ssl svga tcltk tcpd tiff truetype truetype-fonts trusted type1-fonts unicode usb wxwindows x86 xinerama xml2 xmms xprint xv zlib linguas_en_GB linguas_de linguas_es linguas_it linguas_fr"
Ok; managed to get it to build by adding chpax/paxctl into gcc/ada/Make-lang.in near line 270: # Needs to be built with CC=gcc # Since the RTL should be built with the latest compiler, remove the # stamp target in the parent directory whenever gnat1 is rebuilt gnat1$(exeext): $(TARGET_ADA_SRCS) $(GNAT1_OBJS) $(ADA_BACKEND) $(LIBDEPS) $(CC) $(ALL_CFLAGS) $(LDFLAGS) -o $@ $(GNAT1_OBJS) $(ADA_BACKEND) $(LIBS) \ $(SYSLIBS) /sbin/chpax -pemsrx $@ /sbin/paxctl -pemsrx $@ $(RM) stamp-gnatlib2 stamp-tools The 3.4.1 ebuild has the same issue. I tried just setting '-m' but it wasn't enough. Something the compiler does requires executable stack - this wasn't the case with gnat3.15p (based on gcc 2.8.1). This also means that anything built with the compiler also needs executable stack. There are also textrels in the Ada libraries, fwiw. A rummage around the place seems to indicate that gnat is expected to need executable stack - seems a bit duff to me. While chpax/paxctl-ing at least gets things running, I'd prefer to find out where the executable stack stuff is coming from, so as to removeit. Perhaps it's generating a different style of trampoline that PaX isn't emulating.
Er, it occurs to me that of course gnatgcc won't be hardened-friendly; it doesn't have any of the patches put into the gentoo gcc. I'll have a go at putting various patches for gcc that may be relevant into the gnat build, and see what happens.
Update: Managed to merge a bunch of the gcc stuff into the gnat ebuild; it built the stage1 compiler ok, but it fell over a little while later. Here's the compilation line that failed: # pwd /var/tmp/portage/gnat-3.4.3/work/build/gcc # stage1/xgcc -Bstage1/ -B/usr/i686-pc-linux-gnu/bin/ -c -g -O2 -gnatpg -gnata -I- -I. -Iada -I/var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-except.adb -o ada/a-except.o /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-exextr.adb: In function `Ada.Exceptions.Exception_Traces.To_Stderr': /var/tmp/portage/gnat-3.4.3/work/gcc-3.4.3/gcc/ada/a-exextr.adb:215: error: sweep_string_in_operand: unknown fp usage (insn 94 93 95 (set (reg:SI 2 cx) (reg/f:SI 54 virtual-stack-vars)) -1 (nil) (nil)) +===========================GNAT BUG DETECTED==============================+ | 3.4.3 20041125 (, ssp-3.4.3-0, pie-8.7.7) (i686-pc-linux-gnu) GCC error: | | in sweep_string_in_operand, at protector.c:1550 | | Error detected at a-exextr.adb:215:8 | | Please submit a bug report; see http://gcc.gnu.org/bugs.html. | | Include the entire contents of this bug box in the report. | | Include the exact gcc or gnatmake command that you entered. | | Also include sources listed below in gnatchop format | | (concatenated together with no headers between files). | +==========================================================================+ Please include these source files with error report Note that list may not be accurate in some cases, so please double check that the problem can still be reproduced with the set of files listed. compilation abandoned which looks like the code generator has tried to do something the stack protector doesn't expect. Here's the bit of Ada code: procedure To_Stderr (S : String) is procedure put_char_stderr (C : int); pragma Import (C, put_char_stderr, "put_char_stderr"); begin for J in 1 .. S'Length loop if S (J) /= ASCII.CR then put_char_stderr (Character'Pos (S (J))); end if; end loop; end To_Stderr; where 215:8 is the "T" in "end To_Stderr;". Ada type "String" is a sort of character array. I take it that the error means there's something about the way Ada strings are referenced on the frame that protector didn't understand. I'm not competent to go any further with that, really. I'll have a go at building gnat with pie etc but not ssp...
Note to myself - probably needs ssp fixed for bug #74457
Closing this bug as the PaX issue is being dealt with (bug #64373, bug #111340) Integration with gcc SSP patches postponed for now.