201611082138.patch crashes gcc

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

201611082138.patch crashes gcc

Postby Carlos Carvalho » Wed Nov 09, 2016 9:04 am

The latest patch causes gcc(?!) to crash:

CHK include/config/kernel.release
UPD include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
UPD include/generated/utsrelease.h
CHK include/generated/bounds.h
CHK include/generated/timeconst.h
CHK include/generated/asm-offsets.h
CALL scripts/checksyscalls.sh
CHK include/generated/compile.h
CC init/version.o
LD init/built-in.o
CC arch/x86/kernel/i8259.o
*** WARNING *** there are active plugins, do not report this as a bug unless you can reproduce it without enabling any plugins.
Event | Plugins
PLUGIN_FINISH_TYPE | randomize_layout_plugin structleak_plugin constify_plugin
PLUGIN_FINISH_DECL | randomize_layout_plugin
PLUGIN_FINISH_UNIT | rap_plugin
PLUGIN_ATTRIBUTES | randomize_layout_plugin structleak_plugin constify_plugin
PLUGIN_START_UNIT | rap_plugin constify_plugin
PLUGIN_ALL_IPA_PASSES_START | randomize_layout_plugin rap_plugin constify_plugin
arch/x86/kernel/i8259.c: In function ‘init_8259A’:
arch/x86/kernel/i8259.c:432:1: internal compiler error: segmentation fault
device_initcall(i8259A_init_ops);
^~~~~~~~~~~~~~~

It's on a Debian machine running the latest gcc suite:
gcc (Debian 6.2.0-11) 6.2.0 20161103

I had to use this patch to be able to use plugins:
--- Makefile~ 2016-11-09 10:12:24.221021085 -0200
+++ Makefile 2016-11-09 10:30:42.148406435 -0200
@@ -623,6 +623,8 @@

KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
+KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
+KBUILD_AFLAGS += $(call cc-option,-fno-PIE)

ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
KBUILD_CFLAGS += -Os

This is a GCC bug but it doesn't happen with the vanilla kernel. I'm reporting if ever you have an easy workaround.
Carlos Carvalho
 
Posts: 27
Joined: Thu Apr 21, 2011 4:48 pm

Re: 201611082138.patch crashes gcc

Postby PaX Team » Wed Nov 09, 2016 5:24 pm

i couldn't reproduce the gcc ICE but i do get errors on asm constraints when PIE is enabled for the kernel, so i guess debian's gcc turned that on without making sure that it's not used for kernel compilation (unlike hardened gentoo). in any case, i'll carry the workaround but in general, debian should get their act together and not blindly deliver security this way.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: 201611082138.patch crashes gcc

Postby Carlos Carvalho » Thu Nov 10, 2016 2:27 pm

Thanks a lot. However it didn't work, the segfault still exits.

I'm using Debian unstable, updated very often, so this breakage cannot be considered a distribution bug [yet], since it's not a release. For you to see it in your machine it's probably necessary to run the same package versions, which are the latest in the repository. Probably not worth your precious time...
Carlos Carvalho
 
Posts: 27
Joined: Thu Apr 21, 2011 4:48 pm

Re: 201611082138.patch crashes gcc

Postby PaX Team » Thu Nov 10, 2016 8:44 pm

i tried with a gcc-6 snapshot from 20161029 and still no dice... i wonder if you can find out which plugin is needed to trigger the segfault.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: [SOLVED] 201611082138.patch crashes gcc

Postby Carlos Carvalho » Sun Nov 13, 2016 9:28 am

I tried to compile in another machine, after spending some hours upgrading it. And it worked! So I returned to the main server to find out why it didn't work there and removed the gcc-4.9 version that was also installed because of Nvidia stuff. And then it worked... So it seems that there is a bug in the Debian packages when there's more than one gcc version installed. Apparently it only shows up when pluggins are used.

BTW, I had to disable gcc stack protection because it says compiler support for it is broken.

Thanks for the support.
Carlos Carvalho
 
Posts: 27
Joined: Thu Apr 21, 2011 4:48 pm


Return to grsecurity support

cron