[gentoo-user] gcc 6 PIE use flag

2017-05-07 Thread Adam Carter 
Since an update to the default USE flags on gcc 6 turned on PIE and SSP,
i'm getting these errors;

/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
atof-generic.o: relocation R_X86_64_32 against `.rodata' can not be used
when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
dw2gencfi.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be
used when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
frags.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used
when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
messages.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used
when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
subsegs.o: relocation R_X86_64_32 against `.rodata' can not be used when
making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
symbols.o: relocation R_X86_64_32S against symbol `_sch_toupper' can not be
used when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
atof-ieee.o: relocation R_X86_64_32S against `.rodata' can not be used when
making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
symbols.o: warning: relocation against `strlen@@GLIBC_2.2.5' in readonly
section `.text'
/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status

If I add -fPIC to CFLAGS it will compile. Interestingly some packages (eg
PHP) will compile without the -fPIC. Also the man page says; "This option
makes a difference on AArch64, m68k, PowerPC and SPARC:, whereas i'm
running amd64.

What's going on here?

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-08 Thread Andrew Savchenko 
On Mon, 8 May 2017 08:46:54 +1000 Adam Carter wrote:
> Since an update to the default USE flags on gcc 6 turned on PIE and SSP,
> i'm getting these errors;
> 
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> atof-generic.o: relocation R_X86_64_32 against `.rodata' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> dw2gencfi.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be
> used when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> frags.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> messages.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> subsegs.o: relocation R_X86_64_32 against `.rodata' can not be used when
> making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> symbols.o: relocation R_X86_64_32S against symbol `_sch_toupper' can not be
> used when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> atof-ieee.o: relocation R_X86_64_32S against `.rodata' can not be used when
> making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> symbols.o: warning: relocation against `strlen@@GLIBC_2.2.5' in readonly
> section `.text'
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> final link failed: Nonrepresentable section on output
> collect2: error: ld returned 1 exit status
> 
> If I add -fPIC to CFLAGS it will compile. Interestingly some packages (eg
> PHP) will compile without the -fPIC. Also the man page says; "This option
> makes a difference on AArch64, m68k, PowerPC and SPARC:, whereas i'm
> running amd64.
> 
> What's going on here?

Shared objects often need -fPIC for proper relocations when
linking, just add it when you're told to. It allows COW strategy
for DLOs but at the cost of extra CPU register and some slowdown.

Best regards,
Andrew Savchenko


pgp_7cjU5i50K.pgp
Description: PGP signature

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-08 Thread Adam Carter 
Shared objects often need -fPIC for proper relocations when

> linking, just add it when you're told to. It allows COW strategy
> for DLOs but at the cost of extra CPU register and some slowdown.
>
>
Shouldn't this be in the ebuilds? eg.
if gcc:6[pie];
then CFLAGS=${CFLAGS} -fPIC

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-09 Thread Andrew Savchenko 
On Tue, 9 May 2017 14:36:09 +1000 Adam Carter wrote:
> Shared objects often need -fPIC for proper relocations when
> 
> > linking, just add it when you're told to. It allows COW strategy
> > for DLOs but at the cost of extra CPU register and some slowdown.
> >
> >
> Shouldn't this be in the ebuilds? eg.
> if gcc:6[pie];
> then CFLAGS=${CFLAGS} -fPIC

I'm not so sure. Whether -fPIC is required or not depends on too
many factors and adding it when not needed will bring harm.

Are you using hardened?

Best regards,
Andrew Savchenko


pgp8oPjdoXM85.pgp
Description: PGP signature

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-09 Thread Walter Dnes 
On Mon, May 08, 2017 at 08:46:54AM +1000, Adam Carter wrote
> Since an update to the default USE flags on gcc 6 turned on PIE and SSP,
> i'm getting these errors;
> 
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> atof-generic.o: relocation R_X86_64_32 against `.rodata' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> dw2gencfi.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be
> used when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> frags.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> messages.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used
> when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> subsegs.o: relocation R_X86_64_32 against `.rodata' can not be used when
> making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> symbols.o: relocation R_X86_64_32S against symbol `_sch_toupper' can not be
> used when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> atof-ieee.o: relocation R_X86_64_32S against `.rodata' can not be used when
> making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> symbols.o: warning: relocation against `strlen@@GLIBC_2.2.5' in readonly
> section `.text'
> /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
> final link failed: Nonrepresentable section on output
> collect2: error: ld returned 1 exit status
> 
> If I add -fPIC to CFLAGS it will compile. Interestingly some packages (eg
> PHP) will compile without the -fPIC. Also the man page says; "This option
> makes a difference on AArch64, m68k, PowerPC and SPARC:, whereas i'm
> running amd64.
> 
> What's going on here?

  It's a feature, not a bug.  There's a news item being worked on in
the Gentoo dev list.  I'd normally just link to a mail archive, but it's
too new to have been archived yet.  Here's a copy of the proposed news
item.  Note the example error message about relocation against .rodata

###
Title: GCC 6 defaults to USE="pie ssp"
Author: Matthias Maier 
Content-Type: text/plain
Posted: 2017-05-07
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: >=sys-devel/gcc-6.3.0
Display-If-Keyword: amd64

In Gentoo, several GCC features can be default disabled or enabled
via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already
enabled default SSP [1]. Since the PIE patchset for default position
independent executable support was integrated upstream [2,3], starting
with gcc-6.3 we are also enabling PIE by default (via a default-enabled
use-flag pie) in regular (non-hardened) profiles.

[Additionally, following Gentoo policies, the default-off use-flags
nopie (only present in Hardened) and nossp are replaced starting with
gcc-6 by default-on use-flags pie and ssp.]

Be advised that switching from an older version to GCC 6 will enable the
PIE feature by default. This should not cause many problems, but it may
be necessary to recompile parts of your userland. An indicator are
linker errors of the form [4]

  relocation R_X86_64_32 against `.rodata.str1.1' can not be used when
  making a shared object; recompile with -fPIC

[1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html
[2] https://gcc.gnu.org/gcc-6/changes.html
[3] A big thanks to all developers and members of the Gentoo community that
made upstreaming the pie patchset and other hardening options possible!
[4] https://bugs.gentoo.org/617698
###


-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-10 Thread Adam Carter 
I'm not so sure. Whether -fPIC is required or not depends on too

> many factors and adding it when not needed will bring harm.
>
> Are you using hardened?
>

Yes, its on. I haven't hit the error again so it doesnt appear to be too
much of an issue.

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-10 Thread Adam Carter 
  It's a feature, not a bug.  There's a news item being worked on in

> the Gentoo dev list.  I'd normally just link to a mail archive, but it's
> too new to have been archived yet.  Here's a copy of the proposed news
> item.  Note the example error message about relocation against .rodata
>
> ###
> Title: GCC 6 defaults to USE="pie ssp"
> Author: Matthias Maier 
> Content-Type: text/plain
> Posted: 2017-05-07
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: >=sys-devel/gcc-6.3.0
> Display-If-Keyword: amd64 applications
>
> 
Thanks for that info. Looks like i got spooked unnecessarily.

Re: [gentoo-user] gcc 6 PIE use flag

2017-05-14 Thread Adam Carter 
>
> the Gentoo dev list.  I'd normally just link to a mail archive, but it's
>> too new to have been archived yet.  Here's a copy of the proposed news
>> item.  Note the example error message about relocation against .rodata
>>
>> ###
>> Title: GCC 6 defaults to USE="pie ssp"
>> Author: Matthias Maier 
>> Content-Type: text/plain
>> Posted: 2017-05-07
>> Revision: 1
>> News-Item-Format: 1.0
>> Display-If-Installed: >=sys-devel/gcc-6.3.0
>> Display-If-Keyword: amd64 applications
>>
>>
pie: recently promoted to default, now forced off...

[ebuild   R] sys-devel/gcc-6.3.0:6.3.0::gentoo  USE="cxx fortran
(multilib) nls nptl openmp pch sanitize ssp vtv (-altivec) (-awt) -cilk
-debug -doc (-fixed-point) (-gcj) -go -graphite (-hardened) (-jit)
(-libssp) -mpx -objc -objc++ -objc-gc (-pie*) -regression-test -vanilla" 0
KiB