Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stdenv/adapters.nix: disable stackprotector hardening on 64-bit powerpc during static-only stages of stdenv bootstrap #168983

Closed
wants to merge 1 commit into from
Closed

stdenv/adapters.nix: disable stackprotector hardening on 64-bit powerpc during static-only stages of stdenv bootstrap #168983

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Apr 16, 2022
edited by ghost
Loading

Description of changes

This is needed to build stdenv on powerpc64le.

Things done
  • Built on platform(s)
    • powerpc64le-linux
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added the 6.topic: stdenv Standard environment label Apr 16, 2022
stdenv/adapters.nix: disable stackprotector hardening on 64-bit power…
f5e5e78 
…pc during static-only stages of stdenv bootstrap
This was referenced Apr 17, 2022
Merged
Merged
@ghost

This comment was marked as duplicate.

Sign in to view
@ghost
Copy link
Author

ghost commented Apr 19, 2022
edited by ghost
Loading

For the record, here is the error produced without this patch, when attempting to build stdenv on powerpc64le:

/tmp/nix-build-gcc-10.3.0.drv-0/build/./prev-gcc/xg++ -B/tmp/nix-build-gcc-10.3.0.drv-0/build/./prev-gcc/ -B/nix/store/71nhr4dkaz9qhs6bbcw16nba6znbqrlk-gcc-10.3.0/powerpc64le-unknown-linux-gnu/bin/ -nostdinc++ -B/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/src/.libs -B/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/libsupc++/.libs  -I/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/include/powerpc64le-unknown-linux-gnu  -I/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/include  -I/tmp/nix-build-gcc-10.3.0.drv-0/gcc-10.3.0/libstdc++-v3/libsupc++ -L/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/src/.libs -L/tmp/nix-build-gcc-10.3.0.drv-0/build/prev-powerpc64le-unknown-linux-gnu/libstdc++-v3/libsupc++/.libs -no-pie   -O2 -I/nix/store/3mj7jzjxsfka79k829fr6bm4hkqs8cxp-glibc-2.33-108-dev/include -B/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib/ -idirafter /nix/store/3mj7jzjxsfka79k829fr6bm4hkqs8cxp-glibc-2.33-108-dev/include -idirafter /nix/store/4l3890s1hjrf8nq7r5lcfciamywivrcz-bootstrap-tools/lib/gcc/powerpc64le-unknown-linux-gnu/10.3.0/include-fixed -Wl,-rpath,/nix/store/4b3vj6zdrs3c05dg8wgq4dkd349hw6cl-gcc-10.3.0-lib/lib -Wl,-L/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib -Wl,-rpath -Wl,/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib -Wl,-dynamic-linker=/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib/ld64.so.2 -fno-checking -gtoggle -DIN_GCC     -fno-exceptions -fno-rtti -fasynchronous-unwind-tables -W -Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wno-error=format-diag -Wmissing-format-attribute -Woverloaded-virtual -pedantic -Wno-long-long -Wno-variadic-macros -Wno-overlength-strings   -DHAVE_CONFIG_H -static-libstdc++ -static-libgcc -O2 -I/nix/store/3mj7jzjxsfka79k829fr6bm4hkqs8cxp-glibc-2.33-108-dev/include -B/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib/ -idirafter /nix/store/3mj7jzjxsfka79k829fr6bm4hkqs8cxp-glibc-2.33-108-dev/include -idirafter /nix/store/4l3890s1hjrf8nq7r5lcfciamywivrcz-bootstrap-tools/lib/gcc/powerpc64le-unknown-linux-gnu/10.3.0/include-fixed -Wl,-rpath,/nix/store/4b3vj6zdrs3c05dg8wgq4dkd349hw6cl-gcc-10.3.0-lib/lib -Wl,-L/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib -Wl,-rpath -Wl,/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib -Wl,-dynamic-linker=/nix/store/706d6wqhp0naf3f4csbkjcfjdr94w5fb-glibc-2.33-108/lib/ld64.so.2 -o cc1plus \
 cp/cp-lang.o c-family/stub-objc.o cp/call.o cp/class.o cp/constexpr.o cp/constraint.o cp/coroutines.o cp/cp-gimplify.o cp/cp-objcp-common.o cp/cp-ubsan.o cp/cvt.o cp/cxx-pretty-print.o cp/decl.o cp/decl2.o cp/dump.o cp/error.o cp/except.o cp/expr.o cp/friend.o cp/init.o cp/lambda.o cp/lex.o cp/logic.o cp/mangle.o cp/method.o cp/name-lookup.o cp/optimize.o cp/parser.o cp/pt.o cp/ptree.o cp/rtti.o cp/search.o cp/semantics.o cp/tree.o cp/typeck.o cp/typeck2.o cp/vtable-class-hierarchy.o attribs.o incpath.o c-family/c-common.o c-family/c-cppbuiltin.o c-family/c-dump.o c-family/c-format.o c-family/c-gimplify.o c-family/c-indentation.o c-family/c-lex.o c-family/c-omp.o c-family/c-opts.o c-family/c-pch.o c-family/c-ppoutput.o c-family/c-pragma.o c-family/c-pretty-print.o c-family/c-semantics.o c-family/c-ada-spec.o c-family/c-ubsan.o c-family/known-headers.o c-family/c-attribs.o c-family/c-warn.o c-family/c-spellcheck.o glibc-c.o rs6000-c.o cc1plus-checksum.o libbackend.a main.o libcommon-target.a libcommon.a ../libcpp/libcpp.a ../libdecnumber/libdecnumber.a libcommon.a ../libcpp/libcpp.a   ../libbacktrace/.libs/libbacktrace.a ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a  -L/nix/store/cs8sl46d767c2iwdc6hhmhfvqa1qgvxl-isl-0.20/lib -lisl -L/nix/store/m4x8d7n3qhzkb7myrjj0xml949024qg4-gmp-6.2.1/lib -L/nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib -L/nix/store/maiv2qjy201z8a5qrk726ayrcw0wrmqc-libmpc-1.2.1/lib -lmpc -lmpfr -lgmp -rdynamic -ldl  -lz
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mpfr-gmp.o):(.toc+0x8): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mpfr-gmp.o):(.toc+0x8): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add1.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mul.o):(.toc+0x0): more undefined references to `__stack_chk_guard' follow
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add1.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mul.o):(.toc+0x0): more undefined references to `__stack_chk_guard' follow
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mpfr-gmp.o):(.toc+0x8): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add1.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mul.o):(.toc+0x0): more undefined references to `__stack_chk_guard' follow
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mpfr-gmp.o):(.toc+0x8): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add1.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(add_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(div_ui.o):(.toc+0x0): undefined reference to `__stack_chk_guard'
/nix/store/3icagz57flqg7z2dpihj4gadb8ng2xdv-binutils-2.35.2/bin/ld: /nix/store/9irfh44zfaadfv77mn306wnkbglf914s-mpfr-4.1.0/lib/libmpfr.a(mul.o):(.toc+0x0): more undefined references to `__stack_chk_guard' follow
collect2: error: ld returned 1 exit status
make[3]: *** [../../gcc-10.3.0/gcc/lto/Make-lang.in:92: lto-dump] Error 1
make[3]: *** Waiting for unfinished jobs....
collect2: error: ld returned 1 exit status
make[3]: *** [../../gcc-10.3.0/gcc/lto/Make-lang.in:88: lto1] Error 1
collect2: error: ld returned 1 exit status
make[3]: *** [../../gcc-10.3.0/gcc/c/Make-lang.in:85: cc1] Error 1
collect2: error: ld returned 1 exit status
make[3]: *** [../../gcc-10.3.0/gcc/cp/Make-lang.in:120: cc1plus] Error 1
rm gcc.pod
make[3]: Leaving directory '/tmp/nix-build-gcc-10.3.0.drv-0/build/gcc'
make[2]: *** [Makefile:4781: all-stage2-gcc] Error 2
make[2]: Leaving directory '/tmp/nix-build-gcc-10.3.0.drv-0/build'
make[1]: *** [Makefile:22323: stage2-bubble] Error 2
make[1]: Leaving directory '/tmp/nix-build-gcc-10.3.0.drv-0/build'
make: *** [Makefile:22527: bootstrap] Error 2
error: builder for '/nix/store/4l5vnd2587bpgkmi9mxla22cgzpnfl3r-gcc-10.3.0.drv' failed with exit code 2
error: 1 dependencies of derivation '/nix/store/mnzzn7zd0fvidip7fcmfbsc76fsh59hs-bootstrap-stage4-gcc-wrapper-10.3.0.drv' failed to build
error: 1 dependencies of derivation '/nix/store/2gsv3z2cw9jqvb1xv43vy0w6mm5z1mby-stdenv-linux.drv' failed to build
error: 1 dependencies of derivation '/nix/store/6x2yb6rrk86hhiv4yvdi0gpfl208qw9w-hello-2.12.drv' failed to build

@ghost
Copy link
Author

ghost commented Apr 19, 2022

Wow, this is really hairy. I'm still working on it but the more I learn the weirder it gets.

It all starts with the fact that one of the five stages of stdenv bootstrapping compiles libgmp with --enable-static --disable-shared. That isn't a big deal. However the resulting static library libgmp.a then gets linked into coreutils, which is not a statically-linked binary. That kind of usage is not very commonplace or well-tested.

Anyways, when you use -fstack-protector to compile something, gcc emits a binary with a link dependency on -lssp. If you're compiling a statically linked binary, it depends on libssp_nonshared.a. If you're compiling a dynamically linked binary, it depends on libssp.so.

The problem comes up when you use statically-linked libraries (which want libssp_nonshared.a) in a dynamically linked binary (which will link with libssp.so). Then you get missing symbols.

To top it all off, a lot of the details of the stack-protector are highly target-specific. So, there might be some lucky reason why the situation above doesn't affect x86_64 and arm64.

I'll hack on this a bit more tomorrow, but I think the end result here is that I'm going to modify this PR to disable the guard on all platforms (remember, this only applies to the third of five stdenv bootstrapping stages -- the hardening is still applied to all the other stages and to the final nixpkgs) and include an explanation which amounts to "we're using statically linked libraries in a dynamic binary, this is unusual, and hardening does not get along with it".

@ghost ghost mentioned this pull request Apr 20, 2022
Merged
7 tasks
@ghost
Copy link
Author

ghost commented Apr 20, 2022
edited by ghost
Loading

Closed in favor of #169378, which makes the stdenv bootstrapping code do what the stdenv comments say it does. As a side effect of that, this bug gets fixed.

@ghost ghost closed this Apr 20, 2022
@ghost ghost mentioned this pull request Apr 20, 2022
Closed
6 tasks
@ghost
Copy link
Author

ghost commented Jul 17, 2022

I'm afraid my previous comment was too optimistic. This PR is still needed to finish the bootstrap of stdenv. I had this commit (and several others needed to build powerpc64le stdenv) in my local branch when I tested #169378 and did not realize it. It wasn't until recently when all the other PRs merged that I was able to get back onto master... and realized that we still need this.

@ghost
Copy link
Author

ghost commented Jul 17, 2022

Well apparently I can't reopen this. Argh.

This was referenced Jul 17, 2022
Merged
Closed
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/is-it-possible-to-override-cargosha256-in-buildrustpackage/4393/8

@Artturin Artturin mentioned this pull request Jan 29, 2024
Open
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philiptaron philiptaron Awaiting requested review from philiptaron philiptaron will be requested when the pull request is marked ready for review philiptaron is a code owner

Assignees
No one assigned
Labels
6.topic: stdenv Standard environment
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nixos-discourse