From 82c55764b5f7c2133bf16e9ff4019db1d668b080 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Thu, 10 Nov 2016 20:26:29 +0000 Subject: [PATCH] kbuild: Update -fno-PIE patches to match upstream --- debian/changelog | 1 + .../bugfix/all/kbuild-add-fno-pie.patch | 50 +++++++------------ ...ipts-has-stack-protector-add-fno-pie.patch | 36 +++++++++++++ .../bugfix/x86/x86-kexec-add-fno-pie.patch | 32 ++++++++++++ debian/patches/series | 2 + 5 files changed, 90 insertions(+), 31 deletions(-) create mode 100644 debian/patches/bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch create mode 100644 debian/patches/bugfix/x86/x86-kexec-add-fno-pie.patch diff --git a/debian/changelog b/debian/changelog index 65dfcf60b..f7fbe31ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,7 @@ linux (4.9~rc3-1~exp2) UNRELEASED; urgency=medium * [hppa] Update build-dependencies for 64-bit kernel (fixes FTBFS) * linux-perf: Exclude perf-read-vdso* from shared library dependency check (fixes FTBFS on sparc64) + * [x86] kexec: add -fno-PIE -- Aurelien Jarno Sat, 05 Nov 2016 23:17:01 +0100 diff --git a/debian/patches/bugfix/all/kbuild-add-fno-pie.patch b/debian/patches/bugfix/all/kbuild-add-fno-pie.patch index 4bd05cb55..67d087ebc 100644 --- a/debian/patches/bugfix/all/kbuild-add-fno-pie.patch +++ b/debian/patches/bugfix/all/kbuild-add-fno-pie.patch @@ -1,48 +1,36 @@ From: Sebastian Andrzej Siewior -Date: Wed, 2 Nov 2016 18:20:58 +0100 +Date: Fri, 4 Nov 2016 19:39:38 +0100 Subject: kbuild: add -fno-PIE -Origin: https://www.spinics.net/lists/linux-kbuild/msg13608.html +Origin: https://git.kernel.org/cgit/linux/kernel/git/mmarek/kbuild.git/commit?id=8ae94224c9d72fc4d9aaac93b2d7833cf46d7141 Bug-Debian: https://bugs.debian.org/841368 Debian started to build the gcc with -fPIE by default so the kernel build ends before it starts properly with: |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode -Also add to KBUILD_AFLAGSi due to: +Also add to KBUILD_AFLAGS due to: |gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S -|arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in c ombination with -fpic +|arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic +Tagging it stable so it is possible to compile recent stable kernels as +well. + +Cc: stable@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior -[bwh: Also add the option to scripts/gcc-x86_64-has-stack-protector.sh] +Signed-off-by: Michal Marek --- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + Makefile | 2 ++ + 1 file changed, 2 insertions(+) --- a/Makefile +++ b/Makefile -@@ -400,12 +400,12 @@ KBUILD_CPPFLAGS := -D__KERNEL__ - KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ - -fno-strict-aliasing -fno-common \ - -Werror-implicit-function-declaration \ -- -Wno-format-security \ -+ -Wno-format-security -fno-PIE \ - -std=gnu89 +@@ -624,6 +624,8 @@ include arch/$(SRCARCH)/Makefile + KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,) + KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,) + KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,) ++KBUILD_CFLAGS += $(call cc-option,-fno-PIE) ++KBUILD_AFLAGS += $(call cc-option,-fno-PIE) - KBUILD_AFLAGS_KERNEL := - KBUILD_CFLAGS_KERNEL := --KBUILD_AFLAGS := -D__ASSEMBLY__ -+KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE - KBUILD_AFLAGS_MODULE := -DMODULE - KBUILD_CFLAGS_MODULE := -DMODULE - KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds ---- a/scripts/gcc-x86_64-has-stack-protector.sh -+++ b/scripts/gcc-x86_64-has-stack-protector.sh -@@ -1,6 +1,6 @@ - #!/bin/sh - --echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fstack-protector - -o - 2> /dev/null | grep -q "%gs" -+echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs" - if [ "$?" -eq "0" ] ; then - echo y - else + ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION + KBUILD_CFLAGS += $(call cc-option,-ffunction-sections,) diff --git a/debian/patches/bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch b/debian/patches/bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch new file mode 100644 index 000000000..37632190a --- /dev/null +++ b/debian/patches/bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch @@ -0,0 +1,36 @@ +From: Sebastian Andrzej Siewior +Date: Fri, 4 Nov 2016 19:39:39 +0100 +Subject: scripts/has-stack-protector: add -fno-PIE +Origin: https://git.kernel.org/cgit/linux/kernel/git/mmarek/kbuild.git/commit?id=82031ea29e454b574bc6f49a33683a693ca5d907 +Bug-Debian: https://bugs.debian.org/841368 + +Adding -no-PIE to the fstack protector check. -no-PIE was introduced +before -fstack-protector so there is no need for a runtime check. + +Without it the build stops: +|Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong available but compiler is broken + +due to -mcmodel=kernel + -fPIE if -fPIE is enabled by default. + +Tagging it stable so it is possible to compile recent stable kernels as +well. + +Cc: stable@vger.kernel.org +Signed-off-by: Sebastian Andrzej Siewior +Signed-off-by: Michal Marek +--- + scripts/gcc-x86_64-has-stack-protector.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/gcc-x86_64-has-stack-protector.sh b/scripts/gcc-x86_64-has-stack-protector.sh +index 973e8c141567..17867e723a51 100755 +--- a/scripts/gcc-x86_64-has-stack-protector.sh ++++ b/scripts/gcc-x86_64-has-stack-protector.sh +@@ -1,6 +1,6 @@ + #!/bin/sh + +-echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fstack-protector - -o - 2> /dev/null | grep -q "%gs" ++echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs" + if [ "$?" -eq "0" ] ; then + echo y + else diff --git a/debian/patches/bugfix/x86/x86-kexec-add-fno-pie.patch b/debian/patches/bugfix/x86/x86-kexec-add-fno-pie.patch new file mode 100644 index 000000000..31412a220 --- /dev/null +++ b/debian/patches/bugfix/x86/x86-kexec-add-fno-pie.patch @@ -0,0 +1,32 @@ +From: Sebastian Andrzej Siewior +Date: Fri, 4 Nov 2016 19:39:40 +0100 +Subject: x86/kexec: add -fno-PIE +Origin: https://git.kernel.org/cgit/linux/kernel/git/mmarek/kbuild.git/commit?id=90944e40ba1838de4b2a9290cf273f9d76bd3bdd +Bug-Debian: https://bugs.debian.org/841368 + +If the gcc is configured to do -fPIE by default then the build aborts +later with: +| Unsupported relocation type: unknown type rel type name (29) + +Tagging it stable so it is possible to compile recent stable kernels as +well. + +Cc: stable@vger.kernel.org +Signed-off-by: Sebastian Andrzej Siewior +Signed-off-by: Michal Marek +--- + arch/x86/purgatory/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile +index ac58c1616408..555b9fa0ad43 100644 +--- a/arch/x86/purgatory/Makefile ++++ b/arch/x86/purgatory/Makefile +@@ -16,6 +16,7 @@ KCOV_INSTRUMENT := n + + KBUILD_CFLAGS := -fno-strict-aliasing -Wall -Wstrict-prototypes -fno-zero-initialized-in-bss -fno-builtin -ffreestanding -c -MD -Os -mcmodel=large + KBUILD_CFLAGS += -m$(BITS) ++KBUILD_CFLAGS += $(call cc-option,-fno-PIE) + + $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE + $(call if_changed,ld) diff --git a/debian/patches/series b/debian/patches/series index c5d0919e8..97e6738df 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -64,6 +64,8 @@ bugfix/all/ext4-fix-bug-838544.patch bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch bugfix/all/kbuild-add-fno-pie.patch +bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch +bugfix/x86/x86-kexec-add-fno-pie.patch # Miscellaneous features