* [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2
@ 2021-06-01 19:00 Romain Naour
2021-06-01 19:52 ` Arnout Vandecappelle
2021-06-10 8:26 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Romain Naour @ 2021-06-01 19:00 UTC (permalink / raw)
To: buildroot
Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
with other hardening features [1]. Since then the nios2 defconfig
qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:
Run /init as init process
with arguments:
/init
with environment:
HOME=/
TERM=linux
Failed to execute /init (error -12)
See Buildroot build log and Qemu runtime test log in build artifacts [2].
Analyzing one of the binary with strace show that the problem occur
very early when starting the new process:
# strace ./busybox
execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
(Cannot allocate memory)
+++ killed by SIGSEGV +++
Several binutils/glibc/gcc version has been tested without any success.
The issue has been reported to the glibc mailing list but it can be a linker
or kernel bug [3].
For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
found and fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
---
Config.in | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Config.in b/Config.in
index c65e34bd5e..d9be677c21 100644
--- a/Config.in
+++ b/Config.in
@@ -716,6 +716,8 @@ comment "Security Hardening Options"
config BR2_PIC_PIE
bool "Build code with PIC/PIE"
default y
+ # Nios2 toolchains produce non working binaries with -fPIC
+ depends on !BR2_nios2
depends on BR2_SHARED_LIBS
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
help
@@ -723,6 +725,7 @@ config BR2_PIC_PIE
Position-Independent Executables (PIE).
comment "PIC/PIE needs a toolchain w/ PIE"
+ depends on !BR2_nios2
depends on BR2_SHARED_LIBS
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
@@ -813,6 +816,7 @@ config BR2_RELRO_PARTIAL
config BR2_RELRO_FULL
bool "Full"
+ depends on !BR2_nios2 # BR2_PIC_PIE
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
select BR2_PIC_PIE
help
@@ -821,6 +825,7 @@ config BR2_RELRO_FULL
program loading, i.e every time an executable is started.
comment "RELRO Full needs a toolchain w/ PIE"
+ depends on !BR2_nios2
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
endchoice
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2
2021-06-01 19:00 [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2 Romain Naour
@ 2021-06-01 19:52 ` Arnout Vandecappelle
2021-06-10 8:26 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle @ 2021-06-01 19:52 UTC (permalink / raw)
To: buildroot
On 01/06/2021 21:00, Romain Naour wrote:
> Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
> with other hardening features [1]. Since then the nios2 defconfig
> qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:
>
> Run /init as init process
> with arguments:
> /init
> with environment:
> HOME=/
> TERM=linux
> Failed to execute /init (error -12)
>
> See Buildroot build log and Qemu runtime test log in build artifacts [2].
>
> Analyzing one of the binary with strace show that the problem occur
> very early when starting the new process:
>
> # strace ./busybox
> execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
> (Cannot allocate memory)
> +++ killed by SIGSEGV +++
>
> Several binutils/glibc/gcc version has been tested without any success.
>
> The issue has been reported to the glibc mailing list but it can be a linker
> or kernel bug [3].
>
> For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
> found and fixed.
>
> Fixes:
> https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
>
> [1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
> [2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
> [3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Applied to master, thanks.
Regards,
Arnout
> ---
> Config.in | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/Config.in b/Config.in
> index c65e34bd5e..d9be677c21 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -716,6 +716,8 @@ comment "Security Hardening Options"
> config BR2_PIC_PIE
> bool "Build code with PIC/PIE"
> default y
> + # Nios2 toolchains produce non working binaries with -fPIC
> + depends on !BR2_nios2
> depends on BR2_SHARED_LIBS
> depends on BR2_TOOLCHAIN_SUPPORTS_PIE
> help
> @@ -723,6 +725,7 @@ config BR2_PIC_PIE
> Position-Independent Executables (PIE).
>
> comment "PIC/PIE needs a toolchain w/ PIE"
> + depends on !BR2_nios2
> depends on BR2_SHARED_LIBS
> depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
>
> @@ -813,6 +816,7 @@ config BR2_RELRO_PARTIAL
>
> config BR2_RELRO_FULL
> bool "Full"
> + depends on !BR2_nios2 # BR2_PIC_PIE
> depends on BR2_TOOLCHAIN_SUPPORTS_PIE
> select BR2_PIC_PIE
> help
> @@ -821,6 +825,7 @@ config BR2_RELRO_FULL
> program loading, i.e every time an executable is started.
>
> comment "RELRO Full needs a toolchain w/ PIE"
> + depends on !BR2_nios2
> depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
>
> endchoice
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2
2021-06-01 19:00 [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2 Romain Naour
2021-06-01 19:52 ` Arnout Vandecappelle
@ 2021-06-10 8:26 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-06-10 8:26 UTC (permalink / raw)
To: buildroot
>>>>> "Romain" == Romain Naour <romain.naour@gmail.com> writes:
> Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
> with other hardening features [1]. Since then the nios2 defconfig
> qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:
> Run /init as init process
> with arguments:
> /init
> with environment:
> HOME=/
> TERM=linux
> Failed to execute /init (error -12)
> See Buildroot build log and Qemu runtime test log in build artifacts [2].
> Analyzing one of the binary with strace show that the problem occur
> very early when starting the new process:
> # strace ./busybox
> execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
> (Cannot allocate memory)
> +++ killed by SIGSEGV +++
> Several binutils/glibc/gcc version has been tested without any success.
> The issue has been reported to the glibc mailing list but it can be a linker
> or kernel bug [3].
> For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
> found and fixed.
> Fixes:
> https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
> [1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
> [2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
> [3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Users might try to enable BR2_PIC_PIE on 2021.02.x as well, so committed
to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-10 8:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-01 19:00 [Buildroot] [PATCH] Config.in: disable PIC/PIE for Nios2 Romain Naour
2021-06-01 19:52 ` Arnout Vandecappelle
2021-06-10 8:26 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.