From Fedora Project Wiki
(Created page with "= Regressions introduced by the “Harden All Packages” Fedora Change = This page collects some of the regressions introduced by Changes/Harden_All_Packages. This page...") |
(IFUNC resolvers) |
||
| Line 14: | Line 14: | ||
** On i686 with <code>-fPIE</code> or <code>-fPIC</code>, <code>%ebx</code> is a hard register reserved for the GOT pointer. This means that it cannot be used in GCC extended <code>asm</code> constraints. This can lead to register allocation failures at compile time. | ** On i686 with <code>-fPIE</code> or <code>-fPIC</code>, <code>%ebx</code> is a hard register reserved for the GOT pointer. This means that it cannot be used in GCC extended <code>asm</code> constraints. This can lead to register allocation failures at compile time. | ||
** The increased register pressure changes register allocation, altering the way GCC extended <code>asm</code> constraints are used. If these constraints are incorrect, builds succeed, but applications may fail at run time. (Example: a <code>"g"</code>-constrained variable now references an on-stack variable using a SP-relative memory operand, where previously, a register was used, but the <code>asm</code> statement temporarily modifies the stack pointer, resulting in an incorrect offset being applied.) | ** The increased register pressure changes register allocation, altering the way GCC extended <code>asm</code> constraints are used. If these constraints are incorrect, builds succeed, but applications may fail at run time. (Example: a <code>"g"</code>-constrained variable now references an on-stack variable using a SP-relative memory operand, where previously, a register was used, but the <code>asm</code> statement temporarily modifies the stack pointer, resulting in an incorrect offset being applied.) | ||
== Toolchain bugs == | |||
* IFUNC resolvers can start crashing because they reference unresolved symbols. (Affects <code>BIND_NOW</code>.) An example is [https://bugzilla.redhat.com/show_bug.cgi?id=1326903 rhbz#1326903]. It is unclear whether we can fix this in the dynamic linker in all cases without run-time code generation because in some cases, the <code>DT_NEEDED</code> entries do not convey sufficient dependency information. However, the dynamic linker needs to be changed to perform non-IFUNC GOT updates before running IFUNC resolvers, which covers a lot of IFUNC usage scenarios. | |||
Revision as of 16:41, 5 December 2016
Regressions introduced by the “Harden All Packages” Fedora Change
This page collects some of the regressions introduced by Changes/Harden_All_Packages. This page primarily covers the Fedora 19/20 state of affairs, not the Fedora 23 toolchain state, when the change was actually implemented.
Package-specific issues
These issues have to be fixed in packages themselves.
- Lack of position-independent code. (Affects PIE only.) These issues result in errors from the static linker (due to unsupported relocations). On architectures which support text relocations, NX/XD/execmod/W^X enforcement by SELinux can fail at run time.
- If source code is not compiled as position-independent because the
CFLAGSis not passed through, the package build system needs to be updated. - Hand-written assembly must be ported to be position-independent.
- If source code is not compiled as position-independent because the
- Problems with enabling position-independent code due to register allocation. (Affects PIE only.)
- On i686 with
-fPIEor-fPIC,%ebxis a hard register reserved for the GOT pointer. This means that it cannot be used in GCC extendedasmconstraints. This can lead to register allocation failures at compile time. - The increased register pressure changes register allocation, altering the way GCC extended
asmconstraints are used. If these constraints are incorrect, builds succeed, but applications may fail at run time. (Example: a"g"-constrained variable now references an on-stack variable using a SP-relative memory operand, where previously, a register was used, but theasmstatement temporarily modifies the stack pointer, resulting in an incorrect offset being applied.)
- On i686 with
Toolchain bugs
- IFUNC resolvers can start crashing because they reference unresolved symbols. (Affects
BIND_NOW.) An example is rhbz#1326903. It is unclear whether we can fix this in the dynamic linker in all cases without run-time code generation because in some cases, theDT_NEEDEDentries do not convey sufficient dependency information. However, the dynamic linker needs to be changed to perform non-IFUNC GOT updates before running IFUNC resolvers, which covers a lot of IFUNC usage scenarios.