Lots of "internal compiler errors" with RANDKSTACK

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Lots of "internal compiler errors" with RANDKSTACK

Postby konst » Tue Jul 05, 2011 12:44 am

Getting lots of internal compiler errors with it enabled.

One of them is with kdevplatform-1.2.3 (and always at the same places in various packages):
[ 0%] Building CXX object sublime/CMakeFiles/sublime.dir/area.o
In file included from /usr/include/qt4/QtCore/qvariant.h:49:0,
from /usr/include/qt4/QtCore/QVariant:1,
from /usr/include/KDE/../kconfiggroup.h:32,
from /usr/include/KDE/KConfigGroup:1,
from /var/tmp/portage/dev-util/kdevplatform-1.2.3/work/kdevplatform-1.2.3/sublime/areaindex.h:25,
from /var/tmp/portage/dev-util/kdevplatform-1.2.3/work/kdevplatform-1.2.3/sublime/area.h:26,
from /var/tmp/portage/dev-util/kdevplatform-1.2.3/work/kdevplatform-1.2.3/sublime/area.cpp:19:
/usr/include/qt4/QtCore/qmap.h: In function 'void QMap<Key, T>::freeData(QMapData*) [with Key = QString, T = Sublime::Position]':
/usr/include/qt4/QtCore/qmap.h:655:1: internal compiler error: Segmentation fault


GCC 4.5.2
Kernel 2.6.39-hardened-r2
RAM 8GB
Disk space: lots
CPU: AMD phenom II 965 Black Edition stepping C3 (overclocked to 4 GHz and udervolted to 1.31V / Specs are for 3.4 GHz 1.37V)
RAM not overclocked.

I also got various errors and lockups with various kernel modules.

I disabled RANDKSTACK and all sources compiled without errors on kernel 2.6.39-hardened-r4.
We'll see if it stays error free.
konst
 
Posts: 21
Joined: Fri Jul 10, 2009 8:23 am

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Tue Jul 05, 2011 9:13 am

konst wrote:I disabled RANDKSTACK and all sources compiled without errors on kernel 2.6.39-hardened-r4.
is this a 64 bit kernel? what about enabling RANDKSTACK on 39-r4?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby konst » Tue Jul 05, 2011 11:18 am

PaX Team wrote:
konst wrote:I disabled RANDKSTACK and all sources compiled without errors on kernel 2.6.39-hardened-r4.

is this a 64 bit kernel? what about enabling RANDKSTACK on 39-r4?


Yes it's 64 bit. Haven't enabled it on 39-r4 but if I do it on qemu with kvm enabled with "-cpu host" (so it uses the actual AMD 64 bit Phenom II cpu) it will be the same as enabling it on bare hardware right?

Just compiled some more packages and no "internal compiler errors" at all. (without RANDKSTACK)

I've been looking for errata for the Phenom II 965 BE C3" and I don't think any apply.
There is something called "Sideband Stack Optimizer" in this cpu. DOn't know if that affects this.
http://www.xbitlabs.com/articles/cpu/di ... k10_5.html
http://blogs.amd.com/developer/2007/09/ ... -optimizer

Maybe there's some problem with the rdtsc in this cpu or maybe it doesn't worked correctly when overclocked?
konst
 
Posts: 21
Joined: Fri Jul 10, 2009 8:23 am

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Wed Jul 06, 2011 2:01 pm

konst wrote:Haven't enabled it on 39-r4 but if I do it on qemu with kvm enabled with "-cpu host" (so it uses the actual AMD 64 bit Phenom II cpu) it will be the same as enabling it on bare hardware right?
yeah, for RANDKSTACK the exact cpu shouldn't matter, you'll always have rdtsc in 64 bit mode, so give it a try as i'm almost sure this is just an earlier bug with this feature that's been fixed since (and if 39-r4 still fails then we can debug it if you have the time).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Wed Oct 12, 2011 5:12 pm

Hi,
I am encountering the same issues. I have experienced random "internal compiler errors" from gcc. :(
After weeks trying to identify bad hardware, I have booted a standard (non hardened/grsec) gentoo kernel yesterday and I could compile both Firefox 7, Thunderbird 7 (as well as gcc & glibc) without any issue.
It is absolutely impossible under kernel-2.6.39-hardened-r8, as well as the newly compiled kernel-3.0.4-hardened-r1.
An easy test for me is compiling Firefox 7 or Thunderbird 7... fails every time :(

I already have RANDKSTACK disabled, so it should not be that (for me).

I have a quite recent AMD Phenom II X4 955, 4GB RAM, recent powerful , no OC, a very light undervolting. I have tried switching hard drive to no avail.

I would be glad to help debug the problem if you could help me with that :)
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Wed Oct 12, 2011 8:27 pm

Bunta wrote:I would be glad to help debug the problem if you could help me with that :)
can you post your config?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Thu Oct 13, 2011 10:55 am

Sure here it is:

Code: Select all
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
CONFIG_GRKERNSEC_NO_RBAC=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
# CONFIG_GRKERNSEC_PROC_ADD is not set
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
# CONFIG_GRKERNSEC_ROFS is not set
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_RWXMAP_LOG=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
CONFIG_GRKERNSEC_TPE=y
# CONFIG_GRKERNSEC_TPE_ALL is not set
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=200
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_BLACKHOLE is not set
# CONFIG_GRKERNSEC_SOCKET is not set
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

CONFIG_PAX_PER_CPU_PGD=y
CONFIG_PAX=y

# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_MPROTECT_COMPAT=y
# CONFIG_PAX_ELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y

CONFIG_PAX_ASLR=y
# CONFIG_PAX_RANDKSTACK is not set
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_STACKLEAK is not set
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Thu Oct 13, 2011 1:37 pm

Bunta wrote:
Code: Select all
CONFIG_PAX_MEMORY_UDEREF=y
can you try without this one?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Thu Oct 13, 2011 5:27 pm

Recompiled 3.0.4 without CONFIG_PAX_MEMORY_UDEREF. I could compile both firefox and thunderbird without issue! This seems to be it.

So how to further debug this? I suppose I need to try and get gcc to dump core or something
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Thu Oct 13, 2011 7:28 pm

Bunta wrote:So how to further debug this? I suppose I need to try and get gcc to dump core or something
no worries, it just confirms something i saw myself, i'll take a look.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Fri Oct 14, 2011 8:16 am

I suppose this is not gcc specific, and could affect other programs as well
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Fri Oct 14, 2011 9:03 am

Bunta wrote:I suppose this is not gcc specific, and could affect other programs as well
yes, it can be anything, e.g., i saw it on depmod myself.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Wed Oct 19, 2011 8:40 am

I am still getting these gcc errors, it even happened one time on a binutil... I have the same issues now also on a non-hardened kernel. Memtest ran a whole day and did not report anything so RAM should be good. Ran a few cpuburn also without problem.
I still wonder if this is not a gcc 4.5.3 issue... I will post my dmesg output later today if that can help.
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby PaX Team » Wed Oct 19, 2011 2:44 pm

Bunta wrote:I have the same issues now also on a non-hardened kernel.
now that's definitely not a PaX problem then, so i guess you're facing multiple issues there. the best way to go about them is to debug each such crash in gdb to see what code crashed exactly.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Lots of "internal compiler errors" with RANDKSTACK

Postby Bunta » Wed Oct 19, 2011 4:55 pm

Indeed :oops:
Apparently the "slight" undervolting was already too much for my CPU ^^ It seems to be much better now. I will make sure my system is OK first for a few days, then test again with UDEREF on and report here :)
Sorry for that :roll:
Bunta
 
Posts: 6
Joined: Wed Oct 12, 2011 4:54 pm


Return to grsecurity support

cron