[OE-core] [PATCH 2/3] pulseaudio: disable PIE flags when hardened flags are enabled

Fri Apr 26 13:52:27 UTC 2019

On Fri, 2019-04-26 at 15:53 +0300, Tanu Kaskinen wrote:
> On Mon, 2019-04-22 at 14:28 -0600, Khem Raj wrote:
> > On Mon, Apr 22, 2019 at 6:33 AM Tanu Kaskinen <tanuk at iki.fi> wrote:
> > 
> > > On Fri, 2017-06-09 at 10:10 -0700, Khem Raj wrote:
> > > > On Fri, Jun 9, 2017 at 9:38 AM, Tanu Kaskinen <tanuk at iki.fi>
> > > > wrote:
> > > > > On Fri, 2017-06-09 at 13:07 +0000, Khem Raj wrote:
> > > > > > On Fri, Jun 9, 2017 at 5:56 AM Burton, Ross <
> > > > > > ross.burton at intel.com>
> > > wrote:
> > > > > > > On 9 June 2017 at 04:41, Khem Raj <raj.khem at gmail.com>
> > > > > > > wrote:
> > > > > > > 
> > > > > > > > +SECURITY_CFLAGS = "${SECURITY_NO_PIE_CFLAGS}"
> > > > > > > > 
> > > > > > > 
> > > > > > > These tend to go into security-flags.inc, not the recipe.
> > > > > > > 
> > > > > > 
> > > > > > I know that's been the case but I think having a global
> > > > > > file is
> > > error prone
> > > > > > its better to have it in recipe context since it can get
> > > > > > attention at
> > > > > > upgrade time to test if this has been fixed in new release
> > > > > > etc
> > > > > 
> > > > > Do you mean that there's some bug in pulseaudio, and this is
> > > > > a
> > > > > workaround for it? Is the bug that there are textrels? Ross
> > > > > saw
> > > > > textrels in pulseaudio before (see the discussion starting at
> > > > > [1]), but
> > > > > I was unable to reproduce that. If you give instructions for
> > > > > reproducing the problem, I'll see if I can fix pulseaudio
> > > > > (until then
> > > > > I'm fine with having a workaround).
> > > > > 
> > > > 
> > > > yes there is a bug lurking when compiling with hardening flags
> > > > are
> > > turned on
> > > > so you can do something like
> > > > 
> > > > in local.conf
> > > > 
> > > > require conf/distro/include/security_flags.inc
> > > > 
> > > > then
> > > > 
> > > > MACHINE=qemux86 bitbake pulseaudio
> > > > 
> > > > it also happens on arm so qemuarm will reproduce it too.
> > > > 
> > > > some assembly code is probably missing using GOT relative
> > > > accesses
> > > 
> > > Resurrecting this ancient thread... I finally tried to reproduce
> > > this
> > > problem with the given instructions. No success. Have you still
> > > been
> > > running into this issue?
> > 
> > I don’t know for sure if this still exists but we did disable
> > assembly in
> > few packages which addresses this issue since in assembly PIC has
> > to be
> > respected
> > In hand written code
> > 
> > You might have to check if we did something similar for pulseaudio
> 
> There seem to be no such changes to the pulseaudio recipe. Some
> upstream fix seems unlikely as well. The only possibly relevant
> change
> that I could find was removing a buggy implementation of reading the
> cpuid register (the removed code was replaced with the __get_cpuid()
> macro that compilers provide in cpuid.h).
> 
> Oh well, if the problem reappears, let me know.

Shortly after this, Khem submitted:

http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=c91314ec160420a320007d552cec6c7da4d54833
and 
http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=6733a7873ca121295a2e309a6915b9816e1ae36b

which I suspect made this other change unnecessary?

Cheers,

Richard