** Description changed: Recently, GCC 15 became the default in Ubuntu. With GCC 15 on aarch64, "-mbranch-protection has been extended to support the Guarded Control Stack (GCS) extension. This support is included in -mbranch- protection=standard and can be enabled individually using -mbranch- protection=gcs." [1] In Ubuntu, we build arm64 with -mbranch-protection=standard by default. However, the GCS story appears incomplete. Currently, arm64 builds are seeing link warnings like this [2][3]: cc -o src/core/libsystemd-core-257.so -Wl,--as-needed -Wl,--no- undefined -shared -fPIC -Wl,-soname,libsystemd-core-257.so -Wl,--whole- archive -Wl,--start-group src/core/libsystemd-core-257.a -Wl,--no-whole- archive -fstack-protector -Wl,-Bsymbolic-functions -flto=auto -ffat-lto- objects -Wl,-z,relro -g -O2 -Werror=implicit-function-declaration -fno- omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix- map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector- strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix- map=/<<PKGBUILDDIR>>=/usr/src/systemd-257.7-1ubuntu2 -Wdate-time -D_FORTIFY_SOURCE=3 '-Wl,-rpath,$ORIGIN/../shared' -Wl,-rpath- link,/<<PKGBUILDDIR>>/obj-aarch64-linux-gnu/src/shared src/shared/libsystemd-shared-257.so -shared -Wl,--version- script=/<<PKGBUILDDIR>>/src/shared/libshared.sym /usr/lib/aarch64-linux- gnu/libacl.so /usr/lib/aarch64-linux-gnu/libaudit.so /usr/lib/aarch64-linux-gnu/libblkid.so -ldl -lm /usr/lib/aarch64-linux- gnu/libmount.so /usr/lib/aarch64-linux-gnu/libpam.so -lrt /usr/lib/aarch64-linux-gnu/libseccomp.so /usr/lib/aarch64-linux- gnu/libselinux.so -Wl,--end-group -pthread -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common -Wl,--gc-sections src/shared/libsystemd-shared-257.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libacl.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libaudit.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libblkid.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libm.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libmvec.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libmount.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libpam.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libseccomp.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libselinux.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libc.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/ld-linux-aarch64.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. collect2: error: ld returned 1 exit status Note that the first warning is for libsystemd-shared-257.so (the library actually being built here), but the remainder are for library dependencies. This is fatal for systemd, because systemd builds with -Wl,--fatal-warnings. For most packages, this linker warning is present in arm64 builds, but not fatal. Therefore, it seems that while GCS is enabled implicitly on arm64 via -mbranch-protection=standard, the feature seems incomplete in Ubuntu without (a) re-builds against GCC 15, and (b) potentially additional build flags. Regarding new build flags that may be required, I found that building systemd with -W,-z,gcs=always silenced the warning for libsystemd- - shared-257.so. In the mean time, I silenced[4] the linker warnings in - systemd by building with -Wl,-z,gcs-report=none on arm64. + shared-257.so (EDIT - This simply forces the marking of the output with + GCS[5], and is not what we want in general). + + In the mean time, I silenced[4] the linker warnings in systemd by + building with -Wl,-z,gcs-report=none on arm64. tl;dr - To me, it *appears* that for GCS to be fully utilized on Ubuntu, we need: - (1) Add `-Wl,-z,gcs=always` to LDFLAGS on arm64; and + (1) Add `-Wl,-z,gcs=always` to LDFLAGS on arm64 (EDIT - This is wrong. See comment #12); and (2) Re-build everything basically However, I don't know whether (a) we definitely want GCS enabled by default on Ubuntu, or (b) if this is actually just a bug in binutils or so. [1] https://gcc.gnu.org/gcc-15/changes.html#aarch64 [2] https://launchpadlibrarian.net/808211460/buildlog_ubuntu-questing-arm64.systemd_257.7-1ubuntu2_BUILDING.txt.gz [3] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2119100 [4] https://launchpad.net/ubuntu/+source/systemd/257.7-1ubuntu3 + [5] https://sourceware.org/binutils/docs/ld.html#ld-and-the-ARM-family
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/2119445 Title: arm64 shared libraries built without GCS property note Status in binutils package in Ubuntu: Confirmed Status in cmake package in Ubuntu: Confirmed Status in dpkg package in Ubuntu: Confirmed Status in gcc-defaults package in Ubuntu: Confirmed Status in glibc package in Ubuntu: Fix Released Status in pam package in Ubuntu: Fix Released Bug description: Recently, GCC 15 became the default in Ubuntu. With GCC 15 on aarch64, "-mbranch-protection has been extended to support the Guarded Control Stack (GCS) extension. This support is included in -mbranch- protection=standard and can be enabled individually using -mbranch- protection=gcs." [1] In Ubuntu, we build arm64 with -mbranch-protection=standard by default. However, the GCS story appears incomplete. Currently, arm64 builds are seeing link warnings like this [2][3]: cc -o src/core/libsystemd-core-257.so -Wl,--as-needed -Wl,--no- undefined -shared -fPIC -Wl,-soname,libsystemd-core-257.so -Wl,-- whole-archive -Wl,--start-group src/core/libsystemd-core-257.a -Wl,-- no-whole-archive -fstack-protector -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -g -O2 -Werror=implicit-function- declaration -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix- map=/<<PKGBUILDDIR>>=/usr/src/systemd-257.7-1ubuntu2 -Wdate-time -D_FORTIFY_SOURCE=3 '-Wl,-rpath,$ORIGIN/../shared' -Wl,-rpath- link,/<<PKGBUILDDIR>>/obj-aarch64-linux-gnu/src/shared src/shared/libsystemd-shared-257.so -shared -Wl,--version- script=/<<PKGBUILDDIR>>/src/shared/libshared.sym /usr/lib/aarch64-linux-gnu/libacl.so /usr/lib/aarch64-linux- gnu/libaudit.so /usr/lib/aarch64-linux-gnu/libblkid.so -ldl -lm /usr/lib/aarch64-linux-gnu/libmount.so /usr/lib/aarch64-linux- gnu/libpam.so -lrt /usr/lib/aarch64-linux-gnu/libseccomp.so /usr/lib/aarch64-linux-gnu/libselinux.so -Wl,--end-group -pthread -Wl, --fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common -Wl,--gc- sections src/shared/libsystemd-shared-257.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libacl.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libaudit.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libblkid.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libm.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libmvec.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libmount.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libpam.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libseccomp.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libselinux.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libc.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/ld-linux-aarch64.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. collect2: error: ld returned 1 exit status Note that the first warning is for libsystemd-shared-257.so (the library actually being built here), but the remainder are for library dependencies. This is fatal for systemd, because systemd builds with -Wl,--fatal-warnings. For most packages, this linker warning is present in arm64 builds, but not fatal. Therefore, it seems that while GCS is enabled implicitly on arm64 via -mbranch-protection=standard, the feature seems incomplete in Ubuntu without (a) re-builds against GCC 15, and (b) potentially additional build flags. Regarding new build flags that may be required, I found that building systemd with -W,-z,gcs=always silenced the warning for libsystemd- shared-257.so (EDIT - This simply forces the marking of the output with GCS[5], and is not what we want in general). In the mean time, I silenced[4] the linker warnings in systemd by building with -Wl,-z,gcs-report=none on arm64. tl;dr - To me, it *appears* that for GCS to be fully utilized on Ubuntu, we need: (1) Add `-Wl,-z,gcs=always` to LDFLAGS on arm64 (EDIT - This is wrong. See comment #12); and (2) Re-build everything basically However, I don't know whether (a) we definitely want GCS enabled by default on Ubuntu, or (b) if this is actually just a bug in binutils or so. [1] https://gcc.gnu.org/gcc-15/changes.html#aarch64 [2] https://launchpadlibrarian.net/808211460/buildlog_ubuntu-questing-arm64.systemd_257.7-1ubuntu2_BUILDING.txt.gz [3] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2119100 [4] https://launchpad.net/ubuntu/+source/systemd/257.7-1ubuntu3 [5] https://sourceware.org/binutils/docs/ld.html#ld-and-the-ARM-family To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/2119445/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
