PF4Public
commented
4 years ago Awesome! Thank you for testing this out!
Looks like the key issue was to build with libc++. Would it suffice just to add a requirement of libcxx USE flag for cfi?
Closed 0xC0ncord closed 4 years ago
PF4Public
commented
4 years ago Awesome! Thank you for testing this out!
Looks like the key issue was to build with libc++. Would it suffice just to add a requirement of libcxx USE flag for cfi?
0xC0ncord
commented
4 years ago Would it suffice just to add a requirement of
libcxxUSE flag forcfi?
I will test to see if this is all that is required. In my toolchain, I am also using compiler-rt and libunwind, as these seem like standard practice for clang+llvm toolchains. On my other system where I will try this, I will start from a clean slate and only enable libcxx and we will see what happens.
0xC0ncord
commented
4 years ago Quick update: I am still trying other ways to build ungoogled-chromium on this other system. I want to see if I am able to build it even without -rtlib=compiler-rt and/or -unwindlib=libunwind. I am cataloguing every hurdle I run into as I do this.
PF4Public
commented
4 years ago I am cataloguing every hurdle I run into as I do this.
Are there a lot of them?
0xC0ncord
commented
4 years ago Are there a lot of them?
Not generally speaking. What's taking a while is needing to rebuild the toolchain every time I change any flag that pertains to it, then rebuilding ungoogled-chromium and taking note of the errors.
0xC0ncord
commented
4 years ago While experimenting with libcxx support (or lack thereof) I ran across this: https://bugs.chromium.org/p/chromium/issues/detail?id=910644
This looks to be the exact same error that was encountered in #32. Somehow, it looks like this still occurs in my case (on both systems I'm testing on) unless libcxx is being used, and I have no idea why. I'm still doing more testing with libcxx and I should have a complete list of results by the end of today. I at least wanted to share the above bug before I lost it.
PF4Public
commented
4 years ago While experimenting with
libcxxsupport (or lack thereof) I ran across this: https://bugs.chromium.org/p/chromium/issues/detail?id=910644
That is a good find! But it is indeed marked as resolved more than a year ago… Weird.
0xC0ncord
commented
4 years ago Okay, so this is what I have found in my testing. All of the following guidance was done with the cfi USE flag enabled. Any USE changes to the clang+llvm toolchain caused me to bootstrap the toolchain after building it initally with gcc.
If the llvm+clang toolchain is not built with the default-libcxx USE flag, then v8/torque will fail to compile with something like the following:
FAILED: torque
clang++ -pie -Wl,--build-id=sha1 -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,--as-needed -fuse-ld=lld -Wl,--icf=all -Wl,--color-diagno
stics -flto=thin -Wl,--thinlto-jobs=8 -Wl,--thinlto-cache-dir=thinlto-cache -Wl,--thinlto-cache-policy,cache_size=10\%:cache_size_bytes=10g:cache_size_file
s=100000 -Wl,--lto-O2 -fwhole-program-vtables -m64 -rdynamic -fsanitize=cfi-vcall -fsanitize=cfi-derived-cast -fsanitize=cfi-unrelated-cast -fsanitize=cfi-
icall -pie -Wl,--disable-new-dtags -Wl,-O2 -Wl,--gc-sections -Wl,--as-needed -Wl,--sort-common -fuse-ld=lld -Wl,-S -Wl,-plugin-opt,-import-instr-limit=30 -
Wl,--thinlto-jobs=13 -o "./torque" -Wl,--start-group @"./torque.rsp" -Wl,--end-group -latomic -ldl -lpthread -lrt
ld.lld: error: undefined symbol: _Unwind_ResumeIf default-libcxx is enabled, this error does not occur. Note that if the toolchain is built with default-libcxx, then libcxx and libcxxabi are also required, as well as -unwindlib=libunwind in LDFLAGS, or else the toolchain will run into the same errors (on my system it did).
It seems that in order to properly build with cfi, all of the relevant libcxx USE flags need to be enabled in order for these errors to be avoided and for the original invalid opcode error to be worked around, as well as to build all C++ dependencies with -stdlib=libc++ in order for proper linkage.
But, I am not satisfied with this answer because on my system, using -stdlib=libc++ breaks several important packages (namely cmake and qtwebkit). cmake wants to link to jsoncpp and for some reason it cannot do so if jsoncpp is built with libc++, and qtwebkit will not link with re2 if it is built with libc++ for the same reason. The linker errors here are the same as those outlined in my original post or here. The jsoncpp linker error can be avoided by not using the system-jsoncpp USE flag for ungoogled-chromium, but this cannot be used to avoid the linker error with re2 as no such flag is provided. Even so, I don't think that adding a system-re2 USE flag is the proper solution for this.
I should point out that this issue shouldn't be specific to ungoogled-chromium but more than likely chromium as well, only chromium does not provide the cfi USE flag directly in the ebuild.
alexminder
commented
4 years ago Does ArchLinux package can help?
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ungoogled-chromium-ozone
'is_official_build=true' # implies is_cfi=true on x86_64
# Fixes for building with libstdc++ instead of libc++
patch -Np1 -i ../patches/chromium-84-AXObject-stl-iterator.patch
patch -Np1 -i ../patches/chromium-84-ListContainerHelper-include-cstring.patch
patch -Np1 -i ../patches/chromium-84-crashpad-include-cstring.patch
patch -Np1 -i ../patches/chromium-84-gcc-10-include-stddef.patch
patch -Np1 -i ../patches/chromium-84-gcc-10-webrtc-include-stddef.patch
patch -Np1 -i ../patches/chromium-84-gcc-DCHECK_EQ-unique_ptr.patch
patch -Np1 -i ../patches/chromium-84-std-vector-const.patch@alexminder Interesting. I will try these out tonight, but I may need to do a pretty large rebuild as most of my system is already using libc++ where possible.
PF4Public
commented
4 years ago BTW, does cfi have any significance or use or benefit for the trouble it presents for compiling?
0xC0ncord
commented
4 years ago BTW, does
cfihave any significance or use or benefit for the trouble it presents for compiling?
CFI is a proven effective security feature that has been in use on official builds of Google Chrome and Chromium for a while now.
From the Clang documention:
Clang includes an implementation of a number of control flow integrity (CFI) schemes, which are designed to abort the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow.
And from the Chromium documentation:
CFI for virtual calls is enabled for the official Chrome on Linux x86-64 (M54 and newer). CFI for indirect (C-style) calls is enabled for the official Chrome on Linux x86-64 (M68 and newer). Chrome is bad-cast clean, and we have a bot on chromium.memory that keeps it that way We're working on additional compiler improvements to allow deploying CFI on more platforms.
PF4Public
commented
4 years ago Recently I came to conclusion, that libcxx flag should be once again removed from ebuild.
Last time, when I've removed it, I thought, that this should be accomplished by a user locally through env configuration, but since mainline chromium ebuild embraced libcxx functionality, I've copied it verbatim into my ebuild. Turns out, their handling of libcxx is very flawed. So once again, I've decided to remove this flag with next release. This could probably ease the cfi troubles.
0xC0ncord
commented
4 years ago Recently I came to conclusion, that
libcxxflag should be once again removed from ebuild.
Understood. I will be looking forward to test. I have another system not yet converted to libcxx so I will try building using stdlibc++ (default) as soon as the ebuild is available. The patches referenced by @alexminder should help if there are any issues.
PF4Public
commented
4 years ago Recently I came to conclusion, that
libcxxflag should be once again removed from ebuild.
Just a note: That does not mean you cannot build ungoogled-chromium with libc++. You will need to manually edit portage env and apply CPPFLAGS and other settings as needed per package on your system.
PF4Public
commented
4 years ago 125 is out for testing. I've removed libcxx flag. Hope nothing broke.
0xC0ncord
commented
4 years ago Hope nothing broke.
Happy to report that so far on my main system (where I'm using libcxx) nothing broke.
I am currently prepping the toolchain on another system to see if I can build it with other USE flag combinations and get cfi working.
0xC0ncord
commented
4 years ago For the past 2 weeks I have been rebuilding my system with libc++ across the board where possible, as I have discovered that using multiple stdc++ libraries causes problems. But, I am still running into issues, though these are all unrelated to ungoogled-chromium and cfi. I have had zero issues building ungoogled-chromium with cfi as long as its dependencies are built with -stdlib=libc++ using clang. Perhaps we can amend the notice in the ebuild if cfi is enabled to point here, too. Your thoughts, @PF4Public ?
PF4Public
commented
4 years ago Perhaps we can amend the notice in the ebuild if
cfiis enabled to point here, too. Your thoughts, @PF4Public ?
Absolutely! I'm just patiently waiting for your verdict on the issue.
Do I get it right, that if everything is compiled with -stdlib=libc++, cfi does not break the build?
0xC0ncord
commented
4 years ago Do I get it right, that if everything is compiled with
-stdlib=libc++,cfidoes not break the build?
Yes. My verdict is that if -stdlib=libc++ is not used for all dependencies, then the build will fail due to a CFI violation in the build process for v8/torque (still not sure why). Note that I haven't tried building dependencies this way with gcc/g++, so I'm not sure if the same problem would occur.
PF4Public
commented
4 years ago I've just reworded the warning message. Feel free to close this bug if you consider that it is better explained now.
0xC0ncord
commented
4 years ago I've just reworded the warning message. Feel free to close this bug if you consider that it is better explained now.
LGTM! Thank you for your patience.
Description This is a follow-up to #32. I have successfully built ungoogled-chromium with the
cfiUSE flag. The warning message in the ebuild should clarify instructions to the user if they wish to use it.On my system, I was only able to build
ungoogled-chromiumif myclang+llvmtoolchain was built withlibc++instead oflibstdc++. Additionally, I had to buildungoogled-chromiumusinglibc++as well.Previously, in #32, my toolchain was not properly bootstrapped for some reason, and an entire rebuild of the toolchain fixed this. In my testing, if I was not using
libc++, thetorquebuild generator used bychromiumwould fail with an invalid opcode at some (reproducible) point during the build ifcfiwas enabled. Only after rebuilding the toolchain withlibc++did this stop occurring.Lastly, in my build, I was forced to disable
system-jsoncppbecause of linker errors related to this problem that I have not yet resolved, and disablingsystem-jsoncppworks around it. Additionally,dev-libs/re2(and potentially other dependencies) needed to be rebuilt after switching toolchains, otherwise, disabling thesystem-*USE flags may suffice.The warning in the ebuild should be updated to include this information if the user wishes to enable the
cfiUSE flag./etc/portage/make.conf