search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.33k stars 544 forks source link

centos 7 make sdk error: unrecognized option '-mlfence-after-load=yes' #528

Closed justalittlenoob closed 4 years ago

justalittlenoob commented 4 years ago

sudo make sdk

/opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/as: unrecognized option '-mlfence-after-load=yes' make[3]: [sethread_mutex.o] Error 1 make[3]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk/tlibthread' make[2]: [tlibthread] Error 2 make[2]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk' make[1]: *** [all] Error 2 make[1]: Leaving directory/home/pengfei/sgx/linux-sgx/sdk' make: *** [sdk] Error 2

centos 7, gcc 9.1.1, devtoolset-9

Any advice would be appreciated.

llly commented 4 years ago

Please follow the README to use external/toolset

llly commented 4 years ago

external/toolset doesn't provide g++. Do you have multiple gcc 7.3.0/9.1.1 on the machine?

justalittlenoob commented 4 years ago

external/toolset doesn't provide g++. Do you have multiple gcc 7.3.0/9.1.1 on the machine?

@llly Thank you for your guidance. The g++ problem is solved. There is another problem.

make sdk

make[3]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk/tlibthread' make -C compiler-rt/ 2> /dev/null make[3]: Entering directory/home/pengfei/sgx/linux-sgx/sdk/compiler-rt' cc -c -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants -fstack-protector -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type -Waddress -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks -mindirect-branch-register -mfunction-return=thunk-extern -fno-plt -Wa,-mlfence-after-load=yes -Wa,-mlfence-before-ret=not -I/home/pengfei/sgx/linux-sgx/common/inc/tlibc/ addtf3.c -o addtf3.o make[3]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk/compiler-rt' make[2]: *** [compiler-rt] Error 2 make[2]: Leaving directory/home/pengfei/sgx/linux-sgx/sdk' make[1]: [all] Error 2 make[1]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk' make: [sdk] Error 2

I can not get much infomation from the error log. Do you have any advice?

llly commented 4 years ago

Maybe same cc issue as the g++ one above. You can rum make -C sdk/compiler-rt/ MITIGATION-CVE-2020-0551=LOAD to see the error message.

justalittlenoob commented 4 years ago

Maybe same cc issue as the g++ one above. You can rum make -C sdk/compiler-rt/ MITIGATION-CVE-2020-0551=LOAD to see the error message.

@llly Yes, it is the same issue.

make -C sdk/compiler-rt/ MITIGATION-CVE-2020-0551=LOAD make: Entering directory `/home/pengfei/sgx/linux-sgx/sdk/compiler-rt' cc -c -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants -fstack-protector -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type -Waddress -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks -mindirect-branch-register -mfunction-return=thunk-extern -fno-plt -Wa,-mlfence-after-load=yes -Wa,-mlfence-before-ret=not -I/home/pengfei/sgx/linux-sgx/common/inc/tlibc/ addtf3.c -o addtf3.o cc: error: unrecognized command line option ‘-fno-plt’ make: *** [addtf3.o] Error 1

gcc -v Using built-in specs. COLLECT_GCC=/usr/local/bin/gcc COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/x86_64-pc-linux-gnu/7.3.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ./configure --disable-multilib --enable-languages=c,c++ Thread model: posix gcc version 7.3.0 (GCC)

g++ --version g++ (GCC) 7.3.0 Copyright (C) 2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

ldd --version ldd (GNU libc) 2.17 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.

Is this problem related to the low version of glibc?

llly commented 4 years ago

Is gcc built from source code? It's commanded to use prebuilt devtoolset from CentOS yum.

justalittlenoob commented 4 years ago

config.log @llly According to your advice, I have made some changes. Now the installation process is as follows, but there are new problems. (log file is attached)

  1. scl enable devtoolset-9 bash Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,lto --prefix=/opt/rh/devtoolset-9/root/usr --mandir=/opt/rh/devtoolset-9/root/usr/share/man --infodir=/opt/rh/devtoolset-9/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --with-default-libstdcxx-abi=gcc4-compatible --enable-plugin --enable-initfini-array --with-isl=/builddir/build/BUILD/gcc-9.1.1-20190605/obj-x86_64-redhat-linux/isl-install --disable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux Thread model: posix gcc version 9.1.1 20190605 (Red Hat 9.1.1-2) (GCC)

  2. sudo yum groupinstall 'Development Tools' --setopt=group_package_types=mandatory,default,optional

  3. sudo yum install ocaml ocaml-ocamlbuild wget python2 openssl-devel git cmake perl

  4. sudo yum update binutils

  5. sudo ./download_prebuilt.sh

  6. sudo cp external/toolset/{as,ld,ld.gold,objdump} /opt/rh/devtoolset-9/root/usr/bin

  7. which as ld ld.gold objdump /opt/rh/devtoolset-9/root/usr/bin/as /opt/rh/devtoolset-9/root/usr/bin/ld /opt/rh/devtoolset-9/root/usr/bin/ld.gold /opt/rh/devtoolset-9/root/usr/bin/objdump

  8. sudo make sdk aclocal: warning: couldn't open directory 'm4': No such file or directory autoreconf: configure.ac: tracing autoreconf: configure.ac: creating directory config autoreconf: running: libtoolize --copy --force libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, config'. libtoolize: copying fileconfig/ltmain.sh' libtoolize: Consider adding AC_CONFIG_MACRO_DIR([m4])' to configure.ac and libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree. libtoolize: Consider adding-I m4' to ACLOCAL_AMFLAGS in Makefile.am. aclocal: warning: couldn't open directory 'm4': No such file or directory autoreconf: running: /usr/bin/autoconf --force autoreconf: running: /usr/bin/autoheader --force autoreconf: running: automake --add-missing --copy --force-missing configure.ac:22: installing 'config/ar-lib' configure.ac:25: installing 'config/compile' configure.ac:10: installing 'config/config.guess' configure.ac:10: installing 'config/config.sub' configure.ac:11: installing 'config/install-sh' configure.ac:11: installing 'config/missing' Makefile.am: installing './INSTALL' src/Makefile.am:366: warning: whitespace following trailing backslash src/Makefile.am:367: warning: whitespace following trailing backslash src/Makefile.am: installing 'config/depcomp' src/Makefile.am:160: warning: variable 'libunwind_dwarf_generic_la_SOURCES' is defined but no program or src/Makefile.am:160: library has 'libunwind_dwarf_generic_la' as canonical name (possible typo) src/Makefile.am:614: warning: variable 'libunwind_x86_64_la_SOURCES' is defined but no program or src/Makefile.am:614: library has 'libunwind_x86_64_la' as canonical name (possible typo) src/Makefile.am:616: warning: variable 'libunwind_x86_64_la_LIBADD' is defined but no program or src/Makefile.am:616: library has 'libunwind_x86_64_la' as canonical name (possible typo) src/Makefile.am:163: warning: variable 'libunwind_dwarf_generic_la_LIBADD' is defined but no program or src/Makefile.am:163: library has 'libunwind_dwarf_generic_la' as canonical name (possible typo) src/Makefile.am:615: warning: variable 'libunwind_x86_64_la_LDFLAGS' is defined but no program or src/Makefile.am:615: library has 'libunwind_x86_64_la' as canonical name (possible typo) parallel-tests: installing 'config/test-driver' autoreconf: Leaving directory .' checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /usr/bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether to enable maintainer-specific portions of Makefiles... no checking for gcc... gcc checking whether the C compiler works... no configure: error: in/home/pengfei/sgx/linux-sgx/sdk/cpprt/linux/libunwind': configure: error: C compiler cannot create executables See config.log' for more details sed: can't read include/config.h: No such file or directory make[3]: *** [libunwind] Error 2 make[3]: Leaving directory/home/pengfei/sgx/linux-sgx/sdk/cpprt' make[2]: [cpprt] Error 2 make[2]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk' make[1]: [all] Error 2 make[1]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk' make: *** [sdk] Error 2

llly commented 4 years ago

Probably installing gcc from source code breaks the symbolic link. You can check libgcc_s.so in /usr/lib/gcc/x86_64-redhat-linux/ to fix it.

justalittlenoob commented 4 years ago

@llly I think that not the reason. Because i have another machine(centos7) , which doesn't install gcc by myself, still has the same problem. Any other advice would be appreciated.

llly commented 4 years ago

You can try compile simple test app echo "void main(){}" > main.c && gcc main.c and see what breaks the build.

justalittlenoob commented 4 years ago

echo "void main(){}" > main.c && gcc main.c

which as ld ld.gold objdump /opt/rh/devtoolset-9/root/usr/bin/as /opt/rh/devtoolset-9/root/usr/bin/ld /opt/rh/devtoolset-9/root/usr/bin/ld.gold /opt/rh/devtoolset-9/root/usr/bin/objdump

echo "void main(){}" > main.c && gcc main.c /opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/ld: /lib64/libc.so.6: version `GLIBC_2.27' not found (required by /opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/ld) collect2: error: ld returned 1 exit status

Do I need to upgrade GLIBC to 2.27? What is the recommended way to upgrade this library in cenos?

andyzyb commented 4 years ago

The "ld" built from a system which has glibc_2.27, so it becomes a dependency and probably won't work on CentOS 7. The "ld" is only needed to build enclave with LVI mitigation. Does your enclave need LVI mitigation?

justalittlenoob commented 4 years ago

The "ld" built from a system which has glibc_2.27, so it becomes a dependency and probably won't work on CentOS 7. The "ld" is only needed to build enclave with LVI mitigation. Does your enclave need LVI mitigation?

@andyzyb So you mean if LVI mitigation is not needed, only use the as(external/toolset), otherwise, i need to change my OS(e.g. Ubuntu 18.04). Is my understanding right?

andyzyb commented 4 years ago

If you don't need LVI mitigation, then you can just use the default ld/as/binutils on the system. There is no need to use the ones in externel/toolset.

make sdk_install_pkg_no_mitigation => will generate a SDK without LVI mitigation (like in previous release)

If you need LVI mitigation (but with lower glibc version), then you can try to only use "as" in external/toolset, but default ld and ld.gold on the system. We cannot guarantee if it works, but it is worth to try.

justalittlenoob commented 4 years ago

@andyzyb Thanks for your advicde. I have tried both(with and without LVI). Still not work.

  1. using the default binutils sudo make sdk_install_pkg_no_mitigation

/bin/cp -f libsgx_pthread.a /home/pengfei/sgx/linux-sgx/build/linux make[3]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk/pthread' make -C /home/pengfei/sgx/linux-sgx/external/openmp make[3]: Entering directory/home/pengfei/sgx/linux-sgx/external/openmp' git submodule update -f --init --recursive --remote -- openmp_code You need to run this command from the toplevel of the working tree. make[3]: [omp_code] Error 1 make[3]: Leaving directory `/home/pengfei/sgx/linux-sgx/external/openmp' make[2]: [openmp] Error 2 make[2]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk' make[1]: *** [all] Error 2 make[1]: Leaving directory/home/pengfei/sgx/linux-sgx/sdk' make: *** [sdk_no_mitigation] Error 2

  1. just use external/toolset/as sudo cp external/toolset/as /opt/rh/devtoolset-8/root/usr/bin sudo make sdk

/opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: ../licensing_sim.o: unable to initialize decompress status for section .debug_info /opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: ../licensing_sim.o: unable to initialize decompress status for section .debug_info /opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: ../licensing_sim.o: unable to initialize decompress status for section .debug_info /opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: ../licensing_sim.o: unable to initialize decompress status for section .debug_info ../licensing_sim.o: file not recognized: File format not recognized collect2: error: ld returned 1 exit status make[4]: [libsgx_epid_sim.so] Error 1 rm crypto_evp_digest.o sgx_read_rand.o ../licensing_sim.o se_sig_rl.o ../quoting_sim.o cpusvn_util.o se_trace.o se_thread.o crypto_cmac_128.o make[4]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk/simulation/uae_service_sim/linux' make[3]: [uae_service_sim/linux] Error 2 make[3]: Leaving directory /home/pengfei/sgx/linux-sgx/sdk/simulation' make[2]: *** [simulation] Error 2 make[2]: Leaving directory/home/pengfei/sgx/linux-sgx/sdk' make[1]: [all] Error 2 make[1]: Leaving directory `/home/pengfei/sgx/linux-sgx/sdk' make: [sdk] Error 2

which as ld /opt/rh/devtoolset-8/root/usr/bin/as /opt/rh/devtoolset-8/root/usr/bin/ld

llly commented 4 years ago

The first failure: Did you download a ZIP source code then init a git repo from it? linux-sgx repo contains some submodules. You can either git clone it or download a ZIP source code without git. The second one: It seems that as and ld are not compatible. Then current external/toolset/ cannot be used in your machine. Only make sdk_install_pkg_no_mitigation works.

justalittlenoob commented 4 years ago

@llly No. The source code is got with git clone. So i'm confused why the submodules can't be updated. (i tried on ubuntu 18.04, everything goes well)

justalittlenoob commented 4 years ago

@llly @andyzyb Thank you very much for your help. After i download a ZIP source code. The sgx sdk is build successful.

LNJUSMART commented 10 months ago

@justalittlenoob I have the same problem as you, how did you solve it, can you tell me in detail? I've watched other people's discussions with you, and to be honest, I don't understand.