I have the latest Xen-2.0 tarball (downloaded today 27 Oct 04) and get the following error while compiling the 2.6.9-xenU kernel: make -C linux-2.6.9-xenU ARCH=xen INSTALL_PATH=/usr/src/xen-2.0/install install make[2]: Entering directory `/usr/src/xen-2.0/linux-2.6.9-xenU'' CHK include/linux/version.h make[3]: `arch/i386/kernel/asm-offsets.s'' is up to date. CHK include/linux/compile.h CC drivers/xen/blkfront/blkfront.o drivers/xen/blkfront/blkfront.c: In function `blkif_queue_request'': drivers/xen/blkfront/blkfront.c:109: sorry, unimplemented: inlining failed in call to ''translate_req_to_pfn'': function body not available drivers/xen/blkfront/blkfront.c:342: sorry, unimplemented: called from here make[5]: *** [drivers/xen/blkfront/blkfront.o] Error 1 make[4]: *** [drivers/xen/blkfront] Error 2 make[3]: *** [drivers/xen] Error 2 make[2]: *** [drivers] Error 2 make[2]: Leaving directory `/usr/src/xen-2.0/linux-2.6.9-xenU'' make[1]: *** [linux-xenU] Error 2 make[1]: Leaving directory `/usr/src/xen-2.0'' make: *** [dist] Error 2 I am running Gentoo Linux with GCC 3.4.2 and glibc 2.3.4.20040808 compiled with NPTL only (no LinuxThreads) and both a 2.6.9 and a 2.6.8.1 kernel. The GCC has ssp-3.4.1 and pie-8.7.6.5 compiled in, but they are disabled for the compilation as Xen will not compile with them enabled (Are there plans to allow this?). I have tried disabling XEN_WRITABLE_PAGETABLES as suggested for an error with the same file on this list 2-3 weeks ago, with no success. The base kernels were compiled with this setup. Any thoughts or suggestions are greatly appreciated. I will try with GCC 3.3.3 to see if that helps. Cheers Jerome ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> I am running Gentoo Linux with GCC 3.4.2 and glibc 2.3.4.20040808 > compiled with NPTL only (no LinuxThreads) and both a 2.6.9 and a 2.6.8.1 > kernel. > > Any thoughts or suggestions are greatly appreciated. I will try with GCC > 3.3.3 to see if that helps.It''s probably a gcc version issue. We try to get stuff working with most gcc versions, but no-one round here uses 3.4 by default -- it''s way too bleeding edge.> The GCC has ssp-3.4.1 and pie-8.7.6.5 compiled in, but they are > disabled for the compilation as Xen will not compile with them enabled > (Are there plans to allow this?).What are ssp and pie? Ian ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
>>I am running Gentoo Linux with GCC 3.4.2 and glibc 2.3.4.20040808 >>compiled with NPTL only (no LinuxThreads) and both a 2.6.9 and a 2.6.8.1 >>kernel. >> >>Any thoughts or suggestions are greatly appreciated. I will try with GCC >>3.3.3 to see if that helps. > > It''s probably a gcc version issue. We try to get stuff working > with most gcc versions, but no-one round here uses 3.4 by default > -- it''s way too bleeding edge.Compiled the xenU fine with gcc 3.3.3 - must be a gcc issue. I''m testing on a box at the moment, so have installed all the new toys to play with :) Might try with SSP and PIE again ...>>The GCC has ssp-3.4.1 and pie-8.7.6.5 compiled in, but they are >>disabled for the compilation as Xen will not compile with them enabled >>(Are there plans to allow this?). > > What are ssp and pie?SSP is Stack Smashing Protection - formerly ProPolice (see http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is Position Independent Executable i.e. PIC for binaries. SSP modifies the C compiler to insert initialization code into functions that create a buffer in memory. At run time, when a buffer is created, SSP adds a secret random value, the canary, to the end of the buffer. When the function returns, SSP makes sure that the canary is still intact. If an attacker were to perform a buffer overflow, he would overwrite this value and trigger that stack smashing handler. Currently this kills the target process. (Descriptions borrowed from Gentoo Hardened Project http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of security from attack on a server open to the world. ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> SSP is Stack Smashing Protection - formerly ProPolice (see > http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is > Position Independent Executable i.e. PIC for binaries. SSP modifies the > C compiler to insert initialization code into functions that create a > buffer in memory. At run time, when a buffer is created, SSP adds a > secret random value, the canary, to the end of the buffer. When the > function returns, SSP makes sure that the canary is still intact. If an > attacker were to perform a buffer overflow, he would overwrite this > value and trigger that stack smashing handler. Currently this kills the > target process. (Descriptions borrowed from Gentoo Hardened Project > http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of > security from attack on a server open to the world.Does stock Linux work when compiled with SSP enabled? Sounds pretty scary to me... Ian ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> Does stock Linux work when compiled with SSP enabled? Sounds > pretty scary to me...I haven''t specifically tried with the -fstack-protector-all flag enabled for the stock kernel, and the flag wasn''t active when compiling Xen. Most of the userland tools on my box are compiled with SSP enabled. What about it sounds scary? ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> > Does stock Linux work when compiled with SSP enabled? Sounds > > pretty scary to me... > > I haven''t specifically tried with the -fstack-protector-all flag enabled > for the stock kernel, and the flag wasn''t active when compiling Xen. > Most of the userland tools on my box are compiled with SSP enabled. What > about it sounds scary?Userland tools are one thing, but kernels tend to be rather more fragile as regards having compilers monkey with their stack. Also, when the post-call code detects a stack smash, what''s it going to do? I suppose it can execute an illegal instruction and thus cause a GPF and thus halt. Ian ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader''s Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel