From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 17 Sep 2025 11:00:16 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uyo1Q-00410N-0q for lore@lore.pengutronix.de; Wed, 17 Sep 2025 11:00:16 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uyo1P-0006Cg-VH; Wed, 17 Sep 2025 11:00:15 +0200 Received: from mail-qk1-x731.google.com ([2607:f8b0:4864:20::731]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1uyo1I-0006CC-7r for ptxdist@pengutronix.de; Wed, 17 Sep 2025 11:00:09 +0200 Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-81076e81aabso535751485a.3 for ; Wed, 17 Sep 2025 02:00:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1758099607; x=1758704407; darn=pengutronix.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:from:to:cc:subject:date :message-id:reply-to; bh=pp9u2yh4La2ZJvgJrOgUeaUmoPr90iqol4cYa6Dtg1k=; b=PKgqBCjGmrsw568fjGQTIT9MoWtEUXs8xMVrQG3rrH6yGvhq0nfdUTVjGhTHw5q3uW qOk7nPWomtuS42DWrm18nRCDo5Jp1VUxyX/Wn6yhEStXmkjgIIBACRNng1kScTuEK+UF PHuGeecnTtdFqvleYWG8ZzQLUDRR5w4scIh8USwMdd0EC5jCYBRlhnise6jVeDbD0I/i TF+KgjZ69rcqOvtsiQ0EjwDVl2+do7/YH/6td3Pham+eDt7txlg+AnJ+sBnPR4cfZ3mg zgoAJsgrK49lJkpaDSv4Wj32KWgw/Au0WZytnorMOuqIps3dNauXsq+RHQNMMEzpSeEX 537Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758099607; x=1758704407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pp9u2yh4La2ZJvgJrOgUeaUmoPr90iqol4cYa6Dtg1k=; b=w09lXSTnhT8KQTQP7RxL3MxVJcU4f5BhNBHEE65Ue6NpLTJTqL8lvAEkdI/70MUn+V MHuySzPtE59NMdfdGSAXkrUR8YP6RImdk3et8loSCWRjteMShQrWsQcUKg8AF7EXgJbm Tc1KcNcYwnbF5ywHxZZbIbAky9xSIZWlvMPXdgoSezjCUZMUUG4lCvdLWcMoeej8sQoY nlGS/BxYo3pSExSWk2lOTLr7195ZtCYFjv5W52dURcP628Zi97bST3r9U5IyNH0uZUcf PQ737ZlRepHbabBA2a27SR/NMNUO26TkWECL3UQGTukPieLHU2z/MYvwlow62VPk27kt oRrg== X-Gm-Message-State: AOJu0YzG10KUpX6id9WC/x37sMK/jzYEC02QnIeQFyiIcNjh5u8del1D NybhXQL70tpBpI2ujA2xaGSnvd/9N4lpFcNZ0ZO9AVxQ6ziVBC1KDuNj+mfmxQ== X-Gm-Gg: ASbGnctXFeeHbKOKjjOedzTfsytnB1GqyRCnMkeHuciGGXe7umHP7jOHenOlslOueQv ERet+z8bNrOfJ+xO8o+NNx3zKhXmH1Xt9mkmG/yv4kHPuuiQkU8LQyvl9ZKnEb8/KEozEy/DgGy RIpk1uJhFRdR7DQcpQVQ1zWmarMhNYj/ffJ7sH7ENHErY1eUtkODI0jQtjfv89pEzyIQtASevSl aaF2GYXpPwkqibDfRsDG3XRYl7XrBIMR2GqVbO5UJCzjM28u31u1t1+UD4LlDJ01KXt/BYPICtS jkjnds28YByGKxFyHOdRE5wjN/w1ts+w0NXAqof+IAQRFXmPZE28GdSXE7YYh4rQu0t6FlvHmlM qy96u15uZAiDB/YYNuCBaUpV5svV/ILrwWCiXX2btwcSNnohdjFv47k1ba/Gl54EiL82tILpp4Z 7+lg== X-Google-Smtp-Source: AGHT+IERVD5TWfz7okwI3N5ZYkOvPXMJWhNRtiRR4NptWiw3iIdYxGB3vO0KOLGO+r4cy2D+PhaZRg== X-Received: by 2002:a05:620a:4009:b0:80a:865b:41c6 with SMTP id af79cd13be357-83115bb08e7mr144201985a.71.1758099606583; Wed, 17 Sep 2025 02:00:06 -0700 (PDT) Received: from RR-Laptop (p200300c00f1cd6001ac3a5ccb0190d3b.dip0.t-ipconnect.de. [2003:c0:f1c:d600:1ac3:a5cc:b019:d3b]) by smtp.gmail.com with ESMTPSA id af79cd13be357-820cf007a88sm1112602485a.61.2025.09.17.02.00.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Sep 2025 02:00:05 -0700 (PDT) X-Google-Original-From: ruggero rossi Date: Wed, 17 Sep 2025 11:00:03 +0200 To: Christian Melki Message-ID: <20250917110003.6587c431@RR-Laptop> In-Reply-To: References: <20250917083239.145112e9@RR-Laptop> X-Mailer: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] PTXDIST 2025.09.0: build failure of openssl-3.5.2 when gcc option -fzero-call-used-regs is not supported X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: ruggero rossi via ptxdist Reply-To: ptxdist@pengutronix.de Cc: ruggero rossi , ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Wed, 17 Sep 2025 10:30:04 +0200 Christian Melki wrote: > Hi. > > Which version of gcc are we talking about? It is quite old, but I'm bound to it because some software does not compile with newer versions. It looks like that the -fzero-call-used-regs is supported from GCC 11 (released April 2021). > GCC 11 should support this, but I don't know over which archs. > It is there as a security enhancement. I would say something like less > gadgets for ROP style attacks? And while it does slow down execution, > for something like OpenSSL, it usually is worth it imho. I agree.... The option is a must, when it is supported. Moreover, I found a comment in some openssh (not openssl) tracking, saying that to detect whether a version of gcc supports the option or not may be not trivial. > I don't see a suitable toolchain option or hardening flag in ptxdist > that currently fits this cleanly. Not sure if something like this fits > for a its own global pass either. Maybe someone else has another opinion. > > So my immediate suggestion would be to keep this local at your end for > now. OK - and these messages remain as a help if anyone else has the same problem. Regards, Ruggero > > Regards, > Christian