Default of fcf-protection should only be enabled where it can work

Broken in PPA or sbuild builds with 11.2.0-1ubuntu3
Last working case with 11.1.0-3ubuntu1

I'm not entirely sure of all the moving pieces here, but if true it might be a late change causing some more FTFBFSes that might be worth to fix in a single place at the toolchain before impish is complete.

Amurray was so kind to point out that we already do not use it on -m32

/* Enable code instrumentation of control-flow transfers.
   Available on x86 and x86_64. */
#ifndef CF_PROTECTION_SPEC
# ifdef DIST_DEFAULT_CF_PROTECTION
# define CF_PROTECTION_SPEC " %{!m32:%{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}}"
# else
# define CF_PROTECTION_SPEC ""
# endif
#endif

And that maybe it would need to be:

# define CF_PROTECTION_SPEC " %{!m16:%{!m32:%{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}}}"

FYI - qemu interim fix LGTM in test builds.

The build in a PPA is now complete on all architectures, after some more testing I'll upload that to Impish to avoid the issue on qemu's side until fixed in the toolchain.

This bug was fixed in the package qemu - 1:6.0+dfsg-2expubuntu1

---------------
qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium

  * Merge with Debian experimental, remaining changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Distribution specific machine type
      (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
        types containing release versioned machine attributes
      - d/qemu-system-x86.NEWS Info on fixed machine type defintions
        for host-phys-bits=true
      - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
    - Enable nesting by default
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
        [ No more strictly needed, but required for backward compatibility ]
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
    - d/control*, d/rules: disable xen by default, but provide universe
      package qemu-system-x86-xen as alternative
      [includes compat links changes of 5.0-5ubuntu4]
    - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
    - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
      for v6.0
    - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926)
    - Ease the use of module retention on upgrades (LP 1913421)
      - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
  * Dropped Changes [in 1:6.0+dfsg-2exp]:
    - d/control-in: Disable capstone disassembler library support (universe)
    - Disable fuse export (universe dependency)
    - Ease the use of module retention on upgrades (LP 1913421)
      - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
      - d/rules: only save modules if /run/qemu isn't noexec
      - d/rules: clear all (current and former) modules on purge
    - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
      upgrade issues (LP 1932264)
    - Enable SDL as secondary UI backend (LP 1256185)
      - d/control: add build dependency libsdl2-dev
      - d/control: enable sdl graphics on build
      - d/qemu-system-gui.install: add ui-sdl.so
      - d/control: add run...

Re-ping for gcc maintainers,
could we please have the default "fcf-protection" be not applied to `-march=i486 -m16` ?

Re-ping again, this is breaking all (well there aren't too many) 486 compiles.

This bug was fixed in the package gcc-10 - 10.3.0-15ubuntu1

---------------
gcc-10 (10.3.0-15ubuntu1) jammy; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from upstream sources.

gcc-10 (10.3.0-15) unstable; urgency=medium

  * Update to git 20220324 from the gcc-10 branch.
    - Fix PR tree-optimization/103237, PR middle-end/103181,
      PR middle-end/103248, PR tree-optimization/102798, PR ipa/102762,
      PR tree-optimization/100923, PR tree-optimization/101158,
      PR target/103627 (PPC), PR target/103627 (PPC), PR target/104469 (x86),
      PR target/104458 (x86), PR target/104451 (x86), PR target/104090 (PPC),
      PR middle-end/95115, PR target/102976 (PPC), PR ada/103538,
      PR ada/103538, PR fortran/104619, PR fortran/104311, PR fortran/104331,
      PR fortran/83079, PR fortran/104127, PR fortran/104227,
      PR fortran/101762, PR fortran/67804, PR fortran/103782,
      PR fortran/103692, PR fortran/102332, PR sanitizer/102911,
      PR libstdc++/102358, PR target/87496 (PPC), PR target/104208 (PPC),
      PR target/104453 (x86), PR tree-optimization/104511,
      PR target/100784 (x86), PR target/104253 (PPC).
  * Support the ld.mold linker, patch taken from the trunk.
  * Don't enable -fcf-protection with -m16 and -m32. LP: #1940029.
  * Don't run the tests on ppc64 and sh4, hanging on the buildds.

 -- Matthias Klose <email address hidden> Thu, 24 Mar 2022 13:12:38 +0100

This bug was fixed in the package gcc-11 - 11.2.0-19ubuntu1

---------------
gcc-11 (11.2.0-19ubuntu1) jammy; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from upstream sources.

gcc-11 (11.2.0-19) unstable; urgency=medium

  * Update to git 20220324 from the gcc-11 branch.
    - Fix PR tree-optimization/101636, PR tree-optimization/104782,
      PR tree-optimization/104931, PR target/105000 (x86),
      PR target/104890 (x86), PR target/104998 (x86), PR target/104923 (PPC),
      PR target/87496 (PPC), PR target/104208 (PPC), PR target/104963 (x86),
      PR middle-end/100775, PR middle-end/104786, PR tree-optimization/104511,
      PR target/104453 (x86), PR middle-end/104402, PR debug/104337,
      PR tree-optimization/103641, PR target/99708 (PPC),
      PR rtl-optimization/104777, PR target/104219 (RISCV),
      PR target/99708 (PPC), PR target/104253 (PPC),
      PR tree-optimization/102819, PR tree-optimization/103169, PR ada/104861,
      PR c++/103186, PR c++/103057, PR c++/59950, PR c++/101095, PR c++/58646,
      PR c++/103337, PR c++/102740, PR c++/103299, PR c++/102538,
      PR c++/101767, PR c++/104667, PR d/105004, PR fortran/99585,
      PR fortran/104430, PR fortran/96983, PR fortran/104811, PR d/104659.
  * Don't enable -fcf-protection with -m16. LP: #1940029.

 -- Matthias Klose <email address hidden> Thu, 24 Mar 2022 15:22:07 +0100

Thank you Matthias!

This bug was fixed in the package gcc-12 - 12-20220428-1ubuntu1

---------------
gcc-12 (12-20220428-1ubuntu1) kinetic; urgency=medium

  * New upstream snapshot, taken from the gcc-12 branch.

gcc-12 (12-20220428-1) unstable; urgency=medium

  * New upstream snapshot, taken from the gcc-12 branch.

  [ Matthias Klose ]
  * Don't enable -fcf-protection with -m16. LP: #1940029.
  * Update libgccjit and libgphobos symbols files.

  [ Nicolas Boulenguez ]
  * ada/confirm_debian_bugs.py: trivial update.

 -- Matthias Klose <email address hidden> Thu, 28 Apr 2022 22:50:55 +0200

Hello Christian, or anyone else affected,

Accepted gcc-12 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gcc-12/12.1.0-2ubuntu1~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package gcc-12 - 12.1.0-2ubuntu1~22.04

---------------
gcc-12 (12.1.0-2ubuntu1~22.04) jammy-proposed; urgency=medium

  * SRU: LP: #1970233. Backport GCC 12.1.0 to 22.04 LTS.

gcc-12 (12.1.0-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from upstream sources.

gcc-12 (12.1.0-2) unstable; urgency=medium

  * Update to git 20210513 from the gcc-12 branch.
    - Fix PR ipa/100413, PR tree-optimization/105528, PR target/105292 (SPARC),
      PR c++/105476, PR libstdc++/105284, PR libstdc++/105284,
      PR libstdc++/104731.
  * Refresh the cross-fixes patch.
  * Update NEWS files for GCC 12.1.

gcc-12 (12.1.0-1) unstable; urgency=medium

  * GCC 12.1.0 release.
  * Refresh patches.

gcc-12 (12-20220428-1ubuntu1) kinetic; urgency=medium

  * New upstream snapshot, taken from the gcc-12 branch.

gcc-12 (12-20220428-1) unstable; urgency=medium

  * New upstream snapshot, taken from the gcc-12 branch.

  [ Matthias Klose ]
  * Don't enable -fcf-protection with -m16. LP: #1940029.
  * Update libgccjit and libgphobos symbols files.

  [ Nicolas Boulenguez ]
  * ada/confirm_debian_bugs.py: trivial update.

 -- Matthias Klose <email address hidden> Fri, 13 May 2022 13:11:55 +0200

Hello Christian, or anyone else affected,

Accepted gcc-10 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gcc-10/10.5.0-1ubuntu1~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

root@f:~# apt install gcc-10 libc6-dev-i386
...
root@f:~# gcc-10 -Wall -Werror test.c -o test.o
root@f:~# gcc-10 -march=i486 -Wall -Werror test.c -o test.o
cc1: error: CPU you selected does not support x86-64 instruction set
cc1: error: ‘-fcf-protection=full’ is not supported for this target

^^ issue
gcc-10 -v |& tail -n 1
gcc version 10.3.0 (Ubuntu 10.3.0-1ubuntu1~20.04)

Upgrade to 10.5.0-1ubuntu1~20.04 worked fine (but was a bit much output as I move to all in proposed)

root@f:~# gcc-10 -v |& tail -n 1
gcc version 10.5.0 (Ubuntu 10.5.0-1ubuntu1~20.04)
root@f:~# gcc-10 -march=i486 -Wall -Werror test.c -o test.o
cc1: error: CPU you selected does not support x86-64 instruction set
cc1: error: ‘-fcf-protection=full’ is not supported for this target

Hmm, is this bug really fixed.
Sorry I didn't have the time to manually verify any of the before.
But it seems it was released without a verification due to that :-/

Checking latest Jammy as I had it around:

$ gcc-11 -v |& tail -n 1
gcc version 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1)
$ gcc-11 -march=i486 -Wall -Werror test.c -o test.o
cc1: error: CPU you selected does not support x86-64 instruction set
cc1: error: ‘-fcf-protection=full’ is not supported for this target

$ gcc-12 -v |& tail -n 1
gcc version 12.1.0 (Ubuntu 12.1.0-2ubuntu1~22.04)
$ gcc-12 -march=i486 -Wall -Werror test.c -o test.o
cc1: error: CPU you selected does not support x86-64 instruction set
cc1: error: ‘-fcf-protection=full’ is not supported for this target

Hmm, that might have been a variation of the old bug.
You fixed it for -m16 according to the changelog, but I have this time only tested -march=i486 which has the same problem :-/
Having a further look ...

My original case was in Impish and later.
I see the patch you applied and I see that it changes based on the presence of -m16

Due to linking with 16 bit being rather, ... special :-)
I can't use my trivial test that I found back then to be sure.
I thought of re-building qemu against gcc-10 in Focal (but that might hit all kind of other things we do not want to look for).

Gladly all we care is if fcf-protection is effectively set or not - and that we can do without the weird 16 bit linking.

Pre-fix:
root@f2:~# gcc-10 -Q -v -march=i486 -m16 -Wall -Werror test.c -o test.o |& grep -e fcf -e "GNU C17"
 /usr/lib/gcc/x86_64-linux-gnu/10/cc1 -v -imultiarch x86_64-linux-gnu test.c -dumpbase test.c -march=i486 -m16 -auxbase test -Wall -Werror -version -fasynchronous-unwind-tables -fstack-protector-strong -Wformat-security -fstack-clash-protection -fcf-protection -o /tmp/cc6LBUMj.s
GNU C17 (Ubuntu 10.3.0-1ubuntu1~20.04) version 10.3.0 (x86_64-linux-gnu)
GNU C17 (Ubuntu 10.3.0-1ubuntu1~20.04) version 10.3.0 (x86_64-linux-gnu)
 -Wformat-security -fstack-clash-protection -fcf-protection

Post-fix:
root@f:~# gcc-10 -Q -v -march=i486 -m16 -Wall -Werror test.c -o test.o |& grep -e fcf -e "GNU C17"
GNU C17 (Ubuntu 10.5.0-1ubuntu1~20.04) version 10.5.0 (x86_64-linux-gnu)
GNU C17 (Ubuntu 10.5.0-1ubuntu1~20.04) version 10.5.0 (x86_64-linux-gnu)

So you see that with the fix in the -m16 case "-fcf-protection" is gone.
\o/

BTW as I found above in theory we'd also want to disable that for march=i486 in general?
But if that is a bug worth addressing (split it to a new one then) is up to you.

you are using a compiler targeting x86_64-linux-gnu, explicitly setting a 32bit cpu. I'm not sure that GCC should find out all incompatible options on it's own.
An alternative could be to explicitly use the gcc-i686-linux-gnu cross compiler which doesn't have fcf-protection enabled by default, or disable it explicitly in the package build.

Yeah, I'm all fine.
As you see after my initial "oh all is broken" message I realized my mistake and by the end of my updates on July 14th this was "verification-done".

And for the potential spin-off bug, you are right that in this case gcc-i686-linux-gnu might have been the better choice anyway and working. Ack to not break this into an extra bug for the i486 case I asked about.

The verification of the Stable Release Update for gcc-10 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package gcc-10 - 10.5.0-1ubuntu1~20.04

---------------
gcc-10 (10.5.0-1ubuntu1~20.04) focal-proposed; urgency=medium

  * SRU: LP: #2019465. Update GCC 10 to the 10.5.0 release.
  * Build the common shared library packages.
  * Still use newlib 4.1.0 for the amdgcn offload build.

gcc-10 (10.5.0-1ubuntu1) mantic; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from upstream sources.

gcc-10 (10.5.0-1) unstable; urgency=medium

  * Update to the GCC 10.5.0 release.
    - Fix PR c++/92752, PR c++/97420, PR d/110511.
  * Update newlib to 4.3.0.
  * Refresh patches.
  * Fix libtsan0 build (when building the libs built by newer GCC versions).
  * Update libgphobos symbols file.

gcc-10 (10.4.0-9) unstable; urgency=medium

  * Update to git 20230629 from the gcc-10 branch.
    - Fix PR target/109932 (PPC), PR target/110011 (PPC),
      PR target/110044 (PPC), PR target/109954, PR target/70243 (PPC),
      PR d/110359, PR fortran/96024, PR libstdc++/108118, PR libstdc++/94540,
      PR libstdc++/106607, PR libstdc++/102447, PR libstdc++/103664,
      PR libstdc++/84110.

gcc-10 (10.4.0-8ubuntu1) mantic; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from upstream sources.

gcc-10 (10.4.0-8) unstable; urgency=medium

  * Update to git 20230510 from the gcc-10 branch.
    - Fix PR target/106736 (PPC), PR fortran/108131,
      PR tree-optimization/109778, PR tree-optimization/109410,
      PR middle-end/106190, PR ipa/105685, PR target/105554,
      PR middle-end/108685, PR testsuite/108973, PR middle-end/108854,
      PR target/108881 (x86), PR tree-optimization/108688,
      PR middle-end/108435, PR debug/108573, PR rtl-optimization/108596,
      PR other/108560, PR middle-end/108237, PR tree-optimization/108068,
      PR rtl-optimization/108193, PR rtl-optimization/106751,
      PR tree-optimization/107997, PR debug/106719, PR middle-end/107317,
      PR target/107748 (x86), PR target/107183 (x86), PR c/107001,
      PR debug/106261, PR middle-end/106144, PR rtl-optimization/106032,
      PR middle-end/106030, PR target/108589 (AArch64),
      PR target/108699 (PPC), PR target/104921 (AArch64),
      PR target/108348 (PPC), PR target/108272 (PPC),
      PR tree-optimization/107554, PR tree-optimization/107323,
      PR tree-optimization/107107, PR tree-optimization/106934,
      PR driver/106624, PR c/109151, PR c/107465, PR c/107465, PR c++/107163,
      PR c++/107358, PR c/106981, PR preprocessor/97498, PR c++/109164,
      PR c++/109096, PR c++/107558, PR debug/108716, PR c++/108474,
      PR c++/108365, PR c++/108607, PR c++/53932, PR c++/108180,
      PR c++/107065, PR c++/105774, PR c++/105996, PR c++/108975,
      PR c++/69410, PR c++/101869, PR d/108877, PR fortran/108451,
      PR fortran/108349, PR fortran/109511, PR fortran/109186,
      PR fortran/85877, PR fortran/106945, PR fortran/104332,
      PR fortran/108937, PR fortran/96024, PR fortran/96025,
      PR fortran/95107, PR fortran/108609, PR fortran/108527,
      PR fortran/108529, PR fortran/106209, PR fortran/108501,
      PR fortran/108502, PR fortran/108421, PR fortran/108420,
      PR fortran/108453, PR tar...