Ubuntu
glibc package

FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

Bug #1833067 reported by Alex Murray
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Fix Released
High
Unassigned
Eoan
Fix Released
High
Unassigned

Bug Description

In eoan we are activating new hardening defaults in gcc (-fstack-clash-protection on all non-32-bit ARM arches and -fcet-protection on i386/amd64/x32).

As a result of -fcet-protection by default, glibc FTBFS since it has to be explicitly configured (./configure --enable-cet) to build correctly:

usr/bin/ld: warning: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: corrupt GNU_PROPERTY_TYPE (5) size: 0
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: in function `_rtld_main_check':
/<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: in function `_dl_open_check':
/<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:41: undefined reference to `_dl_cet_open_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/ld.so.new: hidden symbol `_dl_cet_open_check' isn't defined
/usr/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status

This can be easily remedied by now enabling CET support at configure time for glibc - see the attached debdiff which enables this for the supported architectures which resolves this FTBFS.

Revision history for this message
Alex Murray (alexmurray) wrote :
tags: added: ftbfs
tags: added: rls-ee-incoming
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "glibc_2.29-0ubuntu3.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Steve Langasek (vorlon)
Changed in glibc (Ubuntu):
importance: Undecided → High
tags: removed: rls-ee-incoming
Revision history for this message
Alex Murray (alexmurray) wrote :

I am a bit stumped on this one - glibc_2.29-0ubuntu3 built fine in my PPA (https://launchpad.net/~alexmurray/+archive/ubuntu/gcc-stack-clash-protection2) but FTBFS on amd64/i386 for eoan-proposed - but I cannot reproduce the same failure locally either in an schroot or in an eoan VM - however, it does still FTBFS in both cases locally BUT with different tests failing (and different than the eoan-proposed failures):

Failures from eoan-proposed:
-----------------------------
FAIL: debug/tst-backtrace5
FAIL: nptl/tst-cancel24
FAIL: nptl/tst-cancelx16
FAIL: nptl/tst-cancelx18
FAIL: nptl/tst-cancelx20
FAIL: nptl/tst-cancelx21
FAIL: nptl/tst-cancelx4
FAIL: nptl/tst-cancelx5
FAIL: nptl/tst-oncex3
FAIL: nptl/tst-oncex4

Failures from an eoan schroot running on a bionic (with hwe kernel) host:
-------------------------------------------------------------------------
FAIL: io/tst-copy_file_range

Failures from an eoan VM building glibc_2.29-0ubuntu3 locally:
--------------------------------------------------------------
FAIL: nptl/test-condattr-printers
FAIL: nptl/test-cond-printers
FAIL: nptl/test-mutexattr-printers
FAIL: nptl/test-mutex-printers
FAIL: nptl/test-rwlockattr-printers
FAIL: nptl/test-rwlock-printers

I am currently trying to see if perhaps a different host kernel behaves differently for the schroot build case.

Francis Ginther (fginther)
tags: added: id-5d0ba41f0451f512579d2806
Revision history for this message
Alex Murray (alexmurray) wrote :

Using the hwe-edge kernel (5.0.0-17-generic) on a bionic host with an eoan schroot seems to work - not sure what this says about the copy_file_range test on the normal hwe kernel on bionic or for the builders on launchpad...?

Revision history for this message
Alex Murray (alexmurray) wrote :

As per https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834315/comments/7 this should be resolved once the launchpad builders are updated to the kernel in xenial-proposed (4.4.0-155)

Alex Murray (alexmurray)
Changed in glibc (Ubuntu Eoan):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.