FTBFS on amd64 / i386 when compiled with new hardening defaults in eoan

Bug #1833067 reported by Alex Murray on 2019-06-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Status tracked in Eoan

Bug Description

In eoan we are activating new hardening defaults in gcc (-fstack-clash-protection on all non-32-bit ARM arches and -fcet-protection on i386/amd64/x32).

As a result of -fcet-protection by default, glibc FTBFS since it has to be explicitly configured (./configure --enable-cet) to build correctly:

usr/bin/ld: warning: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: corrupt GNU_PROPERTY_TYPE (5) size: 0
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: in function `_rtld_main_check':
/<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:33: undefined reference to `_dl_cet_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/librtld.os: in function `_dl_open_check':
/<<PKGBUILDDIR>>/elf/../sysdeps/x86/dl-prop.h:41: undefined reference to `_dl_cet_open_check'
/usr/bin/ld: /<<PKGBUILDDIR>>/build-tree/i386-libc/elf/ld.so.new: hidden symbol `_dl_cet_open_check' isn't defined
/usr/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status

This can be easily remedied by now enabling CET support at configure time for glibc - see the attached debdiff which enables this for the supported architectures which resolves this FTBFS.

Alex Murray (alexmurray) wrote :
tags: added: ftbfs
tags: added: rls-ee-incoming

The attachment "glibc_2.29-0ubuntu3.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Steve Langasek (vorlon) on 2019-06-20
Changed in glibc (Ubuntu):
importance: Undecided → High
tags: removed: rls-ee-incoming
Alex Murray (alexmurray) wrote :

I am a bit stumped on this one - glibc_2.29-0ubuntu3 built fine in my PPA (https://launchpad.net/~alexmurray/+archive/ubuntu/gcc-stack-clash-protection2) but FTBFS on amd64/i386 for eoan-proposed - but I cannot reproduce the same failure locally either in an schroot or in an eoan VM - however, it does still FTBFS in both cases locally BUT with different tests failing (and different than the eoan-proposed failures):

Failures from eoan-proposed:
FAIL: debug/tst-backtrace5
FAIL: nptl/tst-cancel24
FAIL: nptl/tst-cancelx16
FAIL: nptl/tst-cancelx18
FAIL: nptl/tst-cancelx20
FAIL: nptl/tst-cancelx21
FAIL: nptl/tst-cancelx4
FAIL: nptl/tst-cancelx5
FAIL: nptl/tst-oncex3
FAIL: nptl/tst-oncex4

Failures from an eoan schroot running on a bionic (with hwe kernel) host:
FAIL: io/tst-copy_file_range

Failures from an eoan VM building glibc_2.29-0ubuntu3 locally:
FAIL: nptl/test-condattr-printers
FAIL: nptl/test-cond-printers
FAIL: nptl/test-mutexattr-printers
FAIL: nptl/test-mutex-printers
FAIL: nptl/test-rwlockattr-printers
FAIL: nptl/test-rwlock-printers

I am currently trying to see if perhaps a different host kernel behaves differently for the schroot build case.

tags: added: id-5d0ba41f0451f512579d2806
Alex Murray (alexmurray) wrote :

Using the hwe-edge kernel (5.0.0-17-generic) on a bionic host with an eoan schroot seems to work - not sure what this says about the copy_file_range test on the normal hwe kernel on bionic or for the builders on launchpad...?

Alex Murray (alexmurray) wrote :

As per https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834315/comments/7 this should be resolved once the launchpad builders are updated to the kernel in xenial-proposed (4.4.0-155)

Alex Murray (alexmurray) on 2019-07-08
Changed in glibc (Ubuntu Eoan):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers