Bug 1657912
Summary: | gaps errors reported in rpmdiff - annocheck | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Michal Hlavinka <mhlavink> |
Component: | annobin | Assignee: | Nick Clifton <nickc> |
Status: | CLOSED ERRATA | QA Contact: | Martin Cermak <mcermak> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.1 | CC: | fweimer, jmarchan, kdudka, law, mcermak, nickc |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | annobin-8.73-1.el8 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 20:54:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1679669 | ||
Bug Blocks: | 1684553 |
Description
Michal Hlavinka
2018-12-10 17:32:22 UTC
These FAIL results are due to a bug in the annobin plugin. It has code to handle gcc's hot/cold partitioning, but it had only ever been tested on a file containing only one cold function. When multiple cold functions are created in the same object file, gcc creates multiple sections for each. The problem was that annobin tried to create a symbol to indicate the end of the cold section, but it was only attached to the first such section. The others were missed, and so they showed up as gaps in the notes. Fixed with annobibn-8.65. Currently waiting on the correct flags to commit. Postoning to 8.1 as there is no urgency to have the bug fixed now, and there is the potential to break other builds if my patch contains a bug. Fixed in: annobin-8.73-1.el8 This bug seem to trigger new false positives on RHEL-8.0.0.z builds of nghttp2: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23232399 $ annocheck -v /usr/bin/nghttpx annocheck: Version 8.73. Hardened: /usr/bin/nghttpx: gap: (15300..15ffa probable component: /usr/src/debug/nghttp2-1.33.0-1.el8_0.x86_64/src/shrpx_http2_upstream.cc) in annobin notes. Hardened: /usr/bin/nghttpx: gap: (16030..16a48 probable component: /usr/src/debug/nghttp2-1.33.0-1.el8_0.x86_64/src/shrpx_http2_session.cc) in annobin notes. Hardened: /usr/bin/nghttpx: gap: (16aa0..17f36 probable component: /usr/include/c++/8/bits/std_function.h) in annobin notes. Hardened: /usr/bin/nghttpx: gap: (17f90..1828c probable component: /usr/src/debug/nghttp2-1.33.0-1.el8_0.x86_64/src/shrpx_worker_process.cc) in annobin notes. Hardened: /usr/bin/nghttpx: gap: (182d0..19270 probable component: /usr/include/c++/8/bits/stl_vector.h) in annobin notes. Hardened: /usr/bin/nghttpx: gap: (192a0..199c0 probable component: /usr/src/debug/nghttp2-1.33.0-1.el8_0.x86_64/src/shrpx.cc) in annobin notes. Hardened: /usr/bin/nghttpx: FAIL: Gaps were detected in the annobin coverage. Hardened: /usr/bin/nghttpx: PASS: Linked with -Wl,-z,now. Hardened: /usr/bin/nghttpx: PASS: Compiled with -fcf-protection. Hardened: /usr/bin/nghttpx: PASS: One dynamic section/segment found. Hardened: /usr/bin/nghttpx: PASS: Entry point instruction is ENDBR. Hardened: /usr/bin/nghttpx: PASS: Compiled with -D_FORTIFY_SOURCE=2. Hardened: /usr/bin/nghttpx: PASS: Compiled with -D_GLIBCXX_ASSERTIONS. Hardened: /usr/bin/nghttpx: PASS: Linked with -Wl,-z,relro. Hardened: /usr/bin/nghttpx: PASS: Stack not executable. Hardened: /usr/bin/nghttpx: PASS: Compiled with sufficient optimization. Hardened: /usr/bin/nghttpx: PASS: Compiled with PIC/PIE. Hardened: /usr/bin/nghttpx: PASS: Compiled as a position independent binary. Hardened: /usr/bin/nghttpx: PASS: Good GNU Property note. Hardened: /usr/bin/nghttpx: PASS: DT_RPATH/DT_RUNPATH absent or rooted at /usr. Hardened: /usr/bin/nghttpx: PASS: No RWX segments found. Hardened: /usr/bin/nghttpx: PASS: Consistent use of the -fshort-enum option. Hardened: /usr/bin/nghttpx: PASS: Compiled with -fstack-clash-protection. Hardened: /usr/bin/nghttpx: PASS: Compiled with sufficient stack protection. Hardened: /usr/bin/nghttpx: skip: Test for stack realignment support. (Only needed on i686 binaries). Hardened: /usr/bin/nghttpx: PASS: No text relocations found. Hardened: /usr/bin/nghttpx: PASS: No thread cancellation problems. Hardened: /usr/bin/nghttpx: PASS: GOT/PLT relocations are read only. How can one easily decide what is safe to waive and what not? GDB shows this for the address: Address range 0x152fd to 0x1530d: 0x00000000000152fd <-193139>: mov %rbx,%rdi 0x0000000000015300 <-193136>: callq 0x6a120 <shrpx::Log::~Log()> 0x0000000000015305 <-193131>: mov %rbp,%rdi 0x0000000000015308 <-193128>: callq 0x13a90 <_Unwind_Resume@plt> End of assembler dump. (gdb) info symb 0x15300 shrpx::(anonymous namespace)::settings_timeout_cb(ev_loop*, ev_timer*, int) [clone .cold.158] + 3 in section .text of /usr/bin/nghttpx This could be an annobin plugin problem in the creation of the annotation for the cold partition of the function. (In reply to Florian Weimer from comment #13) > This could be an annobin plugin problem in the creation of the annotation > for the cold partition of the function. Entirely likely. The logs show that the build was done using annobin 8.64. Version 8.65 includes a patch specifically designed to address cold functions (in the .text.unlikely section). (In reply to Kamil Dudka from comment #12) > This bug seem to trigger new false positives on RHEL-8.0.0.z builds of > nghttp2: > > How can one easily decide what is safe to waive and what not? It is safe to waive these results. Ideally it would be nice to have a newer version of annobin in the RHEL-8 buildroot, but I do not see this as being worthy of a z-stream exception. Thanks for the quick reply on this! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3356 |