Bug 1467518 - glibc: Invalid IFUNC resolver from libgcc calls getauxval, leading to ppc64le relocation crash
glibc: Invalid IFUNC resolver from libgcc calls getauxval, leading to ppc64le...
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Florian Weimer
Fedora Extras Quality Assurance
: 1467833 (view as bug list)
Depends On: 1467526
Blocks: 1466116 1469022 1470013
  Show dependency treegraph
Reported: 2017-07-04 02:22 EDT by Florian Weimer
Modified: 2017-08-04 16:56 EDT (History)
10 users (show)

See Also:
Fixed In Version: glibc-2.25.90-26.fc27
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1467526 (view as bug list)
Last Closed: 2017-08-04 16:56:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 21707 None None None 2017-07-04 02:36 EDT

  None (edit)
Description Florian Weimer 2017-07-04 02:22:37 EDT
Upstream glibc master started linking in have_ieee_hw_p from libgcc on ppc64le.  This leads to a crash on the last line because getauxval uses data which has not been initialized yet at this point.  The crash is at the last line of the disassembly.

00000000001c3380 <have_ieee_hw_p>:
  1c3380:       08 00 4c 3c     addis   r2,r12,8
  1c3384:       80 3d 42 38     addi    r2,r2,15744
  1c3388:       f8 ff e1 fb     std     r31,-8(r1)
  1c338c:       a0 8c e2 eb     ld      r31,-29536(r2)
  1c3390:       d1 ff 21 f8     stdu    r1,-48(r1)
  1c3394:       02 00 3f e9     lwa     r9,0(r31)
  1c3398:       00 00 89 2f     cmpwi   cr7,r9,0
  1c339c:       14 00 9c 41     blt     cr7,1c33b0 <have_ieee_hw_p+0x30>
  1c33a0:       30 00 21 38     addi    r1,r1,48
  1c33a4:       78 4b 23 7d     mr      r3,r9
  1c33a8:       f8 ff e1 eb     ld      r31,-8(r1)
  1c33ac:       20 00 80 4e     blr
  1c33b0:       a6 02 08 7c     mflr    r0
  1c33b4:       0f 00 60 38     li      r3,15
  1c33b8:       40 00 01 f8     std     r0,64(r1)
  1c33bc:       15 fc e5 4b     bl      22fd0 <00000036.plt_call.__getauxval>
  1c33c0:       18 00 41 e8     ld      r2,24(r1)

So far, this happens only with --enable-bind-now builds.  I'll disable that on ppc64le as an immediate workaround, but we'll need an upstream fix for this (in glibc or GCC).
Comment 1 Florian Weimer 2017-07-07 06:06:12 EDT
*** Bug 1467833 has been marked as a duplicate of this bug. ***
Comment 2 Florian Weimer 2017-07-07 06:07:11 EDT
The --enable-bind-now workaround turned out to be insufficient.  We need the upstream fix.
Comment 3 Carlos O'Donell 2017-07-07 16:28:28 EDT
Status so far is that the fix will be in gcc by removing getauxval call from libgcc which is a violation of IFUNC resolver rules which say you must not call functions from other translation units.

We are working with the gcc team sort the issue out before the mass rebuild.
Comment 4 Carlos O'Donell 2017-07-13 10:18:10 EDT
There is a temporary fix in place for Rawhide.

Upstream fix v2 posted by IBM and reviewed last night:
Comment 5 Florian Weimer 2017-07-17 17:34:53 EDT
Upstream fix incorporated into glibc-2.25.90-26.fc27.
Comment 6 Carlos O'Donell 2017-07-17 19:27:30 EDT
I've just reviewed v4 from IBM today:

Looks done, and we'll include that out via a sync and then close this bug out.

Note You need to log in before you can comment on or make changes to this bug.