Bug 1478564 - ld segfault compiling ipxe package
ld segfault compiling ipxe package
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: cross-binutils (Show other bugs)
27
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: David Howells
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-04 15:46 EDT by Cole Robinson
Modified: 2017-12-14 11:13 EST (History)
3 users (show)

See Also:
Fixed In Version: cross-binutils-2.29.1-1 cross-binutils-2.29.1-1.fc27 cross-binutils-2.29.1-1.fc26
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-14 09:37:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Test data (901 bytes, application/octet-stream)
2017-08-07 10:31 EDT, David Howells
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 21914 None None None 2017-08-07 10:57 EDT

  None (edit)
Description Cole Robinson 2017-08-04 15:46:35 EDT
ipxe package build is crashing in rawhide on an ld step. We use cross-binutils to ensure the package is buildable on every arch. Editing the package spec to use make -j1, the failure looks like:

...
x86_64-linux-gnu-objdump -ht bin/ipxe.lkrn.tmp | perl ./util/sortobjdump.pl >> bin/ipxe.lkrn.tmp.map
x86_64-linux-gnu-objcopy -O binary -R .zinfo bin/ipxe.lkrn.tmp bin/ipxe.lkrn.bin
x86_64-linux-gnu-objcopy -O binary -j .zinfo bin/ipxe.lkrn.tmp bin/ipxe.lkrn.zinfo
./util/zbin bin/ipxe.lkrn.bin bin/ipxe.lkrn.zinfo > bin/ipxe.lkrn.zbin
cp bin/ipxe.lkrn.zbin bin/ipxe.lkrn
ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin LDLINUX_C32=/usr/share/syslinux/ldlinux.c32 \
    VERSION="1.0.0+" bash util/geniso -o bin/ipxe.iso bin/ipxe.lkrn
x86_64-linux-gnu-ld  -m elf_i386 -N --no-check-sections --section-start=.prefix=0   --gc-sections -static -o bin/usbdisk.bin --oformat binary -e 0 bin/usbdisk.o
make: *** [arch/x86/Makefile.pcbios:116: bin/usbdisk.bin] Segmentation fault (core dumped)

This doesn't crash on latest f26. I confirmed the issue is present with the latest cross-gcc/cross-binutils packages from koji:

# rpm -qa | grep linux-gnu
binutils-x86_64-linux-gnu-2.29-3.fc27.x86_64
gcc-x86_64-linux-gnu-7.1.1-4.fc27.x86_64
Comment 1 David Howells 2017-08-07 10:31 EDT
Created attachment 1310112 [details]
Test data

This data can be decompressed and then passed through the linker like so:

x86_64-linux-gnu-ld  -m elf_i386 -N --no-check-sections --section-start=.prefix=0 --gc-sections -static -o bin/usbdisk.bin --oformat binary -e 0 usbdisk.o
Comment 2 David Howells 2017-08-07 10:49:03 EDT
Program received signal SIGSEGV, Segmentation fault.
0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
(gdb) bt
#0  0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
#1  0x0000000000412bfa in lang_place_orphans ()
    at ../../binutils-2.29/ld/ldlang.c:6396
#2  0x0000000000416f21 in lang_process ()
    at ../../binutils-2.29/ld/ldlang.c:7198
#3  0x0000000000403ee0 in main (argc=<optimized out>, argv=<optimized out>)
    at ../../binutils-2.29/ld/ldmain.c:413

The fault apparently occurs on line 1978 in the following:

1977            if (os->bfd_section != NULL
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
1979                    == elf_section_data (s)->this_hdr.sh_info)
1980                && (os->bfd_section->flags == 0
1981                    || ((!bfd_link_relocatable (&link_info)
1982                         || (iself && (((elf_section_flags (s)
1983                                         ^ elf_section_flags (os->bfd_section))
1984                                        & SHF_EXCLUDE) == 0)))

(gdb) p os
$1 = (lang_output_section_statement_type *) 0x81e168
(gdb) p os->bfd_section
$2 = (asection *) 0x820720
(gdb) p s
$3 = (asection *) 0x82cea0

Looking at the disassembly, line 1977 starts here:

   0x000000000042e386 <+822>:   mov    0x38(%rbx),%rsi
   0x000000000042e38a <+826>:   test   %rsi,%rsi
   0x000000000042e38d <+829>:   je     0x42e448 <gldelf_i386_place_orphan+1016>
   0x000000000042e393 <+835>:   mov    0xe0(%rsi),%rax
   0x000000000042e39a <+842>:   mov    0xe0(%rbp),%rdx
   0x000000000042e3a1 <+849>:   mov    0x2c(%rdx),%ecx
=> 0x000000000042e3a4 <+852>:   cmp    %ecx,0x2c(%rax)

So %rbx holds 'os', %rsi holds 'os->bfd_section' and %rbp holds 's'.

(gdb) p/x *(long*)($rsi+0xe0)
$13 = 0x0
(gdb) p/x *(long*)($rbp+0xe0)
$14 = 0x82f170

So elf_section_data (os->bfd_section) returns NULL and a SEGV occurs when we try and dereference it.
Comment 3 Jan Kurik 2017-08-15 03:44:22 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.
Comment 5 Cole Robinson 2017-11-06 08:11:07 EST
Any timeline on getting this fixed with fedora packages? I still can't build ipxe on f27/rawhide. Not urgent I just don't want it to be forgotten
Comment 6 Fedora Update System 2017-11-09 08:18:03 EST
cross-binutils-2.29.1-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ac0ead391
Comment 7 Fedora Update System 2017-11-09 08:18:10 EST
cross-binutils-2.29.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-06c4b02fd7
Comment 8 Fedora Update System 2017-11-09 14:55:53 EST
cross-binutils-2.29.1-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-06c4b02fd7
Comment 9 Fedora Update System 2017-11-11 12:29:59 EST
cross-binutils-2.29.1-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ac0ead391
Comment 10 Fedora Update System 2017-12-14 09:37:13 EST
cross-binutils-2.29.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2017-12-14 11:13:34 EST
cross-binutils-2.29.1-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.