Bug 2068657 - aarch64 binary has .note.gnu.property but reports FAIL: property-note test because .note.gnu.property section not found
Summary: aarch64 binary has .note.gnu.property but reports FAIL: property-note test be...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: annobin
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nick Clifton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-25 21:41 UTC by Mark Wielaard
Modified: 2022-04-28 14:10 UTC (History)
5 users (show)

Fixed In Version: annobin-10.59-1.fc37 annobin-10.66-2.fc35
Doc Type: No Doc Update
Doc Text:
If this bug requires documentation, please select an appropriate Doc Type value.
Clone Of:
Environment:
Last Closed: 2022-04-28 14:10:00 UTC
Type: Bug


Attachments (Terms of Use)

Description Mark Wielaard 2022-03-25 21:41:22 UTC
See https://bodhi.fedoraproject.org/updates/FEDORA-2022-d99f313ddd

Which reports the following failure:

Hardened: /usr/bin/eu-addr2line: FAIL: property-note test because .note.gnu.property section not found (it is needed for branch protection support)

And likewise for every aarch64 binary (but not for any other architecture).

But fetching the build:
https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/aarch64/elfutils-0.186-3.fc37.aarch64.rpm

And looking at the binaries (rpm2cpio elfutils-0.186-3.fc37.aarch64.rpm | cpio -iduv) shows there is a .note.gnu.property section (readelf -SnW):

  [ 2] .note.gnu.property NOTE            00000000000002c8 0002c8 000020 00   A  0   0  8

Displaying notes found in: .note.gnu.property
  Owner                Data size        Description
  GNU                  0x00000010       NT_GNU_PROPERTY_TYPE_0        Properties: AArch64 feature: BTI, PAC

Comment 1 Nick Clifton 2022-03-30 10:41:30 UTC
Hi Mark,

*sigh*  Yes - this is a snafu in annocheck.  I am testing a fix now.

Feel free to waive the result.

Cheers
  Nick

PS.  I assume that the fact that instrumentation is enabled in the binaries is deliberate ?

Comment 2 Nick Clifton 2022-03-30 11:00:34 UTC
Fixed in annobin-10.59-1.fc37

Comment 3 Mark Wielaard 2022-03-30 12:24:47 UTC
Hi Nick,

(In reply to Nick Clifton from comment #1)
> *sigh*  Yes - this is a snafu in annocheck.  I am testing a fix now.
> 
> Feel free to waive the result.

Thanks.

> PS.  I assume that the fact that instrumentation is enabled in the binaries
> is deliberate ?

I hadn't noticed before. I assume you mean these warnings:

Hardened: /usr/bin/eu-elfcompress: WARN: (component: main): Instrumentation enabled - this is probably a mistake for production binaries.
Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details: -fsanitize=...: disabled.
Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details: -finstrument-functions: enabled.
Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details: -p and/or -pg: enabled.
Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details: -fprofile-arcs: enabled.

I hadn't noticed before. It only occurs for i686 binaries.
But I don't see any of those flags in the i686 build logs:
https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/data/logs/i686/build.log

So I am assuming those are false positives?

Comment 4 Nick Clifton 2022-03-30 12:38:17 UTC
(In reply to Mark Wielaard from comment #3)
Hi Mark,
  
> > PS.  I assume that the fact that instrumentation is enabled in the binaries
> > is deliberate ?
> 
> I hadn't noticed before. I assume you mean these warnings:
> 
> Hardened: /usr/bin/eu-elfcompress: WARN: (component: main): Instrumentation
> enabled - this is probably a mistake for production binaries.
> Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details:
> -fsanitize=...: disabled.
> Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details:
> -finstrument-functions: enabled.
> Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details: -p
> and/or -pg: enabled.
> Hardened: /usr/bin/eu-elfcompress: info: (component: main):  Details:
> -fprofile-arcs: enabled.

Yup...
 
> I hadn't noticed before. It only occurs for i686 binaries.

And x86_64.  (Maybe other arches too - I have not checked).

> But I don't see any of those flags in the i686 build logs:
> https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/data/logs/
> i686/build.log
> 
> So I am assuming those are false positives?

Yes.  It looks like another gcc/annobin sync thing.  Although the plugin and compiler do agree on the version of gcc that is being used.  Hmmm.  I will look into it in my copious free time. (tm).

Cheers
  Nick

Comment 5 Fedora Update System 2022-03-30 12:53:26 UTC
FEDORA-2022-b745df25e3 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b745df25e3

Comment 6 Fedora Update System 2022-03-30 12:53:28 UTC
FEDORA-2022-67b135183f has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-67b135183f

Comment 7 Fedora Update System 2022-03-31 02:17:51 UTC
FEDORA-2022-b745df25e3 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-b745df25e3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b745df25e3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-03-31 18:24:53 UTC
FEDORA-2022-67b135183f has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-67b135183f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-67b135183f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-04-02 01:25:38 UTC
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c43760a865`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c43760a865

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2022-04-03 01:24:03 UTC
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c43760a865`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c43760a865

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2022-04-05 12:40:32 UTC
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c43760a865`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c43760a865

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2022-04-05 13:26:04 UTC
FEDORA-2022-2e4ff85f73 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-2e4ff85f73`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e4ff85f73

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2022-04-07 18:00:46 UTC
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c43760a865`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c43760a865

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2022-04-11 03:33:20 UTC
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2022-04-24 20:43:14 UTC
FEDORA-2022-54bb9337da has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-54bb9337da`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-54bb9337da

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 16 Fedora Update System 2022-04-28 14:10:00 UTC
FEDORA-2022-54bb9337da has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.