[Pkg-openmpi-maintainers] Bug#818909: Segfaults caused by new DT_MIPS_RLD_MAP_REL tag and RPATH removers

Fri Apr 8 08:45:00 UTC 2016

Hi,

On 2016-04-07 11:51, James Cowgill wrote:
> Hi,
> 
> I've managed to find the cause of the openmpi segfault (#818909). It
> might affect a number of different packages.

Thanks for working on that.

> The segfault is caused by the interaction of the
> new DT_MIPS_RLD_MAP_REL dynamic tag (from binutils 2.26) and chrpath.
> Unlike all other tags, this tag is relative to the offset of the tag
> within the executable. chrpath is used to remove rpaths from ELF files.
> It does this by moving all of the other dynamic tags up one entry, but
> since the DT_MIPS_RLD_MAP_REL is not updated, it now points to an
> incorrect offset. The dynamic linker will then overwrite some other
> memory when processing the DT_MIPS_RLD_MAP_REL tag.
> 
> The openmpi segfault was caused by a global variable being initialized
> incorrectly (overwritten by the dynamic linker). I expect other
> executables using chrpath will also be affected - possibly in strange
> ways (not nessesarily a segfault).
> 
> It also seems that at least cmake uses the same technique for removing
> the RPATH so any cmake reverse dependencies could be affected. The
> DT_MIPS_RLD_MAP_REL is only created for executables which limits the
> effect of this slightly. Only packages built using binutils
> >= 2.25.51.20151014-1 will be affected.

It seems the other condition is to use glibc 2.22, which contains the
following corresponding commits:

| commit a2057c984e4314c3740f04cf54e36c824e4c8f32
| Author: Matthew Fortune <matthew.fortune at imgtec.com>
| Date:   Thu Jun 11 10:43:48 2015 +0100
| 
|     Add support for DT_MIPS_RLD_MAP_REL.
|     
|     This tag allows debugging of MIPS position independent executables
|     and provides access to shared library information.
|     
|         * elf/elf.h (DT_MIPS_RLD_MAP_REL): New macro.
|         (DT_MIPS_NUM): Update.
|         * sysdeps/mips/dl-machine.h (ELF_MACHINE_DEBUG_SETUP): Handle
|         DT_MIPS_RLD_MAP_REL.

Maybe we can temporarily revert this commit until the problem is fixed
in chrpath and the packages are rebuilt. 

> There is a convinient way to test if a package is broken using the
> presence of the old DT_MIPS_RLD_MAP tag. When correct
> (DT_MIPS_RLD_MAP_REL + tag offset + executable base address) equals
> DT_MIPS_RLD_MAP, so someone could analyze the archive to find which
> packages are affected (any if any tools other than chrpath and cmake
> are broken).
> 
> Based only on chrpath and cmake reverse dependencies, there is an upper
> bound of about 1500 binNMUs (after the tools after fixed). Hopefully
> that can be reduced!
>
> I really don't have any time to fix all this. Please can someone else
> have a look!

I'll try to do an archive scan asap to really get an idea on how many
packages are affected. After I'll look at how to fix chrpath, but help
would be welcome as I also don't have a lot of time.

> OpenMPI maintainers (and anyone else affected):
> One possible workaround is to use chrpath -r "" <file> on mips*
> architectures until this is fixed since that command does not cause any
> tags to be moved. It has a tiny performance penalty but should
> otherwise work properly.

Thanks for the workaround.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien at aurel32.net                 http://www.aurel32.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openmpi-maintainers/attachments/20160408/808871df/attachment.sig>