Package: guix;
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 19 Jun 2017 22:27:01 UTC
Severity: serious
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: ludo <at> gnu.org (Ludovic Courtès) To: Mark H Weaver <mhw <at> netris.org> Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>, Leo Famulari <leo <at> famulari.name> Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Date: Mon, 26 Jun 2017 10:41:18 +0200
Hi Mark,
Mark H Weaver <mhw <at> netris.org> skribis:
> I tried to copy the .drv files for the grafted 'glibc-final' and
> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to
> ask Hydra to build it, but both "guix copy" and "guix archive --export"
> failed:
>
> mhw <at> jojen ~$ guix copy --to=hydra <at> hydra /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv
> sending 11 store items to 'localhost'...
> guix copy: error: corrupt input while restoring archive from #<closed: file 231bbd0>
> mhw <at> jojen ~$ guix archive --export /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv > GRAFTED-GLIBC-DRVS.nar
> guix archive: error: corrupt input while restoring archive from #<closed: file 17e9d20>
Apparently they got built at some point.
As for the problems above: error reporting in ‘guix copy’ is suboptimal
(help welcome!), and the ‘guix archive --export’ problem looks like a
bug; could you report it?
> I'm concerned that i686 and armhf users are going to have a rude
> awakening when they not only have to build two variants of glibc, but
> also a bunch of the early bootstrap because the NARs are not available
> on Hydra. It would be good if someone could take care of that.
Doing:
--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-replacement (@@ (gnu packages commencement) glibc-final)))' -s i686-linux --log-file --no-grafts
https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv
--8<---------------cut here---------------end--------------->8---
I see that glibc fails to build on i686 (but I think you’ve just fixed
it?):
--8<---------------cut here---------------start------------->8---
i686-guix-linux-gnu-gcc ../sysdeps/i386/i686/multiarch/strcspn-c.c -c -std=gnu11 -fgnu89-inline -O2 -Wall -Werror -Wundef -Wwrite-strings -fmerge-all-constants -fno-stack-protector -frounding-math -g -Wstrict-prototypes -Wold-style-definition -fPIC -Wa,-mtune=i686 -mno-sse -mno-mmx -mfpmath=387 -msse4 -ftls-model=initial-exec -I../include -I/tmp/guix-build-glibc-2.25.drv-0/build/string -I/tmp/guix-build-glibc-2.25.drv-0/build -I../sysdeps/unix/sysv/linux/i386/i686 -I../sysdeps/i386/i686/nptl -I../sysdeps/unix/sysv/linux/i386 -I../sysdeps/unix/sysv/linux/x86 -I../sysdeps/i386/nptl -I../sysdeps/unix/sysv/linux/include -I../sysdeps/unix/sysv/linux -I../sysdeps/nptl -I../sysdeps/pthread -I../sysdeps/gnu -I../sysdeps/unix/inet -I../sysdeps/unix/sysv -I../sysdeps/unix/i386 -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/i386/i686/fpu/multiarch -I../sysdeps/i386/i686/fpu -I../sysdeps/i386/i686/multiarch -I../sysdeps/i386/i686 -I../sysdeps/i386/fpu -I../sysdeps/x86/fpu/include -I../sysdeps/x86/fpu -I../sysdeps/i386 -I../sysdeps/x86 -I../sysdeps/wordsize-32 -I../sysdeps/ieee754/ldbl-96/include -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic -I.. -I../libio -I. -nostdinc -isystem /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include -isystem /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include-fixed -isystem /gnu/store/cwls4k58gw85lsrm2m2icpgwhvd0452n-linux-libre-headers-4.4.47/include -D_LIBC_REENTRANT -include /tmp/guix-build-glibc-2.25.drv-0/build/libc-modules.h -DMODULE_NAME=rtld -include ../include/libc-symbols.h -DPIC -DSHARED -o /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os -MD -MP -MF /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os.dt -MT /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os -mno-sse -mno-mmx -mfpmath=387
In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0,
from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2:
../sysdeps/x86_64/multiarch/varshift.h: In function '__m128i_shift_right':
../sysdeps/x86_64/multiarch/varshift.h:26:1: error: SSE vector return without SSE enabled changes the ABI [-Werror=psabi]
{
^
In file included from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/smmintrin.h:32:0,
from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/nmmintrin.h:31,
from ../sysdeps/x86_64/multiarch/strcspn-c.c:20,
from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2:
/gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/tmmintrin.h:136:1: error: inlining failed in call to always_inline '_mm_shuffle_epi8': target specific option mismatch
_mm_shuffle_epi8 (__m128i __X, __m128i __Y)
^
In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0,
from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2:
../sysdeps/x86_64/multiarch/varshift.h:27:10: error: called from here
return _mm_shuffle_epi8 (value,
^
In file included from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/pmmintrin.h:31:0,
from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/tmmintrin.h:31,
from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/smmintrin.h:32,
from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/nmmintrin.h:31,
from ../sysdeps/x86_64/multiarch/strcspn-c.c:20,
from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2:
/gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/emmintrin.h:696:1: error: inlining failed in call to always_inline '_mm_loadu_si128': target specific option mismatch
_mm_loadu_si128 (__m128i const *__P)
^
In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0,
from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2:
../sysdeps/x86_64/multiarch/varshift.h:27:10: error: called from here
return _mm_shuffle_epi8 (value,
^
cc1: all warnings being treated as errors
make[4]: *** [/tmp/guix-build-glibc-2.25.drv-0/build/sysd-rules:561: /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os] Error 1
make[4]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/string'
make[3]: *** [../o-iterator.mk:9: /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strchr.os] Error 2
make[3]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/elf'
make[2]: *** [Makefile:443: /tmp/guix-build-glibc-2.25.drv-0/build/elf/rtld-libc.a] Error 2
make[2]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/elf'
make[1]: *** [Makefile:215: elf/subdir_lib] Error 2
make[1]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25'
make: *** [Makefile:9: all] Error 2
phase `build' failed after 327.9 seconds
builder for `/gnu/store/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv' failed with exit code 1
--8<---------------cut here---------------end--------------->8---
The ARM variant builds fine though:
--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-replacement (@@ (gnu packages commencement) glibc-final)))' -s armhf-linux -n --substitute-urls=https://hydra.gnu.org
substitute: updating list of substitutes from 'https://hydra.gnu.org'... 100.0%
27.4 MB would be downloaded:
/gnu/store/9xcjggbxli1gdp9daz97v1f1f0yxnsxv-glibc-2.25-debug
/gnu/store/4i5ih43cjk3syk8r24lc12snqfd9dm8m-glibc-2.25
$ git describe
v0.13.0-1020-ga1b46bdc0
--8<---------------cut here---------------end--------------->8---
Ludo’.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.