Bug#817207: glibc: kfreebsd-i386: illegal instruction in ld.so

[Steven Chamberlain <steven@pyro.eu.org>]

Package: src:glibc
Version: 2.22-1
Severity: important
User: debian-bsd@lists.debian.org
Usertags: kfreebsd
X-Debbugs-Cc: debian-bsd@lists.debian.org

Hi,

glibc/2.22 has a major problem on kfreebsd-i386.  It built on the
buildds, but the compiled ld-2.22.so is broken as seen on buildd finzi:

https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=kfreebsd-i386&ver=52c-1&stamp=1457437296
| dpkg: error processing archive /var/cache/apt/archives/libc-bin_2.22-1_kfreebsd-i386.deb (--unpack):
|  subprocess dpkg-deb --control was killed by signal (Illegal instruction)
| Errors were encountered while processing:
|  /var/cache/apt/archives/libc-bin_2.22-1_kfreebsd-i386.deb

Upgrading libc0.1 breaks pretty much everything:

| Core was generated by `ld-2.22.so'.
| Program terminated with signal 4, Illegal instruction.
| (gdb) bt full
| #0  0x0100622b in ?? ()
| No symbol table info available.
| #1  0x62696c2f in ?? ()
| No symbol table info available.
| #2  0x3833692f in ?? ()
| No symbol table info available.
| #3  0x666b2d36 in ?? ()
| No symbol table info available.
| #4  0x01001a90 in ?? ()
| No symbol table info available.
| #5  0x00000000 in ?? ()
| No symbol table info available.

That corresponds to the 'ud2' instruction in the disassembly below:

|      /* The stack is presently not executable, but this module
|         requires that it be executable.  We must change the
|         protection of the variable which contains the flags used in
|         the mprotect calls.  */
|#ifdef SHARED
|      if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
|    51fc:       8b 45 14                mov    0x14(%ebp),%eax
|    51ff:       25 00 00 00 88          and    $0x88000000,%eax
|    5204:       3d 00 00 00 80          cmp    $0x80000000,%eax
|    5209:       0f 84 b9 01 00 00       je     53c8 <_dl_map_object_from_fd+0x1258>
|                }
|              __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
|              __mprotect ((void *) p, s, PROT_READ);
|            }
|          else
|            __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
|    520f:       8b 85 70 ff ff ff       mov    -0x90(%ebp),%eax
|    5215:       83 88 1c ff ff ff 07    orl    $0x7,-0xe4(%eax)
|    521c:       e8 af 2e 01 00          call   180d0 <__x86.get_pc_thunk.cx>
|    5221:       81 c1 df cd 01 00       add    $0x1cddf,%ecx
|    5227:       29 d9                   sub    %ebx,%ecx
|    5229:       74 02                   je     522d <_dl_map_object_from_fd+0x10bd>
|    522b:       0f 0b                   ud2    
|
|#ifdef check_consistency
|      check_consistency ();
|#endif
|
|      errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
|    522d:       8b 8d 70 ff ff ff       mov    -0x90(%ebp),%ecx

kFreeBSD 10 disallows executable stacks by default.  It can be allowed
again by sysctl kern.elf32.nxstack=0, but it would be better if glibc
didn't need this.  I wonder why this issue wasn't seen on kfreebsd-amd64
since executable stacks are not allowed there either.

Thanks.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-i386 (i386)

Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Attachment: signature.asc
Description: Digital signature