Bug#1005863: gcc-11: invalid opcode for Geode LX on i386

To: Debian Bug Tracking System <1005863@bugs.debian.org>
Subject: Bug#1005863: gcc-11: invalid opcode for Geode LX on i386
From: James Addison <jay@jp-hosting.net>
Date: Sun, 19 Mar 2023 20:01:04 +0000
Message-id: <[🔎] 167925606405.97819.14745360850130030829.reportbug@frontier>
Reply-to: James Addison <jay@jp-hosting.net>, 1005863@bugs.debian.org
References: <164500170816.849.3972606578896433429.reportbug@geode.lan>

Package: gcc-11
Followup-For: Bug #1005863
X-Debbugs-Cc: martin-eric.racine@iki.fi

Ok; I should have realised that scanning the entire contents of the i386
bookworm archive for particular opcodes across _all_ files on a single machine
seemed to complete surprisingly quickly..

Please find attached an updated check-script (check.sh) that is running
currently.

It makes some tradeoffs for scanning performance reasons: in particular, it's
only inspecting files that have the executable bit set, or that end with the
suffix '.so' or '.a'.

It seems that it's going to take a while to run to completion on the available
hardware here: my estimate would be approximately another two days (48 hours).

I'm uncertain whether the script will run to completion uninterrupted, and also
it is not written to be easily-resumable, so.. let's at least gather some
summary statistics from the output while it's in progress.

Please also find attached a reporting script (report.sh) that summarises the
total number of packages scanned, the number of packages where at least one
file was inspected, and the number of packages where at least one inspected
file contained a 'nopl' opcode.

The current report.sh output at the time of writing is:

  2441
  2042
  130


So my guess is that approximately 6-7% of i386 packages in bookworm _that
contain binaries or shared libraries_ are susceptible to this bug.

The opcode may not be encountered at runtime when those packages are used, 
and analysis of the packages to determine where they sit in Debian's dependency
graph would indicate the level of impact on a system, however my initial sense
is that this could indeed be a fairly critical issue on Geode LX hardware for
Debian bookworm.

It's also a larger number of packages than we could expect individual
maintainers to adjust their buildflags for on any realistic timescale - so
either a Debian-specific patch or upstream fix would be required to continue to
support Geode LX (in my opinion, and assuming that the script and report are
accurate-enough to be guiding indicators).

#!/bin/bash

FULLPATH="$1"
PACKAGE=$(basename "${FULLPATH}" .deb)

dpkg -x "${FULLPATH}" "${PACKAGE}";

echo -n "Checking ${PACKAGE} ... ";
find "$PACKAGE" -type f -a \( -executable -o -name '*.so' -o -name '*.a' \) -print | wc -l

while IFS= read -r -d '' file; do
    objdump --architecture=i386 --disassemble-all "$file" | grep -q -w "nopl" && echo "E $file"
done < <(find "${PACKAGE}" -type f -a -executable -o -name '*.so' -print0) 2>/dev/null;

rm -rf "${PACKAGE}";

#!/bin/bash

# total number of packages checked
grep "^Checking" affected.txt | wc -l

# packages that contained at least one binary/shared-library to inspect
grep "^Checking" affected.txt | grep -v " 0$" | wc -l

# packages where at least one error was found in a binary/shared-library
grep "^Checking" affected.txt -A 1 | grep "^E" | wc -l

Reply to:

Prev by Date: Processed: Re: gcc-11: invalid opcode for Geode LX on i386
Next by Date: Bug#1005863: gcc-11: invalid opcode for Geode LX on i386
Previous by thread: Processed: Re: gcc-11: invalid opcode for Geode LX on i386
Next by thread: Bug#1005863: gcc-11: invalid opcode for Geode LX on i386
Index(es):
- Date
- Thread