Bug#877503: stretch-pu: package mongodb/1:3.2.11-2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear SRMs,
I would like to update MongoDB in Stretch to address a couple of issues,
namely:
- #876755: GCC 6 and later optimizes out some null pointer checks. It
appears that this breaks the bundled version of spidermonkey (38) and
causes null pointer dereferences. This is fixed by disabling the
relevant GCC optimizations for the spidermonkey build.
- #871906: Since Stretch, our kernels have enabled 48-bit virtual
addressing on aarch64. MongoDB's embedded spidermonkey crashes on
kernels with 48-bit VA support, as it assumes that all pointers have
17 bits clear that can be used for tagging. This is fixed by
cherry-picking a patch from Mozilla upstream that uses manual
malloc(3) hints to make sure the malloc()'d regions comply with this
requirement.
- #864407: mongodb.service lacks an `After=network.target' statement,
so startup will fail on system boot if mongodb is asked to bind to a
non-wildcard, non-localhost address.
Full source debdiff attached.
Regards,
Apollon
diff -Nru mongodb-3.2.11/debian/changelog mongodb-3.2.11/debian/changelog
--- mongodb-3.2.11/debian/changelog 2016-12-15 20:04:56.000000000 +0200
+++ mongodb-3.2.11/debian/changelog 2017-10-02 11:14:03.000000000 +0300
@@ -1,3 +1,11 @@
+mongodb (1:3.2.11-2+deb9u1) stretch; urgency=medium
+
+ * Fix segfault/FTBFS on ARM64 with 48-bit virtual addresses (Closes: #871906)
+ * Fix spidermonkey GC segfault when built with GCC 6 (Closes: #876755)
+ * mongodb.service: start after network.target (Closes: #864407)
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 02 Oct 2017 11:14:03 +0300
+
mongodb (1:3.2.11-2) unstable; urgency=medium
* Drop armhf builds; currently FTBFS and is unsupported upstream
diff -Nru mongodb-3.2.11/debian/gbp.conf mongodb-3.2.11/debian/gbp.conf
--- mongodb-3.2.11/debian/gbp.conf 2016-12-15 12:23:28.000000000 +0200
+++ mongodb-3.2.11/debian/gbp.conf 2017-10-02 11:13:41.000000000 +0300
@@ -1,5 +1,7 @@
[DEFAULT]
pristine-tar = True
+debian-branch = stable/stretch
+dist = stretch
[git-import-orig]
filter = ['debian/*','lib/*']
diff -Nru mongodb-3.2.11/debian/mongodb-server.mongodb.service mongodb-3.2.11/debian/mongodb-server.mongodb.service
--- mongodb-3.2.11/debian/mongodb-server.mongodb.service 2016-12-15 12:23:28.000000000 +0200
+++ mongodb-3.2.11/debian/mongodb-server.mongodb.service 2017-10-02 11:13:06.000000000 +0300
@@ -1,6 +1,7 @@
[Unit]
Description=An object/document-oriented database
Documentation=man:mongod(1)
+After=network.target
[Service]
User=mongodb
diff -Nru mongodb-3.2.11/debian/patches/arm64-48bit-va-compat.patch mongodb-3.2.11/debian/patches/arm64-48bit-va-compat.patch
--- mongodb-3.2.11/debian/patches/arm64-48bit-va-compat.patch 1970-01-01 02:00:00.000000000 +0200
+++ mongodb-3.2.11/debian/patches/arm64-48bit-va-compat.patch 2017-10-02 11:11:46.000000000 +0300
@@ -0,0 +1,61 @@
+Author: Zheng Xu <zheng.xu@linaro.org>
+ Description: Manually mmap on arm64 to ensure high 17 bits are clear. r=ehoogeveen
+ There might be 48-bit VA on arm64 depending on kernel configuration.
+ Manually mmap heap memory to align with the assumption made by JS engine.
+Comment: Obtained from https://hg.mozilla.org/mozilla-central/raw-rev/dfaafbaaa291
+Last-Update: 2017-09-25
+Forwarded: no
+Bug-Debian: https://bugs.debian.org/871906
+--- a/src/third_party/mozjs-38/extract/js/src/gc/Memory.cpp
++++ b/src/third_party/mozjs-38/extract/js/src/gc/Memory.cpp
+@@ -379,7 +379,7 @@
+ MapMemoryAt(void* desired, size_t length, int prot = PROT_READ | PROT_WRITE,
+ int flags = MAP_PRIVATE | MAP_ANON, int fd = -1, off_t offset = 0)
+ {
+-#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__))
++#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__)) || defined(__aarch64__)
+ MOZ_ASSERT(0xffff800000000000ULL & (uintptr_t(desired) + length - 1) == 0);
+ #endif
+ void* region = mmap(desired, length, prot, flags, fd, offset);
+@@ -429,6 +429,41 @@
+ return nullptr;
+ }
+ return region;
++#elif defined(__aarch64__)
++ /*
++ * There might be similar virtual address issue on arm64 which depends on
++ * hardware and kernel configurations. But the work around is slightly
++ * different due to the different mmap behavior.
++ *
++ * TODO: Merge with the above code block if this implementation works for
++ * ia64 and sparc64.
++ */
++ const uintptr_t start = UINT64_C(0x0000070000000000);
++ const uintptr_t end = UINT64_C(0x0000800000000000);
++ const uintptr_t step = ChunkSize;
++ /*
++ * Optimization options if there are too many retries in practice:
++ * 1. Examine /proc/self/maps to find an available address. This file is
++ * not always available, however. In addition, even if we examine
++ * /proc/self/maps, we may still need to retry several times due to
++ * racing with other threads.
++ * 2. Use a global/static variable with lock to track the addresses we have
++ * allocated or tried.
++ */
++ uintptr_t hint;
++ void* region = MAP_FAILED;
++ for (hint = start; region == MAP_FAILED && hint + length <= end; hint += step) {
++ region = mmap((void*)hint, length, prot, flags, fd, offset);
++ if (region != MAP_FAILED) {
++ if ((uintptr_t(region) + (length - 1)) & 0xffff800000000000) {
++ if (munmap(region, length)) {
++ MOZ_ASSERT(errno == ENOMEM);
++ }
++ region = MAP_FAILED;
++ }
++ }
++ }
++ return region == MAP_FAILED ? nullptr : region;
+ #else
+ void* region = MozTaggedAnonymousMmap(nullptr, length, prot, flags, fd, offset, "js-gc-heap");
+ if (region == MAP_FAILED)
diff -Nru mongodb-3.2.11/debian/patches/fix-mozjs-38-segfaults.patch mongodb-3.2.11/debian/patches/fix-mozjs-38-segfaults.patch
--- mongodb-3.2.11/debian/patches/fix-mozjs-38-segfaults.patch 1970-01-01 02:00:00.000000000 +0200
+++ mongodb-3.2.11/debian/patches/fix-mozjs-38-segfaults.patch 2017-10-02 11:12:32.000000000 +0300
@@ -0,0 +1,29 @@
+Author: Apollon Oikonomopoulos <apoikos@debian.org>
+Description: Fix mozjs-related segfaults when built with GCC >=6
+ Apparently, mozjs 38 and up to 49 is prone to segfaults at GC time when built
+ using GCC 6 or later. I've seen MongoDB crash a number of times with only
+ mozjs GC operations in the stack trace. We're also currently having a segfault
+ on ARM64 that is probably related (#871906).
+ .
+ According to https://trac.wildfiregames.com/ticket/4053 and
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70526#c14, disabling a couple of
+ optimizations should fix this.
+Last-Update: 2017-09-25
+Forwarded: no
+--- a/src/third_party/mozjs-38/SConscript
++++ b/src/third_party/mozjs-38/SConscript
+@@ -92,6 +92,14 @@
+ 'platform/' + env["TARGET_ARCH"] + "/" + env["TARGET_OS"] + "/include",
+ ])
+
++# Debian
++# Apparently, Spidermonkey 38 (and up to 49) is prone to segfaults at GC time
++# when built with GCC 6 or later. Disabling the following optimizations fixes
++# this.
++# See https://trac.wildfiregames.com/ticket/4053 and
++# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70526#c14 for more information
++env.Append(CXXFLAGS=["-fno-schedule-insns2", "-fno-delete-null-pointer-checks"])
++
+ sources = [
+ "extract/js/src/builtin/RegExp.cpp",
+ "extract/js/src/frontend/Parser.cpp",
diff -Nru mongodb-3.2.11/debian/patches/series mongodb-3.2.11/debian/patches/series
--- mongodb-3.2.11/debian/patches/series 2016-12-15 20:02:47.000000000 +0200
+++ mongodb-3.2.11/debian/patches/series 2017-10-02 11:12:32.000000000 +0300
@@ -8,3 +8,5 @@
CVE-2016-6494.patch
use-mmapv1-on-i386
fix-wt-checksum-on-arm64
+arm64-48bit-va-compat.patch
+fix-mozjs-38-segfaults.patch
Reply to: