All of lore.kernel.org
 help / color / mirror / Atom feed
* Run experience with security flags enabled
@ 2018-09-26 21:25 Andreas Müller
  2018-09-26 21:46 ` Khem Raj
  0 siblings, 1 reply; 6+ messages in thread
From: Andreas Müller @ 2018-09-26 21:25 UTC (permalink / raw)
  To: Patches and discussions about the oe-core layer

Hi,

from oe-core perspective my images are build on sumo (glibc 2.27). To
see what to expect, I enabled security flags (and yes some recipes in
my layers needed rework).

Now that I have an image, I thought: let's give it a run. Apart of
other issues (maybe later) I get on every startup an error message for
ldconfig.
systemctl ldconfig says:

● ldconfig.service - Rebuild Dynamic Linker Cache
   Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
vendor preset: enabled)
   Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
UTC; 2 days ago
     Docs: man:ldconfig(8)
  Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
 Main PID: 136 (code=dumped, signal=SEGV)

Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
Linker Cache...
Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
process exited, code=dumped, status=11/SEGV
Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
result 'core-dump'.
Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
Dynamic Linker Cache.

Again somebody else seeing similar / remembers a fix?

Help appreciated

Andreas


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Run experience with security flags enabled
  2018-09-26 21:25 Run experience with security flags enabled Andreas Müller
@ 2018-09-26 21:46 ` Khem Raj
  2018-09-27 12:57   ` Dan McGregor
  0 siblings, 1 reply; 6+ messages in thread
From: Khem Raj @ 2018-09-26 21:46 UTC (permalink / raw)
  To: Andreas Müller; +Cc: Patches and discussions about the oe-core layer

[-- Attachment #1: Type: text/plain, Size: 1749 bytes --]

On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony@gmail.com>
wrote:

> Hi,
>
> from oe-core perspective my images are build on sumo (glibc 2.27). To
> see what to expect, I enabled security flags (and yes some recipes in
> my layers needed rework).
>
> Now that I have an image, I thought: let's give it a run. Apart of
> other issues (maybe later) I get on every startup an error message for
> ldconfig.
> systemctl ldconfig says:
>
> ● ldconfig.service - Rebuild Dynamic Linker Cache
>    Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
> vendor preset: enabled)
>    Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
> UTC; 2 days ago
>      Docs: man:ldconfig(8)
>   Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
>  Main PID: 136 (code=dumped, signal=SEGV)
>
> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
> Linker Cache...
> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
> process exited, code=dumped, status=11/SEGV
> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
> result 'core-dump'.
> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
> Dynamic Linker Cache.
>
> Again somebody else seeing similar / remembers a fix?
>

I see similar issue in sumo as well
I do use security flags too and was not sure if that was the reason I think
its a good data point
Sadly I don’t yet have looked into the issue in detail

>
> Help appreciated
>
> Andreas
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 2491 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Run experience with security flags enabled
  2018-09-26 21:46 ` Khem Raj
@ 2018-09-27 12:57   ` Dan McGregor
  2018-09-27 18:42     ` Andreas Müller
  0 siblings, 1 reply; 6+ messages in thread
From: Dan McGregor @ 2018-09-27 12:57 UTC (permalink / raw)
  To: Khem Raj; +Cc: Patches and discussions about the oe-core layer

[-- Attachment #1: Type: text/plain, Size: 2333 bytes --]

On Wed, Sep 26, 2018, 15:47 Khem Raj <raj.khem@gmail.com> wrote:

>
>
> On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony@gmail.com>
> wrote:
>
>> Hi,
>>
>> from oe-core perspective my images are build on sumo (glibc 2.27). To
>> see what to expect, I enabled security flags (and yes some recipes in
>> my layers needed rework).
>>
>> Now that I have an image, I thought: let's give it a run. Apart of
>> other issues (maybe later) I get on every startup an error message for
>> ldconfig.
>> systemctl ldconfig says:
>>
>> ● ldconfig.service - Rebuild Dynamic Linker Cache
>>    Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
>> vendor preset: enabled)
>>    Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
>> UTC; 2 days ago
>>      Docs: man:ldconfig(8)
>>   Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
>>  Main PID: 136 (code=dumped, signal=SEGV)
>>
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
>> Linker Cache...
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
>> process exited, code=dumped, status=11/SEGV
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
>> result 'core-dump'.
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
>> Dynamic Linker Cache.
>>
>> Again somebody else seeing similar / remembers a fix?
>>
>
> I see similar issue in sumo as well
> I do use security flags too and was not sure if that was the reason I
> think its a good data point
> Sadly I don’t yet have looked into the issue in detail
>

GCC 7 and glibc don't play well together with static PIE. The real solution
is to use GCC 8, but Ross made a workaround for this issue:

http://git.openembedded.org/openembedded-core/commit/?id=5f64946b8740a5d944f48ec430470265703bfe5e


>
>>
>> Help appreciated
>>
>> Andreas
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 4006 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Run experience with security flags enabled
  2018-09-27 12:57   ` Dan McGregor
@ 2018-09-27 18:42     ` Andreas Müller
  2018-09-27 18:49       ` Khem Raj
  0 siblings, 1 reply; 6+ messages in thread
From: Andreas Müller @ 2018-09-27 18:42 UTC (permalink / raw)
  To: Dan McGregor; +Cc: Patches and discussions about the oe-core layer

On Thu, Sep 27, 2018 at 2:57 PM, Dan McGregor <danismostlikely@gmail.com> wrote:
> On Wed, Sep 26, 2018, 15:47 Khem Raj <raj.khem@gmail.com> wrote:
>>
>>
>>
>> On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony@gmail.com>
>> wrote:
>>>
>>> Hi,
>>>
>>> from oe-core perspective my images are build on sumo (glibc 2.27). To
>>> see what to expect, I enabled security flags (and yes some recipes in
>>> my layers needed rework).
>>>
>>> Now that I have an image, I thought: let's give it a run. Apart of
>>> other issues (maybe later) I get on every startup an error message for
>>> ldconfig.
>>> systemctl ldconfig says:
>>>
>>> ● ldconfig.service - Rebuild Dynamic Linker Cache
>>>    Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
>>> vendor preset: enabled)
>>>    Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
>>> UTC; 2 days ago
>>>      Docs: man:ldconfig(8)
>>>   Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
>>>  Main PID: 136 (code=dumped, signal=SEGV)
>>>
>>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
>>> Linker Cache...
>>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
>>> process exited, code=dumped, status=11/SEGV
>>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
>>> result 'core-dump'.
>>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
>>> Dynamic Linker Cache.
>>>
>>> Again somebody else seeing similar / remembers a fix?
>>
>>
>> I see similar issue in sumo as well
>> I do use security flags too and was not sure if that was the reason I
>> think its a good data point
>> Sadly I don’t yet have looked into the issue in detail
>
>
> GCC 7 and glibc don't play well together with static PIE. The real solution
> is to use GCC 8, but Ross made a workaround for this issue:
>
> http://git.openembedded.org/openembedded-core/commit/?id=5f64946b8740a5d944f48ec430470265703bfe5e
It seems I can confirm this: Debugging shows that the crash happens in
dl-relocate_static-pie.c _dl_relocate_static_pie line 41.

Will send this to sumo as soon as tested.

Andreas


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Run experience with security flags enabled
  2018-09-27 18:42     ` Andreas Müller
@ 2018-09-27 18:49       ` Khem Raj
  2018-09-27 18:52         ` Andreas Müller
  0 siblings, 1 reply; 6+ messages in thread
From: Khem Raj @ 2018-09-27 18:49 UTC (permalink / raw)
  To: Andreas Müller; +Cc: Patches and discussions about the oe-core layer

I sent it earlier today see

https://patchwork.openembedded.org/patch/155216/
On Thu, Sep 27, 2018 at 11:42 AM Andreas Müller <schnitzeltony@gmail.com> wrote:
>
> On Thu, Sep 27, 2018 at 2:57 PM, Dan McGregor <danismostlikely@gmail.com> wrote:
> > On Wed, Sep 26, 2018, 15:47 Khem Raj <raj.khem@gmail.com> wrote:
> >>
> >>
> >>
> >> On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony@gmail.com>
> >> wrote:
> >>>
> >>> Hi,
> >>>
> >>> from oe-core perspective my images are build on sumo (glibc 2.27). To
> >>> see what to expect, I enabled security flags (and yes some recipes in
> >>> my layers needed rework).
> >>>
> >>> Now that I have an image, I thought: let's give it a run. Apart of
> >>> other issues (maybe later) I get on every startup an error message for
> >>> ldconfig.
> >>> systemctl ldconfig says:
> >>>
> >>> ● ldconfig.service - Rebuild Dynamic Linker Cache
> >>>    Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
> >>> vendor preset: enabled)
> >>>    Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
> >>> UTC; 2 days ago
> >>>      Docs: man:ldconfig(8)
> >>>   Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
> >>>  Main PID: 136 (code=dumped, signal=SEGV)
> >>>
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
> >>> Linker Cache...
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
> >>> process exited, code=dumped, status=11/SEGV
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
> >>> result 'core-dump'.
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
> >>> Dynamic Linker Cache.
> >>>
> >>> Again somebody else seeing similar / remembers a fix?
> >>
> >>
> >> I see similar issue in sumo as well
> >> I do use security flags too and was not sure if that was the reason I
> >> think its a good data point
> >> Sadly I don’t yet have looked into the issue in detail
> >
> >
> > GCC 7 and glibc don't play well together with static PIE. The real solution
> > is to use GCC 8, but Ross made a workaround for this issue:
> >
> > http://git.openembedded.org/openembedded-core/commit/?id=5f64946b8740a5d944f48ec430470265703bfe5e
> It seems I can confirm this: Debugging shows that the crash happens in
> dl-relocate_static-pie.c _dl_relocate_static_pie line 41.
>
> Will send this to sumo as soon as tested.
>
> Andreas


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Run experience with security flags enabled
  2018-09-27 18:49       ` Khem Raj
@ 2018-09-27 18:52         ` Andreas Müller
  0 siblings, 0 replies; 6+ messages in thread
From: Andreas Müller @ 2018-09-27 18:52 UTC (permalink / raw)
  To: Khem Raj; +Cc: Patches and discussions about the oe-core layer

On Thu, Sep 27, 2018 at 8:49 PM, Khem Raj <raj.khem@gmail.com> wrote:
> I sent it earlier today see
OK thanks!

Andreas


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-09-27 19:34 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-26 21:25 Run experience with security flags enabled Andreas Müller
2018-09-26 21:46 ` Khem Raj
2018-09-27 12:57   ` Dan McGregor
2018-09-27 18:42     ` Andreas Müller
2018-09-27 18:49       ` Khem Raj
2018-09-27 18:52         ` Andreas Müller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.