public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4
@ 2024-06-10 19:42 sam at gentoo dot org
2024-06-10 19:44 ` [Bug libc/31877] " sam at gentoo dot org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: sam at gentoo dot org @ 2024-06-10 19:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
Bug ID: 31877
Summary: elf/tst-shstk-legacy-1g test failure on znver4
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: sam at gentoo dot org
CC: drepper.fsp at gmail dot com, hjl.tools at gmail dot com
Target Milestone: ---
I can reproduce this but it was also reported downstream in Gentoo at
https://bugs.gentoo.org/927973.
```
# cat elf/tst-shstk-legacy-1g.test-result
FAIL: elf/tst-shstk-legacy-1g
original exit status 1
```
```
# cat elf/tst-shstk-legacy-1g.out # blank
```
```
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 48 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Vendor ID: AuthenticAMD
BIOS Vendor ID: Advanced Micro Devices, Inc.
Model name: AMD Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics
BIOS Model name: AMD Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics None CPU
@ 4.0GHz
BIOS CPU family: 107
CPU family: 25
Model: 116
Thread(s) per core: 2
Core(s) per socket: 8
Socket(s): 1
Stepping: 1
Frequency boost: enabled
CPU(s) scaling MHz: 34%
CPU max MHz: 5263.0000
CPU min MHz: 400.0000
BogoMIPS: 7985.11
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb
rdtscp lm constant_tsc r
ep_good amd_lbr_v2 nopl xtopology nonstop_tsc cpuid extd_apicid aperfmperf rapl
pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes
xsave
avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse
3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext per
fctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba perfmon_v2 ibrs ibpb stibp
ibrs_enhanced vmmcall fsgsbase bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a
avx512
f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw
avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total
cqm_m
bm_local user_shstk avx512_bf16 clzero irperf xsaveerptr rdpru wbnoinvd cppc
arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists
pau
sefilter pfthreshold v_vmsave_vmload vgif x2avic v_spec_ctrl vnmi avx512vbmi
umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg
avx512_v
popcntdq rdpid overflow_recov succor smca flush_l1d amd_lbr_pmc_freeze
Virtualization features:
Virtualization: AMD-V
Caches (sum of all):
L1d: 256 KiB (8 instances)
L1i: 256 KiB (8 instances)
L2: 8 MiB (8 instances)
L3: 16 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-15
Vulnerabilities:
Gather data sampling: Not affected
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Reg file data sampling: Not affected
Retbleed: Not affected
Spec rstack overflow: Vulnerable: Safe RET, no microcode
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer
sanitization
Spectre v2: Mitigation; Enhanced / Automatic IBRS; IBPB
conditional; STIBP always-on; RSB filling; PBRSB-eIBRS Not affected; BHI Not
affected
Srbds: Not affected
Tsx async abort: Not affected
```
dmesg has these for the other tests as expected:
```
[ 4023.300729] ld-linux-x86-64[3977174] control protection ip:7feae26b8833
sp:7ffed9928168 ssp:7feae23fffd0 error:1(near ret) in
tst-shstk-legacy-1b[7feae26b8000+2000]
[ 4023.301270] tst-shstk-legac[3977179] control protection ip:7f3bcaea7443
sp:7ffd5a033148 ssp:7f3bcadfffd8 error:1(near ret) in
tst-shstk-legacy-1b-static[7f3bcaea6000+9e000]
[ 4023.304565] ld-linux-x86-64[3977194] control protection ip:7f821de9182b
sp:7ffca75f7768 ssp:7f821dbfffe8 error:1(near ret) in
tst-shstk-legacy-1e[7f821de91000+2000]
[ 4023.304937] tst-shstk-legac[3977199] control protection ip:7fa4fb2e143b
sp:7ffc7c405928 ssp:7fa4fb1ffff0 error:1(near ret) in
tst-shstk-legacy-1e-static[7fa4fb2e0000+9e000]
```
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/31877] elf/tst-shstk-legacy-1g test failure on znver4
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
@ 2024-06-10 19:44 ` sam at gentoo dot org
2024-06-10 20:49 ` hjl.tools at gmail dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: sam at gentoo dot org @ 2024-06-10 19:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon.chopin at canonical dot com
--- Comment #1 from Sam James <sam at gentoo dot org> ---
Ubuntu seem to have hit this too at
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2059603 (Simon, was it on
znver3/znver4, or Intel HW?)
```
# zgrep -Ei "(ibt|shstk|cet)=" /proc/config.gz
CONFIG_CC_HAS_IBT=y
CONFIG_X86_CET=y
CONFIG_X86_KERNEL_IBT=y
```
```
# uname -a
Linux goop 6.9.3 #1 SMP PREEMPT_DYNAMIC Thu Jun 6 10:29:40 BST 2024 x86_64 AMD
Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics AuthenticAMD GNU/Linux
```
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/31877] elf/tst-shstk-legacy-1g test failure on znver4
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
2024-06-10 19:44 ` [Bug libc/31877] " sam at gentoo dot org
@ 2024-06-10 20:49 ` hjl.tools at gmail dot com
2024-06-10 20:51 ` sam at gentoo dot org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: hjl.tools at gmail dot com @ 2024-06-10 20:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |SUSPENDED
--- Comment #2 from H.J. Lu <hjl.tools at gmail dot com> ---
On Intel Tiger Lake, I got
[hjl@gnu-tgl-3 build-x86_64-linux]$ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
elf/tst-shstk-legacy-1g
Segmentation fault (core dumped)
[hjl@gnu-tgl-3 build-x86_64-linux]$ echo $?
139
[hjl@gnu-tgl-3 build-x86_64-linux]$
What did you get?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/31877] elf/tst-shstk-legacy-1g test failure on znver4
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
2024-06-10 19:44 ` [Bug libc/31877] " sam at gentoo dot org
2024-06-10 20:49 ` hjl.tools at gmail dot com
@ 2024-06-10 20:51 ` sam at gentoo dot org
2024-06-10 21:13 ` hjl.tools at gmail dot com
2024-06-18 13:12 ` simon.chopin at canonical dot com
4 siblings, 0 replies; 6+ messages in thread
From: sam at gentoo dot org @ 2024-06-10 20:51 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
--- Comment #3 from Sam James <sam at gentoo dot org> ---
```
# GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK elf/tst-shstk-legacy-1g ; echo $?
Expected signal 'Segmentation fault' from child, got none
1
```
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/31877] elf/tst-shstk-legacy-1g test failure on znver4
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
` (2 preceding siblings ...)
2024-06-10 20:51 ` sam at gentoo dot org
@ 2024-06-10 21:13 ` hjl.tools at gmail dot com
2024-06-18 13:12 ` simon.chopin at canonical dot com
4 siblings, 0 replies; 6+ messages in thread
From: hjl.tools at gmail dot com @ 2024-06-10 21:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
--- Comment #4 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Sam James from comment #3)
> ```
> # GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK elf/tst-shstk-legacy-1g ; echo $?
> Expected signal 'Segmentation fault' from child, got none
> 1
> ```
This sounds like a kernel or CPU bug:
(gdb) b legacy
Function "legacy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (legacy) pending.
(gdb) r
Starting program:
/export/build/gnu/tools-build/glibc-cet-gitlab/build-x86_64-linux/elf/tst-shstk-legacy-1g
warning: Unable to find libthread_db matching inferior's thread library, thread
debugging will not be available.
Breakpoint 1, legacy () at ../sysdeps/x86_64/tst-shstk-legacy-1-extra.S:25
25 movq (%rsp), %rax
(gdb) disass
Dump of assembler code for function legacy:
=> 0x000055555554e0f9 <+0>: mov (%rsp),%rax
0x000055555554e0fd <+4>: add $0x8,%rsp
0x000055555554e101 <+8>: jmp *%rax <<< Shadow srack isn't popped.
End of assembler dump.
(gdb) bt
#0 legacy () at ../sysdeps/x86_64/tst-shstk-legacy-1-extra.S:25
#1 0x00007ffff7fcb2de in call_init (l=<optimized out>, argc=1,
argv=0x7fffffffdd68, env=0x7fffffffdd78) at dl-init.c:74
#2 call_init (l=<optimized out>, argc=1, argv=0x7fffffffdd68,
env=0x7fffffffdd78) at dl-init.c:26
#3 0x00007ffff7fcb3cc in _dl_init (main_map=0x7ffff7ffe2e0, argc=1,
argv=0x7fffffffdd68, env=0x7fffffffdd78) at dl-init.c:121
#4 0x00007ffff7fe32a0 in _dl_start_user ()
from
/export/build/gnu/tools-build/glibc-cet-gitlab/build-x86_64-linux/elf/ld.so
#5 0x0000000000000001 in ?? ()
#6 0x00007fffffffe0cb in ?? ()
#7 0x0000000000000000 in ?? ()
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7fcb2ee in call_init (l=<optimized out>, argc=<optimized out>,
argv=<optimized out>, env=<optimized out>) at dl-init.c:76
76 } <<< Shadow stack mismatch.
(gdb)
[hjl@gnu-tgl-3 libgcc]$ ps xa | grep legacy
822317 pts/0 Sl+ 0:00 gdb elf/tst-shstk-legacy-1g
822327 pts/0 t 0:00
/export/build/gnu/tools-build/glibc-cet-gitlab/build-x86_64-linux/elf/tst-shstk-legacy-1g
822373 pts/2 S+ 0:00 grep --color=auto legacy
[hjl@gnu-tgl-3 libgcc]$ grep features /proc/822327/status
x86_Thread_features: shstk
x86_Thread_features_locked: shstk wrss
[hjl@gnu-tgl-3 libgcc]$
Please check if SHSTK is enabled.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/31877] elf/tst-shstk-legacy-1g test failure on znver4
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
` (3 preceding siblings ...)
2024-06-10 21:13 ` hjl.tools at gmail dot com
@ 2024-06-18 13:12 ` simon.chopin at canonical dot com
4 siblings, 0 replies; 6+ messages in thread
From: simon.chopin at canonical dot com @ 2024-06-18 13:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31877
--- Comment #5 from Simon Chopin <simon.chopin at canonical dot com> ---
This is on my personal laptop, CPU i7-1185G7 (Tiger Lake)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-06-18 13:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-10 19:42 [Bug libc/31877] New: elf/tst-shstk-legacy-1g test failure on znver4 sam at gentoo dot org
2024-06-10 19:44 ` [Bug libc/31877] " sam at gentoo dot org
2024-06-10 20:49 ` hjl.tools at gmail dot com
2024-06-10 20:51 ` sam at gentoo dot org
2024-06-10 21:13 ` hjl.tools at gmail dot com
2024-06-18 13:12 ` simon.chopin at canonical dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).