798774 – sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc with _nss_getcanonname_r symbol not found error (system-wide critical)

Bug 798774 - sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc with _nss_getcanonname_r symbol not found error (system-wide critical)

Summary: sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc ...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-06-26 08:39 UTC by n05ph3r42
Modified:	2021-07-02 00:01 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description n05ph3r42 2021-06-26 08:39:20 UTC

sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc with _nss_getcanonname_r symbol not found error (system-wide critical)

Comment 1 n05ph3r42 2021-06-26 08:42:42 UTC

sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc with _nss_getcanonname_r symbol not found error (system-wide critical)

1. add -fno-semantic-interposition to CFLAGS
2. add custom-cflags to USE
3. emerge glibc (beware, system become unusable due to broken glibc)

after u will get _nss_getcanonname_r symbol not found error

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev

2021-06-26 21:53:03 UTC

(In reply to n05ph3r42 from comment #1)
> sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc
> with _nss_getcanonname_r symbol not found error (system-wide critical)
> 
> 1. add -fno-semantic-interposition to CFLAGS
> 2. add custom-cflags to USE
> 3. emerge glibc (beware, system become unusable due to broken glibc)
> 
> after u will get _nss_getcanonname_r symbol not found error

I have a few points:

1. -fno-semantic-interposition is not the flag you should use system-wide (or at all). It will break dynamic loading of the plugins and other LD_PRELOAD hacks like sandbox. If you do it you get the broken system and keep the pieces.

2. USE=custom-cflags is not a safe USE= flag for glibc. If you enable it it's on you to make sure you pass flags that don't break glibc.

Thus it's expected to get the system broken for this setup. I would prefer not to add extra safety checks.

You can debug in more detail what symbol is not interposed as expected. Maybe there is a weak symbol declaration missing. Ir it's an intended interposition use.

Otherwise I suggest closing the bug as INVALID.

Comment 3 n05ph3r42 2021-06-27 22:09:14 UTC

> 1. -fno-semantic-interposition is not the flag you should use system-wide
> (or at all). It will break dynamic loading of the plugins and other
> LD_PRELOAD hacks like sandbox. If you do it you get the broken system and
> keep the pieces.

I used it globally for a long time (about a year) w/o any problems, until custom-cflags USE flag returned to glibc (glibc dropped extra flags before) 

> 2. USE=custom-cflags is not a safe USE= flag for glibc. If you enable it
> it's on you to make sure you pass flags that don't break glibc.
> 
> Thus it's expected to get the system broken for this setup. I would prefer
> not to add extra safety checks.

I expected this. And asked on gentoo channel, should i report it - no answer was given, so i decided to report it.

> 
> You can debug in more detail what symbol is not interposed as expected.
> Maybe there is a weak symbol declaration missing. Ir it's an intended
> interposition use.
> 
> Otherwise I suggest closing the bug as INVALID.

You can do that, i have no time to debug this case, but the reason, why i use this flag - it gives significant performance impact on libraries, in particular it can boost libpython up to 30%. You can google this cases, there is lots nfo about it.

Comment 4 Andreas K. Hüttel archtester

2021-07-01 22:26:49 UTC

(In reply to n05ph3r42 from comment #1)
> sys-libs/glibc: using -fno-semantic-interposition flag produces broken glibc
> with _nss_getcanonname_r symbol not found error (system-wide critical)
> 
> 1. add -fno-semantic-interposition to CFLAGS
> 2. add custom-cflags to USE
> 3. emerge glibc (beware, system become unusable due to broken glibc)

with USE=custom-cflags you're on your own, that switches off all the safeties.

Comment 5 Sam James archtester

2021-07-02 00:01:32 UTC

(In reply to n05ph3r42 from comment #3)
> > 1. -fno-semantic-interposition is not the flag you should use system-wide
> > (or at all). It will break dynamic loading of the plugins and other
> > LD_PRELOAD hacks like sandbox. If you do it you get the broken system and
> > keep the pieces.
> 

slyfox is exactly right here. It makes sense *in some cases*.

> > You can debug in more detail what symbol is not interposed as expected.
> > Maybe there is a weak symbol declaration missing. Ir it's an intended
> > interposition use.
> > 
> > Otherwise I suggest closing the bug as INVALID.
> 
> You can do that, i have no time to debug this case, but the reason, why i
> use this flag - it gives significant performance impact on libraries, in
> particular it can boost libpython up to 30%. You can google this cases,
> there is lots nfo about it.

It does for Python, yep. That doesn't mean it makes sense *everywhere*.