Bug 116482

Summary:	dev-db/mysql-5.0.17 broken with hardened
Product:	Gentoo Linux	Reporter:	Markus Ullmann (RETIRED) <jokey>
Component:	Current packages	Assignee:	Gentoo Linux MySQL bugs team <mysql-bugs>
Status:	RESOLVED WORKSFORME
Severity:	normal	CC:	hardened
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Markus Ullmann (RETIRED) gentoo-dev

2005-12-23 05:05:43 UTC

When building dev-db/mysql-5.0.17 with hardened, mysqld fails to start.
Error Message:
Symbol not loadable zlibCompileFlags

# emerge info
Portage 2.1_pre1 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r3, 2.6.10-hardened-r3 i686)
=================================================================
System uname: 2.6.10-hardened-r3 i686 Intel(R) Pentium(R) 4 CPU 2.66GHz
Gentoo Base System version 1.12.0_pre11
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
dev-lang/python:     2.4.2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS=" -O2 -march=pentium4 -mtune=pentium4 "
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS=" -O2 -march=pentium4 -mtune=pentium4 "
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://gentoo.osuosl.org http://distfiles.gentoo.org/"
PKGDIR="/usr/portage/packages/x86"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://localhost/gentoo-portage"
USE="acl adns apache2 audiofile bash-completion bcmath berkdb bzip2 bzlib calendar caps cdb crypt ctype curl curlwrappers dba dbase dbm dlloader exif expat fam fastcgi ffmpeg flash ftp gd gdbm gif gmp hardened iconv idn imagemagick imap innodb ipv6 java jpeg junit lcms ldap libww libwww maildir mcal mhash ming mmx mysql ncurses nls ogg opengl pam pcre perl php pic pie png postgres python readline sasl sdl server session slang snmp sockets spamassassin sse ssl subversion svg tcltk tcpd tiff truetype udev userlocales vhosts vorbis wmf x86 xml xml2 xmlrpc xsl xv zlib elibc_glibc kernel_linux userland_GNU"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS

Comment 1 Francesco R. (RETIRED) gentoo-dev

2005-12-26 14:16:01 UTC

Here it start fine and respond to connection from the "mysql" client (intended as the program /usr/bin/mysql)

maybe you need to rebuild zlib ?

feel free to reopen if that does not suffice.

Comment 2 Markus Ullmann (RETIRED) gentoo-dev

2005-12-26 14:22:46 UTC

No, it didn't..

I also did an emerge -e system, just to make sure but error persists. I downgraded again to 5.0.16-r4 and it works again.

Comment 3 Francesco R. (RETIRED) gentoo-dev

2005-12-26 15:47:57 UTC

Sincerely I've no clue, does "dmesg" or some log tell something more ?

Comment 4 Markus Ullmann (RETIRED) gentoo-dev

2005-12-27 12:00:35 UTC

I put up the binaries, so you might test if it helps ;)

http://www.markus-ullmann.de/gentoo/mysql-test-case.tar.bz2

Every binary in this package is working except mysqld:
# ./mysqld
./mysqld: symbol lookup error: ./mysqld: undefined symbol: zlibCompileFlags

Comment 5 Francesco R. (RETIRED) gentoo-dev

2005-12-28 12:22:15 UTC

Could you try emerge with USE="-static debug" ? 

here it dump the core with an "Illegal instruction.". It's not a good idea securing a system with hardened and then compile stuff static because it destroy some of the hardened security.

if it still crash:
- try to uncomment "one-thread" option in /etc/mysql/my.cnf
- put DEBUG=4 in /etc/conf.d/mysql 
- grab the startup string of "/etc/init.d/mysql start" i.e. mysqld --...
- issue a "ulimit -c unlimited"
- run the server with the previous grabbed startup option
- wait for a core dumped
- run "gdb -c core /usr/sbin/mysqld" (emerge sys-devel/gdb first)
- issue a "bt" command, this will show a backtrace hopefully showing someting more ...

something more at 
http://dev.mysql.com/doc/refman/5.0/en/debugging-server.html

cheers & good luck,
Francesco

Comment 6 Markus Ullmann (RETIRED) gentoo-dev

2005-12-28 12:27:03 UTC

Will try next year ;) I report results then...

Comment 7 Francesco R. (RETIRED) gentoo-dev

2005-12-29 02:12:53 UTC

Additional comment, on disassembly

(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x13930dce to 0x13930e0e:
0x13930dce:     xchg   %eax,%ebx
0x13930dcf:     sbb    %dl,(%ecx)
0x13930dd1:     add    %al,(%eax)
0x13930dd3:     mov    %eax,(%edx)
0x13930dd5:     call   0x139ee3b3
0x13930dda:     mov    0x628(%ebx),%edx
0x13930de0:     mov    0xb48(%ebx),%eax
0x13930de6:     mov    %edx,(%eax)
0x13930de8:     mov    0x1460(%ebx),%eax
0x13930dee:     cvtss2sd 0xffeefd88(%ebx),%xmm0
0x13930df6:     movl   $0x6d72662e,(%eax)
0x13930dfc:     movb   $0x0,0x4(%eax)
0x13930e00:     mov    0x183c(%ebx),%eax
0x13930e06:     mov    %esi,(%eax)
0x13930e08:     cvtss2sd 0xfff62424(%ebx),%xmm1
End of assembler dump.


<googlesearch>
CVTSS2SD--Convert Scalar Single-Precision Floating-Point Value to Scalar Double-Precision Floating-Point Value

Description

Converts a single-precision floating-point value in the source operand (second operand) to a double-precision floating-point value in the destination operand (first operand). The source operand can be an XMM register or a 32-bit memory location. The destination operand is an XMM register. When the source operand is an XMM register, the single-precision floating-point value is contained in the low doubleword of the register. The result is stored in the low quadword of the destination operand, and the high quadword is left unchanged.
</googlesearch>

it's normal that CVTSS2SD is there with thise CFLAGS ?

Comment 8 Francesco R. (RETIRED) gentoo-dev

2005-12-29 02:16:49 UTC

Additional comment 2, it's moot say that it finish with an illegal istruction here , realized I've used it on amd thunderbird processor

Comment 9 Markus Ullmann (RETIRED) gentoo-dev

2006-01-01 17:28:16 UTC

Bug persists on 5.0.18, will do some further checks tomorrow

Comment 10 Markus Ullmann (RETIRED) gentoo-dev

2006-01-10 00:00:51 UTC

Just to make sure everything is correct, I've completed an emerge -e world so that everything is consistent.
Error still there and reproducable on other machines, too, when using intel p4 and cflags/useflags like in my emerge info.

I've tested to build without the gentoo-patches and then everything works fine.

Comment 11 Francesco R. (RETIRED) gentoo-dev

2006-01-10 04:11:25 UTC

please attach the "config.log" from the two compiles, need to find out what made the difference.

Comment 12 Markus Ullmann (RETIRED) gentoo-dev

2006-01-11 07:44:11 UTC

I've got it working now. There seems to be a gcc internal problem when running gcc 3.4., march and mtune set to pentium 4 and PaX address space randomization while building mysql >=5.0.17. When this little kernel feature is enabled, something in the build goes wrong and causes mysql not to find this symbol at startup although there is no error or warning in config.log or output. If this feature is disabled at build time, you can enable it at runtime again and everything works like a charm.

While hunting this bug I also came across some mailinglists where weird bugs appear when using this mtune=pentium4 thing. I recently discovered a false positive from stack protector in net-snmp on the same box, too, so I'm sure now that it isn't a real mysql problem. 

I think this bug is "worksforme" now. Sorry for causing inconvenience.