| Message ID | cover.1731253918.git.dev@icepic.de |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E109F27BBE9; Sun, 10 Nov 2024 18:14:04 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 6C7AF27BBE2 for <patchwork@mira.cbaines.net>; Sun, 10 Nov 2024 18:14:03 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1tACRY-00089N-Lo; Sun, 10 Nov 2024 13:13:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tABwt-0004SH-Pb for guix-patches@gnu.org; Sun, 10 Nov 2024 12:42:08 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tABwr-0001GJ-IM; Sun, 10 Nov 2024 12:42:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=8FbC1P4uc1/RrCx4o+zv29ycjKiIKn6faK9ym9nXbQU=; b=Bv3dB4cY0vjh6tSwCxa/Vjx2/HpqwalDpTbk5gIsiToRpD8Y9bDM68IMaCgodFCsszN+O9SFvEL8+mCffwpLZbOH0N58n0BJ7NZmdzDRfyIrU+0maFYHQg0WqEYB7+kPEPABV5ji7v4bC4OiMP7ZiwLXw/BItkXb/JeOsRfM/B+42/524mGhXk28oSMB1NaD81nLJbGeEl5VniGSKUTwyYhoEDlXDupvEQLQDaaXSlCwMIilFvlFD6YCnkhSHZtqPsxgL7woruSO290DwRTmgkN2k088g+dIJf91XphIG27iZD+apReRAx00u1acnds0m8CpC/9TTSCNjF47IEkyWA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tABwo-0004sI-9x; Sun, 10 Nov 2024 12:42:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74296] [PATCH 0/1] Fix abi mismatch error on boot for cross-compiled images Resent-From: Christoph Buck <dev@icepic.de> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Sun, 10 Nov 2024 17:42:02 +0000 Resent-Message-ID: <handler.74296.B.173126047518675@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74296 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74296@debbugs.gnu.org Cc: Christoph Buck <dev@icepic.de>, Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> Received: via spool by submit@debbugs.gnu.org id=B.173126047518675 (code B ref -1); Sun, 10 Nov 2024 17:42:02 +0000 Received: (at submit) by debbugs.gnu.org; 10 Nov 2024 17:41:15 +0000 Received: from localhost ([127.0.0.1]:56492 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1tABw2-0004r3-0y for submit@debbugs.gnu.org; Sun, 10 Nov 2024 12:41:14 -0500 Received: from lists.gnu.org ([209.51.188.17]:33366) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dev@icepic.de>) id 1tABA2-0002Ww-RR for submit@debbugs.gnu.org; Sun, 10 Nov 2024 11:51:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <dev@icepic.de>) id 1tAB7s-0005Sl-Er for guix-patches@gnu.org; Sun, 10 Nov 2024 11:49:24 -0500 Received: from mail-108-mta192.mxroute.com ([136.175.108.192]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <dev@icepic.de>) id 1tAB7q-0004iM-IV for guix-patches@gnu.org; Sun, 10 Nov 2024 11:49:24 -0500 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta192.mxroute.com (ZoneMTA) with ESMTPSA id 19316f62b650003e01.001 for <guix-patches@gnu.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Sun, 10 Nov 2024 16:44:12 +0000 X-Zone-Loop: c0e23cf5828686970240dc77b29f1f29210425a1a7c5 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=icepic.de; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To: From:Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=8FbC1P4uc1/RrCx4o+zv29ycjKiIKn6faK9ym9nXbQU=; b=f LO9OdfpWFRHfnOIiHxy5HoHhMOILb6hIGNbnHZgb4XGj0XsMpXEqHFDXbj0RCA715QKiXNMWo7E5Y 8RGt5YoKd/7lxTPQYshCs46U3fplaR7ZnIUO0MPFEPT2GWqBZ9i2Uxb4K/mtOC2vgrVnrYXGFEM95 TC6trox/0LV+zLJeFfV1gcSAxMddGEPzewnrOqGmB2Ee34Rat5BTZ/5jZVdgG3TnmcVGFmENR2YHo IUgpIMYFnRx1E7bg5XhWt9MWT1+XYcKyx5uHEd9uOt3oDOjAAxIFGKd1kEjlMFXCAguwXBTC7eI5l Ir42sHQ4+RzAZKzP9rOwN6X7FIcYezvQA==; From: Christoph Buck <dev@icepic.de> Date: Sun, 10 Nov 2024 17:43:39 +0100 Message-ID: <cover.1731253918.git.dev@icepic.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Authenticated-Id: dev@icepic.de Received-SPF: pass client-ip=136.175.108.192; envelope-from=dev@icepic.de; helo=mail-108-mta192.mxroute.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sun, 10 Nov 2024 12:41:09 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Sun, 10 Nov 2024 13:13:46 -0500 X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
Fix abi mismatch error on boot for cross-compiled images
|
|
Message
Christoph Buck
Nov. 10, 2024, 4:43 p.m. UTC
Hi! The following patch fixes the `record-abi-mismatch-error` early on boot during execution of initrd.cpio.gz if the image was cross-compiled on x64 for an 32bit platform (e.g arm32 or i868). For a comprehensive analysis see the correspond thread [1] on the guix-help mailing list. The root cause of the issue is as follows: During compilation guix stores a hash of the record field names in the compiled go files. On runtime this has is recalcuated and checked against the stored hash to verify that no abi mismatch occured. As described in [1] this hash differs if the corresponding record was compiled in a cross-compiled context. Guile uses internally an `unsigned long` to store the hash, which results in hashes of different sizes depending on the platform the guile compiler is executed on. Guix already tries to work around this problem by limiting the size of the hash in a cross-compile context to the most positive fixnum size of the target, but this is insufficient, because, as one can look up in the guile source code, the size is limited by an modulo operation after the hash was already calculated for an 8byte unsigned long. Therefore the resulting hashes during compilation and execution are different and an abi mismatch error is erroneously reported during runtime. An easy workaround is documented in the guile src namely in an comment of the `JENKINS_LOOKUP3_HASHWORD2`, which is used to calculate the hash: > Scheme can access symbol-hash, which exposes this value. For >cross-compilation reasons, we ensure that the high 32 bits of the hash on a >64-bit system are equal to the hash on a 32-bit system. The low 32 bits just >add more entropy. This suggest the following workaround. Always limit the hash size to 32bit even if executed on a 64bit platform (or to be more specific a platform where ulong is 8bytes big). Do this by right shift the hash value 32bits and don't rely on the size parameter of the `string-hash` function. This is what this patch tries to accomplish. Imho this approach has two drawbacks. Lost entropy on 64 bit machines and the abi break because on new compilation the hash values on 64bit platforms will change. The lost entropy is irrelevant because the hash is not used in an cryptophically relevant context. For the abi break i am not sure how severe this change is. [1] ABI mismatch on boot on arm32 system (https://lists.gnu.org/archive/html/help-guix/2024-11/msg00022.html) Christoph Buck (1): guix: records: Fix abi check in cross compile context guix/records.scm | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
Comments
Hi Christoph, Christoph Buck <dev@icepic.de> skribis: > During compilation guix stores a hash of the record field names in the > compiled go files. On runtime this has is recalcuated and checked against the > stored hash to verify that no abi mismatch occured. As described in [1] this > hash differs if the corresponding record was compiled in a cross-compiled > context. Guile uses internally an `unsigned long` to store the hash, which > results in hashes of different sizes depending on the platform the guile > compiler is executed on. Guix already tries to work around this problem by > limiting the size of the hash in a cross-compile context to the most positive > fixnum size of the target, but this is insufficient, because, as one can look > up in the guile source code, the size is limited by an modulo operation after > the hash was already calculated for an 8byte unsigned long. Therefore the > resulting hashes during compilation and execution are different and an abi > mismatch error is erroneously reported during runtime. > > An easy workaround is documented in the guile src namely in an comment of the > `JENKINS_LOOKUP3_HASHWORD2`, which is used to calculate the hash: > >> Scheme can access symbol-hash, which exposes this value. For >>cross-compilation reasons, we ensure that the high 32 bits of the hash on a >>64-bit system are equal to the hash on a 32-bit system. The low 32 bits just >>add more entropy. > > This suggest the following workaround. Always limit the hash size to 32bit > even if executed on a 64bit platform (or to be more specific a platform where > ulong is 8bytes big). Do this by right shift the hash value 32bits and don't > rely on the size parameter of the `string-hash` function. This is what this > patch tries to accomplish. Woow, thanks for the investigation & explanation! (I would say that the ‘scm_ihash’ implementation as a mere modulo is dubious, but that’s hard to change anyway.) > Imho this approach has two drawbacks. Lost entropy on 64 bit machines and the > abi break because on new compilation the hash values on 64bit platforms will > change. The lost entropy is irrelevant because the hash is not used in an > cryptophically relevant context. For the abi break i am not sure how severe > this change is. Capping at 32-bits means that potentially some ABI changes could go unnoticed, but that’s extremely unlikely if the hash function is good enough. I believe the ABI break is fine too: developers will have to “make clean-go && make”, but that’s okay. Thoughts? Opinions? Ludo’.
Ludovic Courtès <ludo@gnu.org> writes: > Woow, thanks for the investigation & explanation! Your are welcome :) I usually keep notes during investigation of bugs and append them to my patches. This keeps my train of thought transparent and makes it easier for others to follow along or spot obvious errors on my side. However, it can get a little bit noisy. So let met now if i should "keep it done" more. > Capping at 32-bits means that potentially some ABI changes could go > unnoticed, but that’s extremely unlikely if the hash function is good > enough. Yes, but this problem exits for 32bit builds in general. > I believe the ABI break is fine too: developers will have to > “make clean-go && make”, but that’s okay. Good to know.
Hi Christoph, On Wed, 13 Nov 2024 at 13:45, Christoph Buck <dev@icepic.de> wrote: >> Woow, thanks for the investigation & explanation! > > Your are welcome :) I usually keep notes during investigation of bugs > and append them to my patches. This keeps my train of thought > transparent and makes it easier for others to follow along or spot > obvious errors on my side. However, it can get a little bit noisy. So > let met now if i should "keep it done" more. I like this sentence attributed to Leslie Lamport: « If you're thinking without writing, you only think you’re thinking. ». For what my opinion is worth, your explanations appears to me the good ratio between the “too much details” and the “help outsider to follow”. Cheers, simon
Hi, Christoph Buck <dev@icepic.de> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> I believe the ABI break is fine too: developers will have to >> “make clean-go && make”, but that’s okay. > > Good to know. I added a summary of your explanation as a comment in the code, so our future selves get an idea of why things are done this way, and pushed as 23cbbe6860782c5d4a0ba599ea1cda0642e91661. Time for “make clean-go && make”! Thanks, Ludo’.