Issue metadata
Sign in to add a comment
|
[eve] platform_ToolchainOptions failing for /opt/intel/fw_parser |
||||||||||||||||||||||
Issue descriptionSomething is breaking the CQ build for eve since #4101: https://uberchromegw.corp.google.com/i/chromeos/builders/eve-paladin platform_ToolchainOptions is failing due to /opt/intel/fw_parser binary. Probably we need to add it to a whitelist, but I can't see any recent change to this binary which would cause it to change. So it's probably worth investigating first. Test -fPIE 1 failures FAILED: /opt/intel/fw_parser Test Executable Stack 1 failures FAILED: /opt/intel/fw_parser Test Libgcc_s Users 1 failures FAILED: /opt/intel/fw_parser Test Libstdc++ Users 1 failures FAILED: /opt/intel/fw_parser 09/21 00:34:15.019 DEBUG| parallel:0030| Traceback (most recent call last): 09/21 00:34:15.019 DEBUG| parallel:0030| File "/usr/local/autotest/bin/parallel.py", line 18, in fork_start 09/21 00:34:15.019 DEBUG| parallel:0030| l() 09/21 00:34:15.020 DEBUG| parallel:0030| File "/usr/local/autotest/bin/job.py", line 488, in <lambda> 09/21 00:34:15.020 DEBUG| parallel:0030| l = lambda : test.runtest(self, url, tag, args, dargs) 09/21 00:34:15.020 DEBUG| parallel:0030| File "/usr/local/autotest/bin/test.py", line 117, in runtest 09/21 00:34:15.020 DEBUG| parallel:0030| job.sysinfo.log_after_each_iteration) 09/21 00:34:15.020 DEBUG| parallel:0030| File "/usr/local/autotest/common_lib/test.py", line 888, in runtest 09/21 00:34:15.020 DEBUG| parallel:0030| mytest._exec(args, dargs) 09/21 00:34:15.020 DEBUG| parallel:0030| File "/usr/local/autotest/common_lib/test.py", line 600, in _exec 09/21 00:34:15.020 DEBUG| parallel:0030| _call_test_function(self.execute, *p_args, **p_dargs) 09/21 00:34:15.020 DEBUG| parallel:0030| File "/usr/local/autotest/common_lib/test.py", line 800, in _call_test_function 09/21 00:34:15.021 DEBUG| parallel:0030| return func(*args, **dargs) 09/21 00:34:15.021 DEBUG| parallel:0030| File "/usr/local/autotest/common_lib/test.py", line 464, in execute 09/21 00:34:15.021 DEBUG| parallel:0030| postprocess_profiled_run, args, dargs) 09/21 00:34:15.021 DEBUG| parallel:0030| File "/usr/local/autotest/common_lib/test.py", line 371, in _call_run_once 09/21 00:34:15.021 DEBUG| parallel:0030| self.run_once(*args, **dargs) 09/21 00:34:15.021 DEBUG| parallel:0030| File "/usr/local/autotest/tests/platform_ToolchainOptions/platform_ToolchainOptions.py", line 324, in run_once 09/21 00:34:15.021 DEBUG| parallel:0030| raise error.TestFail(fail_summary_msg) 09/21 00:34:15.021 DEBUG| parallel:0030| TestFail: Test -Wl,-z,now 1 failures, Test -fPIE 1 failures, Test Executable Stack 1 failures, Test Libgcc_s Users 1 failures, Test Libstdc++ Users 1 failures 09/21 00:34:15.039 INFO | job:0232| FAIL platform_ToolchainOptions platform_ToolchainOptions timestamp=1537515255 localtime=Sep 21 00:34:15 Test -Wl,-z,now 1 failures, Test -fPIE 1 failures, Test Executable Stack 1 failures, Test Libgcc_s Users 1 failures, Test Libstdc++ Users 1 failures
,
Sep 21
,
Sep 21
Reason that the fails only started recently is because this package was not installed previously. I suspect that the following CL from kirtika@ made it install on eve boards. https://chrome-internal-review.googlesource.com/c/chromeos/overlays/overlay-eve-private/+/680588 How is fw_parser binary built?
,
Sep 21
Hi, We are enabling an intel wifi firmware dumper private package on some boards (eve and cyan are already in, my CL is in the CQ for atlas, nocturne). /opt/intel/fw_parser is a proprietary firmware blob that we get from Intel (IIUC). Eric is on leave and I am inheriting the project from him. Can someone help me with what whitelisting I need to do? Thanks!
,
Sep 21
Based on the fails : Test -Wl,-z,now 1 failures, Test -fPIE 1 failures, Test Executable Stack 1 failures, Test Libgcc_s Users 1 failures, Test Libstdc++ Users 1 failures The whitelists are here (one for each type of checks): https://cs.corp.google.com/chromeos_public/src/third_party/autotest/files/client/site_tests/platform_ToolchainOptions/ The binary seems to be triggering all the checks. But in particular, it should be good to clarify these with Intel post white-listing: 1. Why aren't they enabling -pie . 2. Presence of Executable Stack. 3. -z,now not used when linking.
,
Sep 21
Resolving this with Intel will take us at least 1-2 days, unless the toolchain team is OK with whitelisting first and then sorting out details with Intel. I will admit to not understanding most of Manoj's comment in #41. What are our options here? Should I revert?
,
Sep 21
Yes, please whitelist them first so that the test passes. And please do talk with Intel: Some pointer about why these checks are needed. Executable stack: https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks Pie: https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2B-.2B-_-fPIE_-pie.29 "-z,now" : https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29
,
Sep 23
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b commit d5c4d93954e42ab1d5495ebb4116827ac39b3b4b Author: Kirtika Ruchandani <kirtika@google.com> Date: Sun Sep 23 02:06:50 2018 platform_ToolchainOptions: whitelist intel fwdump parser Intel provides a proprietary parser for their firmware dump, the output of which we plan to attach to a feedback report. Whitelist this binary until we sort out its compile/link options with Intel. BUG=b:65121142, chromium:887869 TEST=`test_that -b eve $DUT platform_ToolchainOptions --autotest_dir=./` Change-Id: I1df1348da34a6da79aa6d2adf5ff2423f5844ea2 Signed-off-by: Kirtika Ruchandani <kirtika@google.com> Reviewed-on: https://chromium-review.googlesource.com/1239555 Commit-Queue: Kirtika Ruchandani <kirtika@chromium.org> Tested-by: Kirtika Ruchandani <kirtika@chromium.org> Trybot-Ready: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b/client/site_tests/platform_ToolchainOptions/libstdcxx_whitelist [modify] https://crrev.com/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b/client/site_tests/platform_ToolchainOptions/pie_whitelist [modify] https://crrev.com/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b/client/site_tests/platform_ToolchainOptions/now_whitelist [modify] https://crrev.com/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b/client/site_tests/platform_ToolchainOptions/libgcc_whitelist [modify] https://crrev.com/d5c4d93954e42ab1d5495ebb4116827ac39b3b4b/client/site_tests/platform_ToolchainOptions/stack_whitelist
,
Nov 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by steve...@chromium.org
, Sep 21