Bug 70132 - ARM -mcpu=native can cause a double free abort.
Summary: ARM -mcpu=native can cause a double free abort.
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: driver (show other bugs)
Version: 4.9.2
: P3 normal
Target Milestone: 4.9.4
Assignee: ktkachov
URL:
Keywords:
: 70136 70833 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-03-07 23:07 UTC by Darius Hardy
Modified: 2016-08-17 19:08 UTC (History)
4 users (show)

See Also:
Host:
Target: arm
Build:
Known to work: 6.0
Known to fail: 4.9.4, 5.3.0
Last reconfirmed: 2016-03-08 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Darius Hardy 2016-03-07 23:07:55 UTC
When attempting to use cpu autodetection (either -mcpu=native or -march=native) on ARM where the cpu isn't known by the detection routine e.g. Cortex-A53 in aarch32 mode, the detection function attempts to fclose() a file twice.

gcc/config/arm/driver-arm.c

 131   fclose (f);
 132 
 133   if (val == NULL)
 134     goto not_found;
 135 
 136   return concat ("-m", argv[0], "=", val, NULL);
 137 
 138 not_found:
 139   {
 140     unsigned int i;
 141     unsigned int opt;
 142     const char *search[] = {NULL, "arch"};
 143 
 144     if (f)
 145       fclose (f);
 
When the cpu identifier isn't know val=NULL when it enters this part and the file f ("/proc/cpuinfo") will be closed on line 131, and then again at 145 causing an abort. Setting f = NULL after the first fclose() should prevent it but it isn't done.

rpi3 is a Cortex-A53 running in aarch32 mode. Whilst the A53 is known and gcc will compile for it, the autodetect code doesn't have it listed.

pi@rpi3:~ $ gcc -mcpu=native
*** Error in `gcc': double free or corruption (top): 0x00f5abd0 ***
Aborted

Noticed in 4.9.2, but the code for 5.3.0 appears to still have this.

pi@rpi3:~ $ gcc --version
gcc (Raspbian 4.9.2-10) 4.9.2
Comment 1 ktkachov 2016-03-08 08:42:14 UTC
*** Bug 70136 has been marked as a duplicate of this bug. ***
Comment 2 ktkachov 2016-03-08 08:48:48 UTC
Confirmed by inspecting the code.
The fix should be easy
Comment 3 ktkachov 2016-03-11 15:33:17 UTC
Proposed patch at:
https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00700.html

Can you give it a shot?
Comment 4 Andrew Roberts 2016-03-12 06:03:21 UTC
Patch tested OK,
on Raspberry Pi 3, on Arch Linux using latest gcc 6 snapshot:

/usr/local/gcc-6.0.0/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/usr/local/gcc-6.0.0/bin/gcc
COLLECT_LTO_WRAPPER=/usr/local/gcc-6.0.0/libexec/gcc/armv7l-unknown-linux-gnueabihf/6.0.0/lto-wrapper
Target: armv7l-unknown-linux-gnueabihf
Configured with: ../gcc-6.0.0/configure --prefix=/usr/local/gcc-6.0.0 --program-suffix= --enable-languages=c,c++,fortran --enable-shared --enable-threads=posix --with-system-zlib --with-isl --enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu --disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object --enable-linker-build-id --enable-lto --enable-plugin --enable-install-libiberty --with-linker-hash-style=gnu --enable-gnu-indirect-function --disable-multilib --disable-werror --enable-checking=release --host=armv7l-unknown-linux-gnueabihf --build=armv7l-unknown-linux-gnueabihf --target=armv7l-unknown-linux-gnueabihf --with-arch=armv7-a --with-float=hard --with-fpu=vfpv3-d16 --disable-bootstrap
Thread model: posix
gcc version 6.0.0 20160306 (experimental) (GCC)
Comment 5 Andrew Roberts 2016-03-12 06:13:25 UTC
Do I need to raise another bug report  to get the march=native to actually generate native code, or has one already been raised?

My original report (Bug 70136) included full /proc/cpuinfo for the BCM2834 as used on the Raspberry Pi 3 in 32 bit mode.

CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xd03
CPU revision	: 4
Comment 6 ktkachov 2016-03-12 09:38:41 UTC
(In reply to Andrew Roberts from comment #5)
> Do I need to raise another bug report  to get the march=native to actually
> generate native code, or has one already been raised?
> 
> My original report (Bug 70136) included full /proc/cpuinfo for the BCM2834
> as used on the Raspberry Pi 3 in 32 bit mode.
> 
> CPU implementer	: 0x41
> CPU architecture: 7
> CPU variant	: 0x0
> CPU part	: 0xd03
> CPU revision	: 4

Yes, please raise a new report for that, thanks
Comment 7 ktkachov 2016-03-23 10:17:03 UTC
Author: ktkachov
Date: Wed Mar 23 10:16:31 2016
New Revision: 234419

URL: https://gcc.gnu.org/viewcvs?rev=234419&root=gcc&view=rev
Log:
[ARM] PR driver/70132: Avoid double fclose in driver-arm.c

	PR driver/70132
	* config/arm/driver-arm.c (host_detect_local_cpu): Reorder exit logic
	to not call fclose twice on file.


Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/config/arm/driver-arm.c
Comment 8 ktkachov 2016-03-23 10:22:35 UTC
Fixed on trunk for now.
Will backport after some time to the branches
Comment 9 Andrew Pinski 2016-04-27 23:25:22 UTC
*** Bug 70833 has been marked as a duplicate of this bug. ***
Comment 10 ktkachov 2016-04-28 14:44:38 UTC
Author: ktkachov
Date: Thu Apr 28 14:44:07 2016
New Revision: 235573

URL: https://gcc.gnu.org/viewcvs?rev=235573&root=gcc&view=rev
Log:
[ARM] PR driver/70132: Avoid double fclose in driver-arm.c

	Backport from mainline
	2016-03-23  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR driver/70132
	* config/arm/driver-arm.c (host_detect_local_cpu): Reorder exit logic
	to not call fclose twice on file.

Modified:
    branches/gcc-5-branch/gcc/ChangeLog
    branches/gcc-5-branch/gcc/config/arm/driver-arm.c
Comment 11 ktkachov 2016-05-10 16:15:52 UTC
Author: ktkachov
Date: Tue May 10 16:15:20 2016
New Revision: 236092

URL: https://gcc.gnu.org/viewcvs?rev=236092&root=gcc&view=rev
Log:
[ARM] PR driver/70132: Avoid double fclose in driver-arm.c

	Backport from mainline
	2016-03-23  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR driver/70132
	* config/arm/driver-arm.c (host_detect_local_cpu): Reorder exit logic
	to not call fclose twice on file.

Modified:
    branches/gcc-4_9-branch/gcc/ChangeLog
    branches/gcc-4_9-branch/gcc/config/arm/driver-arm.c
Comment 12 ktkachov 2016-05-10 16:16:59 UTC
Fixed on all active branches.
Comment 13 Jeffrey Walton 2016-07-28 08:02:25 UTC
(In reply to Andrew Roberts from comment #5)
> Do I need to raise another bug report  to get the march=native to actually
> generate native code, or has one already been raised?
> 
> My original report (Bug 70136) included full /proc/cpuinfo for the BCM2834
> as used on the Raspberry Pi 3 in 32 bit mode.
> 
> CPU implementer	: 0x41
> CPU architecture: 7
> CPU variant	: 0x0
> CPU part	: 0xd03
> CPU revision	: 4

Andrew - this comment caught my eye because I have been struggling with it on-and-off for a few days. How did you enable CRC and Crypto extensions on the RPI-3 with the A-53?

My apologies for drifting off-topic.
Comment 14 Jeffrey Walton 2016-07-28 08:07:28 UTC
(In reply to ktkachov from comment #8)
> Fixed on trunk for now.
> Will backport after some time to the branches

Bump... I don't think this has made it into Debian's 4.9.2-10.
Comment 15 Jonathan Wakely 2016-08-17 19:08:31 UTC
(In reply to Jeffrey Walton from comment #14)
> Bump... I don't think this has made it into Debian's 4.9.2-10.

Bumping this won't help if the Debian packagers aren't reading it.