[Bug 2107313] Re: fix amd build issue on the newer kernel with higher entropy

Tue Aug 19 12:16:02 UTC 2025

This bug was fixed in the package gcc-10 - 10.5.0-1ubuntu1~22.04.2

---------------
gcc-10 (10.5.0-1ubuntu1~22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: A missed hardening option in -fstack-protector for AArch64
    can lead to buffer overflows for dynamically allocated local variables
    not being detected. (LP: #2054343)
    - d/p/CVE-2023-4039.diff: Address stack protector and stack clash
      protection weaknesses on AArch64. Taken from the gcc-12 branch.
    - CVE-2023-4039
  * Move allocator base to avoid conflict with high-entropy ASLR for x86-64
    Linux. Patch taken from LLVM. Fixes ftbfs. (LP: #2107313)
    - d/p/lp2107313-asan-allocator-base.diff

 -- Gerald Yang <gerald.yang at canonical.com>  Tue, 22 Apr 2025 02:56:54
+0000

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-10 in Ubuntu.
https://bugs.launchpad.net/bugs/2107313

Title:
  fix amd build issue on the newer kernel with higher entropy

Status in gcc-10 package in Ubuntu:
  In Progress
Status in gcc-11 package in Ubuntu:
  In Progress
Status in gcc-12 package in Ubuntu:
  In Progress
Status in gcc-10 source package in Focal:
  In Progress
Status in gcc-10 source package in Jammy:
  Fix Released
Status in gcc-11 source package in Jammy:
  Fix Released
Status in gcc-12 source package in Jammy:
  Fix Released

Bug description:
  [ Impact ]

  Our launchpad builder has been updated to Noble and with this kernel SRU:
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1983357

  vm.mmap_rnd_bits has been changed from 28 to 32

  This leads to gcc build failed because some build logs are filled with the following message
  and run out of all disk space on the builder:
  AddressSanitizer:DEADLYSIGNAL

  grep -c "^AddressSanitizer:DEADLYSIGNAL$" /home/buildd/build-PACKAGEBUILD-30215080/chroot-autobuild/build/gcc-10-HrYDNt/gcc-10-10.5.0/build/gcc/testsuite/gcc/gcc.log 
  599050838

  llvm also hit the same issue and has been fixed by:
  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839

  The root cause is when vm.mmap_rnd_bits is set to a higher value, it will frequently conflict
  with asan's allocator on amd64, so the asan's allocator base address needs to be moved to
  another location that won't have the conflict, please see the above commit for more details.

  gcc-13 already has this patch, but gcc-10/11/12 don't, we need to
  patch them as well.

  [ Test Plan ]

  This can be easily reproduced by
  1. download source, e.g. apt source gcc-10
  2. no need to change any code, just add a test version in debian/changelog and dput to a PPA, the build will fail.

  With this patch, build should succeed.

  [ Where problems could occur ]

  This patch moves the asan allocator's base address from 0x600000000000ULL to 0x500000000000ULL,
  so it won't conflict with PIE program segment, it shouldn't cause any issue.
  In case if something goes wrong, the build should fail again.

  [ Other Info ]
  The previous SRU to fix the same issue on gcc-12/13 on noble:
  https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-14/+bug/2048768

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-10/+bug/2107313/+subscriptions