Ubuntu
libhybris package

mm linker's soinfo::call_constructors: don't assume that soname_ is available.

Bug #1603520 reported by Ratchanan Srirattanamet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libhybris (Ubuntu)
New
Undecided
Unassigned

Bug Description

I'm porting Ubuntu Touch to Samsung Galaxy Tab 2 7.0. As I investigate unity-system-compositor crash, it's found that the crash happens in mm's linker (https://git.launchpad.net/~libhybris-maintainers/libhybris/+git/libhybris/tree/hybris/common/mm/linker.cpp#n2180), where soname_ is NULL. Digging further, it's found that the library it's trying to load (gralloc.omap4.so) indeed doesn't have soname in it.
My current workaround is applying this patch so that it checks whether soname_ is NULL:
--- a/hybris/common/mm/linker.cpp
+++ b/hybris/common/mm/linker.cpp
@@ -2177,7 +2177,7 @@
     return;
   }

- if (strcmp(soname_, "libc.so") == 0) {
+ if (soname_ && strcmp(soname_, "libc.so") == 0) {
     DEBUG("HYBRIS: =============> Skipping libc.so\n");
     return;
   }
Although I'm not sure if this is the correct fix. So, I open this bug so that the people familiar with the codebase can put in the correct fix.

Channel: ubuntu-touch/rc-proposed/ubuntu
Ubuntu build description: 20160715.1

Result from a gdb session:
phablet@ubuntu-phablet:~/deb$ sudo HYBRIS_LOGGING_LEVEL=debug gdb unity-system-compositor
GNU gdb (Ubuntu 7.9-1ubuntu1) 7.9
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from unity-system-compositor...Reading symbols from /usr/lib/debug/.build-id/0c/4fb1a807f3bac08b4b2122d587a7918b73f343.debug...done.
done.
(gdb) run --disable-overlays=false --spinner=/usr/bin/unity-system-compositor-spinner
Starting program: /usr/sbin/unity-system-compositor --disable-overlays=false --spinner=/usr/bin/unity-system-compositor-spinner
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
WARNING: linker /android/system/vendor/lib/hw/gralloc.omap4430.so: unused DT entry: type 0xf arg 0x53b
WARNING: linker /android/system/vendor/lib/libsrv_um_SGX540_120.so: unused DT entry: type 0xf arg 0xeb9
WARNING: linker /android/system/vendor/lib/libpvr2d_SGX540_120.so: unused DT entry: type 0xf arg 0x767

Program received signal SIGSEGV, Segmentation fault.
strcmp () at ../sysdeps/arm/armv7/strcmp.S:181
181 ../sysdeps/arm/armv7/strcmp.S: No such file or directory.
(gdb) print soname_
No symbol "soname_" in current context.
(gdb) bt
#0 strcmp () at ../sysdeps/arm/armv7/strcmp.S:181
#1 0x4087c78a in soinfo::call_constructors (this=0x40c59004)
    at linker.cpp:2180
#2 0x4087f2aa in do_dlopen (
    name=name@entry=0xbeffbfe4 "/vendor/lib/hw/gralloc.omap4.so",
    flags=flags@entry=0, extinfo=extinfo@entry=0x0) at linker.cpp:1625
#3 0x4087a9a4 in dlopen_ext (
    filename=0xbeffbfe4 "/vendor/lib/hw/gralloc.omap4.so", flags=0,
    extinfo=0x0) at dlfcn.cpp:88
#4 0x40781772 in _hybris_hook_android_dlopen (filename=<optimized out>,
    flag=<optimized out>) at hooks.c:2191
#5 0x40c54ad4 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) frame 1
#1 0x4087c78a in soinfo::call_constructors (this=0x40c59004)
    at linker.cpp:2180
2180 linker.cpp: No such file or directory.
(gdb) print soname_
$1 = 0x0
(gdb) print this
$2 = (soinfo * const) 0x40c59004
(gdb) print *this
$3 = {phdr = 0x41002034, phnum = 7, entry = 0, base = 1090527232,
  size = 32768, dynamic = 0x41008dcc, next = 0x40c5911c, flags_ = 1073741825,
  strtab_ = 0x410025d4 "", symtab_ = 0x41002114, nbucket_ = 67, nchain_ = 76,
  bucket_ = 0x41002b24, chain_ = 0x41002c30, plt_got_ = 0x0,
  plt_rel_ = 0x41003048, plt_rel_count_ = 68, rel_ = 0x41002d60,
  rel_count_ = 93, preinit_array_ = 0x0, preinit_array_count_ = 0,
  init_array_ = 0x41008dbc, init_array_count_ = 3, fini_array_ = 0x41008dc8,
  fini_array_count_ = 1, init_func_ = 0x0, fini_func_ = 0x0,
  ARM_exidx = 0x41006b08, ARM_exidx_count = 60, ref_count_ = 1,
  link_map_head = {l_addr = 1090527232,
    l_name = 0x743e4 "/android/system/vendor/lib/hw/gralloc.omap4430.so",
    l_ld = 0x41008dcc, l_next = 0x40c59194, l_prev = 0x40038eb4},
  constructors_called = false, load_bias = 1090527232,
  has_text_relocations = false, has_DT_SYMBOLIC = true, version_ = 2,
  st_dev_ = 1793, st_ino_ = 816, children_ = {head_ = 0x4002649c,
    tail_ = 0x400264cc}, parents_ = {head_ = 0x0, tail_ = 0x0},
  file_offset_ = 0, rtld_flags_ = 0, dt_flags_1_ = 1, strtab_size_ = 1351,
  gnu_nbucket_ = 0, gnu_bucket_ = 0x0, gnu_chain_ = 0x0, gnu_maskwords_ = 0,
  gnu_shift2_ = 0, gnu_bloom_filter_ = 0x0, local_group_root_ = 0x40c59004,
  android_relocs_ = 0x0, android_relocs_size_ = 0, soname_ = 0x0,
  realpath_ = "/android/system/vendor/lib/hw/gralloc.omap4430.so",
  versym_ = 0x0, verdef_ptr_ = 0, verdef_cnt_ = 0, verneed_ptr_ = 0,
  verneed_cnt_ = 0, target_sdk_version_ = 23}
(gdb) quit
A debugging session is active.

 Inferior 1 [process 3209] will be killed.

Quit anyway? (y or n) y
phablet@ubuntu-phablet:~/deb$

Info for gralloc.omap4.so:
ubuntu-phone-devtree-p3100/vendor/samsung/espresso-common/proprietary/system/vendor/lib/hw$ readelf -d gralloc.omap4430.so

Dynamic section at offset 0x5dcc contains 28 entries:
  Tag Type Name/Value
 0x00000003 (PLTGOT) 0x6ee4
 0x00000002 (PLTRELSZ) 544 (bytes)
 0x00000017 (JMPREL) 0x1048
 0x00000014 (PLTREL) REL
 0x00000011 (REL) 0xd60
 0x00000012 (RELSZ) 744 (bytes)
 0x00000013 (RELENT) 8 (bytes)
 0x6ffffffa (RELCOUNT) 92
 0x00000006 (SYMTAB) 0x114
 0x0000000b (SYMENT) 16 (bytes)
 0x00000005 (STRTAB) 0x5d4
 0x0000000a (STRSZ) 1351 (bytes)
 0x00000004 (HASH) 0xb1c
 0x00000001 (NEEDED) Shared library: [libc.so]
 0x00000001 (NEEDED) Shared library: [libdl.so]
 0x00000001 (NEEDED) Shared library: [libcutils.so]
 0x00000001 (NEEDED) Shared library: [libsrv_um_SGX540_120.so]
 0x00000001 (NEEDED) Shared library: [libpvr2d_SGX540_120.so]
 0x00000001 (NEEDED) Shared library: [libcorkscrew.so]
 0x00000019 (INIT_ARRAY) 0x6dbc
 0x0000001b (INIT_ARRAYSZ) 12 (bytes)
 0x0000001a (FINI_ARRAY) 0x6dc8
 0x0000001c (FINI_ARRAYSZ) 4 (bytes)
 0x0000000f (RPATH) Library rpath: [/system/lib]
 0x00000010 (SYMBOLIC) 0x0
 0x0000001e (FLAGS) SYMBOLIC BIND_NOW
 0x6ffffffb (FLAGS_1) Flags: NOW
 0x00000000 (NULL) 0x0
ubuntu-phone-devtree-p3100/vendor/samsung/espresso-common/proprietary/system/vendor/lib/hw$

The file itself can be got at https://github.com/TheMuppets/proprietary_vendor_samsung/blob/cm-13.0/espresso-common/proprietary/system/vendor/lib/hw/gralloc.omap4430.so?raw=true

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.