Re: [BUG] tools/mkimage is broken on macos arm64

1 Dec 2021

      I’ve found that u-boot mkimage doesn’t work on macos arm64 due to ASLR mechanism.
Jessica, do you have any idea how to rewrite INIT_SECTION define to make it compatible with ASLR mechanism?
(It is related to commit https://github.com/u-boot/u-boot/commit/3b142045e8a7f0ab17b6099e9226296af459... )
LLDB uses undocumented way to disable ASLR that is why mkimage works under LLDB (https://stackoverflow.com/questions/23897963/documented-way-to-disable-aslr-... )
On modern MacOS systems it is the only way to disable ASLR (use lldb or just use the code from LLDB to disable ASBR)
sergey@Sergeys-MacBook-Air tools % lldb ./mkimage      
(lldb) target create "./mkimage"
Current executable set to '/Volumes/OpenWrt/u-boot/tools/mkimage' (arm64).
(lldb) settings set target.disable-aslr false
(lldb) r -f a b
Process 46167 launched: '/Volumes/OpenWrt/u-boot/tools/mkimage' (arm64)
BEFORE INIT
AFTER INIT
1
3
0x100045e48
mkimage was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 46167 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x100045e48)
    frame #0: 0x0000000102a9cecc mkimage`imagetool_get_type(type=8) at imagetool.c:27:27 [opt]
   24  	
   25  		for (curr = start; curr != end; curr++) {
   26  			fprintf(stderr, "%p\n", curr);
-> 27  			fprintf(stderr, "%p\n", *curr);
   28  	
   29  	//		sleep(100000);
   30  			if ((*curr)->check_image_type) {
Target 0: (mkimage) stopped.
(lldb) exit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n] y
******With ASLR it generates segfault
sergey@Sergeys-MacBook-Air tools % lldb ./mkimage  
(lldb) target create "./mkimage"
Current executable set to '/Volumes/OpenWrt/u-boot/tools/mkimage' (arm64).
(lldb) r -f a b
Process 46172 launched: '/Volumes/OpenWrt/u-boot/tools/mkimage' (arm64)
BEFORE INIT
AFTER INIT
1
3
0x100045e48
0x100044560
0x100045e50
0x100044780
0x100045e58
0x1000447d8
sh: dtc: command not found
/Volumes/OpenWrt/u-boot/tools/mkimage: Can't open b.tmp: No such file or directory
Process 46172 exited with status = 255 (0x000000ff)
...
On 30 Nov 2021, at 18:02, Sergey V. Lobanov sergey@lobanov.in wrote:
I added some printf debugs to imagetool.c and recompiled with debug symbols:
struct image_type_params *imagetool_get_type(int type)
{
       struct image_type_params **curr;
       fprintf(stderr, "BEFORE INIT\n");
       INIT_SECTION(image_type);

   fprintf(stderr, "AFTER INIT\n");

   fprintf(stderr, "1\n");
 struct image_type_params **start = __start_image_type;
 struct image_type_params **end = __stop_image_type;

   fprintf(stderr, "3\n");

 for (curr = start; curr != end; curr++) {

           fprintf(stderr, "%p\n", curr);

         if ((*curr)->check_image_type) {
                 if (!(*curr)->check_image_type(type))
                         return *curr;
         }
 }
 return NULL;

}
% ./mkimage -f aaa bbb
BEFORE INIT
AFTER INIT
1
3
0x100041e48
zsh: segmentation fault (core dumped)  ./mkimage -f aaa bbb
% lldb ./mkimage -c /cores/core.95889
(lldb) target create "./mkimage" --core "/cores/core.95889”
...
(lldb) bt all
mkimage was compiled with optimization - stepping may behave oddly; variables may not be available.

thread #1, stop reason = signal SIGSTOP
frame #0: 0x00000001048ec168 mkimage`imagetool_get_type(type=<unavailable>) at imagetool.c:27:8 [opt]
frame #1: 0x000000010490c008 mkimage`main(argc=<unavailable>, argv=<unavailable>) at mkimage.c:357:12 [opt]
frame #2: 0x000000018c2f5430 libdyld.dylib`start + 4

(lldb) f 0
frame #0: 0x00000001048ec168 mkimage`imagetool_get_type(type=<unavailable>) at imagetool.c:27:8 [opt]
  24  		for (curr = start; curr != end; curr++) {
  25  			fprintf(stderr, "%p\n", curr);
  26  	
-> 27  			if ((*curr)->check_image_type) {
  28  				if (!(*curr)->check_image_type(type))
  29  					return *curr;
And the most interesting thing, mkimage doesn’t segfault if it is launched under lldb:
% lldb ./mkimage
(lldb) target create "./mkimage"
Current executable set to '/Volumes/u-boot/tools/mkimage' (arm64).
(lldb) r -f aaa bbb
Process 95950 launched: '/Volumes/u-boot/tools/mkimage' (arm64)
BEFORE INIT
AFTER INIT
1
3
0x100041e48
0x100041e50
0x100041e58
sh: dtc: command not found
/Volumes/u-boot/tools/mkimage: Can't open bbb.tmp: No such file or directory
...
On 30 Nov 2021, at 14:49, Sergey V. Lobanov sergey@lobanov.in wrote:
Hello,
I have observed that u-boot mkimage is broken on macos arm64, it generates segfault every time.
Reproducing:
My MacOS environment:
% sw_vers             
ProductName:	macOS
ProductVersion:	11.6
BuildVersion:	20G165
% uname -s -r -m 
Darwin 20.6.0 arm64

Build on macos arm64

% export CPATH=/opt/homebrew/opt/openssl@1.1/include
% export LIBRARY_PATH=/opt/homebrew/opt/openssl@1.1/lib
% make tools

Versions

% git log | head -n 1
commit ade37460a944aed36ae6ee634c4d4a9a22690461
% ./mkimage -V         
mkimage version 2022.01-rc3

Run

% ./mkimage -f aaa bbb
zsh: segmentation fault  ./mkimage -f aaa bbb
(Diagnostics related to the segfault attached)
The same story for Mac homebrew’s version:
% mkimage -V         
mkimage version 2021.10
% mkimage -f aaa bbb
zsh: segmentation fault  mkimage -f aaa bbb
If do the same on normal Linux host, everything is ok (no segfault):
$ uname -s -r -m 
Linux 4.19.0-18-amd64 x86_64
$ ./mkimage -V
mkimage version 2022.01-rc3
$ ./mkimage -f aaa bbb
FATAL ERROR: Couldn't open "aaa": No such file or directory
./mkimage: Can't open bbb.tmp: No such file or directory
<mkimage_2021-11-30-132645_Sergeys-MacBook-Air.crash.txt>