Package: gcc-11 Followup-For: Bug #1005863 X-Debbugs-Cc: martin-eric.rac...@iki.fi
Ok; I should have realised that scanning the entire contents of the i386 bookworm archive for particular opcodes across _all_ files on a single machine seemed to complete surprisingly quickly.. Please find attached an updated check-script (check.sh) that is running currently. It makes some tradeoffs for scanning performance reasons: in particular, it's only inspecting files that have the executable bit set, or that end with the suffix '.so' or '.a'. It seems that it's going to take a while to run to completion on the available hardware here: my estimate would be approximately another two days (48 hours). I'm uncertain whether the script will run to completion uninterrupted, and also it is not written to be easily-resumable, so.. let's at least gather some summary statistics from the output while it's in progress. Please also find attached a reporting script (report.sh) that summarises the total number of packages scanned, the number of packages where at least one file was inspected, and the number of packages where at least one inspected file contained a 'nopl' opcode. The current report.sh output at the time of writing is: 2441 2042 130 So my guess is that approximately 6-7% of i386 packages in bookworm _that contain binaries or shared libraries_ are susceptible to this bug. The opcode may not be encountered at runtime when those packages are used, and analysis of the packages to determine where they sit in Debian's dependency graph would indicate the level of impact on a system, however my initial sense is that this could indeed be a fairly critical issue on Geode LX hardware for Debian bookworm. It's also a larger number of packages than we could expect individual maintainers to adjust their buildflags for on any realistic timescale - so either a Debian-specific patch or upstream fix would be required to continue to support Geode LX (in my opinion, and assuming that the script and report are accurate-enough to be guiding indicators).
#!/bin/bash FULLPATH="$1" PACKAGE=$(basename "${FULLPATH}" .deb) dpkg -x "${FULLPATH}" "${PACKAGE}"; echo -n "Checking ${PACKAGE} ... "; find "$PACKAGE" -type f -a \( -executable -o -name '*.so' -o -name '*.a' \) -print | wc -l while IFS= read -r -d '' file; do objdump --architecture=i386 --disassemble-all "$file" | grep -q -w "nopl" && echo "E $file" done < <(find "${PACKAGE}" -type f -a -executable -o -name '*.so' -print0) 2>/dev/null; rm -rf "${PACKAGE}";
#!/bin/bash # total number of packages checked grep "^Checking" affected.txt | wc -l # packages that contained at least one binary/shared-library to inspect grep "^Checking" affected.txt | grep -v " 0$" | wc -l # packages where at least one error was found in a binary/shared-library grep "^Checking" affected.txt -A 1 | grep "^E" | wc -l