This issue currently applies to versions 384.47 and 384.59 in the tree. Both ebuilds apply an old pax patch. The new and correct pax patch is https://www.grsecurity.net/~paxguy1/nvidia-drivers-384.47-pax.patch
I should probably clarify that the patch works for both versions 384.47 and 384.59.
Hey, what's the status on this bug? Please let me know if I can help!
$ emerge --info Portage 2.3.6 (python 3.4.5-final-0, hardened/linux/amd64, gcc-5.4.0, glibc-2.23-r4, 4.9.24-hardened x86_64) ================================================================= System uname: Linux-4.9.24-hardened-x86_64-Intel-R-_Core-TM-_i7-3770_CPU_@_3.40GHz-with-gentoo-2.3 KiB Mem: 18498880 total, 636292 free KiB Swap: 19335164 total, 18892232 free Timestamp of repository gentoo: Mon, 21 Aug 2017 07:00:01 +0000 sh bash 4.3_p48-r1 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 ccache version 3.2.4 [enabled] app-shells/bash: 4.3_p48-r1::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.24.1-r2::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/ccache: 3.2.4::gentoo dev-util/cmake: 3.7.2::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.28::gentoo sys-apps/sandbox: 2.10-r3::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.14.1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.25.1-r1::gentoo, 2.26.1::gentoo, 2.28-r2::gentoo sys-devel/gcc: 4.9.4::gentoo, 5.4.0-r3::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r4::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=native -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=native -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j7" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl alsa amd64 avahi berkdb bzip2 cli cracklib crypt cscope cxx dbus dri gdbm gtk hardened iconv ipv6 jpeg justify lock lvm modules multilib ncurses nls nptl nvidia openmp pam pax_kernel pcre pie pulseaudio qemu readline seccomp session ssl ssp startup-notification symlink tcpd thunar tls udev unicode urandom virt-network xattr xinerama xtpax xulrunner zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby22" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS $ sudo emerge -q nvidia-drivers >>> Verifying ebuild manifests >>> Running pre-merge checks for x11-drivers/nvidia-drivers-384.59-r1 * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found kernel object directory: * /lib/modules/4.9.24-hardened/build * Found sources for kernel version: * 4.9.24-hardened * Checking for suitable kernel configuration options... [ ok ] >>> Emerging (1 of 1) x11-drivers/nvidia-drivers-384.59-r1::gentoo >>> Failed to emerge x11-drivers/nvidia-drivers-384.59-r1, Log file: >>> '/var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/temp/build.log' * Package: x11-drivers/nvidia-drivers-384.59-r1 * Repository: gentoo * Maintainer: jer@gentoo.org hardened@gentoo.org * USE: X abi_x86_32 abi_x86_64 amd64 driver elibc_glibc gtk3 kernel_linux kms multilib pax_kernel tools userland_GNU uvm * FEATURES: ccache preserve-libs sandbox userpriv usersandbox * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found kernel object directory: * /lib/modules/4.9.24-hardened/build * Found sources for kernel version: * 4.9.24-hardened * Checking for suitable kernel configuration options... [ ok ] * Checking for suitable kernel configuration options... [ ok ] >>> Unpacking NVIDIA-Linux-x86_64-384.59.run to /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work >>> Unpacking nvidia-settings-384.59.tar.gz to /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work * Using PAX patches is not supported. You will be asked to * use a standard kernel should you have issues. Should you * need support with these patches, contact the PaX team. * Applying nvidia-drivers-375.20-pax.patch ... The text leading up to this was: -------------------------- |diff -urp work.orig/kernel/nvidia-uvm/uvm_full_fault_buffer.h work/kernel/nvidia-uvm/uvm_full_fault_buffer.h |--- work.orig/kernel/nvidia-uvm/uvm_full_fault_buffer.h 2016-11-27 21:56:50.399642330 +0100 |+++ work/kernel/nvidia-uvm/uvm_full_fault_buffer.h 2016-11-27 21:54:23.975709978 +0100 -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored [ !! ] * ERROR: x11-drivers/nvidia-drivers-384.59-r1::gentoo failed (prepare phase): * patch -p1 failed with /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/files/nvidia-drivers-375.20-pax.patch
Can someone please post about the status of this bug? In particular, please write here if - you need information on how to reproduce this bug - you need confirmation this bug really exists - you need to make internal decisions that are blocking this bug - the maintainer doesn't have time to attend to this bug In the latter case please let me know, I can submit a pull requrest to https://github.com/gentoo/gentoo
(In reply to sg313 from comment #0) > This issue currently applies to versions 384.47 and 384.59 in the tree. > Both ebuilds apply an old pax patch. > > The new and correct pax patch is > https://www.grsecurity.net/~paxguy1/nvidia-drivers-384.47-pax.patch The patch applies OK, but the build fails in the compile phase: /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c: In function ‘nvidia_update_drm_driver_features’: /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:720:35: error: assignment of member ‘driver_features’ in read-only object nv_drm_driver.driver_features |= DRIVER_MODESET | DRIVER_ATOMIC; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:722:30: error: assignment of member ‘master_set’ in read-only object nv_drm_driver.master_set = nvidia_drm_master_set; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:723:31: error: assignment of member ‘master_drop’ in read-only object nv_drm_driver.master_drop = nvidia_drm_master_drop; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:725:31: error: assignment of member ‘dumb_create’ in read-only object nv_drm_driver.dumb_create = nvidia_drm_dumb_create; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:726:35: error: assignment of member ‘dumb_map_offset’ in read-only object nv_drm_driver.dumb_map_offset = nvidia_drm_dumb_map_offset; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:727:32: error: assignment of member ‘dumb_destroy’ in read-only object nv_drm_driver.dumb_destroy = drm_gem_dumb_destroy; ^ /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.c:729:30: error: assignment of member ‘gem_vm_ops’ in read-only object nv_drm_driver.gem_vm_ops = &nv_drm_gem_vma_ops; ^ make[3]: *** [/usr/src/linux-4.9.24-hardened/scripts/Makefile.build:294: /var/tmp/portage/x11-drivers/nvidia-drivers-384.59-r1/work/kernel/nvidia-drm/nvidia-drm-drv.o] Error 1 Looks like it's trying to initialize a const data structure.
I think this bug is now obsolete due to the removal of the hardened-sources please see: https://www.gentoo.org/support/news-items/2017-08-19-hardened-sources-removal.html Goodbye PaX Kernel.... I have now switched to the gentoo-sources. One should then pay attention, explicitly set in make.conf "-pax_kernel", at least until the useflag is set automatically in the hardened profile. And then rebuild all affected packages.
That's sad, I'm sorry to hear that. Thank you for letting us know.
