Bug 184443

Summary:	Kernel modules should be filtered out from QA checks
Product:	Gentoo Linux	Reporter:	Arfrever Frehtes Taifersar Arahesis (RETIRED) <arfrever>
Component:	New packages	Assignee:	X11 External Driver Maintainers <x11-drivers>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	brebs, toolchain
Priority:	High	Keywords:	InVCS
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	181949
Attachments:	portage-qa-ignores.patch portage-ignore-kernel-modules.patch

Description Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-07-06 19:35:03 UTC

* QA Notice: The following files contain executable stacks
*  Files with executable stacks will not work properly (or at all!)
*  on some architectures/operating systems.  A bug should be filed
*  at http://bugs.gentoo.org/ to make sure the file is fixed.
*  For more information, see http://hardened.gentoo.org/gnu-stack.xml
*  Please include this file in your report:
* /var/tmp/portage/x11-drivers/nvidia-drivers-100.14.11/temp/scanelf-execstack.log
* !WX --- --- lib/modules/2.6.21-suspend2-r6-AFTA/video/nvidia.ko


$ emerge --info -v | grep ARCH=
ARCH="x86"
$ cat /var/tmp/portage/x11-drivers/nvidia-drivers-100.14.11/temp/scanelf-execstack.log
--- --- RWX temp/libglx.so
--- --- RWX work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/lib/libGLcore.so.100.14.11
--- --- RWX work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/lib/libGL.so.100.14.11
--- --- RWX work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/X11R6/lib/modules/extensions/libglx.so.100.14.11
!WX --- --- work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/src/nv/nvidia.o
!WX --- --- work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/src/nv/nv-kernel.o
!WX --- --- work/NVIDIA-Linux-x86-100.14.11-pkg0/usr/src/nv/nvidia.ko
!WX --- --- image/lib/modules/2.6.21-suspend2-r6-AFTA/video/nvidia.ko
--- --- RWX image/usr/lib/opengl/nvidia/lib/libGLcore.so.100.14.11
--- --- RWX image/usr/lib/opengl/nvidia/lib/libGL.so.100.14.11
--- --- RWX image/usr/lib/opengl/nvidia/extensions/libglx.so


Patch:
--- x11-drivers/nvidia-drivers-100.14.11.ebuild
+++ x11-drivers/nvidia-drivers-100.14.11.ebuild
@@ -62,6 +62,8 @@
        usr/lib/opengl/nvidia/extensions/libglx.so
        usr/lib/xorg/modules/drivers/nvidia_drv.so"

+QA_EXECSTACK_x86="lib/modules/*/video/nvidia.ko"
+
 QA_WX_LOAD_x86="usr/lib/opengl/nvidia/lib/libGL.so.${PV}
        usr/lib/opengl/nvidia/lib/libGLcore.so.${PV}
        usr/lib/opengl/nvidia/extensions/libglx.so"

I don't have possibility to check it on other architectures.

Comment 1 Paul Bredbury 2007-07-06 23:22:48 UTC

On x86, I *don't* see this message. I use sys-apps/portage-2.1.2.9

Comment 2 Doug Goldstein (RETIRED) gentoo-dev

2007-07-12 16:47:18 UTC

can't duplicate the message. please provide the required emerge --info output to all ebuilds, once you have pasted that reopen the bug.

Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-07-12 18:24:25 UTC

Portage 7243-svn (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.21-suspend2-r6-AFTA i686)
=================================================================
System uname: 2.6.21-suspend2-r6-AFTA i686 AMD Sempron(tm) Processor 2800+
Gentoo Base System release 1.12.10
Timestamp of tree: Thu, 12 Jul 2007 11:50:01 +0000
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r7
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17.50.0.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon64 -msse3 -pipe -O3 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=athlon64 -msse3 -pipe -O3 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildsyspkg ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.prz.rzeszow.pl http://gentoo.zie.pg.gda.pl http://gentoo.po.opole.pl http://gentoo.ynet.sk/pub http://mirror.gentoo.no http://mirrors.evolva.ro/gentoo http://ftp.du.se/pub/os/gentoo http://ftp.linux.ee/pub/gentoo/distfiles ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo http://ftp.lug.ro/gentoo http://src.gentoo.pl"
LANG="pl_PL.UTF-8"
LC_ALL="pl_PL.UTF-8"
LDFLAGS="-Wl,-O1,--as-needed,--hash-style=gnu,--sort-common,-z,relro"
LINGUAS="pl en la lt"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude=/manifest1_obsolete --prune-empty-dirs"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow X a52 aac aalib acl acpi alsa arts audiofile bash-completion berkdb bzip2 cairo caps cddb cdparanoia cdr cracklib crypt cscope ctype cups curl curlwrappers dbus directfb dri dts dvb dvd dvdr dvdread emboss encode exif expat fam fbcon ffmpeg firefox flac foomaticdb ftp gcj gd gdbm ggi gif glut gmp gnutls gpm graphviz gstreamer gtk guile hal hardened iconv idn imagemagick imlib ipv6 java javascript jbig jpeg jpeg2k kde kdeenablefinal kdehiddenvisibility lash lcms ldap libcaca lm_sensors mad matroska matrox memlimit mhash mikmod mime mmap mmx mng motif mp3 mpeg mpi mplayer musepack ncurses netcdf nls nptl nsplugin odbc ogg openal openexr opengl pam pcntl pcre pda pdf perl png portaudio posix ppds profile python qt3 qt4 quicktime rdesktop readline recode ruby scanner sdl session sharedmem shorten simplexml slang slp sndfile soap sockets speex spell sse sse2 ssl svg svga symlink szip tcl tcpd theora threads tiff tk truetype unicode usb vcd vim-syntax vorbis win32codecs wmf wxwindows x264 x86 xcomposite xine xml xmlrpc xpm xprint xsl xv xvid zlib" ALSA_CARDS="hda-intel virmidi" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="pl en la lt" USERLAND="GNU" VIDEO_CARDS="fbdev nv nvidia vesa"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS

Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-07-12 18:30:29 UTC

This problem only exist with later binutils. It's also with 2.17.50.0.15.

Please reassign this bug to toolchain herd.

Comment 5 Doug Goldstein (RETIRED) gentoo-dev

2007-07-12 18:46:41 UTC

per user comments.

Seems possible to me, what's being marked as having executable stacks is the actual compiled part of the driver.

Granted, his mile long line of LDFLAGS could be the issue.

Comment 6 SpanKY gentoo-dev

2007-07-12 18:56:33 UTC

kernel modules shouldnt be checked in the first place as those sections are ignored ...

Comment 7 Doug Goldstein (RETIRED) gentoo-dev

2007-07-12 19:04:28 UTC

so is the ebuild doing something wrong or does Portage need to get spanked?

Comment 8 SpanKY gentoo-dev

2007-07-12 20:14:09 UTC

i'll have to play/research ... this came up before and i forget how we resolved it in the other package

Comment 9 SpanKY gentoo-dev

2007-08-12 02:04:32 UTC

Created attachment 127805 [details, diff]
portage-qa-ignores.patch

try this patch

Comment 10 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-08-12 12:52:42 UTC

(In reply to comment #9)
> Created an attachment (id=127805) [edit]
> portage-qa-ignores.patch
> 
> try this patch
> 

$ patch -p0 < ~/portage-qa-ignores.patch
patching file ebuild.sh
Hunk #1 FAILED at 1095.
Hunk #2 FAILED at 1132.
Hunk #3 FAILED at 1171.
Hunk #4 FAILED at 1202.
4 out of 4 hunks FAILED -- saving rejects to file ebuild.sh.rej
$ head -n4 ~/portage-qa-ignores.patch
Index: ebuild.sh
===================================================================
--- ebuild.sh   (revision 2825)
+++ ebuild.sh   (working copy)
$ svnversion
7592
$ 

Did you run `svn up`?

Comment 11 SpanKY gentoo-dev

2007-08-12 14:11:11 UTC

Created attachment 127866 [details, diff]
portage-ignore-kernel-modules.patch

nah, i just posted the wrong patch ... that other one i already committed a long time ago

Comment 12 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-08-12 16:24:35 UTC

(In reply to comment #11)
> Created an attachment (id=127866) [edit]
> portage-ignore-kernel-modules.patch

It doesn't work.

info bash:
3.5.8 Filename Expansion
...
When matching a file name, the slash character must always be matched explicitly.

Comment 13 SpanKY gentoo-dev

2007-08-12 16:52:29 UTC

bash rules of matching are irrelevant ... bash isnt used for wildcard matching

Comment 14 SpanKY gentoo-dev

2007-08-16 18:31:03 UTC

in the patch, try using:
lib*/modules/*.ko

in other words, drop that leading / ...

Comment 15 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-08-16 21:12:46 UTC

(In reply to comment #14)
> in the patch, try using:
> lib*/modules/*.ko
> 
> in other words, drop that leading / ...

It seems to work.

Comment 16 SpanKY gentoo-dev

2007-08-17 23:30:45 UTC

merged then into current svn

Comment 17 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2007-08-19 17:39:50 UTC

(In reply to comment #16)
> merged then into current svn

Thanks.

Comment 18 Zac Medico gentoo-dev

2007-08-24 18:45:49 UTC

This has been released in 2.1.3.7.