Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 374289

Summary: www-clients/firefox-5.0-r2 mmap loog on PaX&hardened system
Product: Gentoo Linux Reporter: Anton Kochkov <anton.kochkov>
Component: Current packagesAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED FIXED    
Severity: normal CC: anthoine.bourgeois, anton.kochkov, bugs+gentoo, cruzki123, graham, pageexec
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: strace -v output
emerge --info log
Configuration file to disable jit

Description Anton Kochkov 2011-07-06 23:09:01 UTC
Created attachment 279285 [details]
strace -v output

Building firefox-5.0-r2 from main gentoo tree.
Building is ok. but firefox doesnt start.
Attaching strace
Comment 1 Anton Kochkov 2011-07-06 23:10:27 UTC
Created attachment 279287 [details]
emerge --info log
Comment 2 Christian Apeltauer 2011-07-11 07:18:35 UTC
Created attachment 279715 [details]
Configuration file to disable jit

I think the problem is due to jit not fully disabled (despite USE=-methodjit being set on hardened). The attached file should be put in
/usr/lib/{firefox,icecat,seamonkey}/defaults/pref
It disables any jit support by default and the browser should come up. It least it did the trick for me with seamonkey and icecat on hardened amd64.
Comment 3 Sven Vermeulen 2011-07-12 18:53:34 UTC
Here it started, but the moment I tried something like opening a new tab, it crashed. Putting the file as offered by Christian in the suggested location fixed this indeed.
Comment 4 Anton Kochkov 2011-07-12 18:59:58 UTC
(In reply to comment #2)
> Created attachment 279715 [details]
> Configuration file to disable jit
> 
> I think the problem is due to jit not fully disabled (despite USE=-methodjit
> being set on hardened). The attached file should be put in
> /usr/lib/{firefox,icecat,seamonkey}/defaults/pref
> It disables any jit support by default and the browser should come up. It least
> it did the trick for me with seamonkey and icecat on hardened amd64.

Your patch doesnt help me
Comment 5 Graham Murray 2011-08-10 09:36:19 UTC
I am seeing the same problem on a non-hardened (and therefore non PAX) kernel with just hardened toolchain. The presence of the nojit.js file makes no difference. However if I select the i686-pc-linux-gnu-4.5.3-hardenednopie gcc profile and rebuild firefox, it runs OK (without the nojit.js).
Comment 6 Constantine Kardaris 2011-08-16 16:27:59 UTC
same problem, started after rebuilding everything with gcc hardened 4.5.3 from stable gcc.
Comment 7 Constantine Kardaris 2011-11-03 17:45:39 UTC
seems that have to do with a linker's bug

http://sourceware.org/bugzilla/show_bug.cgi?id=12654

after applying the binutils patch and re-emerging firefox starts fine again
Comment 8 Anton Kochkov 2011-11-07 15:54:46 UTC
Bug is still here for Firefox-7.0 and even Firefox-8.0 (with old gcc - 4.5.2)
Comment 9 Anthoine Bourgeois 2012-01-21 01:27:05 UTC
(In reply to comment #7)
> seems that have to do with a linker's bug
> 
> http://sourceware.org/bugzilla/show_bug.cgi?id=12654
> 
> after applying the binutils patch and re-emerging firefox starts fine again

And so firefox 7.0 and 8.0. The fix above is include in instable binutils-2.22-r1 only.
Note there is two problem here:
1/ The mmap loop on PAX kernel is fixed with paxctl -r (see #396275)
2/ The pie lock on hardened toolchain is fixed with linker's patches above (and binutils-2.22-r1 by the way, see #390911)

The problem is the patches aren't backported to a stable version then stable users can launch firefox 7.0, 8.0
Comment 10 Anton Kochkov 2014-11-27 14:33:27 UTC
Can this bug be closed now? I guess it not actual anymore?
Comment 11 Anthoine Bourgeois 2014-11-27 14:43:25 UTC
(In reply to Anton Kochkov from comment #10)
> Can this bug be closed now? I guess it not actual anymore?

I think so. Bugs #396275 and #390911 are resolved and binutils-2.22-r1 is stable.