Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 488906

Summary: x11-drivers/xf86-video-{ati,intel}[glamor] don't work when a hardened profile is used
Product: Gentoo Linux Reporter: Herbert Wantesh <rauchwolke>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, erhard_f, kingjon3377, renesanso, x11
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: glamor-0.5.1.ebuild.patch
xorg.log from the crash
append lazy if now (hardened compiler)

Description Herbert Wantesh 2013-10-21 16:49:52 UTC
when i compiling x11-drivers/xf86-video-intel with glamour use flag set i get this when i start X

[  1425.712] (II) LoadModule: "intel"
[  1425.712] (II) Loading /usr/lib64/xorg/modules/drivers/intel_drv.so
[  1425.713] (EE) Failed to load /usr/lib64/xorg/modules/drivers/intel_drv.so: /usr/lib64/libglamor.so.0: undefined symbol: fbCopyPlane
[  1425.713] (II) UnloadModule: "intel"
[  1425.713] (II) Unloading intel
[  1425.713] (EE) Failed to load module "intel" (loader failed, 7)
[  1425.713] (EE) No drivers available.
[  1425.713] (EE) 
Fatal server error:
[  1425.714] (EE) no screens found(EE) 
[  1425.714] (EE) 
Please consult the The X.Org Foundation support 
         at http://wiki.x.org
 for help. 
[  1425.716] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[  1425.717] (EE) 


Reproducible: Always
Comment 1 Alexander Tsoy 2013-10-24 14:47:44 UTC
IIRC I had the same problem with radeon. Currently I'm using the following workaround (load fb before glamoregl):

$ cat /etc/X11/xorg.conf.d/10-glamor.conf 
Section "Module"
    Load  "dri2"
    Load  "fb"
    Load  "glamoregl"
EndSection
Comment 2 Alexander Tsoy 2013-10-24 21:05:44 UTC
I suspect "DRIVER=yes" is needed in ebuild (before inherit xorg-2) or "append-ldflags -Wl,-z,lazy". But I didn't test it yet.
Comment 3 Alexander Tsoy 2013-10-24 21:39:52 UTC
Created attachment 361844 [details, diff]
glamor-0.5.1.ebuild.patch

This patch fixes the issue.

(In reply to Alexander Tsoy from comment #2)
> I suspect "DRIVER=yes" is needed in ebuild (before inherit xorg-2)

Not a good idea since DRIVER is not an eclass variable.
Comment 4 wippie 2013-10-26 09:35:42 UTC
I can confirm the bug with the radeon driver on hardened profile.

[     8.546] (II) LoadModule: "radeon"
[     8.546] (II) Loading /usr/lib/xorg/modules/drivers/radeon_drv.so
[     8.570] (EE) Failed to load /usr/lib/xorg/modules/drivers/radeon_drv.so: /usr/lib64/libglamor.so.0: undefined symbol: fbCopyPlane
[     8.570] (II) UnloadModule: "radeon"
[     8.570] (II) Unloading radeon
[     8.570] (EE) Failed to load module "radeon" (loader failed, 7)

I can also confirm that the glamor-0.5.1.ebuild.patch work with the radeon driver, without any modifications to /etc/X11/xorg.conf.d/10-glamor.conf
Comment 5 Herbert Wantesh 2013-10-26 16:49:30 UTC
after the latest update i get x11 crashes:


xorg.log is attached

glamor is merged like this
[ebuild  N     ] x11-libs/glamor-0.5.1  USE="-gles -static-libs" 0 kB


in /var/log/messages i have stuff like this:

[34684.401079] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/bin/xinit[xinit:10402] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/startx[startx:10386] uid/euid:1000/1000 gid/egid:1000/1000

only one line of the xinit message but more of this

[34692.475814] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.477905] grsec: denied resource overstep by requesting 30 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.478161] grsec: denied resource overstep by requesting 29 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.478400] grsec: denied resource overstep by requesting 28 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.478633] grsec: denied resource overstep by requesting 27 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.478853] grsec: denied resource overstep by requesting 26 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:10573] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:10572] uid/euid:1000/1000 gid/egid:1000/1000
[34692.479069] grsec: more alerts, logging disabled for 10 seconds
Comment 6 Herbert Wantesh 2013-10-26 16:51:12 UTC
Created attachment 361988 [details]
xorg.log from the crash
Comment 7 Herbert Wantesh 2013-10-26 17:30:55 UTC
sorry on this machine x11-drivers/xf86-video-intel-2.99.905 was merged which was triggering the crashes. but it was merged without glamor use flag enabled. 903 still gives me with glamor enabled - 

[ 37690.531] (II) Module glx: vendor="X.Org Foundation"
[ 37690.531]    compiled for 1.14.3, module version = 1.0.0
[ 37690.531]    ABI class: X.Org Server Extension, version 7.0
[ 37690.531] (==) AIGLX enabled
[ 37690.531] Loading extension GLX
[ 37690.531] (II) LoadModule: "intel"
[ 37690.531] (II) Loading /usr/lib64/xorg/modules/drivers/intel_drv.so
[ 37690.532] (EE) Failed to load /usr/lib64/xorg/modules/drivers/intel_drv.so: /usr/lib64/libglamor.so.0: undefined symbol: fbCopyPlane
[ 37690.532] (II) UnloadModule: "intel"
[ 37690.532] (II) Unloading intel
[ 37690.532] (EE) Failed to load module "intel" (loader failed, 7)
[ 37690.532] (EE) No drivers available.
[ 37690.532] (EE) 
Fatal server error:
[ 37690.533] (EE) no screens found(EE) 
[ 37690.533] (EE) 
Please consult the The X.Org Foundation support 
         at http://wiki.x.org
 for help. 
[ 37690.535] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[ 37690.536] (EE)
Comment 8 Herbert Wantesh 2013-10-26 17:33:26 UTC
current setup which doesnt work:

[ebuild   R   ~] x11-drivers/xf86-video-intel-2.99.903  USE="dri sna udev uxa xvmc -glamor" 0 kB
[ebuild   R    ] x11-libs/glamor-0.5.1  USE="gles -static-libs" 0 kB
Comment 9 Herbert Wantesh 2013-10-26 17:34:26 UTC
current setup which work:

[ebuild   R   ~] x11-drivers/xf86-video-intel-2.99.903  USE="dri sna udev uxa xvmc -glamor" 0 kB
[ebuild   R    ] x11-libs/glamor-0.5.1  USE="gles -static-libs" 0 kB


this setup doesn't:

[ebuild   R   ~] x11-drivers/xf86-video-intel-2.99.903  USE="dri sna udev uxa xvmc glamor" 0 kB
[ebuild   R    ] x11-libs/glamor-0.5.1  USE="gles -static-libs" 0 kB

sorry for the noise
Comment 10 Alexander Tsoy 2013-11-04 21:02:24 UTC
(In reply to Alexander Tsoy from comment #3)
> Created attachment 361844 [details, diff] [details, diff]
> glamor-0.5.1.ebuild.patch
> 
> This patch fixes the issue.

@x11:
Please, take a look. The same ldflags are appended for xorg-server and all drivers. Related lines from xorg-2.eclass:

[[ ${PN} == xf86-video-* || ${PN} == xf86-input-* ]] && DRIVER="yes"
...
[[ ${PN} = xorg-server || -n ${DRIVER} ]] && append-ldflags -Wl,-z,lazy
Comment 11 Herbert Wantesh 2013-11-05 15:00:20 UTC
same problem here with x11-drivers/xf86-video-intel-2.99.905-r1 [glamor] but 905-r1 brings in a new regression that creates random xorg crashes (with the glamor use flag disabled can't test with galmor as xorg doesnt come up ...)
Comment 12 Sergey Popov gentoo-dev 2013-11-07 10:53:59 UTC
*** Bug 490074 has been marked as a duplicate of this bug. ***
Comment 13 Herbert Wantesh 2013-11-18 12:27:52 UTC
problem still not fixed with x11-drivers/xf86-video-intel-2.99.906
Comment 14 Alexander Tsoy 2013-11-20 21:19:21 UTC
(In reply to puchu from comment #13)
> problem still not fixed with x11-drivers/xf86-video-intel-2.99.906

This is actually a glamor bug. Please try the attached patch, which disables full RELRO.
Comment 15 Herbert Wantesh 2013-11-21 12:10:25 UTC
applying the patch fixes the problem.

another question - the only completly working intel driver is 903, 905 has random crashes and 906 some drawin problems in at least claws-mail. should i create a bug report on gentoo or on freedesktop?
Comment 16 Magnus Granberg gentoo-dev 2013-11-24 14:15:42 UTC
Created attachment 363898 [details, diff]
append lazy if now (hardened compiler)

We check if we have the hardened compiler and append
lazy when linking.
x11 is this okay?
Comment 17 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-11-24 14:32:22 UTC
Looks ok to me. Feel free to apply.
Comment 18 Magnus Granberg gentoo-dev 2013-11-24 20:53:10 UTC
glamor 0.5.1 fixed in cvs
Comment 19 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-11-25 09:01:16 UTC
This needed a revbump. I moved the change to 0.5.1-r1.
Comment 20 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-01-13 13:07:52 UTC
*** Bug 497928 has been marked as a duplicate of this bug. ***