Bug 611520

Summary:	app-emulation/virtualbox-5.1.14: does not build on hardened-sources 4.9.13-hardened with PAX anabled (paging based non-executabe pages)
Product:	Gentoo Linux	Reporter:	xdev52
Component:	Hardened	Assignee:	The Gentoo Linux Hardened Team <hardened>
Status:	RESOLVED FIXED
Severity:	major	CC:	xdev52
Priority:	Normal
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	inux kernel config -hardened, grsec, PAX

Description xdev52 2017-03-03 13:07:44 UTC

/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxTpG/VBoxTpG -64 -h --host-64-bit  --ring-0-context-agnostic -o "/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/RuntimeR0/dtrace/dtrace/VBoxVMM.h" -s "/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/src/VBox/VMM/VBoxVMM.d"
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxAPIWrap/dtrace/dtrace/VBoxAPI.h] Error 1
kmk: *** Waiting for unfinished jobs....
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/RuntimeR0/dtrace/dtrace/VBoxVMM.h] Error 1
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxRT/dtrace/dtrace/iprt.h] Error 1
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/lib/RuntimeBldProg.a(ldrkStuff.o): warning: relocation in readonly section `.rodata'
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in a shared object.
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/lib/RuntimeBldProg.a(ldrkStuff.o): warning: relocation in readonly section `.rodata'
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in a shared object.
kmk: *** Exiting with status 2


Reproducible: Always

Steps to Reproduce:
1.enable hardened-sources 4.9.13-hardened with PAX anabled (paging based non-executabe pages)
2.~amd64
3.
Actual Results:  
/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxTpG/VBoxTpG -64 -h --host-64-bit  --ring-0-context-agnostic -o "/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/RuntimeR0/dtrace/dtrace/VBoxVMM.h" -s "/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/src/VBox/VMM/VBoxVMM.d"
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxAPIWrap/dtrace/dtrace/VBoxAPI.h] Error 1
kmk: *** Waiting for unfinished jobs....
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/RuntimeR0/dtrace/dtrace/VBoxVMM.h] Error 1
kmk: *** [/var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/obj/VBoxRT/dtrace/dtrace/iprt.h] Error 1
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/lib/RuntimeBldProg.a(ldrkStuff.o): warning: relocation in readonly section `.rodata'
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in a shared object.
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-emulation/virtualbox-5.1.14/work/VirtualBox-5.1.14/out/linux.amd64/release/lib/RuntimeBldProg.a(ldrkStuff.o): warning: relocation in readonly section `.rodata'
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in a shared object.
kmk: *** Exiting with status 2


Expected Results:  
build virtualbox package

no dmesg output so it might be some build issue, virtualbox modules and additions are building fine.

ebuild     U  ] app-emulation/virtualbox-5.1.14::gentoo [5.1.10::gentoo] USE="alsa lvm opengl pam pax_kernel%* qt5 udev -debug -doc -headless -java -libressl -pulseaudio -python -sdk -vboxwebsrv -vnc" PYTHON_TARGETS="python2_7" 0 KiB

Comment 1 xdev52 2017-03-03 15:50:58 UTC

Linux-4.9.13-hardened-x86_64-Intel-R

sh bash 4.4_p12
ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1
ccache version 3.3.4 [enabled]
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.24.1::gentoo
dev-lang/python:          2.7.13::gentoo, 3.4.6::gentoo, 3.5.3::gentoo
dev-util/ccache:          3.3.4::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.22.4::gentoo
sys-apps/sandbox:         2.10-r3::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.26.1::gentoo
sys-devel/gcc:            5.4.0-r2::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.9::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r3::gentoo

Comment 2 Magnus Granberg gentoo-dev

2017-03-03 19:22:23 UTC

Kernel config

Comment 3 xdev52 2017-03-03 20:10:19 UTC

Created attachment 465860 [details]
inux kernel config -hardened, grsec, PAX

Comment 4 xdev52 2017-03-03 20:13:42 UTC

(In reply to Magnus Granberg from comment #2)
> Kernel config

Done.

Comment 5 Magnus Granberg gentoo-dev

2017-03-03 23:05:41 UTC

Rebuild the kernel and have CONFIG_PAX_XATTR_PAX_FLAGS set

Comment 6 xdev52 2017-03-16 16:08:00 UTC

It helped and it's fine right now. However I suppose it has disabled this check and give attributes to allow memory r/w... so it seems to me as walk around and bug is still there... Anyway, we can close this topic.