Summary: | sys-devel/clang-common-17 violates usersandbox in nvidia-drivers | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Christian Bricart <christian> |
Component: | Current packages | Assignee: | LLVM support project <llvm> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | christian, herrtimson, ionen, jordan.j, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/llvm/llvm-project/issues/67209 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
emerge --info
build.log sandbox.log |
Description
Christian Bricart
2023-09-20 15:17:17 UTC
Please include the full build.log & emerge --info. Created attachment 871007 [details]
emerge --info
Created attachment 871008 [details]
build.log
Created attachment 871009 [details]
sandbox.log
ftr a.out usage can be observed with just `clang -v` without -Wl,-z,relro (commented out, or clang-common-16): $ clang -v clang version 17.0.1 Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/lib/llvm/17/bin Configuration file: /etc/clang/x86_64-pc-linux-gnu-clang.cfg System configuration file directory: /etc/clang Selected GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/13 Candidate multilib: .;@m64 Candidate multilib: 32;@m32 Selected multilib: .;@m64 with -Wl,-z,relro (or similar, -Wl,-O1 does this too): $ clang -v clang version 17.0.1 Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/lib/llvm/17/bin Configuration file: /etc/clang/x86_64-pc-linux-gnu-clang.cfg System configuration file directory: /etc/clang Selected GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/13 Candidate multilib: .;@m64 Candidate multilib: 32;@m32 Selected multilib: .;@m64 "/usr/lib/llvm/17/bin/ld.lld" <snip> -o a.out <snip> ld.lld: error: undefined symbol: main >>> referenced by /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../lib64/Scrt1.o:(_start) clang: error: linker command failed with exit code 1 (use -v to see invocation) And if happen to be in a directory cannot write to (like /usr/src/linux), results in sandbox violations. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a9174554448aa4f7ec724d09b1b31d115e6063f commit 6a9174554448aa4f7ec724d09b1b31d115e6063f Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-09-20 16:12:56 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-09-20 16:30:27 +0000 x11-drivers/nvidia-drivers: workaround clang-common-17 sandbox issue Most kernel modules do not seem affected and it depends on the tests being performed, so workaround at least here while being looked at. Issue could affect other packages if they happen to e.g. cd / (for some reason) and use clang in certain ways for some tests, but likely not a widespread problem. Fortunately does not actually write these a.out and can get away with just addpredict (kept clang-only not to shadow issues). Bug: https://bugs.gentoo.org/914468 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild | 4 ++++ x11-drivers/nvidia-drivers/nvidia-drivers-470.199.02.ebuild | 4 ++++ x11-drivers/nvidia-drivers/nvidia-drivers-525.125.06.ebuild | 3 +++ x11-drivers/nvidia-drivers/nvidia-drivers-535.104.05.ebuild | 3 +++ x11-drivers/nvidia-drivers/nvidia-drivers-535.43.09.ebuild | 3 +++ 5 files changed, 17 insertions(+) *** Bug 914757 has been marked as a duplicate of this bug. *** |