Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 374289 - www-clients/firefox-5.0-r2 mmap loog on PaX&hardened system
Summary: www-clients/firefox-5.0-r2 mmap loog on PaX&hardened system
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-06 23:09 UTC by Anton Kochkov
Modified: 2015-01-26 21:40 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
strace -v output (firefox.log,122.03 KB, text/plain)
2011-07-06 23:09 UTC, Anton Kochkov
Details
emerge --info log (emerge_info.log,14.12 KB, text/plain)
2011-07-06 23:10 UTC, Anton Kochkov
Details
Configuration file to disable jit (nojit.js,267 bytes, text/plain)
2011-07-11 07:18 UTC, Christian Apeltauer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Kochkov 2011-07-06 23:09:01 UTC
Created attachment 279285 [details]
strace -v output

Building firefox-5.0-r2 from main gentoo tree.
Building is ok. but firefox doesnt start.
Attaching strace
Comment 1 Anton Kochkov 2011-07-06 23:10:27 UTC
Created attachment 279287 [details]
emerge --info log
Comment 2 Christian Apeltauer 2011-07-11 07:18:35 UTC
Created attachment 279715 [details]
Configuration file to disable jit

I think the problem is due to jit not fully disabled (despite USE=-methodjit being set on hardened). The attached file should be put in
/usr/lib/{firefox,icecat,seamonkey}/defaults/pref
It disables any jit support by default and the browser should come up. It least it did the trick for me with seamonkey and icecat on hardened amd64.
Comment 3 Sven Vermeulen 2011-07-12 18:53:34 UTC
Here it started, but the moment I tried something like opening a new tab, it crashed. Putting the file as offered by Christian in the suggested location fixed this indeed.
Comment 4 Anton Kochkov 2011-07-12 18:59:58 UTC
(In reply to comment #2)
> Created attachment 279715 [details]
> Configuration file to disable jit
> 
> I think the problem is due to jit not fully disabled (despite USE=-methodjit
> being set on hardened). The attached file should be put in
> /usr/lib/{firefox,icecat,seamonkey}/defaults/pref
> It disables any jit support by default and the browser should come up. It least
> it did the trick for me with seamonkey and icecat on hardened amd64.

Your patch doesnt help me
Comment 5 Graham Murray 2011-08-10 09:36:19 UTC
I am seeing the same problem on a non-hardened (and therefore non PAX) kernel with just hardened toolchain. The presence of the nojit.js file makes no difference. However if I select the i686-pc-linux-gnu-4.5.3-hardenednopie gcc profile and rebuild firefox, it runs OK (without the nojit.js).
Comment 6 Constantine Kardaris 2011-08-16 16:27:59 UTC
same problem, started after rebuilding everything with gcc hardened 4.5.3 from stable gcc.
Comment 7 Constantine Kardaris 2011-11-03 17:45:39 UTC
seems that have to do with a linker's bug

http://sourceware.org/bugzilla/show_bug.cgi?id=12654

after applying the binutils patch and re-emerging firefox starts fine again
Comment 8 Anton Kochkov 2011-11-07 15:54:46 UTC
Bug is still here for Firefox-7.0 and even Firefox-8.0 (with old gcc - 4.5.2)
Comment 9 Anthoine Bourgeois 2012-01-21 01:27:05 UTC
(In reply to comment #7)
> seems that have to do with a linker's bug
> 
> http://sourceware.org/bugzilla/show_bug.cgi?id=12654
> 
> after applying the binutils patch and re-emerging firefox starts fine again

And so firefox 7.0 and 8.0. The fix above is include in instable binutils-2.22-r1 only.
Note there is two problem here:
1/ The mmap loop on PAX kernel is fixed with paxctl -r (see #396275)
2/ The pie lock on hardened toolchain is fixed with linker's patches above (and binutils-2.22-r1 by the way, see #390911)

The problem is the patches aren't backported to a stable version then stable users can launch firefox 7.0, 8.0
Comment 10 Anton Kochkov 2014-11-27 14:33:27 UTC
Can this bug be closed now? I guess it not actual anymore?
Comment 11 Anthoine Bourgeois 2014-11-27 14:43:25 UTC
(In reply to Anton Kochkov from comment #10)
> Can this bug be closed now? I guess it not actual anymore?

I think so. Bugs #396275 and #390911 are resolved and binutils-2.22-r1 is stable.