i686-pc-linux-gnu-gcc -Wall -DLOCALEDIR=\"/usr/share/locale\" -DI386 -O2 -march=i686 -mtune=athlon-mp -pipe -Wl,-O1 -Wl,--as-needed -o fuser fuser.o signals.o /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/../../../../i686-pc-linux-gnu/bin/ld: fuser.o: warning: relocation in readonly section `.altinstructions'. /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/../../../../i686-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in a shared object. The function to blame is located in src/lists.h: extern inline void attribute((used,__gnu_inline__,always_inline,__artificial__)) prefetch(const void *restrict x) { #if defined(__x86_64__) asm volatile ("prefetcht0 %0" :: "m" (*(unsigned long *)x)) #elif defined(__ia64__) asm volatile ("lfetch [%0]" :: "r" (x)) #elif defined(__powerpc64__) asm volatile ("dcbt 0,%0" :: "r" (x)) #elif 1 && defined(__i386__) asm volatile ("661:\n\t" ".byte 0x8d,0x74,0x26,0x00\n" "\n662:\n" ".section .altinstructions,\"a\"\n" " .align 4\n" " .long 661b\n" " .long 663f\n" " .byte %c0\n" " .byte 662b-661b\n" " .byte 664f-663f\n" ".previous\n" ".section .altinstr_replacement,\"ax\"\n" " 663:\n\t" " prefetchnta (%1)" " \n664:\n" ".previous" :: "i" ((0*32+25)), "r" (x)) #else __builtin_prefetch ((x), 0, 1); #endif ; } According to changes: +Changes in 22.14 +================ + * Fix file descriptor as weel as memory leaks in fuser + * Strip @ symbol from file names read from /proc/net/unix + * Above 2 changes close openSuSE bugs #536209, #529520, and #417841 + and provided by Werner Fink + * Applied patch from Werner Fink to avoid stat(2) on NFS mounts + * Zeros process group memory - Patch by jgorig SF#3152925 RH#666213 + * fuser -m -s flags work - Patch by jgorig SF#31110178 RH#651794 + * fuser silent if /proc/swaps not available SF#3072134 + * ppc 64 support for peekfd by jgorig SF#3166444 + * jiffies now ULL in killall SF#3138538 + * pstree can show parents of a process. Patch supplied by Curtis + Hawthorne SF#3135157 + * killall creates right size buffer instead of MAX_PATH Debian #623425 + * check for /proc/$$/stat not /proc/self/stat which is not available + on hurd platforms. Same Debian bug as above + * fuser understands IPv6 addresses, removed comment in fuser.1 that it + doesn't Debian #609904 + * fuser -k only returns 0 if you kill something. + * fuser doesn't complain if /proc/#/fd disappears SF#3310990 Reproducible: Always
Please post your `emerge --info' output in a comment.
(In reply to comment #1) > Please post your `emerge --info' output in a comment. Portage 2.1.10.11 (hardened/linux/x86, gcc-4.5.3, glibc-2.13-r4, 3.1.1-hardened-r1 i686) ================================================================= System uname: Linux-3.1.1-hardened-r1-i686-AMD_Athlon-TM-_MP_2600+-with-gentoo-2.0.3 Timestamp of tree: Sun, 11 Dec 2011 22:00:01 +0000 ccache version 3.1.6 [disabled] app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2-r3, 3.1.4-r3 dev-util/ccache: 3.1.6 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.4 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.4_p6-r1, 1.5-r1, 1.6.3::<unknown repository>, 1.7.9-r2, 1.8.5-r3, 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.4.6-r1, 4.5.3-r1 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 3.1 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo x-portage hardened-dev anarchy x-overlay ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -mtune=athlon-mp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/mozilla/defaults/pref /usr/share/gnupg/qualified.txt /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -mtune=athlon-mp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ http://gentoo.inode.at/" LANG="hu_HU.utf8" LC_ALL="hu_HU.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="hu en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/hardened-development /var/lib/layman/anarchy /home/atoth/public_html/overlay" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="32bit 3dnow 3dnowext 7zip GNU R X X509 Xaw3d a52 aac aalib acl acpi aiglx aio aisleriot alaw alsa amr aotuv apache2 apng applet archive ares asf atmo audio audiofile bash-completion bazaar bcmath bdf berkdb bind binfilter bitmap-fonts bittorrent blas bluetooth bonobo boost branding browserplugin bugzilla bzip2 cairo calendar canvas caps cdaudio cdda cddax cddb cdio cdparanoia cdr cdrom celt cgi chardet charmap checkpath cheese clamdtop cli clutter colord consolekit contentcache context contrib coverage cracklib cramfs crashreporter crypt css ctype cue cups curl curlwrappers cvs cxx dba dbm dbus dcmtk ddate deskbar detex devhelp device-mapper dga dhcp dia dicom dirac disassembler discard-path divx divx4linux djbfft djvu dlloader dmi dnsrbl doc-pdf dot dri dselect dtmf dts dv dvd dvdnav dvdr dvdread dvi dvi2tty dvipdfm eap-sim ecap eds egl elf embed emerald enca enchant encode enscript epiphany epoll evo exif expat extensions extra extrafilters extras faac faad fam fame fat fax ffmpeg fftw fileinfo finger firefox firefox-bookmarks flac flash flatfile flickr floppy fltk follow-xff fontconfig fontforge foomaticdb force-cgi-redirect fortran fpm fpx ftdi ftp g722 g729 gadu gajim galago gallium gbm gconf gd gdb gdbm gdl gdu gedit geoip gftp gif gimp gimpprint ginac git glade glchess gles glibc gme gmedia gmp gnet gnumeric gopher gpac gpg gphoto2 gpm graphics graphicsmagick graphviz groupwise gs gsf gsl gsm gstreamer gtalk gtk gtk2 gtk3 gtkhtml guile h224 h281 h323 hardened hash hdf5 hpcups hpijs html http hub icap-client iconv icu id3 id3tag idle idn iksemel ilbc imagemagick imap imlib inherit-graph inifile inkjar inode intl ipc iplayer iplsrc iptc irc irda ivr jabber jadetex java java-internal java6 javascript jemalloc jingle jpeg jpeg2k jpgraph jrtplib json kate kdrive kpathsea ladspa lame lapack latex latex3 lcms ldb libass libburn libcaca libffi libgda libkms libnl libnotify libplot libsamplerate libssh2 libv4l2 lightning llvm lm_sensors logging logitech-mouse loop-aes lua lyx lzma lzo lzw m17n-lib mad map matroska mbox mcal md5sum meanwhile memlimit mercurial mhash midi mikmod milter ming mjpeg mktemp mmap mmx mmxext mng mode-owner modules motif mozbranding mozcalendar mp2 mp3 mp4 mpeg mpeg1 mpeg2 mplayer mudflap multinetwork musepack mysql mysqli nautilus ncurses nemesi netlink network networking new-login nifti nls nntp nokia nopop3d nptl nptlonly nsplugin nss ntfs nut nuv oav ocr odbc odk ofx ogg oggvorbis ogm oidentd oil onaccess opencore-amr openct opendbx openexr opengl openmp openssl openvg optimisememory otr overload packagekit pam pam_chroot pam_ssh pam_timestamp pango passwd passwdqc paste64 pasteafter pax_kernel pccts pcmcia pcntl pcre pcsc-lite pda pdf pdfannotextractor pdfimport pdo pear perl phar php pic pidgin playlist plotutils png pnm policykit posix postscript ppds pppd prefixaq projectm pstricks publishers pvr python python2 qhull qt3support quicktime quota quotas rar rc5 rcs readline realmedia reflection reiserfs remoteosd replytolist rle rss rtc rtf samba sasl sbc scanner scenarios schroedinger science scp screen scripting sdl sdl-sound sdlgfx secure-delete seed sendmail sendto sensord serprog session sftplogging shared-dricore shared-glapi shm short-touchpad-timeout showlistmodes showtabbar sid sidebar sieve silc sip sipim skins slang smbsharemodes smime smp sms smtp sndfile soap socialweb sockets sound soundex soundtouch sourceview sox sparse speex spell spoof sqlite3 srt srtp sse ssh ssl ssp sspall startup-notification stats stun subtitles subversion sudoku suhosin svg svnserve swat sysfs syslog system-sqlite systray sysvipc t1lib taglib tagwriting tcl tcltk tcpd templates terminal tetex tex4ht tga themes theora threads threadsafe thunderbird tidy tiff tilepath tk tlen tokenizer toolbar tools topicisnuhost totem tracker transcode trayicon truetype truetype-fonts twolame type1-fonts type3 udev ulaw underscores unicode unlock-notify usb userlocales usermod utils v4l v4l2 vala valgrind vcd vcdinfo vcdx video vidix virus-scan vista visualization vlc vlm volpack vorbis vtk vxml wav wavplay webkit webm webp wifi wildcards wimax win32codecs winscp wma wmf wmp wps wxwidgets wxwindows x264 x86 xattr xcap xcb xchatdccserver xetex xforms xine xmedcon xml xml2 xmlreader xmlrpc xmlwriter xmp xnest xorg xpm xps xsl xulrunner xv xvfb xvid xvmc yahoo zip zlib zvbi" ALSA_CARDS="cmipci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias auth_digest version filter ident charset_lite asis dbd authn_dbd proxy proxy_ajp proxy_balancer proxy_connect proxy_http imagemap cgid substitute" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse acecad evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="hu en" PHP_TARGETS="php5-3 php5-4" RUBY_TARGETS="ruby18" SANE_BACKENDS="epson epson2 gt68xx ma1509 mustek mustek_usb mustek_usb2 plustek snapscan umax" USERLAND="GNU" VIDEO_CARDS="radeon v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
i suspect this isn't new to binutils-2.22. can you try building with 2.21.1-r1 and see ? i only have an amd64 hardened system ...
(In reply to comment #3) > i suspect this isn't new to binutils-2.22. can you try building with 2.21.1-r1 > and see ? i only have an amd64 hardened system ... You are right. I remove binutils from the title.
i don't think we're tracking TEXTRELs in applications ...
(In reply to comment #5) > i don't think we're tracking TEXTRELs in applications ... TEXTRELs must be taken care of. https://bugs.gentoo.org/buglist.cgi?quicksearch=textrel Hardened folk has some experience in it: http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml I'm not sure about the proper resolution of this bug.
(In reply to comment #6) you're confusing topics. TEXTRELs in shared libraries absolutely get fixed. TEXTRELs in executable programs are generally not. also, i'm aware of that guide considering i wrote it :P
(In reply to comment #7) > (In reply to comment #6) > > you're confusing topics. TEXTRELs in shared libraries absolutely get fixed. > TEXTRELs in executable programs are generally not. > > also, i'm aware of that guide considering i wrote it :P Oops... I wanted to say, that it's a nice guide! :-D I still don't like TEXTRELs even in binaries. Please take a look at on my idea below.
Created attachment 295857 [details, diff] Remove TEXTRELs for x86
Created attachment 295859 [details] Ebuild applies the patch conditionally Couldn't be possible to do something like this? Only users having hardened and pic USE flags are affected in case of an x86 install. I bet on slowing down, but I have no idea about the performance hit of using the builtin prefetch instead of the hardcoded default.
Comment on attachment 295857 [details, diff] Remove TEXTRELs for x86 the problem isn't so much in fixing the issue (although that is part of it). the bigger part is fixing it in a way that upstream will accept it. in this case, you probably only need to change the ifdef logic: -#elif 1 && defined(__i386__) +#elif defined(__i386__) && !defined(__PIC__)
Is this the reason that fuser fails on hardened x86, unless fixed with paxctl -m? gcc-4.4.5 binutils-2.21.1-r1
Try psmisc-22.15. And I'm finding hard to believe this has issues for hardened, looking at commits like: http://psmisc.git.sourceforge.net/git/gitweb.cgi?p=psmisc/psmisc;a=commit;h=9e046f6ee45c5ec3eb55f2a65e189c1622a02537
the issue is with PIE. that commit is SSP only. i don't think any other distro is doing system wide PIE like our hardened guys are.
*** Bug 401851 has been marked as a duplicate of this bug. ***
(In reply to comment #15) > *** Bug 401851 has been marked as a duplicate of this bug. *** This duplicate has one patch: https://bugs.gentoo.org/attachment.cgi?id=300719 If the problem is still present in 22.16 without one?
(In reply to comment #16) > (In reply to comment #15) > > *** Bug 401851 has been marked as a duplicate of this bug. *** > > This duplicate has one patch: > > https://bugs.gentoo.org/attachment.cgi?id=300719 > > If the problem is still present in 22.16 without one? 22.16 still has: #elif !defined(__CYGWIN__) && defined(__i386__) and no signs of !defined(__PIC__) so far. I hope for 22.17, and update my local repository...
(In reply to comment #17) > I hope for 22.17, and update my local repository... go ahead and explain the problem better at the newly opened upstream bug if you can because I don't use hardened, let alone PIE nor care about it https://sourceforge.net/tracker/?func=detail&aid=3504801&group_id=15273&atid=115273
Hi, no upstream response in 2 months, can anything be done?
(In reply to comment #19) > Hi, no upstream response in 2 months, can anything be done? Only if somebody would increase the priority of the upstrem bug... The patch is so simple!
should be all set now in the tree; thanks for the report! Commit message: Fix TEXTRELs when building fuser as a PIE http://sources.gentoo.org/sys-process/psmisc/files/psmisc-22.16-fuser-pic.patch?rev=1.1 http://sources.gentoo.org/sys-process/psmisc/psmisc-22.16.ebuild?r1=1.1&r2=1.2
