I have exactly the same problem described in bug 411439 but with emacs-24.2 (latest stable on hardened profile) and sys-kernel/hardened-sources-3.7.4-r1 and sys-devel/gcc-4.6.3.
Workaround is to disable randomize_va_space for the compile step and reenable it afterwards.
echo "0" > /proc/sys/kernel/randomize_va_space
echo "1" > /proc/sys/kernel/randomize_va_space
Steps to Reproduce:
Dumping under the name emacs
Warning: Your system has a gap between BSS and the
heap (15854248 bytes). This usually means that exec-shield
or something similar is in effect. The dump may
fail because of this. See the section about
exec-shield in etc/PROBLEMS for more information.
/bin/sh: Zeile 6: 29064 Speicherzugriffsfehler `/bin/pwd`/temacs --batch --load loadup bootstrap
a working emacs
mediaserv-gentoo ~ # emerge --info
Portage 220.127.116.11 (hardened/linux/amd64/selinux, gcc-4.6.3, glibc-2.15-r3, 3.7.4-hardened-r1 x86_64)
System uname: Linux-3.7.4-hardened-r1-x86_64-AMD_A4-3300_APU_with_Radeon-tm-_HD_Graphics-with-gentoo-2.1
KiB Mem: 3515788 total, 52832 free
KiB Swap: 16383996 total, 16345136 free
Timestamp of tree: Mon, 11 Feb 2013 22:45:01 +0000
ld GNU ld (GNU Binutils) 2.22
distcc 3.1 x86_64-pc-linux-gnu [enabled]
dev-lang/python: 2.7.3-r2, 3.2.3
sys-devel/autoconf: 2.13, 2.69
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
Repositories: gentoo luman lua gnustep sunrise x-dragon
CFLAGS="-O2 -march=amdfam10 -mcx16 -mpopcnt -pipe"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/redmine/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /var/lib/redmine/config/locales /var/lib/redmine/config/settings.yml"
CXXFLAGS="-O2 -march=amdfam10 -mcx16 -mpopcnt -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/var/lib/layman/luman /var/lib/layman/lua /var/lib/layman/gnustep /var/lib/layman/sunrise /var/lib/layman/dragon"
USE="3dnow 3dnowext X amd64 berkdb bindist bzip2 cli cracklib crypt cxx dbus dri gdbm gnutls gpm hardened iconv ipv6 justify ldap ldapdb memcached mmx mmxext modules mudflap multilib mysql ncurses nls nptl open_perms openldap openmp pam pax_kernel pcre readline selinux session sse sse2 sse3 sse4a ssl tcpd unicode urandom zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_http proxy_balancer header" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Created attachment 338712 [details]
Does building of emacs-23.4-r4 succeed?
Can you build emacs-24.2 with a previous hardened kernel version?
No emacs-23.4-r4 doesn't work either.
I can't test another kernel because I can't restart this (server)machine all the time. The only reason I'm not using the stable hardened-sources is because they failed to build with an error. Maybe I can test it with another (older) hardened-kernel in some days...
@hardened-kernel team: Can you reproduce this?
It can be seen in the build.log that a "/sbin/paxctl -r temacs" is done, but temacs fails in unexec in spite of this.
The kernel seems to be the problem. I updated to 3.7.6-hardened and emacs is emerging without error. 3.7.4 seems to be making a lot of problems as some other problems disappeared as well. Thanks for the hint.
hardened-sources-3.7.5 and 3.7.6 both break emacs-24.2 here, unless I set randomize_va_space=0 (1 doesn't work, and my default is 2). Maybe there's some other PaX parameter I have that's causing it to fail?
emacs-23.4-r4 didn't work for me either. I'm on stable amd64 with the hardened profile.
Just an idea and a setting I changed from 3.7.4 to 3.7.6 ...
do you use PAX_KERNEXEC_PLUGIN_METHOD_BTS or PAX_KERNEXEC_PLUGIN_METHOD_OR?
I had the problems with 3.7.4 and PAX_KERNEXEC_PLUGIN_METHOD_OR, the problems disappeared when I switched to 3.7.6 and PAX_KERNEXEC_PLUGIN_METHOD_BTS.
I had no opportunity to test this any futher though.
(In reply to comment #7)
> I had the problems with 3.7.4 and PAX_KERNEXEC_PLUGIN_METHOD_OR
what problems exactly? that setting is for a kernel self-protection feature, it should not affect userland in any way...
For example the bug this thread is all about.
This was the only setting I was playing around with, everything else was from the gentoo hardening handbook. Everything is working for me since the upgrade to 3.7.6. Thats why I asked for that settings. It is very well possible that I'm on the wrong track.
I figured out what the issue is for me. I'd switched over to XATTR_PAX_FLAGS=y, PT_PAX_FLAGS=n... And of course the patch for #411439 uses paxctl which only sets PT flags. Would it be possible to have the emacs build system prefer paxctl-ng to paxctl, if installed? Is paxctl-ng "standard" now?
(No problems with PAX_KERNEXEC_PLUGIN_METHOD_OR here.)
(In reply to comment #10)
> Would it be possible to have the emacs build system prefer paxctl-ng
> to paxctl, if installed?
Sure. Prepare a patch and submit it to Emacs upstream. It's already too late for Emacs 24.3, but you may convince them to include it in 24.4. We can backport the changes to existing versions once they've been accepted upstream.
(Thinking about it, our previous paxctl changes for Emacs submitted at http://debbugs.gnu.org/11398 will appear only in the next upstream release, namely 24.3. Extrapolating this, we'll likely be reiterating for paxctl-ds9 or paxctl-voy at the time of the 24.4 release. ;-)
(In reply to comment #10)
> I figured out what the issue is for me. I'd switched over to
> XATTR_PAX_FLAGS=y, PT_PAX_FLAGS=n... And of course the patch for #411439
> uses paxctl which only sets PT flags. Would it be possible to have the
> emacs build system prefer paxctl-ng to paxctl, if installed? Is paxctl-ng
> "standard" now?
> (No problems with PAX_KERNEXEC_PLUGIN_METHOD_OR here.)
Once the new eclass is in place, this bug will not happen. See bug #431092.
(In reply to comment #12)
> Once the new eclass is in place, this bug will not happen. See bug #431092.
That's not right, since paxctl is called by the upstream build system. The emacs ebuilds don't inherit pax-utils.eclass.
*** Bug 480526 has been marked as a duplicate of this bug. ***
*** Bug 490626 has been marked as a duplicate of this bug. ***
This is affecting the build of the admin-cd, ever since I switched my host to use XATTR_PAX_FLAGS.
Created attachment 366582 [details, diff]
Use the shell version of pax-utils.eclass
It use the shell version of pax-utils.eclass instead of paxctl
it depend on sys-apps/elfix
(In reply to Magnus Granberg from comment #17)
> Created attachment 366582 [details, diff] [details, diff]
> Use the shell version of pax-utils.eclass
> It use the shell version of pax-utils.eclass instead of paxctl
> it depend on sys-apps/elfix
Can you submit this to Emacs upstream, please?
Also, from the logic in paxmark.sh, the final emacs binary would end up with some extended attributes? (The Makefile does "$(PAXCTL) -zex emacs", with the intention to remove any previously set flags.)
Hopefully fixed in emacs-24.3-r2 and emacs-23.4-r6. No revbump, because it is a build failure and installed files are unchanged.
For reference, patches are here:
(In reply to Ulrich Müller from comment #20)
> Please test.
<jmbsvicetto> ulm: >>> Installing (136 of 269) app-editors/emacs-24.3-r2
<jmbsvicetto> ulm: :)
Reported upstream: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16343
Fixed in bzr upstream: