When setting up a desktop with Gentoo Hardened and the KDE overlay with KDE Plasma 5, I encountered issues with KDE binaries that prevented me from reaching a desktop. Some of the warnings: [ 3134.164345] PAX: terminating task: /usr/lib64/libexec/kscreenlocker_greet(kscreenlocker_g):31268, uid/euid: 1000/1000, PC: 0000029f2df04000, SP: 0000039adaedfd18 [ 5056.890693] PAX: terminating task: /usr/bin/kdeinit5(ksmserver):7104, uid/euid: 1000/1000, PC: 00000325e7aa2000, SP: 000003ca66d57d18 [ 5249.074711] PAX: terminating task: /usr/bin/systemsettings5(systemsettings5):5666, uid/euid: 1000/1000, PC: 000003163c155000, SP: 000003f2cf866e98 Each of them was worked around by using: paxctl-ng -m $FILE. I had to mark: /usr/bin/sddm-greeter (for SDDM, the KDE login manager) /usr/bin/kwin_x11 (window manager) /usr/bin/krunner /usr/bin/plasmashell /usr/lib64/libexec/kscreenlocker_greet (needed to lock screen. without being marked, the desktop will lock up completely when locking.) /usr/bin/kdeinit5 /usr/bin/systemsettings5 Reproducible: Always
Add /usr/bin/kactivitymanagerd to the list. I had more issues after a reboot, and had to mark kde5init again, along with kactivitymanagerd for the first time. [ 75.882418] PAX: execution attempt in: (null), 00000000-00000000 00000000 [ 75.882423] PAX: terminating task: /usr/bin/kdeinit5(QXcbEventReader):4189, uid/euid: 1000/1000, PC: 00000326216ed379, SP: 000003261fcf1dd0 [ 75.882426] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? [ 75.882451] PAX: bytes at SP-8: 00000326216ed379 000003261fcf1e00 4a5734875f9e1f00 000003261fcf1e20 00000040c7b1d3a0 000003261fcf1e20 00000040c7b1d650 000003261fcf1e80 0000032632182b3a 0000000000000000 0000000000000000 [ 75.882472] grsec: bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for /usr/bin/kdeinit5[QXcbEventReader:4189] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/kdeinit5[kdeinit5:4179] uid/euid:1000/1000 gid/egid:1000/1000
It seems there is even more: Jun 22 00:17:15 laptop-mirka kernel: [ 48.380455] PAX: execution attempt in: <anonymous mapping>, 2d4fa8e9000-2d4fa8eb000 2d4fa8e9000 Jun 22 00:17:15 laptop-mirka kernel: [ 48.380458] PAX: terminating task: /usr/bin/ksplashqml(ksplashqml):6673, uid/euid: 10001/10001, PC: 000002d4fa8e9000, SP: 000003ffaa3493b8 Jun 22 00:17:15 laptop-mirka kernel: [ 48.380460] PAX: bytes at PC: 55 48 89 e5 48 83 ec 40 4c 89 65 f8 4c 89 75 f0 49 89 fe 4d Jun 22 00:17:15 laptop-mirka kernel: [ 48.380471] PAX: bytes at SP-8: 0000000000000000 000002d505fdd6dc 0000000ade2abf90 0000000000000000 0000000000000000 ffffffff00000000 000003ffaa349420 18d297dbd0ebe100 000003ffaa3494f0 0000000ade2abf90 000002d4e7707000 Jun 22 00:17:15 laptop-mirka kernel: [ 54.888159] PAX: execution attempt in: <anonymous mapping>, 26d2a1e3000-26d2a1e5000 26d2a1e3000 Jun 22 00:17:15 laptop-mirka kernel: [ 54.888165] PAX: terminating task: /usr/bin/krunner(krunner):6775, uid/euid: 10001/10001, PC: 0000026d2a1e3000, SP: 000003a07c538538 Jun 22 00:17:15 laptop-mirka kernel: [ 54.888168] PAX: bytes at PC: 55 48 89 e5 48 83 ec 40 4c 89 65 f8 4c 89 75 f0 49 89 fe 4d Jun 22 00:17:15 laptop-mirka kernel: [ 54.888189] PAX: bytes at SP-8: 0000000000000000 0000026d3e9396dc 0000002a5c71b600 0000000000000000 0000000000000000 ffffffff00000000 000003a07c5385a0 d956f310c29f9100 000003a07c538670 0000002a5c71b600 0000026d17800000 Jun 22 00:17:15 laptop-mirka kernel: [ 54.932489] PAX: execution attempt in: <anonymous mapping>, 2ecddf86000-2ecddf88000 2ecddf86000 Jun 22 00:17:15 laptop-mirka kernel: [ 54.932493] PAX: terminating task: /usr/bin/kwin_x11(kwin_x11):6773, uid/euid: 10001/10001, PC: 000002ecddf86000, SP: 0000038275c85fb8 Jun 22 00:17:15 laptop-mirka kernel: [ 54.932496] PAX: bytes at PC: 55 48 89 e5 48 83 ec 40 4c 89 65 f8 4c 89 75 f0 49 89 fe 4d Jun 22 00:17:15 laptop-mirka kernel: [ 54.932506] PAX: bytes at SP-8: 0000000000000000 000002eced87f6dc 000000199b7968a0 0000000000000000 0000000000000000 ffffffff00000000 0000038275c86020 ed9e9a8cc9052c00 0000038275c860f0 000000199b7968a0 000002ecd5147000 Jun 22 00:17:15 laptop-mirka kernel: [ 55.003903] PAX: execution attempt in: <anonymous mapping>, 31ba9b8e000-31ba9ba0000 31ba9b8e000 Jun 22 00:17:15 laptop-mirka kernel: [ 55.003908] PAX: terminating task: /usr/bin/plasmashell(plasmashell):6780, uid/euid: 10001/10001, PC: 0000031ba9b8e000, SP: 000003f0a56e72c8 Jun 22 00:17:15 laptop-mirka kernel: [ 55.003910] PAX: bytes at PC: 55 48 89 e5 48 83 ec 40 4c 89 65 f8 4c 89 75 f0 49 89 fe 4d Jun 22 00:17:15 laptop-mirka kernel: [ 55.003921] PAX: bytes at SP-8: 0000000000000000 0000031ba73006dc 000000790a0e3cc0 0000000000000000 0000000000000000 ffffffff00000000 000003f0a56e7330 0c35c00c3d188300 000003f0a56e7400 000000790a0e3cc0 0000031b8cb11000
emerge --info?
Created attachment 405570 [details] Emerge.info
Do you have jit enable on any packages?
I disabled jit globally, long time ago.
(In reply to Magnus Granberg from comment #5) > Do you have jit enable on any packages? I also have jit disabled globally. Let me know if I can provide any more information. I don't have KDE 5 installed for the time being. I do, however, have KDE 4 which works fine without any issues on Hardened. I'd really like to be able to run 5! My emerge info, just in case it's helpful: Portage 2.2.18 (python 2.7.9-final-0, hardened/linux/amd64/no-multilib, gcc-4.9.2, glibc-2.20-r2, 3.18.9-hardened x86_64) ================================================================= System uname: Linux-3.18.9-hardened-x86_64-Intel-R-_Core-TM-_i3-2310M_CPU_@_2.10GHz-with-gentoo-2.2 KiB Mem: 3898416 total, 406452 free KiB Swap: 7812496 total, 7812496 free Timestamp of repository gentoo: Sun, 14 Jun 2015 00:45:01 +0000 sh bash 4.3_p33-r2 ld GNU ld (Gentoo 2.24 p1.4) 2.24 distcc 3.1 x86_64-pc-linux-gnu [disabled] app-shells/bash: 4.3_p33-r2::gentoo dev-lang/perl: 5.20.2::gentoo dev-lang/python: 2.7.9-r1::gentoo, 3.3.5-r1::gentoo dev-util/cmake: 2.8.12.2-r1::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.16.4::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.10.3-r1::gentoo, 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc: 4.8.4::gentoo, 4.9.2::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r2::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ikelos location: /var/lib/layman/ikelos masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.halifax.rwth-aachen.de/gentoo/ http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ rsync://mirror.bytemark.co.uk/gentoo/ http://mirror.qubenet.net/mirror/gentoo/ ftp://ftp.mirrorservice.org/sites/distfiles.gentoo.org/" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="X aac aacplus acl alsa amd64 apng aspell avx berkdb bzip2 cli cracklib crypt cryptsetup cxx dbus declarative dri exif flac fontconfig gcj gdbm gnome gstreamer gtk gudev hardened iconv ipod ipv6 justify kde kipi libkms libproxy lock lvm matroska minizip mmx mmxext modules mozilla mp3 ncurses nls nptl ogg oggvorbis opengl openmp opus otr pam pax_kernel pcre phonon pic pie plasma png policykit popcnt pulseaudio qml qt3support qt4 readline seccomp semantic-desktop session smp sna socks5 spice sqlite sse sse2 sse3 sse4_1 sse4_2 ssh-agent ssl ssp ssse3 startup-notification svg tcpd theora threads thunar truetype udev udisks unicode urandom vaapi vdpau vorbis vpx widgets xa xattr xcomposite xinerama xscreensaver xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="intel i915" XFCE_PLUGINS="brightness clock battery power" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Duplicate of bug #556032?
Please test with new qtscript-5.4.2-r1. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8600971440ca101445b80a7fb012a87de53d41f0
After compilation of the patched qtscript, the problem still persists.
Created attachment 409930 [details] Backtrace of the kwin_x11
Created attachment 409932 [details] Backtrace of krunner.
It seems, that qtdeclarative needs also the jit use flag.
(In reply to Miroslaw Mieszczak from comment #13) > It seems, that qtdeclarative needs also the jit use flag. @qt: is this possible?
Oh, I'm surprised nobody reported this problem earlier... (In reply to Michael Palimaka (kensington) from comment #14) > (In reply to Miroslaw Mieszczak from comment #13) > > It seems, that qtdeclarative needs also the jit use flag. > > @qt: is this possible? It is certainly possible, as upstream is forced to support non-JIT code paths for iOS and winRT platforms, even on arches where the JIT would normally be available (x86/amd64/arm). Unfortunately however, the build system does not seem to have a switch to forcefully turn it off. I'll come up with a patch.
Please try with qtdeclarative-5.4.2-r1 and let me know ASAP, as the stabilization of 5.4.2 is already underway.
I checked with the updated qdeclarative. And now everything seems to work fine. Thank you for the good job.
qtdeclarative patch is broken in 5.15.3 by upstream commit 35169531 and needs a rebase. Do we still need it, otoh? Anyway, I notice https://invent.kde.org/qt/qt/qtdeclarative/-/commit/561a2cec9b95b22783a00b48078b532010357066 added a qml-jit feature switch. Maybe we can use that instead of conditional patching?
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d2fc2f854d705b00e8e9e62f1fed04b14fbca6 commit 97d2fc2f854d705b00e8e9e62f1fed04b14fbca6 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-03-22 13:16:21 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-03-22 13:19:28 +0000 dev-qt/qtdeclarative: Fix IUSE=jit by using qml-jit feature switch Closes: https://bugs.gentoo.org/551318 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtdeclarative/qtdeclarative-5.15.3.ebuild | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=56cf1c25f6c7c35a06adb2751cd8427640143d4e commit 56cf1c25f6c7c35a06adb2751cd8427640143d4e Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-03-22 13:16:21 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-03-24 09:31:04 +0000 dev-qt/qtdeclarative: Fix IUSE=jit by using qml-jit feature switch Closes: https://bugs.gentoo.org/551318 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../files/qtdeclarative-5.4.2-disable-jit.patch | 18 ------------------ dev-qt/qtdeclarative/qtdeclarative-5.15.3.9999.ebuild | 3 +-- 2 files changed, 1 insertion(+), 20 deletions(-)
