the emerge of QEMU in my config can't be build, due to this error. Reproducible: Always Steps to Reproduce: 1. emerge "=app-emulation/qemu-0.6.1-r1" or emerge "=app-emulation/qemu-0.6.0" Actual Results: root@efflam:~ # emerge qemu Calculating dependencies ...done! >>> emerge (1 of 1) app-emulation/qemu-0.6.1-r1 to / >>> md5 files ;-) qemu-0.6.0.ebuild >>> md5 files ;-) ChangeLog >>> md5 files ;-) metadata.xml >>> md5 files ;-) qemu-0.6.1-r1.ebuild >>> md5 files ;-) qemu-0.6.1.ebuild >>> md5 files ;-) files/qemu-0.6.0-configure.patch >>> md5 files ;-) files/digest-qemu-0.6.0 >>> md5 files ;-) files/digest-qemu-0.6.1 >>> md5 files ;-) files/digest-qemu-0.6.1-r1 >>> md5 files ;-) files/qemu-0.6.0-sigaction.patch >>> md5 files ;-) files/qemu-0.6.0-typo.patch >>> md5 files ;-) files/qemu-0.6.1-20041126.patch >>> md5 files ;-) files/qemu_gcc34.patch.gz >>> md5 src_uri ;-) qemu-0.6.1.tar.gz >>> Unpacking source... >>> Unpacking qemu-0.6.1.tar.gz to /var/tmp/portage/qemu-0.6.1-r1/work * Applying qemu-0.6.1-20041126.patch ... [ ok ] >>> Source unpacked. Install prefix /usr BIOS directory /usr/share/qemu binary directory /usr/bin Manual directory /usr/share/man ELF interp prefix /usr/gnemul/qemu-%M Source path /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1 C compiler gcc make make host CPU i386 host big endian no target list arm-user i386-user ppc-user sparc-user i386-softmmu ppc-softmmu gprof enabled no static build no SDL support yes SDL static link yes mingw32 support no Adlib support no FMOD support no gcc -Wall -O2 -g -fno-strict-aliasing -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -o dyngen dyngen.c gcc -DQEMU_TOOL -Wall -O2 -g -fno-strict-aliasing -g -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -o qemu-img qemu-img.c block.c block-cow.c block-qcow.c aes.c block-vmdk.c block-cloop.c -lz texi2html -monolithic -number qemu-doc.texi ** `QEMU PC System emulator invocation' is up for `disk_images', but has no menu entry for this node ** `qemu_img_invocation' doesn't appear in menus ** `disk_images' is up for `qemu_img_invocation', but has no menu entry for this node ** `direct_linux_boot' doesn't appear in menus ** `QEMU PC System emulator invocation' is up for `direct_linux_boot', but has no menu entry for this node ** `linux_compile' doesn't appear in menus ** `QEMU PC System emulator invocation' is up for `linux_compile', but has no menu entry for this node ** `gdb_usage' doesn't appear in menus ** `QEMU PC System emulator invocation' is up for `gdb_usage', but has no menu entry for this node ** `compilation' doesn't appear in menus *** @end ignore without corresponding opening element (l. 425) ** Unknown command `@voyager.localdomain)' (left as is) (l. 708) ** Unknown command `@scyld.com)' (left as is) (l. 745) ** Unknown command `@voyager.localdomain)' (left as is) (l. 768) ./texi2pod.pl qemu-doc.texi qemu.pod pod2man --section=1 --center=" " --release=" " qemu.pod > qemu.1 ./texi2pod.pl qemu-img.texi qemu-img.pod pod2man --section=1 --center=" " --release=" " qemu-img.pod > qemu-img.1 for d in arm-user i386-user ppc-user sparc-user i386-softmmu ppc-softmmu; do \ make -C $d all || exit 1 ; \ done make[1]: Entering directory `/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/arm-user' gcc -Wall -O2 -g -fno-strict-aliasing -fomit-frame-pointer -I. -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/target-arm -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1 -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/arm -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/slirp -c -o elfload.o /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/elfload.c gcc -Wall -O2 -g -fno-strict-aliasing -fomit-frame-pointer -I. -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/target-arm -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1 -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/arm -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/slirp -c -o main.o /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/main.c gcc -Wall -O2 -g -fno-strict-aliasing -fomit-frame-pointer -I. -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/target-arm -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1 -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/arm -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/slirp -c -o syscall.o /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/syscall.c /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/syscall.c: In function `sys_uname': /var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/linux-user/syscall.c:222: error: can't find a register in class `BREG' while reloading `asm' make[1]: *** [syscall.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/qemu-0.6.1-r1/work/qemu-0.6.1/arm-user' make: *** [all] Error 1 !!! ERROR: app-emulation/qemu-0.6.1-r1 failed. !!! Function src_compile, Line 56, Exitcode 2 !!! make failed !!! If you need support, post the topmost build error, NOT this status message. Expected Results: A correct build. Portage 2.0.51-r8 (default-linux/x86/2004.3, gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.7-hardened-r17 i686) ================================================================= System uname: 2.6.7-hardened-r17 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.7 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Nov 26 2004, 10:33:52)] distcc[25334] (dcc_mkdir) ERROR: mkdir /root/.distcc/state failed: No such file or directory [disabled] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.9.3, 1.5, 1.6.3, 1.7.9, 1.4_p6, 1.8.5-r2 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r1 virtual/os-headers: 2.6.8.1-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-mtune=pentium3 -march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/share/config:/usr/kde/3.3/env:/usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-mtune=pentium3 -march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks noauto notitles sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="ftp://mir.zyrianes.net/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://gentoo.inode.at/ http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/ http://gentoo.mirror.sdv.fr/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ http://ftp.gentoo.skynet.be/pub/gentoo/ http://mirror.pudas.net/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.fr.gentoo.org/gentoo-portage" USE="X aalib acpi acpi4linux alsa apache2 apm arts async avi berkdb bindist bitmap-fonts crypt cups dba devfs26 devmap divx4linux dvd encode esd ethereal f77 fam ffmpeg flac foomaticdb fortran gd gdbm gif gmail gnome gpm gps graphviz gtk gtk2 hardened hardenedphp hostap-nopci hostap-noplx imagemagick imap imlib irda jabber java jpeg kde lcms ldap libg++ libwww lzo lzw mad mbox md5sum mikmod mmx motif mozcalendar mpeg mysql ncurses nls nptl ntlm oggvorbis opengl openssh oss pam pcmcia pdflib perl pic pie png pnp pthreads python qt quicktime readline ruby samba sdl slang snmp softmmu spell sqlite sse ssl svga tcltk tcpd tiff truetype usb vhosts video_cards_i810 video_cards_i830 wifi wmf x86 xml xml2 xmms xv yahoo zlib"
Same error here. Portage 2.0.51-r8 (default-linux/x86/2004.2, gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.9-skas3-v7 i686) ================================================================= System uname: 2.6.9-skas3-v7 i686 AMD Athlon(tm) XP 3000+ Gentoo Base System version 1.6.8 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Nov 15 2004, 19:41:17)] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.9.3, 1.8.5-r1 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r2 virtual/os-headers: 2.4.22 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-fstack-protector -O2 -march=athlon-xp -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-fstack-protector -O2 -march=athlon-xp -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X alsa apm arts avi berkdb bitmap-fonts cddb cdr crypt cups encode esd f77 fam flac foomaticdb fortran gdbm gif gnome gpm gtk gtk2 imagemagick imlib java jpeg kde libg++ libwww mad mikmod mmx motif moznocompose mp3 mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline real samba sdl slang spell ssl svga tcltk tcpd tiff truetype x86 xml2 xmms xv zlib"
try disabling the stack protector
I change my configuration of GCC from i686-pc-linux-gnu-3.4.3 to i686-pc-linux-gnu-3.4.3-vanilla and it compile perfectly. I think, perharps, the bug must be sent to the hardened staff ?
Perhaps this can help, taken from http://my.execpc.com/~geezer/osd/gotchas/ 'can't find a register in class `[AREG|BREG|CREG|DREG]' while reloading `asm' New versions of the GNU assembler are pickier about the clobber lists used in inline asm. Though it worked fine with older versions of the GNU assembler, the following code is now considered incorrect: static inline void memset(void *__dest, unsigned int __fill, unsigned int __size) { __asm__ __volatile__ ("cld rep stosb" : /* no outputs */ : "c" (__size), "a" (__fill), "D" (__dest) : "ecx","eax","edi","memory"); } because registers ECX, EAX, and EDI are present in both the clobber list and the input constraints. Remove these registers from the clobber list: ... "a" (__fill), "D" (__dest) : "memory"); } and the code should assemble without error. Hopefully someone that knows how to do the above can fix things.
q/a (27K) app-emulation/qemu/files/qemu-0.6.1-20041126.patch
Created attachment 50288 [details, diff] qemu-0.6.1-non-hardened.patch hack allows qemu to compile on hardened systems.
Created attachment 50289 [details, diff] qemu-0.6.1-r1.ebuild.diff diff to the ebuild I used.
The right way to fix this would probably be to update the _syscallX macros and use lseek64 in place of the obsolete _llseek() -fstack was filtered in order for the Makefile scripts to generate op.h I was told the following command line should be able to boot an iso user@shell $ qemu -boot d -m 126 -cdrom hardened-x86-2005.0_test4.iso But this did not appear to work for me. Also on hardened system had to disable all PaX flags but that does not seem supprising for an emu. Rebuilding now with env USE="hardened -sdl softmmu" emerge qemu ; to see if I can boot an iso with it.
Same results with every combo of USE flags and an older iso I've tested qemu -boot d -m 126 -cdrom x86-basic-1.4-20030911.iso and still just sits there at the command line so I do not know if the above patches really works around the problems or not.
solar's patches above work for me, qemu builds with USE="hardened sdl softmmu", and runs after disabling MPROTECT using paxctl. I was able to boot the install-x86-minimal-2004.3-r1.iso livecd image using this command line: qemu -m 64 -boot d -cdrom install-x86-minimal-2004.3-r1.iso I have nearly all PaX and grsec features enabled, except CONFIG_GRKERNSEC_KMEM, CONFIG_GRKERNSEC_IO, and CONFIG_PAX_NOELFRELOCS.
hi i'm using qemu with the patch and the USE flags already mentioned and it works great.
funny.. I can fix package so they work for other people but I can't seem to make it work for myself. /me shrugs
please test the latest ebuild and reopen if there is something to fix yet
*** Bug 92197 has been marked as a duplicate of this bug. ***
Created attachment 58662 [details, diff] fixup for hardened systems Sorry Luca, I meant to get back earlier about this. The ebuild needs to filter -fpie -fstack-protector (that was the reason for editing in the '+=' to the FLAGS assigments in the makefiles). Also between 0.6.x and 0.7.0 the use of the various *FLAGS variables in the build has changed slightly the 'sed' in src_unpack is modified. I've also added a check for GCC 4 which is known to fail on 0.7.0, to prevent unnecessary bugs if and when gcc 4 is unmasked. Check added to pkg_setup, which I think is the right place.
Reopening bug
the ebuild should completely IGNORE the user provided cflags. So the legacy code to provide cflags could be removed. Makes more sense pin the gcc version in the deps instead of dying on gcc4 Is the current ebuild working or not?
I just tested and qemu-0.7.0 and it failed for me with dyngen: unsupported i386 relocation (10) Tested the update from Kevin and it makes it quite bit further into the build but later fails with the following gcc -g -Wl,-shared -o qemu-i386 elfload.o main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o vm86.o libqemu.a gdbstub.o -lm /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.5/../../../../i686-pc-linux-gnu/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in libqemu.a(helper2.o) /lib/libc.so.6: could not read symbols: Bad value collect2: ld returned 1 exit status Portage 2.0.51.21 (hardened/x86, gcc-3.3.5, glibc-2.3.5-r0, 2.4.30-hardened-r1 i686) dev-lang/python: 2.1.3-r1, 2.2.3-r5, 2.3.5 sys-apps/sandbox: 1.2.1 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9, 1.8.5-r2, 1.9.5 sys-devel/binutils: 2.16.90.0.3 sys-devel/libtool: 1.5.10-r5 virtual/os-headers: 2.4.22-r1
Looks like it requires unhardening.
Tested with vanilla gcc specs and the following error still occurs. gcc -g -Wl,-shared -o qemu-i386 elfload.o main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o vm86.o libqemu.a gdbstub.o -lm /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.5/../../../../i686-pc-linux-gnu/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in libqemu.a(helper2.o) /lib/libc.so.6: could not read symbols: Bad value collect2: ld returned 1 exit status I'll downgrade binutils and see if the result is the same.
First, regarding gcc 4 - if by pinning the gcc version in deps you mean saying something like "<sys-devel/gcc-4.0.0" in DEPEND, then I think this is incorrect. People are likely to retain previous gcc versions when installing 4 to be able to switch back and forth easily (in fact they'd be rather foolish to remove all older versions!). If it's restricted in DEPEND, it'll fail for anyone who has installed gcc 4 - regardless which compiler version they're actually using. The check I've suggested tests the version of the compiler actually being used at the time of the emerge, rather than the highest version of gcc currently installed. Without "filter-flags -fpie -fstack-protector" after "unset CFLAGS", the ebuild fails for hardened users (I tried it for the first time today because until now I've been using cvs tarballs and my own overlay ebuild). Things have changed a little from 0.6.2 to 0.7.0, and the "sed" line I've supplied works better for 0.7.0. You do need the "sed" line - not to allow user-specified flags to flow through (as you say, the "unset CFLAGS" correctly prevents this), but to allow the result of filter-flags to flow through. The hardened compiler switches on PIC/PIE and SSP by default (effectively pre-sets -fPIC or -fPIE, and -fstack-protector-all), so they need to be switched off pro-actively (-fno-pie -fno-stack-protector). filter-flags actually adds the relevant flags to CFLAGS if the compiler is hardened, so that use of the hardened compiler can be managed transparently. For information, the code in op.o isn't parse-able by dyngen when built PIC as it contains relocation types that aren't recognised. It's simple enough to patch dyngen to recognise the other relocation types as code segment start points, however I'm not convinced that the results are actually useful for qemu; in particular the emulator probably doesn't take account of the ABI changes on x86 hosts from non-PIC to PIC. The stack protector causes symbols to be referenced from op.o that dyngen and the emulator don't understand; also I'm fairly sure that trying to apply ssp to the emulation code doesn't make sense. I have tried various things, but I need to understand the dyngen & emulation process a lot better before I can get qemu to build properly PIC and possibly with SSP. The filter-flags solution is the best fix I can suggest for now.
solar: your error in comment #18 is something new; obviously I don't get that error. I'm using the latest stable binutils, libtool, and an earlier version of glibc (a slightly ~x86 version because I've been trying out cross-compilation). Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5, glibc-2.3.4.20050125-r1, 2.6.11-hardened-r1 i686) dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11
It appears to be binutils-2.16.x.. Reverting to binutils-2.15.92.0.2-r8 allowed qemu to be built with vanilla and hardened gcc specs. kevins update works good to me. please apply
Luca, just to confirm for you that the latest ebuild works fine with hardened gcc.
I hope I it will remanin fixed now, thanks everybody for the help
It appear the new ebuild still isn't working on a hardened system. I was getting a bunch of errors for os.h until i switched my gcc specs to nossp and then things starting compiling again.
Lance; first could you check you have revision 1.6 of the qemu-0.7.0 ebuild, and that you're building 0.7.0 (it's ~x86). If so, please post: 1) emerge --info 2) The compilation errors you see
I managed to get a stream of errors in op.h due to the stack protector when I upgraded gcc-3.3.5-r1 to gcc-3.3.5-20050130-r1. I guess you saw the same, Lance. I've raised bug #93011 on what I think is a bug in gcc-3.3.5-20050130-r1, and marked it as a dependency here. In the meantime, reverting to gcc-3.3.5-r1 will allow it to build.
The recent changes I made for filter-flags -fstack-protector (bug #100974) makes the problems in bug #93011 irrelevant, so should clear this bug. Lance, re-open if you still have a problem.
