Bug 5710

Summary: DRI libs relocation problems on hardened systems
Product: DRI Reporter: Declan Moriarty <junk_mail>
Component: libGLAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: high    
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Declan Moriarty 2006-01-25 00:24:48 UTC 
On hardened systems (Such as Hardened Linux From Scratch) the Pax kernel patches
provide an option CONFIG_PAX_NOELFRELOCS, which does what it says on the tin,
and you can't relocate elf executables. The DRI faile under X-6.9.0 with (from
memory)

"Error loading shared library /usr/X11R6/lib/libGL.so.1
Error opening shared library for relocation: Permission denied"

I am attaching a check of the X libraries. I went to some trouble to try a
precompiled libGL.so (from common-20051220-linux-i386/) and a correctly compiled
version from Xorg-6.9.0 I checked, and got these relocations

TEXTREL in exe /usr/X11R6/lib/dri-old.libGL.so.1.2
TEXTREL in exe /usr/X11R6/lib/libGL.so.1.2
TEXTREL library /usr/local/lib/libGL.so.1 exec /usr/X11R6/lib/libGLU.so.1.3
TEXTREL in exe /usr/X11R6/lib/libOSMesa.so.4.0
TEXTREL library /usr/local/lib/libGL.so.1 exec /usr/X11R6/lib/libOSMesa.so.4.0

On my system,dri-old.libGL.so.1.2 is the precompiled one from common-20051220,
and the other is from Xorg-6.9.0. Precompiled stuff will never work on hardened
systems, BTW. They really need no compile their own software. 
The other dri archive in the frame is radeon-20051220
Comment 1 Declan Moriarty 2006-01-25 22:10:09 UTC 
That error should be: "Cannot make segment writable for relocation. Permission
denied"

I have this refined somewhat. Reading the readme in the et_dyn.tar.gz file
referenced in the kernel help (under CONFIG_PAX_NOELFRELOCS) indicates that it
is the -pie option in gcc which is causing trouble. This position independent
feature is nobbled by any text relocations, which, apparently fix a position.

     Inserting '-no-pie' where I thought it would help (in the many GL
directories) got me a version of libGL.so.1.2 with no TEXTRELs. I have not to
date got a version of any of the following without text relocations. 

     glxinfo     glsgears   xdriinfo   radeon_drv.so

Compiler options are tricky on hardened systems, as the compiler throws a set of
hardening options by default, some of which can be overridden by command line stuff

On Xorg-6.9.0, this turns out to be an X problem and may advantageously be
labelled as such by someone handling it.
Comment 2 Declan Moriarty 2006-01-26 03:38:07 UTC 
The full list of problem programs & libs are all linked against libGL.so.1,
which (I must correct myself) contains a Textrel.
http://www.linuxfromscratch.org/hlfs/view/unstable/glibc/chapter02/pie.html

/wallows out of his depth, then gradually sinks.
Comment 3 Michel Dänzer 2006-01-26 03:50:47 UTC 
See bug 4197.
Comment 4 Declan Moriarty 2006-01-26 04:12:08 UTC 
This is a duplicate of 4197, it appears. Thanks for that.

From reading the vitriol on bug 4197, the patch attached carries a performance
penalty and a mixed blessing, but works. I'll shoehorn it in and try it.

*** This bug has been marked as a duplicate of 4197 ***
Comment 5 Declan Moriarty 2006-01-26 20:37:22 UTC 
The mesa take 2 patch from bug 4197 fixes the issue. DRI now works here. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.