[toggle ads]

Odi's astoundingly incomplete notes

New Entries

Gentoo intel-microcode reorg

Gentoo has given more love to its sys-firmware/intel-microcode package. It's now easier than ever to update microcode automatically early on boot. This is a valuable alternative to shipping microcode within the BIOS. I mean honestly, who regularly checks for BIOS updates? Much easier by doing that through an ebuild.

The new USE flag initramfs now builds a cpio archive at /boot/intel-uc.img ready to be used by grub. In /boot/grub/grub.cfg:
menuentry 'Gentoo Linux 4.14' {
  linux /boot/linux-4.14.12 root=LABEL=ROOT ro rootfstype=ext4 net.ifnames=0
  initrd /boot/intel-uc.img /boot/initrd.img
Note how the microcode intitramfs is simply prepended to the boot initramfs (initrd). A kernel that has microcode laoding support enabled will find it there, upload the microcode into the cpu and then discard the initramfs blob, and continue booting with the initrd.img. The first line in your dmesg output will show:
microcode: microcode updated early to revision 0x80, date = 2018-01-04

posted on 2018-01-15 10:10 CET in Code | 0 comments | permalink

Gentoo enables PIE

Gentoo has new profiles that require you to "recompile everything". That is technically not really necessary. Only static libraries really need recompiling.

Here is why:
A static library is just an archive of .o files (similar to tar), nothing more, and linking against a static library is roughly the same as just adding more .o files to the linker line. You can also link a static library into a shared library - the code in the static library is then just copied into the shared library (but the code then must be compiled with -fPIC, as with all other code that is used in shared libraries).

You can find static libs like so:
equery b $(find /usr/lib/ /lib/ -name *.a) | awk '{ print $1; }' | sort | uniq
Typically this yields packages like elfutils, libbsd, nss, iproute2, keyutils, texinfo, flex, db, numactl.

posted on 2017-12-07 11:59 CET in Code | 0 comments | permalink

Gentoo python-3.5 update woes

Your latest emerge -uavD @world may result in the following error:
# required by sys-apps/portage-2.3.13-r1::gentoo[python_targets_python3_4,-build,python_targets_python2_7,-python_targets_python3_5]
# required by virtual/package-manager-0::gentoo
# required by @system
# required by @world (argument)
>=dev-python/pyblake2-0.9.3-r1 python_targets_python3_4
That's because python-3.5 as well as python-3.6 and a new version of portage went stable, that in turn causes python USE flag changes and portage can't figure out correctly what to do.

Solve this by manually installing python-3.5 (only) first and recompiling the resulting USE flag changes:
emerge -1av python:3.5
eselect python update
emerge -1avD --changed-use @world
That should let you update world again and depclean will remove python-3.4 for you.
emerge -uavD @world
emerge --depclean

posted on 2017-12-05 11:37 CET in Code | 0 comments | permalink

pulseaudio: xmalloc.c: Assertion 'size < (1024*1024*96)' failed

I noticed that Firefox was not playing any sound any more. Apparently pulseaudio stopped working. Manually running pa showed the following error:

xmalloc.c: Assertion 'size < (1024*1024*96)' failed at /var/tmp/portage/media-sound/pulseaudio-10.0/work/pulseaudio-10.0/src/pulse/xmalloc.c:72, function pa_xmalloc0(). Aborting.

This means it is trying to allocate a ridiculous amount of memory.

Looking at the backtrace in gdb reveals:
(gdb) bt
#0  0x00007ffff6a5ef50 in raise () from /lib64/libc.so.6
#1  0x00007ffff6a60bfa in abort () from /lib64/libc.so.6
#2  0x00007ffff7914b32 in pa_xmalloc0 () from /usr/lib64/libpulse.so.0
#3  0x00007ffff7ba1db1 in pa_database_open () from /usr/lib64/pulseaudio/libpulsecore-10.0.so
#4  0x00007fffeed60468 in module_card_restore_LTX_pa__init () from /usr/lib64/pulse-10.0/modules/module-card-restore.so
#5  0x00007ffff7b5ac98 in pa_module_load () from /usr/lib64/pulseaudio/libpulsecore-10.0.so
#6  0x00007ffff7b49751 in ?? () from /usr/lib64/pulseaudio/libpulsecore-10.0.so
#7  0x00007ffff7b4fd2c in pa_cli_command_execute_line_stateful () from /usr/lib64/pulseaudio/libpulsecore-10.0.so
#8  0x00007ffff7b50551 in pa_cli_command_execute_file_stream () from /usr/lib64/pulseaudio/libpulsecore-10.0.so
#9  0x0000000000406e55 in main ()
So it is trying to read some database. What database?

strace tells us quickly:
open("/home/xoxo/.pulse/91b2f1e2678a89a9c38b83075061a39a-card-database.x86_64-pc-linux-gnu.simple", O_RDONLY|O_CLOEXEC) = 9
So likely this thingy is corrupt. Solved this with:

rm -rf .pulse

posted on 2017-12-01 15:05 CET in Code | 0 comments | permalink

I fsck ext4 on EACH boot

An LWN article suggests to disable maximum mount count. I do the opposite. I fsck on each boot. fsck on ext4 is very fast these days even on large filesystems. If you are like me and run the latest kernel it may save your butt from fs regressions that do sometimes happen.
tune2fs -c 1 /dev/disk/by-label/ROOT

posted on 2017-07-27 14:28 CEST in Code | 0 comments | permalink

ratelimiting eject

Mapped the eject key of my old iMac to the following script to rate limit it:
[ -e $L ] || touch $L
exec 3<$L
flock -n 3 || exit
eject "$@"
sleep 5
Because I found it really annoying when the kids fill the keyboard buffer with eject events that take forever to be processed.
posted on 2017-07-24 22:02 CEST in Code | 0 comments | permalink

How to fix broken image preview in Gentoo KDE

Due to recent updates your folder preview of images in KDE Dolphin is probably broken. The culprit is the exiv2 library (which in itself is a major problem).

To fix that, rebuild exiv2 first: emerge -1av exiv2

Then check what uses it: revdep-rebuild -pL libexiv2

And recompile that: emerge -1av kde-apps/libkexiv2 kde-apps/kio-extras kfilemetadata gwenview

posted on 2017-06-30 09:01 CEST in Code | 0 comments | permalink

fix Stack Clash on Gentoo

The Stack Clash class of bugs can be easily prevented on Gentoo.

1. Add -fstack-check to your CFLAGS. It instructs the compiler to touch every page when extending the stack by more than one page. So the kernel will trap in the guard page. This even makes the larger stack gap in recent kernels unnecessary (if you don't run other binaries)
CFLAGS="-march=native -O2 -pipe -fstack-check"
2. Some packages don't like this flag. Especially sys-libs/glibc itself. So for those define a separate environment:
CFLAGS="-march=native -O2 -pipe"
sys-libs/glibc simple

3. Recompile important libraries (like openssl) and programs (setuid root binaries in shadow and util-linux) or simply everything: emerge -ae world

As always, keep your system uptodate regularly: emerge -uavD world

posted on 2017-06-27 15:15 CEST in Code | 0 comments | permalink

Oracle and HugePages

I have an Oracle 12 instance with 32GB SGA on a modern Gentoo Linux system with 48GB of RAM. The kernel has transparent hugepages set to always but no HugePages configured.

From /proc/meminfo:
PageTables:      2577752 kB
AnonHugePages:     75776 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
You can clearly see that page tables take up 2.5 GB of RAM. This makes TLB flushes really bad of course. You can also see that Oracle doesn't make much use of transparent huge pages. Only 75 MB are used.

After reserving 32 GB of real 2 MB HugePages (vm.nr_hugepages = 16384) the situation has become:
PageTables:       118456 kB
AnonHugePages:         0 kB
HugePages_Total:   16384
HugePages_Free:       63
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
So Oracle has put the SGA completely into HugePages which greatly reduces the space required for page tables and thus memory management becomes a lot more efficient.

posted on 2017-03-29 16:49 CEST in Code | 0 comments | permalink

iptables conntrack helper assignment

Long story short for a client:
[0:0] -A OUTPUT -p tcp --dport 21 -j CT --helper ftp
[0:0] -A OUTPUT -p udp --dport 137:138 -j CT --helper netbios-ns
This will make work: Then you can safely set this sysctl to zero: net.netfilter.nf_conntrack_helper

posted on 2016-12-21 15:42 CET in Code | 0 comments | permalink