RANDSTRUCT and third-party kernel module build woes.
Posted: Mon Feb 16, 2015 10:21 pm
With CONFIG_GRKERNSEC_RANDSTRUCT enabled, I have compile failures building "third party" kernel modules like cryptodev-1.7 as follows:
I've seen examples of build problems of this sort with other kernel modules like zfs, etc. I am happy to pull up my sleeves and provide some patches either to the module authors or elsewhere, but I'm a little unsure of what the problem is here. Is it a matter of the randomize plugin not being invoked in the build of this module, along with reference to the current/valid "randomizing key"?
The platform in question here is an Atheros SoC (MIPS) 7133, and I've made all of the adjustments to the mainline grsecurity-3.14 patch to get it built cleanly within the OpenWRT buildroot system, so that's behind me.
linux-3.14.30 via OpenWRT trunk feed, with grsecurity-3.0-3.14.32-201502062101.patch applied.
GCC: gcc-cross (OpenWrt/Linaro GCC 4.9-2014.10 r44233) 4.9.2
Kernel config: http://pastebin.com/abYe9fuZ
- Code: Select all
make[4]: Entering directory 'linux-ar71xx_generic/cryptodev-linux-1.7'
make -C linux-ar71xx_generic/linux-3.14.30 SUBDIRS=`pwd` ARCH=mips CROSS_COMPILE=mips-openwrt-linux-uclibc- modules
make[5]: Entering directory 'linux-ar71xx_generic/linux-3.14.30'
CC [M] linux-ar71xx_generic/cryptodev-linux-1.7/ioctl.o
linux-ar71xx_generic/cryptodev-linux-1.7/ioctl.c:1120:2: error: invalid initializer
{0, },
^
linux-ar71xx_generic/cryptodev-linux-1.7/ioctl.c:1120:2: error: (near initialization for 'verbosity_ctl_dir[1].<anonymous>')
linux-ar71xx_generic/cryptodev-linux-1.7/ioctl.c:1129:2: error: invalid initializer
{0, },
^
linux-ar71xx_generic/cryptodev-linux-1.7/ioctl.c:1129:2: error: (near initialization for 'verbosity_ctl_root[1].<anonymous>')
I've seen examples of build problems of this sort with other kernel modules like zfs, etc. I am happy to pull up my sleeves and provide some patches either to the module authors or elsewhere, but I'm a little unsure of what the problem is here. Is it a matter of the randomize plugin not being invoked in the build of this module, along with reference to the current/valid "randomizing key"?
The platform in question here is an Atheros SoC (MIPS) 7133, and I've made all of the adjustments to the mainline grsecurity-3.14 patch to get it built cleanly within the OpenWRT buildroot system, so that's behind me.
linux-3.14.30 via OpenWRT trunk feed, with grsecurity-3.0-3.14.32-201502062101.patch applied.
GCC: gcc-cross (OpenWrt/Linaro GCC 4.9-2014.10 r44233) 4.9.2
Kernel config: http://pastebin.com/abYe9fuZ