grsecurity forums

[x14sg1]

Hello,

A new error for make bzImage; the same undefined symbols though

Maybe my config file will help:

https://home.comcast.net/~x14sg1/config

pc101 (530) /slackware/linux-3.8.2-grsec-smp 60 # make bzImage
make[1]: Nothing to be done for `all'.
make[1]: Nothing to be done for `relocs'.
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
CC init/main.o
init/main.c: In function 'do_initcall_level':
init/main.c:820:26: error: 'latent_entropy' undeclared (first use in this function)
init/main.c:820:26: note: each undeclared identifier is reported only once for each function it appears in
init/main.c: In function 'do_pre_smp_initcalls':
init/main.c:861:26: error: 'latent_entropy' undeclared (first use in this function)
make[1]: *** [init/main.o] Error 1
make: *** [init] Error 2

pc101 (530) /slackware/linux-3.8.2-grsec-smp 61 # make modules
make[1]: Nothing to be done for `all'.
make[1]: Nothing to be done for `relocs'.
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
Building modules, stage 2.
MODPOST 3010 modules
ERROR: "__pax_list_add" [net/sctp/sctp.ko] undefined!
ERROR: "pax_list_del_init" [net/9p/9pnet.ko] undefined!
ERROR: "__pax_list_add" [net/9p/9pnet.ko] undefined!
WARNING: modpost: Found 34996 section mismatch(es).
To see full details build your kernel with:
'make CONFIG_DEBUG_SECTION_MISMATCH=y'
make[1]: *** [__modpost] Error 1
make: *** [modules] Error 2

[x14sg1]

I deleted the build directory and did a fresh rebuild and the undefined symbols went away

[PaX Team]

i also built your config without any problems.

[x14sg1]

I think there is still one more issue (the last 2 patches have it).

An earlier patch for init/main.c had

+#ifdef CONFIG_PAX_LATENT_ENTROPY
+u64 latent_entropy;
+#endif
+

but I noticed you moved the declaration for latent_entropy to

mm/page_alloc.c:volatile u64 latent_entropy;

It seems init/main.c can't see it (not sure the "external u64 latent_entropy" I added to init/main.c to get it to compile is correct)

pc101 (530) /slackware/linux-3.8.2-grsec-smp 126 # make bzImage
make[1]: Nothing to be done for `all'.
make[1]: Nothing to be done for `relocs'.
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
CC init/main.o
init/main.c: In function 'do_initcall_level':
init/main.c:820:40: error: 'latent_entropy' undeclared (first use in this function)
init/main.c:820:40: note: each undeclared identifier is reported only once for each function it appears in
init/main.c: In function 'do_pre_smp_initcalls':
init/main.c:861:40: error: 'latent_entropy' undeclared (first use in this function)
make[1]: *** [init/main.o] Error 1
make: *** [init] Error 2

[PaX Team]

mm/page_alloc.c:volatile u64 latent_entropy;

It seems init/main.c can't see it (not sure the "external u64 latent_entropy" I added to init/main.c to get it to compile is correct)

there should be no need for an explicit declaration because the latent entropy plugin provides/injects it itself through some black magic and i still have no problems building your config here. what is your gcc version?

[x14sg1]

pc101 (530) /x/x14sg2/.mozilla/firefox 150 # gcc -v
Reading specs from /usr/lib/gcc/i486-slackware-linux/4.7.2/specs
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/i486-slackware-linux/4.7.2/lto-wrapper
Target: i486-slackware-linux
Configured with: ../gcc-4.7.2/configure --prefix=/usr --libdir=/usr/lib --mandir=/usr/man --infodir=/usr/info --enable-shared --enable-bootstrap --enable-languages=ada,c,c++,fortran,go,java,lto,objc --enable-threads=posix --enable-checking=release --enable-objc-gc --with-system-zlib --with-python-dir=/lib/python2.7/site-packages --disable-libunwind-exceptions --enable-__cxa_atexit --enable-libssp --enable-lto --with-gnu-ld --verbose --enable-java-home --with-java-home=/usr/lib/jvm/jre --with-jvm-root-dir=/usr/lib/jvm --with-jvm-jar-dir=/usr/lib/jvm/jvm-exports --with-arch-directory=i386 --with-antlr-jar=/root/slackware-current/source/d/gcc/antlr-runtime-3.4.jar --enable-java-awt=gtk --disable-gtktest --with-arch=i486 --target=i486-slackware-linux --build=i486-slackware-linux --host=i486-slackware-linux
Thread model: posix
gcc version 4.7.2 (GCC)

[PaX Team]

and what's the gcc cmdline when you build init/main.o? (make V=1 init/main.o will show you)

[x14sg1]

gcc -Wp,-MD,init/.main.o.d -nostdinc -isystem /usr/lib/gcc/i486-slackware-linux/4.7.2/include -I/slackware/linux-3.8.2-grsec-smp/arch/x86/include -Iarch/x86/include/generated -Iinclude -I/slackware/linux-3.8.2-grsec-smp/arch/x86/include/uapi -Iarch/x86/include/generated/uapi -I/slackware/linux-3.8.2-grsec-smp/include/uapi -Iinclude/generated/uapi -include /slackware/linux-3.8.2-grsec-smp/include/linux/kconfig.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -O2 -m32 -msoft-float -mregparm=3 -freg-struct-return -fno-pic -mpreferred-stack-boundary=2 -march=i686 -mtune=pentium3 -mtune=generic -maccumulate-outgoing-args -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fno-stack-protector -Wno-unused-but-set-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -pg -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -fconserve-stack -DCC_HAVE_ASM_GOTO -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(main)" -D"KBUILD_MODNAME=KBUILD_STR(main)" -c -o init/main.o init/main.c
init/main.c: In function 'do_initcall_level':
init/main.c:820:40: error: 'latent_entropy' undeclared (first use in this function)
init/main.c:820:40: note: each undeclared identifier is reported only once for each function it appears in
init/main.c: In function 'do_pre_smp_initcalls':
init/main.c:861:40: error: 'latent_entropy' undeclared (first use in this function)
make[1]: *** [init/main.o] Error 1
make: *** [init] Error 2

[PaX Team]

as i thought, none of the plugins get passed to gcc when compiling this file, that's a build system bug somewhere. can you check that other files elsewhere get compiled with the plugins and this issue is related to init/* only?

[x14sg1]

This is the only thing that will not compile.

I have had plugin issues before which I brought up here and had to disable plugins to get the kernel to compile.

I run this sed cmd against the Makefile to disable them

sed -i.old 's|ifndef DISABLE_PAX_PLUGINS|ifdef ENABLE_PAX_PLUGINS|' linux-${_KERNEL}/Makefile

Maybe I have to disable this one too?

I will try a compile without disabling them right now

[PaX Team]

uhm, you can't enable plugin based features (such as LATENT_ENTROPY or CONSTIFY) and disable plugin support in the build system at the same time . let's figure out instead why you had problems with gcc plugins in the first place, so start from a clean source and build tree and report me any failures please.

[x14sg1]

ok - I have a build going without disabling plugins (not clean though).

When it finishes (looks like bzImage just did), I will forward the results and kick off a clean build with them.

[x14sg1]

The build worked with PLUGINS enabled

I can't find my previous post but it was some time ago and I think it was NVIDIA that would not build when PLUGINS were enabled - 313.26 builds though so I think I am good ....

With plugins enabled however, I see a bunch of "Function XXX is missing from the size_overflow hash table" - am I correct that I should ignore these?

[spender]

I will correct those in a future patch.

-Brad

[PaX Team]

I can't find my previous post but it was some time ago and I think it was NVIDIA that would not build when PLUGINS were enabled - 313.26 builds though so I think I am good ....

out-of-tree modules can break with CONSTIFY and/or USERCOPY (and some more), i think nvidia suffers from both and needs some patching that i put into my homedir last year already, maybe it's automatically applied on your distro as it is on gentoo?

With plugins enabled however, I see a bunch of "Function XXX is missing from the size_overflow hash table" - am I correct that I should ignore these?

they're harmless (in that the size overflow plugin provides less coverage until we fix these up) and are going away as soon as we can release an updated plugin, but we're waiting for a 3rd party to get their act together .