grsecurity forums

[wallace]

Hi,

Since 3.8 kernel I'm not able to compile kernel with grsec patch.
The environment :

Code: Select all

cat /etc/debian_version
6.0.7

Code: Select all

gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.4.5-8' --with-bugurl=file:///usr/share/doc/gcc-4.4/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.4 --enable-shared --enable-multiarch --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.4 --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.4.5 (Debian 4.4.5-8)

I compile kernel with this command :

Code: Select all

export CONCURRENCY_LEVEL=`grep -c '^processor' /proc/cpuinfo`
make-kpkg clean
time make-kpkg --initrd --revision "1" --append-to-version "-digdeo" kernel_image kernel_doc kernel_source kernel_headers


At the start of compilation I have this warning

Code: Select all

warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least
PAX_MEMORY_STACKLEAK and other features will be less secure


The error I have like in this post : https://forums.grsecurity.net/viewtopic.php?f=3&t=3343&p=12664&hilit=do_initcall_level#p12664

Code: Select all

  LD      arch/x86/crypto/built-in.o
  AS      arch/x86/ia32/ia32entry.o
  CC      arch/x86/ia32/sys_ia32.o
init/main.c: In function ‘do_initcall_level’:
init/main.c:820: error: ‘latent_entropy’ undeclared (first use in this function)
init/main.c:820: error: (Each undeclared identifier is reported only once
init/main.c:820: error: for each function it appears in.)
init/main.c: In function ‘do_pre_smp_initcalls’:
init/main.c:861: error: ‘latent_entropy’ undeclared (first use in this function)
make[2]: *** [init/main.o] Erreur 1
make[2]: *** Attente des tâches non terminées....
  CC      arch/x86/ia32/ia32_signal.o
  CC      arch/x86/ia32/nosyscall.o
  CC      arch/x86/ia32/syscall_ia32.o
  CC      arch/x86/ia32/ipc32.o
make[1]: *** [init] Erreur 2
make[1]: *** Attente des tâches non terminées....


But I can't upgrade gcc on Debian stable for internal practice raisons, so I can't enable modules in gcc.
I have the same issue for 3.8.1, 3.8.2 and 3.8.3 and the lastest patch grsecurity-2.9.1-3.8.3-201303190012.patch
What I can do?

[PaX Team]

i'll fix the compile error in the next patch but you should be aware that you're enabling features that depend on gcc plugins so even with this error fixed you won't get the features you enabled. the best course of action would be to disable these config options that give you no benefit anyway and enable them only when you can move to a newer gcc version.

[wallace]

What config option I need to disable? In grsec options or kernel options?

[spender]

This should now be fixed in the latest patch.

-Brad

[wallace]

It's works thanks!