If I try to compile a new kernel with hardened-sources-2.4.32-r2, the linking fails with: arch/i386/mm/mm.o: In function `do_page_fault': : undefined reference to `pax_handle_fetch_fault' make: *** [vmlinux] Error 1 The same .config file works for hardened-sources-2.4.32-r1 without any problem, therefore I hope, it is not a configuration error on my side. I will attach the used .config to the bug. steps to reproduce (at least on my system. ;-)): # emerge \=sys-kernel/hardened-sources-2.4.32-r2 # cd /usr/src/ # ln -s linux-2.4.32-hardened-r2 linux # cd linux # cp ../linux-2.4.32-hardened-r1/.config . # make oldconfig # make dep # make bzImage # emerge --info Portage 2.0.54 (default-linux/x86/no-nptl/2.4, gcc-3.3.6, glibc-2.3.5-r2, 2.4.32-hardened-r1 i686) ================================================================= System uname: 2.4.32-hardened-r1 i686 AMD Athlon(tm) XP 1800+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.4.26-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-mcpu=athlon-xp -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-mcpu=athlon-xp -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://linux.rz.rub.de/download/gentoo-mirror" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://linux.rz.rub.de/gentoo-portage" USE="x86 3dnow alsa apache2 apm berkdb bitmap-fonts bzip2 cli crypt ctype dba dri eds emboss expat fastbuild fbcon force-cgi-redirect fortran ftp gd gdbm gif gmp gstreamer gtk2 idn imap innodb ipv6 jpeg libg++ libwww logrotate mad mbox md5sum memlimit mhash mp3 mpm-prefork mysql ncurses nls odbc ogg pam pcre pdflib perl png posix python readline sasl session sftplogging simplexml skey slang soap sockets spell spl ssl tcpd tetex tokenizer truetype-fonts type1-fonts vchroot vhosts vorbis xml xml2 xsl zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
Created attachment 82208 [details] kernel configuration which triggers the linking failure
testing now with those .config options.
Ok I'm able to reproduce the problem. Will test a vanilla-grsec and see how it differs.
vanilla kernel 2.3.32 kernel + grsecurity-2.1.8-2.4.32-200601211647.patch using the same config gives the same error. arch/i386/mm/mm.o: In function `do_page_fault': : undefined reference to `pax_handle_fetch_fault' make: *** [vmlinux] Error 1 The problem seems to be in fault.c #if defined(CONFIG_GRKERNSEC_PAX_EMUTRAMP) || defined(CONFIG_GRKERNSEC_PAX_RANDEXEC) switch (pax_handle_fetch_fault(regs)) { Yet the function/symbol pax_handle_fetch_fault() only exists when CONFIG_GRKERNSEC_PAX_PAGEEXEC is defined. You have EMUTRAMP defined but not PAGEEXEC so..
Created attachment 82218 [details, diff] linux-2.4.32-pax_handle_fetch_fault.patch patch which allows the kernel to link.
FYI: http://forums.grsecurity.net./viewtopic.php?t=1427
I applied the patch on my system, works as expected. The kernel boots and runs smoothly. Thank you (PaX Team as well) for the quick response and your work being done for PaX, Grsec and hardened gentoo. :-)
seems to be fixed, new versions work just right. Alex
