On a hardened ~x86 system which has been running hardened-sources for a couple of years, hardened-sources-2.6.39-r9 and -r10 fail to build. The URL links to a forum discussion where someone has suggested this is due to "a gcc plugin to make all structures constant" and provides a bit more explanation, although I have no idea how likely that is. Recent changes include gcc-4.5.2 ---> gcc-4.5.3 Note that sys-kernel/hardened-sources-2.6.39-r8 still builds fine. Reproducible: Always Steps to Reproduce: make sys-kernel/hardened-sources-2.6.39-r9 or -r10 Actual Results: ----------------------------------------------------------------------------- linux # make oldconfig HOSTCC scripts/basic/fixdep HOSTCC scripts/basic/docproc HOSTCC scripts/kconfig/conf.o HOSTCC scripts/kconfig/kxgettext.o SHIPPED scripts/kconfig/zconf.tab.c SHIPPED scripts/kconfig/lex.zconf.c SHIPPED scripts/kconfig/zconf.hash.c HOSTCC scripts/kconfig/zconf.tab.o HOSTLD scripts/kconfig/conf scripts/kconfig/conf --oldconfig Kconfig # # configuration written to .config # linux # make scripts/kconfig/conf --silentoldconfig Kconfig HOSTCC -fPIC tools/gcc/constify_plugin.o HOSTCC -fPIC tools/gcc/stackleak_plugin.o HOSTLLD -shared tools/gcc/stackleak_plugin.so HOSTLLD -shared tools/gcc/constify_plugin.so CHK include/linux/version.h UPD include/linux/version.h CHK include/generated/utsrelease.h UPD include/generated/utsrelease.h CC kernel/bounds.s GEN include/generated/bounds.h CC arch/x86/kernel/asm-offsets.s In file included from include/linux/fs.h:393:0, from include/linux/module.h:19, from include/linux/crypto.h:21, from arch/x86/kernel/asm-offsets.c:8: include/linux/semaphore.h: In function ‘sema_init’: include/linux/semaphore.h:35:17: error: assignment of read-only location ‘*sem’ In file included from /usr/src/linux-2.6.39-hardened-r10/arch/x86/include/asm/uaccess.h:11:0, from include/linux/uaccess.h:5, from include/linux/crypto.h:26, from arch/x86/kernel/asm-offsets.c:8: include/linux/sched.h: In function ‘thread_group_cputime_init’: include/linux/sched.h:2579:2: error: assignment of read-only member ‘lock’ make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1 make: *** [prepare0] Error 2 ------------------------------------------------------------------------------ Expected Results: N/A ~ # emerge --info Portage 2.1.10.10 (hardened/linux/x86, gcc-4.5.3, glibc-2.13-r4, 2.6.39-hardened-r8 i686) ================================================================= System uname: Linux-2.6.39-hardened-r8-i686-Pentium_III_-Coppermine-with-gentoo-2.0.3 Timestamp of tree: Wed, 10 Aug 2011 19:15:01 +0000 ccache version 3.1.5 [enabled] app-shells/bash: 4.2_p10 dev-lang/python: 2.7.2-r2, 3.2-r2 dev-util/ccache: 3.1.5 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.1-r1 sys-devel/binutils: 2.21.1 sys-devel/gcc: 4.5.3 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.38 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo local-portage ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium3 -pipe -fomit-frame-pointer -fgraphite-identity -floop-block -floop-strip-mine -floop-interchange" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O3 -march=pentium3 -pipe -fomit-frame-pointer -fgraphite-identity -floop-block -floop-strip-mine -floop-interchange" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs ccache distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="ftp://ftp.gtlib.gatech.edu/pub/gentoo http://gentoo.osuosl.org/ http://open-systems.ufl.edu/mirrors/gentoo " LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,--hash-style=gnu,-O1 -Wl,--as-needed" LINGUAS="en_US en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="acl berkdb bzip2 caps cli cracklib crypt cxx dri gdbm gpm hardened iconv modules mudflap ncurses nls nptl nptlonly openmp pam pcre perl pic python readline session ssl sysfs syslog threads unicode urandom x86 xorg zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LINGUAS="en_US en" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nv" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Also: in the forum thread at the URL, you can see there is at least one other user having the same issue (I take that an indicator that there may be an actual problem, although I know it could just be two users being incompetent simultaneously in the same way). Thank you.
@pipacs: 2.6.39-r9 = grsecurity-2.2.2-2.6.39.4-201108052113 2.6.39-r10 = grsecurity-2.2.2-2.6.39.4-201108071438 I've only been testing with 4.5.2 so I didn't hit it.
I see the same error message on my Pentium-M laptop even using gcc-4.5.2. While hardened-sources-2.6.39-r8 still compiles fine. Additionally on my Athlon-MP server both -r8 and -r10 compiles even with 4.5.3. It has to do something with the combo of architecture, kernel version and gcc version.
Hi guys, Just enable CONFIG_SMP for now as a workaround. This will be fixed properly soon. Thanks, -Brad
kernels hardened-sources-2.6.39-r9 and -r10 emerge successfully for me but virtualbox-modules-4.1.0-r1 fails to emerge with the below error. emerges fine with hardened-sources-2.6.39-r8. am using gcc-4.5.3. /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c: In function ‘supdrvIDC_LdrGetSymbol’: /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c:4346:17: error: assignment of read-only member ‘Out’ /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c:4377:21: error: assignment of read-only member ‘Out’ am assuming it's the same issue, or can open another bug.
missed adding that am on amd64 and CONFIG_SMP is on.
(In reply to comment #5) > kernels hardened-sources-2.6.39-r9 and -r10 emerge successfully for me but > virtualbox-modules-4.1.0-r1 fails to emerge with the below error. emerges fine > with hardened-sources-2.6.39-r8. am using gcc-4.5.3. > > /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c: > In function ‘supdrvIDC_LdrGetSymbol’: > /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c:4346:17: > error: assignment of read-only member ‘Out’ > /var/tmp/portage/app-emulation/virtualbox-modules-4.1.0-r1/work/vboxdrv/SUPDrv.c:4377:21: > error: assignment of read-only member ‘Out’ > > am assuming it's the same issue, or can open another bug. Different issue, please open another bug.
(In reply to comment #7) > Different issue, please open another bug. also include the fix i've just uploaded to my homedir ;)
(In reply to comment #4) > Hi guys, > > Just enable CONFIG_SMP for now as a workaround. This will be fixed properly > soon. > > Thanks, > -Brad I just put hardened-sources-2.6.32-r62 = grsecurity-2.2.2-2.6.32.44-201108141242 hardened-sources-2.6.39-r12 = grsecurity-2.2.2-2.6.39.4-201108141242 on the tree. Does this contain the fix? @all. Test please. I have not be hitting this one since I have not yet moved to gcc-4.5.3 on any of my test systems.
> I just put > > hardened-sources-2.6.32-r62 = grsecurity-2.2.2-2.6.32.44-201108141242 > > hardened-sources-2.6.39-r12 = grsecurity-2.2.2-2.6.39.4-201108141242 > > on the tree. Does this contain the fix? > > @all. Test please. I have not be hitting this one since I have not yet moved > to gcc-4.5.3 on any of my test systems. Testing hardened-sources-2.6.39-r12 I get the same error: ----------------------------------------------------------------------- linux # make scripts/kconfig/conf --silentoldconfig Kconfig HOSTCC -fPIC tools/gcc/constify_plugin.o HOSTCC -fPIC tools/gcc/stackleak_plugin.o HOSTLLD -shared tools/gcc/stackleak_plugin.so HOSTLLD -shared tools/gcc/constify_plugin.so CHK include/linux/version.h UPD include/linux/version.h CHK include/generated/utsrelease.h UPD include/generated/utsrelease.h CC kernel/bounds.s GEN include/generated/bounds.h CC arch/x86/kernel/asm-offsets.s In file included from include/linux/fs.h:393:0, from include/linux/module.h:19, from include/linux/crypto.h:21, from arch/x86/kernel/asm-offsets.c:8: include/linux/semaphore.h: In function ‘sema_init’: include/linux/semaphore.h:35:17: error: assignment of read-only location ‘*sem’ In file included from /usr/src/linux-2.6.39-hardened-r12/arch/x86/include/asm/uaccess.h:11:0, from include/linux/uaccess.h:5, from include/linux/crypto.h:26, from arch/x86/kernel/asm-offsets.c:8: include/linux/sched.h: In function ‘thread_group_cputime_init’: include/linux/sched.h:2579:2: error: assignment of read-only member ‘lock’ make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1 make: *** [prepare0] Error 2 -----------------------------------------------------------------------
(In reply to comment #10) > > I just put > > > > hardened-sources-2.6.32-r62 = grsecurity-2.2.2-2.6.32.44-201108141242 > > > > hardened-sources-2.6.39-r12 = grsecurity-2.2.2-2.6.39.4-201108141242 > > > > on the tree. Does this contain the fix? > > > > @all. Test please. I have not be hitting this one since I have not yet moved > > to gcc-4.5.3 on any of my test systems. > > Testing hardened-sources-2.6.39-r12 I get the same error: > ----------------------------------------------------------------------- > linux # make > scripts/kconfig/conf --silentoldconfig Kconfig > HOSTCC -fPIC tools/gcc/constify_plugin.o > HOSTCC -fPIC tools/gcc/stackleak_plugin.o > HOSTLLD -shared tools/gcc/stackleak_plugin.so > HOSTLLD -shared tools/gcc/constify_plugin.so > CHK include/linux/version.h > UPD include/linux/version.h > CHK include/generated/utsrelease.h > UPD include/generated/utsrelease.h > CC kernel/bounds.s > GEN include/generated/bounds.h > CC arch/x86/kernel/asm-offsets.s > In file included from include/linux/fs.h:393:0, > from include/linux/module.h:19, > from include/linux/crypto.h:21, > from arch/x86/kernel/asm-offsets.c:8: > include/linux/semaphore.h: In function ‘sema_init’: > include/linux/semaphore.h:35:17: error: assignment of read-only location ‘*sem’ > In file included from > /usr/src/linux-2.6.39-hardened-r12/arch/x86/include/asm/uaccess.h:11:0, > from include/linux/uaccess.h:5, > from include/linux/crypto.h:26, > from arch/x86/kernel/asm-offsets.c:8: > include/linux/sched.h: In function ‘thread_group_cputime_init’: > include/linux/sched.h:2579:2: error: assignment of read-only member ‘lock’ > make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1 > make: *** [prepare0] Error 2 > ----------------------------------------------------------------------- Okay, I started to look at this more carefully. Its part of upstream's new constification push. Can you attach you config file so I can be sure I'm hitting the same bug.
(In reply to comment #11) > Okay, I started to look at this more carefully. Its part of upstream's new > constification push. Can you attach you config file so I can be sure I'm > hitting the same bug. No, because I have un-emerged it, deleted the source directories, masked hardened-source-2.6.39-r{9-12}, and reverted to -r8. I can emerge -r12 again, set CONFIG_SMP=y again, and send you the configuration file. Would you like me to do so?
(In reply to comment #12) > No, because I have un-emerged it, deleted the source directories, masked > hardened-source-2.6.39-r{9-12}, and reverted to -r8. > > I can emerge -r12 again, set CONFIG_SMP=y again, and send you the configuration > file. Would you like me to do so? If you want to see it fixed in the foreseable future please do, AFAIK nor the PaX Team nor spender nor blueness practice adivination techniques and can't fix the problem if they can't reproduce it ;)
It's not necessary; we can reproduce the same bug. Thanks, -Brad
Created attachment 283707 [details] config-2.6.39-hardened-r12.txt (brendler) I did it anyway. This is the same config, stripped of all the firewall/router crap, so it will be simpler to compare. I did run 'make' again and verified that it fails with precisely the same error. Thanks.
Also, just for accuracy, since posting emerge --info above, have upgraded gcc from 4.5.3 to 4.5.3-r1 (with the problem persisting, of course).
(In reply to comment #16) > Also, just for accuracy, since posting emerge --info above, have upgraded gcc > from 4.5.3 to 4.5.3-r1 (with the problem persisting, of course). I'd like to confirm as well.
I also fail to compile 2.6.39-hardened-r19 but the compilation seems to be failing in another place, see the attached log file.
Created attachment 283825 [details] genkernel.log 2.6.39-hardened-r12
Created attachment 283827 [details] kernel config 2.6.39-hardened-r12
(In reply to comment #20) > Created attachment 283827 [details] > kernel config 2.6.39-hardened-r12 This is a different issue. The problem is the version of gcc and -Wno-unused-but-set-variable and the above workaround does not apply here. Open another bug if you want, and try compiling with gcc-4.4.5 and/or gcc-4.5.3 and/or gcc-4.6.0.
Bug confirmed. temporary fix confirmed (CONFIG_SMP=y)
Upstream is dropping support for 2.6.39 and I added the ebuild for the last one to the tree. Unfortunately I don't think it solves this bug. Can people please test the following on x86 with CONFIG_SMP on and off: hardened-sources-2.6.39-r13 hardened-sources-2.6.32-r63 Please use gcc-4.4.5. (If you have time/energy, you can also test with gcc-4.5.3 and gcc-4.6.0. These will probably lead to a different compile time error irrespective of whether SMP is on or off --- see Madej's comments above. Open another bug for that.)
(In reply to comment #23) > Upstream is dropping support for 2.6.39 and I added the ebuild for the last one > to the tree. Unfortunately I don't think it solves this bug. actually, i should have fixed the !SMP problem, along with many others reported for the last month (including gcc plugin support for 4.6.x as well, tested on allyesconfig and allmodconfig), so if anything still fails, let me know.
(In reply to comment #23) I no longer have gcc-4.4.5 installed. Using gcc-4.5.3, hardened-sources-2.6.39-r13 fails with the exact same error originally posted.
(In reply to comment #24) > (In reply to comment #23) > > Upstream is dropping support for 2.6.39 and I added the ebuild for the last one > > to the tree. Unfortunately I don't think it solves this bug. > > actually, i should have fixed the !SMP problem, along with many others reported > for the last month (including gcc plugin support for 4.6.x as well, tested on > allyesconfig and allmodconfig), so if anything still fails, let me know. I was waiting for a version bump and I could test hardened sources today. However in the mean time we have hardened-sources-3.0.3. So I went for that one. My feedback is positive. It compiled fine using gcc-4.5.3 and !CONFIG_SMP. Although I don't know what's the case with hardened-sources-2.6.39-r13...
Yes, hardened-sources-3.0.3 is okay with "CONFIG_SMP=n" and gcc-4.5.3.
Upstream has moved passed 2.6.39 to 3.0.3. I don't believe the fix made it into any 2.6.39 so 2.6.39-r8 will be the last stable hardened kernel in the .39 series. I will leave hardened-sources-2.6.39-r{9,10,11,12,13} up for a while but when the first 3.0.3 is stabilized, these will be removed. Users who need .39 will be asked to use -r8, unless someone gives me a *very* good reason to backport the fix. FYI, my approach has been to frequently put new ebuilds up so that this community can test and report back upstream. However, few of these reach stable which mean something one can use on production machines.
I for one don't need 2.6.39. Thank you all.
Reopen this if you don't feel this issue is closed as per comment 28.
