| Summary: | net-wireless/broadcom-sta with kernel 3.15.8 on hardened - .../work/src/wl/sys/wl_cfg80211_hybrid.c:2470:2: error: assignment of read-only location ‘el->handler[26]’ | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Shawn C <citypw> |
| Component: | [OLD] Core system | Assignee: | M. B. <tomboy64> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | 4nykey, ben.c.schubert, eugenecormier, eva, hardened, moonlapse81, proxy-maint, sarnex |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
Build failure
patch against 248 version broadcom-sta-6.30.223.271-pax-no-const.patch build.log |
||
|
Description
Shawn C
2014-09-21 08:58:55 UTC
gentoo-no-symtab ~ # emerge --info Portage 2.2.8-r1 (hardened/linux/amd64, gcc-4.7.3, glibc-2.19-r1, 3.15.8-hardened x86_64) ================================================================= System uname: Linux-3.15.8-hardened-x86_64-AMD_A4-5000_APU_with_Radeon-TM-_HD_Graphics-with-gentoo-2.2 KiB Mem: 3233676 total, 2840924 free KiB Swap: 5970692 total, 5970692 free Timestamp of tree: Thu, 18 Sep 2014 11:30:01 +0000 ld GNU ld (Gentoo 2.23.2 p1.0) 2.23.2 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.7, 3.3.5-r1 dev-util/cmake: 2.8.12.2-r1 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.12.6, 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.13 (virtual/os-headers) sys-libs/glibc: 2.19-r1 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS=" -march=native -O2 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS=" -march=native -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirrors.163.com/gentoo/ http://mirrors.sohu.com/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://de-mirror.org/gentoo/ http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ rsync://ftp-stud.hs-esslingen.de/gentoo/ http://gentoo.aditsu.net:8000/ http://mirror.isoc.org.il/pub/gentoo/ http://gentoo.gg3.net/ http://ftp.lecl.net/pub/gentoo/ http://ftp.twaren.net/Linux/Gentoo/ rsync://rsync.gtlib.gatech.edu/gentoo http://www.gtlib.gatech.edu/pub/gentoo http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" USE="X a52 aac acl acpi alsa amd64 berkdb bindist bluetooth branding bzip2 cairo cdda cli consolekit cracklib crypt cups cxx dbus dhcpcd dri dts emboss encode exif fam firefox flac gdbm gif gnome gnutls gpm gtk hardened iconv introspection ipv6 jpeg justify lcms ldap libnotify lock mad mmx mng modemmanager modules mp3 mp4 mpeg multilib ncurses networkmanager nls nptl nss ogg opengl openmp pam pango pax_kernel pcre pdf png policykit ppds ppp pulseaudio qt3support qt4 readline sdl session spell sse sse2 ssl startup-notification svg tcpd thunar tiff truetype udev udisks unicode upower urandom usb vorbis wext wifi wxwidgets x264 xcb xdm xfce xml xtpax xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="radeon" XFCE_PLUGINS="brightness clock trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON This is the same for me on the recently stabilized kernel-3.16.5 I'll attach my output.... Eugene Created attachment 387346 [details]
Build failure
keywording version: net-wireless/broadcom-sta-6.30.223.248-r1 fixes the problem and compiles fine Eugene From my experience it's a gamble whether a binary driver works on hardened or not. It's unsure enough to have it running on a normal machine already. Try to see whether one of the opensource drivers work. From what I can see here it's doubtful a patch will appear. PS: Don't get your hopes up because of Eugene's posts; his error is a completely different, that was fixed. Please retest with broadcom-sta-6.30.223.248-r3. Tested with kernel 3.17.7-hardened-r1, problem persists this need a no_const patch for drivers in a similar way aplied here: http://forums.grsecurity.net/viewtopic.php?f=3&t=2962 Created attachment 422274 [details, diff]
patch against 248 version
above is a patch for broadcom-sta-6.30.223.248 rest ebuilds would need just about the same patch any progress here? For me this patch creates a linker conflict. Could you provide the build.log of a successful build with this patch please? a successful build does not left a build.log :) i'll test this again in a few days. It does. FEATURES=keepwork emerge -1 broadcom-sta ehhh, should turn my brains on. FEATURES=keeptemp emerge -1 broadcom-sta then it does when this FEATURE is enabled. This feature is not enabled by default. attached a patch that is against broadcom-sta-6.30.223.271-r3. Not going to attach build.log, apply patch and merge ebuild to check this out. Created attachment 434524 [details, diff]
broadcom-sta-6.30.223.271-pax-no-const.patch
for M.B: https://bpaste.net/show/b2f539eb4b0e any progress? Created attachment 435970 [details]
build.log
No.
I still cannot build successfully (on non-hardened) with the patch and hence will not include it.
The ebuild provides epatch_user which allows everybody to apply this patch, should he deem it necessary.
The bug will remain open and confirmed in order for others to be able to find it more easily.
make the patch applied conditionally for hardened only. (In reply to Oleg from comment #22) > make the patch applied conditionally for hardened only. Applying patches conditionally is frowned upon. yet there are so many patches applied conditionally in so many places throughout portage tree. ok, i'm not going to play this denial attitude. close this as invalid I think you misunderstand me here. This bug is a very valid one and it will not be closed. Even though I'm quite willing to support this package (in part out of personal interest) it remains a blob. That in itself means only few people are willing to invest time and energy in fixing things. Now while your patch fixes things for a small minority, it does break things for the majority. Hence the conditional patch application was suggested. Which will not happen. Hence my suggestion for users with this problem to use the epatch_user facility. I neither have the time nor the experience nor the test-system to work with a bug that's specific to hardened users. If such a patch comes along and proves to be working for both hardened and not impair normal users, I'd be quite willing to include and commit it. That being said, to make such a patch work, one would (supposedly) have to - identify the specific reason/hardened feature why it fails on hardened - encode that reason in a way for the CPP to apply it conditionally To have me include it, one would be expected to - give me a rough outline on why no_const fails for most users and not for hardened - what exactly makes no_const fix the problem without opening a security hole Why the latter two reasons? Things that get submitted here end up on everyone's harddrive and eventually get installed. And I owe it to you, too, to be able to say, in my good judgement this patch is sane and fixes things in a way that doesn't explode. Which I can can simply not. A simple "errr ... it wasn't me. i got it on bugzilla and it seems to work for some" just isn't enough here. this is some kind of demanding attitude. if you are maintainer of ebuild, you DO research on why no_const failing here and there, not users, like me. Users expects ebuild compiled and installed, because ebuild does not destined to fail at first and obviously users are not expected to be speleology experts of broadcom-sta sources ass. And your segregation into "majority" and "minortiy" also not giving you any credits. There is way on portage level to fix thing for minority without touching majority. That's the logic (In reply to M. B. from comment #25) > Now while your patch fixes things for a small minority, it does break things > for the majority. [...] > I neither have the time nor the experience nor the test-system to work with > a bug that's specific to hardened users. If such a patch comes along and > proves to be working for both hardened and not impair normal users, That's the spirit. Now if you stop playing Adolf for a sec, you would realise, there's no such thing as hardened, major, minor, impaired, normal user. If you at some point would like to see if you can fire up a hardened system, it doesn't make you less normal. > Hence the conditional patch application was suggested. > Which will not happen. Because Matt Turner will frown upon you. I see. Maintainers of these packages feared not: https://github.com/gentoo/gentoo/blob/master/app-emulation/virtualbox-modules/virtualbox-modules-5.1.6.ebuild#L47 https://github.com/gentoo/gentoo/blob/master/x11-drivers/nvidia-drivers/nvidia-drivers-370.28.ebuild#L175 https://github.com/gentoo/gentoo/blob/master/x11-drivers/ati-drivers/ati-drivers-15.12-r1.ebuild#L318 Dropping myself as a maintainer. If you are stuck using this unmaintained driver (likely in a MacBook), you may be interested to know that a newer compatible wireless card is supported by the in-tree brcmfmac driver. It has a model number BCM943602CS and is for sale on the second hand market for less than 20 USD. See https://wikidevi.com/wiki/Broadcom_Wireless_Adapters and https://wikidevi.com/wiki/Broadcom_BCM943602CS for more information. Nick mailed me showing interest on fixing and maintaining this. Probably the way to do (until you become a developer) would be to maintain it via proxy-maint and send a PR fixing the existing bugs https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers If anyone wants to submit a PR with USE=pax_kernel for this patch, I would gladly review and merge it. (In reply to Gilles Dartiguelongue from comment #30) > If anyone wants to submit a PR with USE=pax_kernel for this patch, I would > gladly review and merge it. Hardened-sources is not longer supported. Wouldn't this be a problem with pax enabled kernel as well ? |
