by simonbcn » Sat Aug 20, 2011 5:52 pm
PaX Team wrote:so vanilla passes -fno-stack-protector whereas grsec doesn't. question is where it comes from in the vanilla kernel...simonbcn wrote:The diff between init/.do_mounts.o.cmd files (do_mounts.o.cmd = grsec file / linux-2.6.39.4/init/.do_mounts.o.cmd = vanilla kernel): http://paste.ubuntu.com/671216/
by PaX Team » Sun Aug 21, 2011 6:46 am
well, passing it in KCFLAGS should fix it but that's a hack as we still wouldn't know the root cause.simonbcn wrote:PaX Team wrote:so vanilla passes -fno-stack-protector whereas grsec doesn't. question is where it comes from in the vanilla kernel...
Can I force this with grsec?
by simonbcn » Sun Aug 21, 2011 7:25 am
PaX Team wrote:well, passing it in KCFLAGS should fix it but that's a hack as we still wouldn't know the root cause.simonbcn wrote:PaX Team wrote:so vanilla passes -fno-stack-protector whereas grsec doesn't. question is where it comes from in the vanilla kernel...
Can I force this with grsec?
by simonbcn » Mon Aug 22, 2011 8:46 am
by simonbcn » Fri Sep 16, 2011 7:26 am
by Pryka » Sat Sep 17, 2011 3:46 am
-hardened-r2/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN -fplugin=/usr/src/linux-3.0.4-hardened-r2/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100 -I/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel -Wall -MD -Wno-cast-qual -Wno-error -D__KERNEL__ -DMODULE -DNVRM -DNV_VERSION_STRING=\"285.03\" -Wno-unused-function -mno-red-zone -mcmodel=kernel -UDEBUG -U_DEBUG -DNDEBUG -DMODULE -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(nv_usermap)" -D"KBUILD_MODNAME=KBUILD_STR(nvidia)" -c -o /var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-usermap.o /var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-usermap.c
/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-procfs.c: In function ‘nv_register_procfs’:
/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-procfs.c:710:5: error: assignment of read-only variable ‘nv_procfs_registry_fops’
/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-procfs.c:711:5: error: assignment of read-only variable ‘nv_procfs_registry_fops’
make[4]: *** [/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel/nv-procfs.o] Error 1
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [_module_/var/tmp/portage/x11-drivers/nvidia-drivers-285.03/work/kernel] Error 2
make[2]: *** [sub-make] Error 2
NVIDIA: left KBUILD.
nvidia.ko failed to build!
make[1]: *** [module] Error 1
make: *** [module] Error 2
emake failed
* ERROR: x11-drivers/nvidia-drivers-285.03 failed (compile phase):
* Unable to emake HOSTCC=x86_64-pc-linux-gnu-gcc CROSS_COMPILE=x86_64-pc-linux-gnu- LDFLAGS= IGNORE_CC_MISMATCH=yes V=1 SYSSRC=/usr/src/linux SYSOUT=/lib/modules/3.0.4-hardened-r2/build CC=x86_64-pc-linux-gnu-gcc clean moduleby spender » Sat Sep 17, 2011 4:40 am
by Pryka » Sun Sep 18, 2011 4:04 am
by spender » Sun Sep 18, 2011 4:27 am
by Pryka » Mon Sep 19, 2011 3:38 am
by PaX Team » Mon Sep 19, 2011 8:54 am
i haven't checked 285.x yet but a similar patch is likely needed there as well, just try to apply it and see how far it gets.Pryka wrote:But I have 285 drivers this gonna work?
constifying ops structures is not configurable but you can remove the CONSTIFY_PLUGIN := ... line from the main Makefile if you really don't want it.BTW. Is there any other way to fix this? Some option i grsecurity?
by Quark » Thu Sep 29, 2011 2:14 am
by Quark » Sat Nov 12, 2011 10:47 pm
by PaX Team » Mon Nov 14, 2011 11:51 am
the nvidia driver works with SLUB as well, it just needs the patch i mentioned above (i have since updated it to 285 that also applies to 290).Quark wrote:In order to get the nvidia module working having PAX_USERCOPY enabled, one has to actually use the SLAB allocator!
I used the SLUB allocator before ..
by Quark » Fri Jan 27, 2012 3:24 am