[Solved] Grsec patch conflicts with Xen

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

[Solved] Grsec patch conflicts with Xen

Postby bugmenot » Sun Feb 19, 2017 2:50 pm

Previously, it was possible to use Xen + Grsec patches on i686. This is no longer possible due to incompatible-pointer-type bugs.

Complete log of compile errors: https://dpaste.de/i0Tg/raw
Last edited by bugmenot on Tue Feb 21, 2017 7:44 pm, edited 1 time in total.
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am

Re: Grsec patch conflicts with Xen

Postby PaX Team » Sun Feb 19, 2017 3:57 pm

can you test the following patch please:
Code: Select all
--- a/arch/x86/xen/xen-ops.h    2017-01-01 23:08:10.879089161 +0100
+++ b/arch/x86/xen/xen-ops.h      2017-02-19 20:54:25.263588399 +0100
@@ -131,9 +131,9 @@
        extern char name##_end[] __visible;     \
        extern char name##_reloc[] __visible

-DECL_ASM(void, xen_irq_enable_direct, void);
-DECL_ASM(void, xen_irq_disable_direct, void);
-DECL_ASM(unsigned long, xen_save_fl_direct, void);
+DECL_ASM(asmlinkage void, xen_irq_enable_direct, void);
+DECL_ASM(asmlinkage void, xen_irq_disable_direct, void);
+DECL_ASM(asmlinkage unsigned long, xen_save_fl_direct, void);
 DECL_ASM(void, xen_restore_fl_direct, unsigned long);

 /* These are not functions, and cannot be called normally */
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Grsec patch conflicts with Xen

Postby bugmenot » Mon Feb 20, 2017 8:08 pm

Gets further, but then crashes again.

Code: Select all
 AS      arch/x86/xen/xen-asm.o
  AS      arch/x86/xen/xen-asm_32.o   
arch/x86/xen/xen-asm_32.S: Assembler messages:
arch/x86/xen/xen-asm_32.S:31: Error: no such instruction: `pax_direct_call xen_force_evtchn_callback'
make[2]: *** [scripts/Makefile.build:393: arch/x86/xen/xen-asm_32.o] Error 1
make[1]: *** [scripts/Makefile.build:544: arch/x86/xen] Error 2
make: *** [Makefile:990: arch/x86] Error 2
make: *** Waiting for unfinished jobs....
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am

Re: Grsec patch conflicts with Xen

Postby PaX Team » Mon Feb 20, 2017 8:23 pm

ah yeah, i forgot about this hunk:
Code: Select all
--- a/arch/x86/xen/xen-asm_32.S 2017-02-01 01:37:19.489257092 +0100
+++ b/arch/x86/xen/xen-asm_32.S   2017-02-19 20:51:37.900221416 +0100
@@ -15,6 +15,7 @@
 #include <asm/processor-flags.h>
 #include <asm/segment.h>
 #include <asm/asm.h>
+#include <asm/alternative-asm.h>

 #include <xen/interface/xen.h>

PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Grsec patch conflicts with Xen [solved]

Postby bugmenot » Tue Feb 21, 2017 7:44 pm

Just wanted you to know this issue is now fixed. Thanks!
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am


Return to grsecurity support

cron