grsecurity forums

[bse]

Hi!

I tried to patch a vanilla 2.4.21 kernel.
First i applied the grsec 1.9.11 patch, then some patches required for the device-mapper used by evms as described in the evms 2.1.1 docs, then xfs 1.3.

xfs had some failed hunks (about 5) and i corrected these manually, but the kernel didnt compile. Without xfs it works fine.

Could any1 please tell me how to do it the right way?

AFAIK the gentoo kernel combines all three patches, so it has to be possible.

[Sleight of Mind]

Try patching grsec as the last one. I know there is only one reject while merging XFS and grsec that actually requires some thinking, view the result of some other patches that merge the two if you can't get the merge right.

[bse]

well, i think merging grsec first is better because grsec adds many if-clauses around file-access-code while xfs only changes the access itself (at least as far as i understand the source, which isnt much)

Anyways I think solved my problem by applying the split xfs patches. Only dmapi, acl and kdb give failed hunks, the rest works fine (well, except for the "extraversion"-line in the top Makefile of course) so I'm pretty sure the kernel i'm compiling right now will do its job.

thanx anyways!

btw, what's the meaning of that 1011 bit in your sig? ;P

[bse]

if anyone is trying to do the same: the xfs patch for 2.4.21 has a bug in the quota code.
#define DQUOT_SYNC has been replaced by DQUOT_SYNC_SB and DQUOT_SYNC_DEV but in one function there's a reference to the old DQUOT_SYNC which leads to a linker error when compiling the kernel.

If you need Quota support you have to edit fs/buffer.c, search for 'DQUOT_SYNC(' and replace it by 'DQUOT_SYNC_DEV('

(I didn't move to 2.4.22 because there's no device-mapper patch yet)

[msi]

if anyone is trying to do the same: the xfs patch for 2.4.21 has a bug in the quota code.
#define DQUOT_SYNC has been replaced by DQUOT_SYNC_SB and DQUOT_SYNC_DEV but in one function there's a reference to the old DQUOT_SYNC which leads to a linker error when compiling the kernel.

If you need Quota support you have to edit fs/buffer.c, search for 'DQUOT_SYNC(' and replace it by 'DQUOT_SYNC_DEV('

(I didn't move to 2.4.22 because there's no device-mapper patch yet)

what exactly is the effect on this?? i run a linux box with linux 2.4.21-xfs-grsec and i seem to be effected by this bug. am i required to solve it, or can i live with it?

[bse]

well, the kernel doesnt compile if you dont fix it, so i guess you cant live with it.
I'll try the development xfs patches soon, guess it's already fixed there.
That xfs patches directory is a mess.....

(to be exact: it compiles, but the linking failes, linking = putting together the parts)

[Sleight of Mind]

i think this bug was solves quite some time back, since i've been merging xfs and grsec since 2.4.20 and never got a compile/link error on the xfs code. I always use the latest CVS snapshots to merge. A -xfs-grsec patch for 2.4.21 is already in my patch dir (check other thread) and one for 2.4.22 will follow in a few days.