Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gcc-ing new kernel: undefined reference to `____ilog2_NaN'
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
majoron
Apprentice
Apprentice


Joined: 12 Oct 2005
Posts: 216
Location: Frankfurt

PostPosted: Tue Nov 27, 2018 8:13 am    Post subject: gcc-ing new kernel: undefined reference to `____ilog2_NaN' Reply with quote

Hi,
I'm installing a hardened system on a virtual machine.

The default gcc is gcc-7.3.0 and the hardened kernel that gets installed with "emerge sys-kernel/hardened-sources" is linux-4.8.17-hardened-r2

But there is a problem when I try to compile the kernel during the installation process:
Code:

# make && make modules_install

...

  LINK    vmlinux
  LD      vmlinux.o
  MODPOST vmlinux.o
WARNING: modpost: Found 6839 writable function pointer(s).
To see full details build your kernel with:
'make CONFIG_DEBUG_SECTION_MISMATCH=y'
  GEN     .version
  CHK     include/generated/compile.h
  UPD     include/generated/compile.h
  CC      init/version.o
  LD      init/built-in.o
kernel/built-in.o: In function `update_wall_time':
(.text+0x6da07): undefined reference to `____ilog2_NaN'
make: *** [Makefile:953: vmlinux] Error 1


It looks to me like this and this, though not completely sure...

In any case: what should I do?

I know that I can install another kernel, but as I have interest in having a secure system, what kernel should I use instead?

TIA
_________________
Computers are like air conditioners, they stop working properly if you open Windows
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7196
Location: almost Mile High in the USA

PostPosted: Tue Nov 27, 2018 8:42 am    Post subject: Reply with quote

1. Use an older gcc than 7.3
2. Hand apply the patch that Linus wrote.
3. Use a newer kernel if you don't really use all the features in the "hardened" kernel.

I'm not sure... did the meltdown patches get backported to hardened kernels? ... if not, are they really more "secure"?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3698
Location: Hamburg

PostPosted: Tue Nov 27, 2018 11:40 am    Post subject: Reply with quote

/me thinks, that a 4.8.x hardened kernel isn't more secure than a current vanilla
Back to top
View user's profile Send private message
majoron
Apprentice
Apprentice


Joined: 12 Oct 2005
Posts: 216
Location: Frankfurt

PostPosted: Tue Nov 27, 2018 1:23 pm    Post subject: Reply with quote

toralf wrote:
/me thinks, that a 4.8.x hardened kernel isn't more secure than a current vanilla

Hi, /me.
Can you ellaborate on this, please? In the gentoo docs it is written that hardened sources bring some additional security enhancements...
_________________
Computers are like air conditioners, they stop working properly if you open Windows
Back to top
View user's profile Send private message
majoron
Apprentice
Apprentice


Joined: 12 Oct 2005
Posts: 216
Location: Frankfurt

PostPosted: Tue Nov 27, 2018 1:24 pm    Post subject: Reply with quote

eccerr0r wrote:
1. Use an older gcc than 7.3
2. Hand apply the patch that Linus wrote.
3. Use a newer kernel if you don't really use all the features in the "hardened" kernel.

I'm not sure... did the meltdown patches get backported to hardened kernels? ... if not, are they really more "secure"?

Thank you.

I prefer to go to number 3. My question was in the direction of what kernel version should I use if the default hardened is the only stable option and is not working.
_________________
Computers are like air conditioners, they stop working properly if you open Windows
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7196
Location: almost Mile High in the USA

PostPosted: Tue Nov 27, 2018 4:52 pm    Post subject: Reply with quote

Honestly security is a focus in *every* kernel - there's no reason to leave a security hole in any kernel release unless it was unintentional or they were working on it. It's just that some kernels like grsec tried to take security to another level making it harder to exploit if a bug was found in the kernel itself. But it still doesn't cover everything either.

I would think just going to the regular vanilla/gentoo-sources kernels is good enough, especially if it's just a home server, and even business servers...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
majoron
Apprentice
Apprentice


Joined: 12 Oct 2005
Posts: 216
Location: Frankfurt

PostPosted: Tue Nov 27, 2018 7:15 pm    Post subject: Reply with quote

eccerr0r wrote:
Honestly security is a focus in *every* kernel - there's no reason to leave a security hole in any kernel release unless it was unintentional or they were working on it. It's just that some kernels like grsec tried to take security to another level making it harder to exploit if a bug was found in the kernel itself. But it still doesn't cover everything either.

I would think just going to the regular vanilla/gentoo-sources kernels is good enough, especially if it's just a home server, and even business servers...

Ok, thank you.
I get your point but, what are hardened sources for?
_________________
Computers are like air conditioners, they stop working properly if you open Windows
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14064

PostPosted: Wed Nov 28, 2018 3:07 am    Post subject: Reply with quote

As above, hardened sources were intended to have features that made exploiting a bug difficult (or ideally, impossible), even once you knew the bug existed and how it worked. For example, making mutable data non-executable means that an attacker cannot load his exploit code into a data area, then trigger a bug to jump to it. When he does, the program will simply crash because the data is marked non-executable.

Mainline kernels fix bugs as they are recognized as such. In any project this large, bugs are inevitable. The question is whether the bugs, once discovered, can be abused to violate system security. Your choice here is between an outdated kernel with known vulnerabilities, but special patches that might make exploiting the known bugs harder, or a current kernel without well known vulnerabilities, but also without (as many) countermeasures to make exploiting the not-currently-known bugs difficult.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum