Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zfs: not working with hardened kernel 4.20 #53522

Closed
Izorkin opened this issue Jan 6, 2019 · 9 comments
Closed

zfs: not working with hardened kernel 4.20 #53522

Izorkin opened this issue Jan 6, 2019 · 9 comments
Assignees
@joachifm

Comments

@Izorkin
Copy link
Contributor

Izorkin commented Jan 6, 2019

Issue description

With boot virtual pc output error
spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN

Channel nixos-unstable-small

Steps to reproduce

My configuration

# hardware-configuration.nix
  imports = [
    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
    <nixpkgs/nixos/modules/profiles/hardened.nix>
  ];
 
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sr_mod" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
 
# configuration.nix
  boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
 
# zfs.nix
  boot = {
    loader.grub.zfsSupport = true;
    supportedFilesystems = [ "zfs" ];
    zfs.forceImportRoot = true;
    zfs.forceImportAll = true;
    zfs.enableUnstable = true;
    zfs.devNodes = "/dev/disk/by-path";
  };

Technical details

 - system: `"x86_64-linux"`
 - host os: `Linux 4.20.0, NixOS, 19.03.git.a9689de (Koi)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.2pre6526_9f99d624`
 - channels(root): `"nixos-19.03pre165530.be1c03ddaf8, nixos-18.09-18.09.1834.9d608a6f592"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs`
@Izorkin
Copy link
Contributor Author

Izorkin commented Jan 6, 2019

@joachifm

@joachifm
Copy link
Contributor

joachifm commented Jan 6, 2019

In what circumstance does this occur exactly? RANDSTRUCT does mess up loading modules into a running kernel that was built against a different random seed, which I believe is what you're seeing.

See also c68e8b0#commitcomment-31850284

@qolii
Copy link
Contributor

qolii commented Jan 7, 2019

Wait, does zfs even build with 4.20? I don't think there has been a release that supports it yet.

@Izorkin
Copy link
Contributor Author

Izorkin commented Jan 7, 2019

This error occurs at boot system.
With kernelPackages = pkgs.linuxPackages_4_20; zfs normal worked.

@joachifm
Copy link
Contributor

joachifm commented Jan 7, 2019

@qolii there's a zfsUnstable package that seems to build with 4.20, I expect that's what is being used.

@Izorkin Alright, that indicates to me that the random seed used by randstruct is not carried over when building out-of-tree modules. I'll likely revert randstruct for now and create a tracking issue to get it working with out-of-tree modules.

@joachifm joachifm self-assigned this Jan 7, 2019
@Izorkin
Copy link
Contributor Author

Izorkin commented Jan 7, 2019

Remove

${optionalString (versionAtLeast version "4.13") ''
  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
''}

zfs worked.

@joachifm
Copy link
Contributor

joachifm commented Jan 7, 2019

That's the feature I'm talking about reverting.

@Izorkin
Copy link
Contributor Author

Izorkin commented Jan 7, 2019

Thanks.

@delroth
Copy link
Contributor

delroth commented Jan 8, 2019

Just to link the two for future reference: tracking issue is #53592.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joachifm joachifm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joachifm @delroth @Izorkin @qolii