lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190422210041.GA21711@archlinux-i9>
Date:   Mon, 22 Apr 2019 14:00:41 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Paul Moore <paul@...l-moore.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Eric Paris <eparis@...isplace.org>
Cc:     selinux@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, Nicolas Iooss <nicolas.iooss@....org>
Subject: scripts/selinux build error in 4.14 after glibc update

Hi all,

After a glibc update to 2.29, my 4.14 builds started failing like so:

$ make -j$(nproc) defconfig bzImage
HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/zconf.lex.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
*** Default configuration is based on 'x86_64_defconfig'
#
# configuration written to .config
#
scripts/kconfig/conf  --silentoldconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_64_x32.h
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_32.h
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_64.h
  SYSTBL  arch/x86/include/generated/asm/syscalls_64.h
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_x32.h
  CHK     include/config/kernel.release
  CHK     include/generated/uapi/linux/version.h
  UPD     include/generated/uapi/linux/version.h
  DESCEND  objtool
  HOSTCC   /home/nathan/cbl/linux-stable/tools/objtool/fixdep.o
  HOSTLD   /home/nathan/cbl/linux-stable/tools/objtool/fixdep-in.o
  LINK     /home/nathan/cbl/linux-stable/tools/objtool/fixdep
  CC       /home/nathan/cbl/linux-stable/tools/objtool/builtin-check.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/builtin-orc.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/check.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/orc_gen.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/orc_dump.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/elf.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/special.o
  GEN      /home/nathan/cbl/linux-stable/tools/objtool/arch/x86/lib/inat-tables.c
  CC       /home/nathan/cbl/linux-stable/tools/objtool/objtool.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/libstring.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/str_error_r.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/exec-cmd.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/pager.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/help.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/parse-options.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/run-command.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/sigchain.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/subcmd-config.o
  CC       /home/nathan/cbl/linux-stable/tools/objtool/arch/x86/decode.o
  LD       /home/nathan/cbl/linux-stable/tools/objtool/libsubcmd-in.o
  LD       /home/nathan/cbl/linux-stable/tools/objtool/arch/x86/objtool-in.o
  LD       /home/nathan/cbl/linux-stable/tools/objtool/objtool-in.o
  AR       /home/nathan/cbl/linux-stable/tools/objtool/libsubcmd.a
  LINK     /home/nathan/cbl/linux-stable/tools/objtool/objtool
  UPD     include/config/kernel.release
  HOSTCC  arch/x86/tools/relocs_32.o
  HOSTCC  arch/x86/tools/relocs_common.o
  HOSTCC  arch/x86/tools/relocs_64.o
  WRAP    arch/x86/include/generated/asm/dma-contiguous.h
  WRAP    arch/x86/include/generated/asm/mcs_spinlock.h
  WRAP    arch/x86/include/generated/asm/clkdev.h
  WRAP    arch/x86/include/generated/asm/mm-arch-hooks.h
  WRAP    arch/x86/include/generated/asm/early_ioremap.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  HOSTCC  scripts/kallsyms
  HOSTCC  scripts/pnmtologo
  HOSTCC  scripts/conmakehash
  HOSTCC  scripts/sortextable
  CC      scripts/mod/empty.o
  CC      scripts/mod/devicetable-offsets.s
  HOSTCC  scripts/mod/mk_elfconfig
  HOSTCC  scripts/selinux/mdp/mdp
  HOSTCC  scripts/selinux/genheaders/genheaders
In file included from scripts/selinux/genheaders/genheaders.c:19:
./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
 #error New address family defined, please update secclass_map.
  ^~~~~
make[4]: *** [scripts/Makefile.host:102: scripts/selinux/genheaders/genheaders] Error 1
make[3]: *** [scripts/Makefile.build:585: scripts/selinux/genheaders] Error 2
make[3]: *** Waiting for unfinished jobs....
In file included from scripts/selinux/mdp/mdp.c:49:
./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
 #error New address family defined, please update secclass_map.
  ^~~~~
make[4]: *** [scripts/Makefile.host:102: scripts/selinux/mdp/mdp] Error 1
make[3]: *** [scripts/Makefile.build:585: scripts/selinux/mdp] Error 2
make[2]: *** [scripts/Makefile.build:585: scripts/selinux] Error 2
make[2]: *** Waiting for unfinished jobs....
  HOSTLD  arch/x86/tools/relocs
  CHK     scripts/mod/devicetable-offsets.h
  UPD     scripts/mod/devicetable-offsets.h
  MKELF   scripts/mod/elfconfig.h
  HOSTCC  scripts/mod/modpost.o
  HOSTCC  scripts/mod/file2alias.o
  HOSTCC  scripts/mod/sumversion.o
  CHK     include/generated/timeconst.h
  CC      kernel/bounds.s
  UPD     include/generated/timeconst.h
  CHK     include/generated/bounds.h
  UPD     include/generated/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  HOSTLD  scripts/mod/modpost
make[1]: *** [Makefile:572: scripts] Error 2
make[1]: *** Waiting for unfinished jobs....
  CHK     include/generated/asm-offsets.h
  UPD     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
make: *** [Makefile:264: __build_one_by_one] Error 2

This is due to commit c017c71ce09f ("selinux: include sys/socket.h in
host programs to have PF_MAX") [1] in the kernel interacting poorly
with glibc's commit 38b0593e9a ("Add PF_XDP, AF_XDP and SOL_XDP from
Linux 4.18 to bits/socket.h.") [2]

I am not really sure how this should be fixed or who is at fault but I
didn't see it reported anywhere yet (I assume the kernel) and I feel
more comfortable on the kernel mailing list than other bug trackers so
here we are.

[1]: https://git.kernel.org/linus/c017c71ce09f4c7a5378fccbec6a3d7e96b0c5c2
[2]: https://sourceware.org/git/?p=glibc.git;a=commit;h=38b0593e9a862c3b35392a0f5b202696b8116aa3

Thanks,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ