[WireGuard] Error building against grsec-enabled kernel

Toke Høiland-Jørgensen toke at toke.dk
Wed Oct 19 18:07:37 CEST 2016


Toke Høiland-Jørgensen <toke at toke.dk> writes:

> Toke Høiland-Jørgensen <toke at toke.dk> writes:
>
>> I'm getting build errors when building WireGuard against a grsec-enabled
>> kernel (on Arch linux):
>>
>> DKMS make.log for wireguard-0.0.20161014 for kernel 4.7.8.201610161720-1-grsec (x86_64)
>> Wed 19 Oct 14:59:25 CEST 2016
>> make: Entering directory '/usr/lib/modules/4.7.8.201610161720-1-grsec/build'
>>   LD      /var/lib/dkms/wireguard/0.0.20161014/build/built-in.o
>>   CC [M]  /var/lib/dkms/wireguard/0.0.20161014/build/main.o
>> /var/lib/dkms/wireguard/0.0.20161014/build/main.o: warning: objtool: mod_exit(): can't find starting instruction
>>   CC [M]  /var/lib/dkms/wireguard/0.0.20161014/build/noise.o
>>   CC [M]  /var/lib/dkms/wireguard/0.0.20161014/build/device.o
>> /var/lib/dkms/wireguard/0.0.20161014/build/device.c:330:29: error: constified variable ‘link_ops’ placed into writable section ".data..read_mostly"
>>  static struct rtnl_link_ops link_ops __read_mostly = {
>>                              ^~~~~~~~
>> make[1]: *** [scripts/Makefile.build:290: /var/lib/dkms/wireguard/0.0.20161014/build/device.o] Error 1
>> make: *** [Makefile:1465: _module_/var/lib/dkms/wireguard/0.0.20161014/build] Error 2
>> make: Leaving directory '/usr/lib/modules/4.7.8.201610161720-1-grsec/build'
>>
>> Any idea how to fix this?
>
> OK, so turns out just getting rid of the __read_mostly fixes things.
> This could conceivably be conditioned on CONSTIFY_PLUGIN in the upstream
> source? :)

... but though I managed to get it to build, there's an overflow
somewhere in the RX path with causes PAX to kill the interrupt handler
(and thus crash the kernel). Don't have a backtrace, sorry :(

-Toke


More information about the WireGuard mailing list