New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable fortify and stackprotector hardening for spl/zfs. #42654
Conversation
Linux 4.16 introduces a stackprotector detection script that returns different results for the kernel compilation run and the spl/zfs compilation run, as the setting for hardening are different. This results in a broken ABI between spl/zfs and the compiled kernel, breaking ZFS. Also disabling the fortify and stackprotector hardening, as we do for the kernel, fixes that. (cherry picked from commit 43a737b)
@GrahamcOfBorg build kernelPackages.zfs |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: kernelPackages.zfs Partial log (click to expand)
|
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: kernelPackages.zfs Partial log (click to expand)
|
No attempt on x86_64-linux (full log) The following builds were skipped because they don't evaluate on x86_64-linux: kernelPackages.zfs Partial log (click to expand)
|
@GrahamcOfBorg build linuxPackages.zfs |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: linuxPackages.zfs Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: linuxPackages.zfs Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: linuxPackages.zfs Partial log (click to expand)
|
Linux 4.16 introduces a stackprotector detection script that returns
different results for the kernel compilation run and the spl/zfs
compilation run, as the setting for hardening are different. This
results in a broken ABI between spl/zfs and the compiled kernel,
breaking ZFS. Also disabling the fortify and stackprotector hardening,
as we do for the kernel, fixes that.
(cherry picked from commit 43a737b)
Motivation for this change
#39225
Things done
Running this on my 4.16 machine for two days.
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)