~/Code/Linux514 master*
$ makepkg -s
==> Making package: linux514 5.14.0-0 (Wed 01 Sep 2021 11:49:57 BST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found linux-5.14.tar.xz
-> Found config
-> Found config.anbox
-> Found 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
-> Found 0002-HID-quirks-Add-Apple-Magic-Trackpad-2-to-hid_have_special_driver-list.patch
-> Found 0101-i2c-nuvoton-nc677x-hwmon-driver.patch
-> Found 0102-iomap-iomap_bmap-should-accept-unwritten-maps.patch
-> Found 0104-revert-xhci-Add-support-for-Renesas-controller-with-memory.patch
-> Found 0107-quirk-kernel-org-bug-210681-firmware_rome_error.patch
-> Found 0302-lenovo-wmi2.patch
-> Found 0401-revert-fbcon-remove-now-unusued-softback_lines-cursor-argument.patch
-> Found 0402-revert-fbcon-remove-no-op-fbcon_set_origin.patch
-> Found 0403-revert-fbcon-remove-soft-scrollback-code.patch
-> Found 0501-bootsplash.patch
-> Found 0502-bootsplash.patch
-> Found 0503-bootsplash.patch
-> Found 0504-bootsplash.patch
-> Found 0505-bootsplash.patch
-> Found 0506-bootsplash.patch
-> Found 0507-bootsplash.patch
-> Found 0508-bootsplash.patch
-> Found 0509-bootsplash.patch
-> Found 0510-bootsplash.patch
-> Found 0511-bootsplash.patch
-> Found 0512-bootsplash.patch
-> Found 0513-bootsplash.gitpatch
-> Found 0600-iwlwifi-xander.patch
==> Validating source files with sha256sums...
linux-5.14.tar.xz ... Passed
config ... Passed
config.anbox ... Passed
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch ... Passed
0002-HID-quirks-Add-Apple-Magic-Trackpad-2-to-hid_have_special_driver-list.patch ... Passed
0101-i2c-nuvoton-nc677x-hwmon-driver.patch ... Passed
0102-iomap-iomap_bmap-should-accept-unwritten-maps.patch ... Passed
0104-revert-xhci-Add-support-for-Renesas-controller-with-memory.patch ... Passed
0107-quirk-kernel-org-bug-210681-firmware_rome_error.patch ... Passed
0302-lenovo-wmi2.patch ... Passed
0401-revert-fbcon-remove-now-unusued-softback_lines-cursor-argument.patch ... Passed
0402-revert-fbcon-remove-no-op-fbcon_set_origin.patch ... Passed
0403-revert-fbcon-remove-soft-scrollback-code.patch ... Passed
0501-bootsplash.patch ... Passed
0502-bootsplash.patch ... Passed
0503-bootsplash.patch ... Passed
0504-bootsplash.patch ... Passed
0505-bootsplash.patch ... Passed
0506-bootsplash.patch ... Passed
0507-bootsplash.patch ... Passed
0508-bootsplash.patch ... Passed
0509-bootsplash.patch ... Passed
0510-bootsplash.patch ... Passed
0511-bootsplash.patch ... Passed
0512-bootsplash.patch ... Passed
0513-bootsplash.gitpatch ... Passed
0600-iwlwifi-xander.patch ... Passed
==> Extracting sources...
-> Extracting linux-5.14.tar.xz with bsdtar
==> Starting prepare()...
-> Applying patch: 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch...
patching file include/linux/sysctl.h
patching file init/Kconfig
Hunk #1 succeeded at 1198 (offset 107 lines).
patching file kernel/fork.c
Hunk #1 succeeded at 108 (offset 2 lines).
Hunk #2 succeeded at 1881 (offset 88 lines).
Hunk #3 succeeded at 2989 (offset 161 lines).
patching file kernel/sysctl.c
Hunk #1 succeeded at 1908 (offset 1363 lines).
patching file kernel/user_namespace.c
-> Applying patch: 0002-HID-quirks-Add-Apple-Magic-Trackpad-2-to-hid_have_special_driver-list.patch...
patching file drivers/hid/hid-quirks.c
Hunk #1 succeeded at 481 (offset 3 lines).
-> Applying patch: 0101-i2c-nuvoton-nc677x-hwmon-driver.patch...
patching file drivers/i2c/busses/Kconfig
Hunk #1 succeeded at 219 (offset 2 lines).
patching file drivers/i2c/busses/Makefile
The next patch would create the file drivers/i2c/busses/i2c-nct6775.c,
which already exists! Skipping patch.
1 out of 1 hunk ignored
patching file drivers/i2c/busses/i2c-piix4.c
==> ERROR: A failure occurred in prepare().
Aborting...
Either you didn’t clean the build folders pkg/ and src/ in the PKGBUILD’s folder, or one of the patches no longer works.
What do you mean clean the build folders? Is that a command?
I mean, after a failed build, the build folders (src/ and pkg/) will still be present, containing the already patched files. So applying patches again can fail because it sees it as already existing.
To clean those out, run this command from the folder containing the PKGBUILD.
sudo rm -rf src/ pkg/
After that, you should be able to build it, if all the patches work.
makepkg -Cf
will also do the job as it cleans the src
dir before starting to build the package.
But in case of the 5.14
kernel package, the fun begins afterwards
For good reasons, in kernel 5.14
, CONFIG_FORTIFY_SOURCE
has been enabled.
This performs a few basic checks for possible buffer overflows for memset()
, memmove()
or memcpy()
calls.
Unfortunately, these checks are indeed very basic:
__FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
{
size_t p_size = __builtin_object_size(p, 0);
if (__builtin_constant_p(size) && p_size < size)
__write_overflow();
if (p_size < size)
fortify_panic(__func__);
return __builtin_memset(p, c, size);
}
__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
{
size_t p_size = __builtin_object_size(p, 0);
size_t q_size = __builtin_object_size(q, 0);
if (__builtin_constant_p(size)) {
if (p_size < size)
__write_overflow();
if (q_size < size)
__read_overflow2();
}
if (p_size < size || q_size < size)
fortify_panic(__func__);
return __builtin_memcpy(p, q, size);
}
__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
{
size_t p_size = __builtin_object_size(p, 0);
size_t q_size = __builtin_object_size(q, 0);
if (__builtin_constant_p(size)) {
if (p_size < size)
__write_overflow();
if (q_size < size)
__read_overflow2();
}
if (p_size < size || q_size < size)
fortify_panic(__func__);
return __builtin_memmove(p, q, size);
If I understand correctly, this checks the object sizes for the first parameter passed to memset()
, memmove()
or memcpy()
, against the amount of bytes to be handled by the commands.
Unfortunately, if you have a call like
MyObject op;
memset(&op, 0, sizeof(MyObject));
the buffer overflow protection will be triggered (i.e., compiling stops) because here, sizeof(&op)
is compared to sizeof(MyObject)
.
In other words, the check compares the size of the pointer to MyObject
with MyObject
's real size, which, of course, fails.
Unfortunately, I am currently not aware on how to handle this situation, hence, the only option will be
CONFIG_FORTIFY_SOURCE=n
which is, of course, not optimal from a security perspective.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.