用的gentoo-hardened的内核,结果安装nvidia的显卡驱动,编译内核的时候报错,错误如下:
/tmp/selfgz22986/NVIDIA-Linux-x86-280.13/kernel/nv-procfs.c: In function 'nv_register_procfs':
/tmp/selfgz22986/NVIDIA-Linux-x86-280.13/kernel/nv-procfs.c:710:5: error: assignment of read-only variable 'nv_procfs_registry_fops'
/tmp/selfgz22986/NVIDIA-Linux-x86-280.13/kernel/nv-procfs.c:711:5: error: assignment of read-only variable 'nv_procfs_registry_fops'
但察看代码,nv_procfs_registry_fops就是一个很普通的静态外部变量啊!在nv_register_procfs里面修改了下read和write的值
static struct file_operations nv_procfs_registry_fops = {
.open = nv_procfs_open_registry,
.release = nv_procfs_close_registry,
};
int nv_register_procfs(void)
{
...................
/*
* entry->proc_fops originally points to a constant
* structure, so to add more methods for the
* binary registry write path, we need to replace the
* said entry->proc_fops with a new fops structure.
* However, in preparation for this, we need to preserve
* the procfs read() and write() operations.
*/
nv_procfs_registry_fops.read = entry->proc_fops->read;
nv_procfs_registry_fops.write = entry->proc_fops->write;
..................
}
开始觉得很奇怪,这也不行的话,那C语言不就用不了了啊!
后来在网上搜到这个
http://forums.grsecurity.net/viewtopic.php?t=2716&p=11009
是PAX的错,里面给了一个补丁,主要就是在改写 nv_procfs_registry_fops的前后加了pax_open_kernel和pax_close_kernel。
补丁主要内容如下:
- nv_procfs_registry_fops.read = entry->proc_fops->read;
- nv_procfs_registry_fops.write = entry->proc_fops->write;
+ pax_open_kernel();
+ *(void **)&nv_procfs_registry_fops.read = entry->proc_fops->read;
+ *(void **)&nv_procfs_registry_fops.write = entry->proc_fops->write;
+ pax_close_kernel();