[DRBD-user] Bug: section type conflict (drbd 8.4 / gcc 4.8.2)

Mark van Dijk meuk+drbd at dvxs.net
Thu Apr 24 17:37:40 CEST 2014

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


>> When trying to compile drbd 8.4 using gcc 4.8.2, the following problem
>> occurs. As I have no idea to fix it I hope you can help me.
> You seem to suspect gcc version incompatibility,
> or why do you list the compiler version?
> Does it work with a different compiler version?
> If so, which platform (OS) are you on,
> and is this the "default" compiler there,
> or where did you optain it?

Why did I list the compiler version, I don't really know, just a habit I
suppose. I'm sorry, I'm not at all familiar with coding. This GCC
version is the default on Funtoo (Gentoo fork).

> Which DRBD git hash do you try to compile?
> Against which kernel do you try to compile?

Today I tried to compile hash 3c1f46cb against kernel 3.13.9-hardened.
This is a grsec enabled kernel. I enabled most of the grsec options and
figured to disable options one by one when something breaks.

In the case of drbd, I found that its compilation fails when
CONFIG_PAX_CONSTIFY_PLUGIN is enabled. Disabling this option allows the
module to compile succesfully. So I will keep it disabled.

In case it is helpful here is the description for

By saying Y here the compiler will automatically constify a class
of types that contain only function pointers.  This reduces the
kernel's attack surface and also produces a better memory layout.

Note that the implementation requires a gcc with plugin support,
i.e., gcc 4.5 or newer.  You may need to install the supporting
headers explicitly in addition to the normal gcc package.

Note that if some code really has to modify constified variables
then the source code will have to be patched to allow it.  Examples
can be found in PaX itself (the no_const attribute) and for some
out-of-tree modules at http://www.grsecurity.net/~paxguy1/ .

As it sounds like this grsec option is useful to decrease attack
vectors, are you inclined to support this kernel option some day? Or is
it too exotic? Please let me know.

Much obliged,

More information about the drbd-user mailing list