[6.11-hardened kernel] CONFIG_RANDSTRUCT patch not working for me on NixOS

[cawilliamson]

System information

Type	Version/Name
Distribution Name	NixOS
Distribution Version	24.11 (Vicuna)
Kernel Version	6.11-hardened1
Architecture	x86_64
OpenZFS Version	2.3.0-rc3

Describe the problem you're observing

I am trying to upgrade my system from a v6.6 hardened kernel to a v6.11 hardened kernel and it didn't mount my ZFS partitions after reboot. Some problem with loading the module - OK, let's investigate!

So I looked into the issue and found this fix: #16805 - that would make sense since my kernel config does indeed use that option. So I applied that fix, recompiled and rebooted and... exact same result!

The compilation DID succeed with that patch in place but the outcome remains sadly the same and I have no idea where to look next.

My relevant NixOS config is:

boot = {
  kernelPackages = pkgs.linuxPackages_6_11_hardened;
  supportedFilesystems = [ "zfs" ];
  zfs.package = pkgs.zfs_unstable.overrideAttrs (oldAttrs: rec {
    patches = (oldAttrs.patches or []) ++ [
      (pkgs.fetchpatch {
        url = "https://patch-diff.githubusercontent.com/raw/openzfs/zfs/pull/16805.diff";
        sha256 = "sha256-GA8hwHwEZgVmF0LIWXYM2FzWBdxhh6OCX9QywEbqW8Q=";
      })
    ];
  });
};

This is obviously very Nix specific but essentially it is pulling the diff from the patch listed above, applying it and then compiling v2.3.0-rc3 with that additional patch.

Describe how to reproduce the problem

1. Add the above to your kernel config on an existing working install of NixOS
2. Rebuild (nixos-rebuild switch)
3. Reboot
4. Observe the very unwelcome "sysctl table check failed: kernel/spl/(null) No proc_handler" messages spamming your screen whilst the zfs module fails to load successfully.

[IvanVolosyuk]

Did you run ./autogen.sh after applying the patch? The change is only used when run ./autogen.sh before ./configure as it changes the configure script itself.

[cawilliamson]

Did you run ./autogen.sh after applying the patch? The change is only used when run ./autogen.sh before ./configure as it changes the configure script itself.

That is likely the problem to be honest - I'll invesigate and report back.

[qubitnano]

That only triggers a rebuild of the userland tools, try this:

  boot = {
    kernelPackages = pkgs.linuxPackages_6_11_hardened;
    supportedFilesystems = [ "zfs" ];
    zfs.package = pkgs.zfs_unstable.overrideAttrs (oldAttrs: {
      patches = (oldAttrs.patches or [ ]) ++ [
        (pkgs.fetchpatch {
          url = "https://patch-diff.githubusercontent.com/raw/openzfs/zfs/pull/16805.diff";
          hash = "sha256-GA8hwHwEZgVmF0LIWXYM2FzWBdxhh6OCX9QywEbqW8Q=";
        })
      ];
    });
    zfs.modulePackage = config.boot.kernelPackages.zfs_unstable.overrideAttrs (oldAttrs: {
      patches = (oldAttrs.patches or [ ]) ++ [
        (pkgs.fetchpatch {
          url = "https://patch-diff.githubusercontent.com/raw/openzfs/zfs/pull/16805.diff";
          hash = "sha256-GA8hwHwEZgVmF0LIWXYM2FzWBdxhh6OCX9QywEbqW8Q=";
        })
      ];
    });
  };

[AllKind]

This was just posted in another already closed thread: #16847 (comment)