I am using the configuration file bcmrpi_defconfig, which comes with the kernel source, and that runs fine for the unpatched rpi kernel. The grsecurity patch applies relatively smoothly for rpi-3.11.y, since it is based on 3.11.10, so I only had to manually patch 2 files. The problem is that the RPi does not boot up after applying the patches, note that I did not enable any of the grsecurity features. Here's the output from the serial console:
- Code: Select all
Uncompressing Linux... done, booting the kernel.
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.11.10-grsec (myuser@mynetwork) (gcc version 4.7.3 (crosstool-NG 1.19.0) ) #1 PREEMPT Mon Jul 13 17:10:39 EDT 2015
[ 0.000000] CPU: ARMv6-compatible processor [410fb767] revision 7 (ARMv7), cr=00c5387d
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[ 0.000000] Machine: BCM2708
[ 0.000000] cma: CMA: reserved 16 MiB at 1b000000
[ 0.000000] Memory policy: ECC disabled, Data cache writeback
[ 0.000000] On node 0 totalpages: 114688
[ 0.000000] free_area_init_node: node 0, pgdat c05dee88, node_mem_map c068c000
[ 0.000000] Normal zone: 896 pages used for memmap
[ 0.000000] Normal zone: 0 pages reserved
[ 0.000000] Normal zone: 114688 pages, LIFO batch:31
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 113792
[ 0.000000] Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=416 bcm2708.boardrev=0xe bcm2708.serial=0xdb5134aa smsc95xx.macaddr=B8:27:EB:51:34:AA sdhci-bcm2708.emmc_clock_freq=100000000 vc_mem.mem_base=0x1ec00000 vc_mem.mem_size=0x20000000 dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
[ 0.000000] PID hash table entries: 2048 (order: 1, 8192 bytes)
[ 0.000000] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[ 0.000000] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[ 0.000000] Memory: 431600K/458752K available (4115K kernel code, 230K rwdata, 1344K rodata, 135K init, 688K bss, 27152K reserved)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
[ 0.000000] vmalloc : 0xdc800000 - 0xff000000 ( 552 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xdc000000 ( 448 MB)
[ 0.000000] modules : 0xbf000000 - 0xc0000000 ( 16 MB)
[ 0.000000] .text : 0xc0008000 - 0xc040d14c (4117 kB)
[ 0.000000] .init : 0xc0583000 - 0xc05a4edc ( 136 kB)
[ 0.000000] .data : 0xc05a6000 - 0xc05df990 ( 231 kB)
[ 0.000000] .bss : 0xc05df990 - 0xc068bc48 ( 689 kB)
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Preemptible hierarchical RCU implementation.
[ 0.000000] NR_IRQS:330
[ 0.000000] sched_clock: 32 bits at 1000kHz, resolution 1000ns, wraps every 4294967ms
[ 0.000000] Switching to timer-based delay loop
[ 0.000000] Console: colour dummy device 80x30
[ 0.000000] console [tty1] enabled
[ 0.001265] Calibrating delay loop (skipped), value calculated using timer frequency.. 2.00 BogoMIPS (lpj=10000)
[ 0.001328] pid_max: default: 32768 minimum: 501
[ 0.001900] Mount-cache hash table entries: 512
[ 0.002738] Initializing cgroup subsys devices
[ 0.002799] Initializing cgroup subsys freezer
[ 0.002835] Initializing cgroup subsys blkio
[ 0.002969] CPU: Testing write buffer coherency: ok
[ 0.003417] Setting up static identity map for 0xc040c538 - 0xc040c594
[ 0.005007] devtmpfs: unable to create devtmpfs -14
[ 0.050234] Unable to handle kernel NULL pointer dereference at virtual address 00000080
[ 0.050315] pgd = c0004000
[ 0.050341] [00000080] *pgd=00000000
[ 0.050380] Internal error: Oops: 5 [#1] PREEMPT ARM
[ 0.050411] Modules linked in:
[ 0.050447] CPU: 0 PID: 11 Comm: kdevtmpfs Not tainted 3.11.10-grsec #1
[ 0.050487] task: da870000 ti: da86e000 task.ti: da86e000
[ 0.050538] PC is at __queue_work+0x20/0x284
[ 0.050571] LR is at queue_work_on+0x3c/0x48
[ 0.050603] pc : [<c0032470>] lr : [<c0032724>] psr: 20000193
[ 0.050603] sp : da86fef0 ip : c05da200 fp : 00000000
[ 0.050659] r10: 00000001 r9 : 00000000 r8 : da86e000
[ 0.050691] r7 : 00000000 r6 : c05da208 r5 : 60000193 r4 : 60000113
[ 0.050726] r3 : 60000193 r2 : c05da208 r1 : 00000000 r0 : 00000001
[ 0.050763] Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 0.050804] Control: 00c5387d Table: 00004008 DAC: 00000015
[ 0.050839] Process kdevtmpfs (pid: 11, stack limit = 0xda86e1b0)
[ 0.050873] Stack: (0xda86fef0 to 0xda870000)
[ 0.050910] fee0: da870000 00000000 da86e000 60000113
[ 0.050962] ff00: 60000193 ffffffe1 00000000 da86e000 00000000 c0032724 da82a000 00000000
[ 0.051014] ff20: da870000 c003d9cc fffffff2 c0020a5c e9c0e8c0 00000001 6f6d0153 303d6564
[ 0.051065] ff40: 00353537 00000000 c027e34c da83bf24 00000000 da83bf54 c027e34c 00000000
[ 0.051116] ff60: 00000000 00000000 00000000 c0039914 c08ac1c0 00000000 80a3e0e0 da83bf54
[ 0.051167] ff80: 00000000 da86ff84 da86ff84 00000001 da86ff90 da86ff90 da86ffac da83bf24
[ 0.051218] ffa0: c0039880 00000000 00000000 c000e2b8 00000000 00000000 00000000 00000000
[ 0.051268] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.051318] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 40c0cac0 4080c2a0
[ 0.051386] [<c0032470>] (__queue_work+0x20/0x284) from [<c0032724>] (queue_work_on+0x3c/0x48)
[ 0.051457] [<c0032724>] (queue_work_on+0x3c/0x48) from [<c003d9cc>] (free_nsproxy+0x88/0xa8)
[ 0.051525] [<c003d9cc>] (free_nsproxy+0x88/0xa8) from [<c0020a5c>] (do_exit+0x6ac/0x91c)
[ 0.051598] [<c0020a5c>] (do_exit+0x6ac/0x91c) from [<c0039914>] (kthread+0x94/0xb0)
[ 0.051668] [<c0039914>] (kthread+0x94/0xb0) from [<c000e2b8>] (ret_from_fork+0x14/0x3c)
[ 0.051723] Code: e1a06002 e10f3000 e3130080 0a000047 (e5973080)
[ 0.051817] ---[ end trace da227214a82491b7 ]---
[ 0.051855] Fixing recursive fault but reboot is needed!
[ 0.056124] NET: Registered protocol family 16
[ 0.062066] DMA: preallocated 4096 KiB pool for atomic coherent allocations
[ 0.063174] bcm2708.uart_clock = 0
[ 0.064665] hw-breakpoint: found 6 breakpoint and 1 watchpoint registers.
[ 0.064716] hw-breakpoint: maximum watchpoint size is 4 bytes.
[ 0.064752] mailbox: Broadcom VideoCore Mailbox driver
[ 0.064849] bcm2708_vcio: mailbox at f200b880
[ 0.064971] bcm_power: Broadcom power driver
[ 0.065011] bcm_power_open() -> 0
[ 0.065039] bcm_power_request(0, 8)
[ 0.565725] bcm_mailbox_read -> 00000080, 0
[ 0.565765] bcm_power_request -> 0
[ 0.565792] Serial: AMBA PL011 UART driver
[ 0.565933] dev:f1: ttyAMA0 at MMIO 0x20201000 (irq = 83) is a PL011 rev3
[ 1.162666] console [ttyAMA0] enabled
[ 1.166465] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[ 1.174647] pgd = c0004000
[ 1.177369] [00000008] *pgd=00000000
[ 1.180966] Internal error: Oops: 5 [#2] PREEMPT ARM
[ 1.185940] Modules linked in:
[ 1.189014] CPU: 0 PID: 11 Comm: kdevtmpfs Tainted: G D 3.11.10-grsec #1
[ 1.196604] task: da870000 ti: da86e000 task.ti: da86e000
[ 1.202027] PC is at exit_shm+0x8/0x54
[ 1.205796] LR is at do_exit+0x260/0x91c
[ 1.209732] pc : [<c01f25d4>] lr : [<c0020610>] psr: 60000113
[ 1.209732] sp : da86fc98 ip : 00000000 fp : c05dfb20
[ 1.221229] r10: 00000001 r9 : c0032472 r8 : da86e000
[ 1.226462] r7 : 00000000 r6 : da870000 r5 : da86e000 r4 : 0000000b
[ 1.232999] r3 : 00000000 r2 : da870468 r1 : 00000000 r0 : da870000
[ 1.239538] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 1.246685] Control: 00c5387d Table: 00004008 DAC: 00000015
[ 1.252442] Process kdevtmpfs (pid: 11, stack limit = 0xda86e1b0)
[ 1.258546] Stack: (0xda86fc98 to 0xda870000)
[ 1.262914] fc80: 00000000 0000000b
[ 1.271115] fca0: da86e000 c0020610 c0032472 00000000 c05dfb20 c0401ad8 c04e6a68 da86fcd4
[ 1.279317] fcc0: da86e000 da86fea8 da86e000 0000000b c05ae008 c05b2880 c0032472 00000001
[ 1.287517] fce0: c05dfb20 c0011518 da86e1b0 0000000b 00000000 60000193 00000000 00000008
[ 1.295718] fd00: da86fea8 bf000000 00000000 65000000 36306131 20323030 66303165 30303033
[ 1.303918] fd20: 31336520 38303033 61302030 30303030 28203734 37393565 30383033 da002029
[ 1.312118] fd40: 00000000 00000000 c0515968 00000080 00000000 00000005 da86fea8 00000000
[ 1.320318] fd60: 00000028 da870000 00000000 c0401540 00000080 c040a254 c0046354 000f7cd8
[ 1.328518] fd80: c05dfa90 ffffffff c05a6000 00000002 00000000 c040a5cc 00000000 c00419b8
[ 1.336719] fda0: c0045bb8 c05a601c da870000 00000015 da870000 c05b0f38 da86e000 c05b7be0
[ 1.344920] fdc0: da86fe5c c0406d84 00013880 00000000 00013880 c00457d0 004d50f8 00000000
[ 1.353120] fde0: 00000005 00000005 c040a460 c05b34e4 00000080 da86fea8 00000000 00000001
[ 1.361321] fe00: 00000000 c000836c c05b7c28 da83a01c da870000 00000015 da870000 da848000
[ 1.369523] fe20: da86e000 c05b7be0 da86fec4 c0406d84 00000001 c040f49c da870000 7fffffff
[ 1.377723] fe40: 00000002 c0407220 c05ae008 da86ff14 00000000 00000000 da86ff04 c0405370
[ 1.385923] fe60: da86fe8c c004231c 00000000 00000001 c05d15a8 00000001 c05d15b4 00000000
[ 1.394124] fe80: c0042330 00000003 da86febc c0041330 c0032470 20000193 ffffffff da86fedc
[ 1.402324] fea0: da86e000 c0408a98 00000001 00000000 c05da208 60000193 60000113 60000193
[ 1.410524] fec0: c05da208 00000000 da86e000 00000000 00000001 00000000 c05da200 da86fef0
[ 1.418725] fee0: c0032724 c0032470 20000193 ffffffff da870000 00000000 da86e000 60000113
[ 1.426925] ff00: 60000193 ffffffe1 00000000 da86e000 00000000 c0032724 da82a000 00000000
[ 1.435126] ff20: da870000 c003d9cc fffffff2 c0020a5c e9c0e8c0 00000001 6f6d0153 303d6564
[ 1.443327] ff40: 00353537 00000000 c027e34c da83bf24 00000000 da83bf54 c027e34c 00000000
[ 1.451527] ff60: 00000000 00000000 00000000 c0039914 c08ac1c0 00000000 80a3e0e0 da83bf54
[ 1.459727] ff80: 00000000 da86ff84 da86ff84 00000001 da86ff90 da86ff90 da86ffac da83bf24
[ 1.467926] ffa0: c0039880 00000000 00000000 c000e2b8 00000000 00000000 00000000 00000000
[ 1.476125] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 1.484325] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 40c0cac0 4080c2a0
[ 1.492543] [<c01f25d4>] (exit_shm+0x8/0x54) from [<c0020610>] (do_exit+0x260/0x91c)
[ 1.500331] [<c0020610>] (do_exit+0x260/0x91c) from [<c0011518>] (die+0x338/0x394)
[ 1.507951] [<c0011518>] (die+0x338/0x394) from [<c0401540>] (__do_kernel_fault.part.9+0x54/0x74)
[ 1.516877] [<c0401540>] (__do_kernel_fault.part.9+0x54/0x74) from [<c040a254>] (do_page_fault+0x1dc/0x3e8)
[ 1.526656] [<c040a254>] (do_page_fault+0x1dc/0x3e8) from [<c000836c>] (do_DataAbort+0x34/0x98)
[ 1.535386] [<c000836c>] (do_DataAbort+0x34/0x98) from [<c0408a98>] (__dabt_svc+0x38/0x60)
[ 1.543668] Exception stack(0xda86fea8 to 0xda86fef0)
[ 1.548734] fea0: 00000001 00000000 c05da208 60000193 60000113 60000193
[ 1.556935] fec0: c05da208 00000000 da86e000 00000000 00000001 00000000 c05da200 da86fef0
[ 1.565131] fee0: c0032724 c0032470 20000193 ffffffff
[ 1.570209] [<c0408a98>] (__dabt_svc+0x38/0x60) from [<c0032470>] (__queue_work+0x20/0x284)
[ 1.578591] [<c0032470>] (__queue_work+0x20/0x284) from [<c0032724>] (queue_work_on+0x3c/0x48)
[ 1.587241] [<c0032724>] (queue_work_on+0x3c/0x48) from [<c003d9cc>] (free_nsproxy+0x88/0xa8)
[ 1.595801] [<c003d9cc>] (free_nsproxy+0x88/0xa8) from [<c0020a5c>] (do_exit+0x6ac/0x91c)
[ 1.604023] [<c0020a5c>] (do_exit+0x6ac/0x91c) from [<c0039914>] (kthread+0x94/0xb0)
[ 1.611804] [<c0039914>] (kthread+0x94/0xb0) from [<c000e2b8>] (ret_from_fork+0x14/0x3c)
[ 1.619920] Code: eaf92c7e c01f24b8 e92d4038 e5903374 (e5934008)
[ 1.626074] ---[ end trace da227214a82491b8 ]---
[ 1.630710] Fixing recursive fault but reboot is needed!
I have looked at two threads on this forum which seem to be related to this, but they did not provide enough details for me to solve the problem. The same error appears for the other versions I have mentioned, and regardless of whether I was using Raspberry Pi B, B+, or 2. I hope that someone who has successfully booted the RPi with grsecurity can help. Feel free to ask for more details if what I wrote so far is lacking in depth.
Thanks for reading.