grsecurity forums

Skip to content

pppd at start up cause kernel panic

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

pppd at start up cause kernel panic

Postby Energ » Sun Feb 06, 2005 2:18 pm

I have no idea if that grsecurity related, but it seems so.
About system: gentoo on hardened-2.4.28-r4 with grsec rbac and pax enabled. gcc (GCC) 3.3.5 (Gentoo Hardened Linux 3.3.5-r1, ssp-3.3.2-3, pie-8.7.7.1). pppd-2.4.3.

Code: Select all
# Grsecurity
CONFIG_GRKERNSEC=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_SHA256=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# PaX Control
#
# CONFIG_GRKERNSEC_PAX_SOFTMODE is not set
CONFIG_GRKERNSEC_PAX_EI_PAX=y
CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS=y
CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y
# CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set

#
# Address Space Protection
#
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_PAGEEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
CONFIG_GRKERNSEC_PAX_EMUTRAMP=y
CONFIG_GRKERNSEC_PAX_EMUSIGRT=y
CONFIG_GRKERNSEC_PAX_MPROTECT=y
# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set
CONFIG_GRKERNSEC_PAX_ASLR=y
CONFIG_GRKERNSEC_PAX_RANDKSTACK=y
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_PAX_RANDEXEC=y
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
# CONFIG_GRKERNSEC_BRUTE is not set
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_BRUTE is not set
CONFIG_GRKERNSEC_HIDESYM=y

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
# CONFIG_GRKERNSEC_LINK is not set
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
# CONFIG_GRKERNSEC_TIME is not set
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDISN=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y

#
# Logging options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4


If pptp client starts on boot, it cause kernel panic. If pptp starts manually it also crash kernel. Here the list of panic message that i could get.
Code: Select all
Unable to handle kernel NULL pointer deferences at virtual address 000000c0
*pgd = d759b910000000
*pmd = d759b910000000
OOPS: 0000
CPU: 0000
EIP: 0010: [<c0226089>] Not tainted
EFLAGS: 00010216
... (lots of numbers)
Process pppd (pid:28537, stackpage = d79d1000)
Stack ... (lots of numbers)
Call trace ... (lots of numbers)
Code: 2b 82 c0 00 00 00 c1 f8 02 69 ... (etc)
Kernel panic: Aiee, killing interrupt handler!
Interrupt handler - not syncing.


One strange thing: i have cron jobs, that checks my vpn connection status every 5 minute. If pptp client starts from there, everthing is all right, no panic.
Any ideas?
Energ
 
Posts: 9
Joined: Thu Jul 29, 2004 8:29 am
Top

Re: pppd at start up cause kernel panic

Postby PaX Team » Sun Feb 06, 2005 5:55 pm

Energ wrote:I have no idea if that grsecurity related, but it seems so.
About system: gentoo on hardened-2.4.28-r4 with grsec rbac and pax enabled. gcc (GCC) 3.3.5 (Gentoo Hardened Linux 3.3.5-r1, ssp-3.3.2-3, pie-8.7.7.1). pppd-2.4.3.
first, if possible try out vanilla linux + grsecurity alone and see if the problem reproduces. and you should try 2.4.29 +latest grsec as well.
CONFIG_GRKERNSEC_PAX_EMUSIGRT=y
i think you don't need this on gentoo ;-).
EIP: 0010: [<c0226089>] Not tainted
EFLAGS: 00010216
... (lots of numbers)
we'll need these numbers.
Process pppd (pid:28537, stackpage = d79d1000)
Stack ... (lots of numbers)
Call trace ... (lots of numbers)
these too. best is to run the oops message through ksymoops and post its output.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Postby Energ » Mon Feb 07, 2005 9:20 am

Ok. CONFIG_GRKERNSEC_PAX_EMUSIGRT turned off.
Here the full oops and ksymoops output:

Code: Select all
Unable to handle kernel NULL pointer deferences at virtual address 000000c0
*pgd = 0000000000000000
OOPS: 0000
CPU: 0000
EIP: 0010: [<c0225fb9>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010216
eax: c14382a8   ebx: 00000028     ecx: 00000b00       edx:00000000
esi: 00000028   edi: c14382a8     ebp: d109b5ac       esp:cad09cc0
ds: 0018        es: 0018       ss: 0018
Process pppd (pid: 8974, stackpage=cad09000)
Stack:  d109b5ac ce39c4e8 00000010 00000000 cad08000 00000000 00000010 00000001
        cad09e10 ce39c4f8  d88c7145 d109b580 cad 09cf8 00000001 c0212af0 c14382a8
        00000b00 01d09d50 00000028 c0315450 00540010 c0214c6d c0315450 000001f6
Call trace:  [<d88c7145>] [<c0212af0>] [<c0214c6d>] [<d88ca15a>] [<d88c72ba>]
[<c022f680>] [<c022da14>] [<c022cf48>] [<c022f680>] [<c027add4>] [<d88ca15a>]
[<d88c79c6>] [<d88c7a36>] [<c01fb5b4>] [<c01f9703>] [<c0160384>] [<c01f9349>]
[<c01f843f>] [<c01791c3>] [<c01451f3>] [<c014520d>]
Code: 2b 82 c0 00 00 00 c1 f8 02 69 c0 a3 8b 2e ba c1 e0 0c 03 82


>>EIP; c0225fb9 <update+79/100>   <=====

>>eax; c14382a8 <_end+10dc1d0/18523f88>
>>edi; c14382a8 <_end+10dc1d0/18523f88>
>>ebp; d109b5ac <_end+10d3f4d4/18523f88>
>>esp; cad09cc0 <_end+a9adbe8/18523f88>
Trace; d88c7145 <.data.end+6aee/????>
Trace; c0212af0 <ide_dma_intr+0/c0>
Trace; c0214c6d <__ide_do_rw_disk+33d/660>
Trace; d88ca15a <END_OF_CODE+9b03/????>
Trace; d88c72ba <.data.end+6c63/????>
Trace; c022f680 <memcpy_fromiovec+40/70>
Trace; c022da14 <alloc_skb+b4/1c0>
Trace; c022cf48 <sock_alloc_send_pskb+b8/1b0>
Trace; c022f680 <memcpy_fromiovec+40/70>
Trace; c027add4 <unix_dgram_sendmsg+334/3e0>
Trace; d88ca15a <END_OF_CODE+9b03/????>
Trace; d88c79c6 <.data.end+736f/????>
Trace; d88c7a36 <.data.end+73df/????>
Trace; c01fb5b4 <ppp_ccp_peek+124/1b0>
Trace; c01f9703 <ppp_send_frame+353/5b0>
Trace; c0160384 <do_sigaction+e4/120>
Trace; c01f9349 <ppp_xmit_process+99/100>
Trace; c01f843f <ppp_write+10f/140>
Trace; c01791c3 <sys_write+a3/140>
Trace; c01451f3 <system_call+33/50>
Trace; c014520d <system_call+4d/50>

Code;  c0225fb9 <update+79/100>
00000000 <_EIP>:
Code;  c0225fb9 <update+79/100>   <=====
   0:   2b 82 c0 00 00 00         sub    0xc0(%edx),%eax   <=====
Code;  c0225fbf <update+7f/100>
   6:   c1 f8 02                  sar    $0x2,%eax
Code;  c0225fc2 <update+82/100>
   9:   69 c0 a3 8b 2e ba         imul   $0xba2e8ba3,%eax,%eax
Code;  c0225fc8 <update+88/100>
   f:   c1 e0 0c                  shl    $0xc,%eax
Code;  c0225fcb <update+8b/100>
  12:   03 82 00 00 00 00         add    0x0(%edx),%eax

<0>Kernel panic: Aiee, killing interrupt handler!

1 warning issued.  Results may not be reliable.


I already solved my problem. I have changed gcc profile from hardend to vanilla and rebuild pppd. Oops is gone now.

Your commets and conclusions about that?
Energ
 
Posts: 9
Joined: Thu Jul 29, 2004 8:29 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group