grsecurity forums

Hi there.

Getting an oops trying to boot 2.6.17.3 with grsec on an x86_64 system.
Any ideas and help would be greately appreciated.

THanks!


[ 0.000000] Bootdata ok (command line is root=/dev/md0 ro console=tty0 console=ttyS0,115200n8 idle=poll)
[ 0.000000] Linux version 2.6.17.3-grsec (root@anarxi.st) (gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu5)) #2 SMP Mon Jul 3 14:45:49 CEST 2006
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: 0000000000000000 - 0000000000097800 (usable)
[ 0.000000] BIOS-e820: 0000000000097800 - 00000000000a0000 (reserved)
[ 0.000000] BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
[ 0.000000] BIOS-e820: 0000000000100000 - 00000000dfee0000 (usable)
[ 0.000000] BIOS-e820: 00000000dfee0000 - 00000000dfee3000 (ACPI NVS)
[ 0.000000] BIOS-e820: 00000000dfee3000 - 00000000dfef0000 (ACPI data)
[ 0.000000] BIOS-e820: 00000000dfef0000 - 00000000dff00000 (reserved)
[ 0.000000] BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
[ 0.000000] BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
[ 0.000000] BIOS-e820: 0000000100000000 - 0000000120000000 (usable)
[ 0.000000] DMI 2.2 present.
[ 0.000000] Intel MultiProcessor Specification v1.4
[ 0.000000] Virtual Wire compatibility mode.
[ 0.000000] OEM ID: OEM00000 Product ID: PROD00000000 APIC at: 0xFEE00000
[ 0.000000] Processor #0 15:11 APIC version 17
[ 0.000000] Processor #1 15:11 APIC version 17
[ 0.000000] I/O APIC #2 Version 17 at 0xFEC00000.
[ 0.000000] Setting APIC routing to flat
[ 0.000000] Processors: 2
[ 0.000000] Allocating PCI resources starting at f1000000 (gap: f0000000:ec00000)
[ 0.000000] Checking aperture...
[ 0.000000] CPU 0: aperture @ 8000000 size 32 MB
[ 0.000000] Aperture from northbridge cpu 0 too small (32 MB)
[ 0.000000] No AGP bridge found
[ 0.000000] Your BIOS doesn't leave a aperture memory hole
[ 0.000000] Please enable the IOMMU option in the BIOS setup
[ 0.000000] This costs you 64 MB of RAM
[ 0.000000] Mapping aperture over 65536 KB of RAM @ 8000000
[ 0.000000] Built 1 zonelists
[ 0.000000] Kernel command line: root=/dev/md0 ro console=tty0 console=ttyS0,115200n8 idle=poll
[ 0.000000] using polling idle threads.
[ 0.000000] Initializing CPU#0
[ 0.000000] PID hash table entries: 4096 (order: 12, 32768 bytes)
[ 0.000000] time.c: Using 1.193182 MHz WALL PIT GTOD PIT/TSC timer.
[ 0.000000] time.c: Detected 2009.275 MHz processor.
[ 26.104719] Console: colour VGA+ 80x25
[ 26.324935] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
[ 26.335942] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
[ 26.385397] Memory: 4051304k/4718592k available (1822k kernel code, 141012k reserved, 987k data, 160k init)
[ 26.540487] Calibrating delay using timer specific routine.. 4023.05 BogoMIPS (lpj=20115268)
[ 26.549028] Mount-cache hash table entries: 256
[ 26.553682] CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
[ 26.560845] CPU: L2 Cache: 512K (64 bytes/line)
[ 26.565486] ExtINT not setup in hardware but reported by MP table
[ 26.571694] Using IO-APIC 2
[ 26.674679] ..MP-BIOS bug: 8254 timer not connected to IO-APIC
[ 26.780506] Using local APIC timer interrupts.
[ 26.834683] result 12557967
[ 26.837507] Detected 12.557 MHz APIC timer.
[ 26.850183] Booting processor 1/2 APIC 0x1
[ 26.864255] Initializing CPU#1
[ 27.009597] Calibrating delay using timer specific routine.. 4018.63 BogoMIPS (lpj=20093157)
[ 27.009604] CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
[ 27.009606] CPU: L2 Cache: 512K (64 bytes/line)
[ 27.009680] AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ stepping 01
[ 27.019587] CPU 1: Syncing TSC to CPU 0.
[ 27.019987] CPU 1: synchronized TSC with CPU 0 (last diff 0 cycles, maxerr 547 cycles)
[ 27.019991] Brought up 2 CPUs
[ 27.064714] testing NMI watchdog ... OK.
[ 28.118218] migration_cost=184
[ 28.121726] NET: Registered protocol family 16
[ 28.126221] PCI: Using configuration type 1
[ 28.130476] Unable to handle kernel NULL pointer dereference at 0000000000000280 RIP:
[ 28.135973] [<ffffffff80312dde>]
[ 28.141798] PGD 0
[ 28.143882] Oops: 0000 [1] SMP
[ 28.147128] CPU 0
[ 28.149209] Modules linked in:
[ 28.152332] Pid: 10, comm: khelper Not tainted 2.6.17.3-grsec #2
[ 28.158362] RIP: 0010:[<ffffffff80312dde>] [<ffffffff80312dde>]
[ 28.164158] RSP: 0000:ffff81011f6b1ea8 EFLAGS: 00010046
[ 28.169718] RAX: ffff81011fc668c0 RBX: ffff81011fc66790 RCX: ffff81011fc67650
[ 28.176872] RDX: ffff81011fc67650 RSI: 0000000000000030 RDI: 0000000000000000
[ 28.184028] RBP: ffff81011fc66790 R08: ffff81011fc442e8 R09: ffff81011fc442d8
[ 28.191184] R10: ffff81011fc442d8 R11: 0000000000000002 R12: ffff81011f6b3180
[ 28.198338] R13: 0000000000000000 R14: ffff81011fc668b0 R15: ffffffff8028157b
[ 28.205494] FS: 0000000000000000(0000) GS:ffffffff8053b000(0000) knlGS:0000000000000000
[ 28.213616] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 28.219386] CR2: 0000000000000280 CR3: 0000000000201000 CR4: 00000000000006e0
[ 28.226541] Process khelper (pid: 10, threadinfo ffff81011f6b0000, task ffff81011fc66790)
[ 28.234746] Stack: ffff81011fc442d8 ffffffff80312fa4 ffff81011fc44080 ffffffff802160b1
[ 28.242754] 0000000000000020 ffff81011f6b1ef8 ffff81011fc66790 0000000000000020
[ 28.250986] ffff81011fc3f4b0 ffffffff8021444d
[ 28.256179] Call Trace: [<ffffffff80312fa4>] [<ffffffff802160b1>]
[ 28.262488] [<ffffffff8021444d>] [<ffffffff8028157b>] [<ffffffff802818c2>]
[ 28.270237] [<ffffffff80257c5e>] [<ffffffff8028157b>] [<ffffffff80281803>]
[ 28.277984] [<ffffffff80257c56>]
[ 28.282147]
[ 28.282148] Code: 44 8b 97 80 02 00 00 44 8b 8f 7c 02 00 00 44 8b 87 84 02 00
[ 28.291725] RIP [<ffffffff80312dde>] RSP <ffff81011f6b1ea8>
[ 28.297400] CR2: 0000000000000280
[ 28.300743] <1>Fixing recursive fault but reboot is needed!
[ 34.166615] NMI Watchdog detected LOCKUP on CPU 1
[ 34.171345] CPU 1
[ 34.173426] Modules linked in:
[ 34.176549] Pid: 8, comm: khelper Not tainted 2.6.17.3-grsec #2
[ 34.182490] RIP: 0010:[<ffffffff8025951b>] [<ffffffff8025951b>]
[ 34.188286] RSP: 0018:ffff81011fc85c48 EFLAGS: 00000087
[ 34.193846] RAX: ffffffff8053ba40 RBX: ffff81011f6bdc40 RCX: 0000000000000000
[ 34.201008] RDX: 00000000000001fd RSI: 0000000000000008 RDI: ffffffff8053ba40
[ 34.208163] RBP: ffffffff80486d80 R08: ffff81011f6b5570 R09: ffff81011fc85da8
[ 34.215319] R10: ffff81011f6bdca0 R11: ffff81011f6bdca0 R12: ffff81011f6b5570
[ 34.222472] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 34.229627] FS: 0000000000000000(0000) GS:ffff81011fc35840(0000) knlGS:0000000000000000
[ 34.237748] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 34.243518] CR2: 0000000000000000 CR3: 0000000000201000 CR4: 00000000000006e0
[ 34.250673] Process khelper (pid: 8, threadinfo ffff81011fc84000, task ffff81011fc67530)
[ 34.258793] Stack: ffffffff8025b4e4 ffffffff8021dc38 ffff81011fc66790 0000000000000000
[ 34.266799] ffff81011fc84000 ffff81011fc85da8 ffffffffffffffff 0000000000804111
[ 34.275030] 0000000000000000 0000000000000296
[ 34.280223] Call Trace: [<ffffffff8025b4e4>] [<ffffffff8021dc38>]
[ 34.286533] [<ffffffff8022ee41>] [<ffffffff8027357a>] [<ffffffff8028157b>]
[ 34.294279] [<ffffffff80257bf9>] [<ffffffff8028157b>] [<ffffffff80281803>]
[ 34.302028] [<ffffffff80257c56>] [<ffffffff802815a8>] [<ffffffff8024866d>]
[ 34.309776] [<ffffffff802451b7>] [<ffffffff802452a7>] [<ffffffff802747e8>]
[ 34.317522] [<ffffffff8023045d>] [<ffffffff80257c5e>] [<ffffffff80230392>]
[ 34.325267] [<ffffffff80257c56>]
[ 34.329430]
[ 34.329431] Code: f3 90 81 38 00 00 00 01 75 f6 f0 81 28 00 00 00 01 0f 85 e2
[ 34.342326] console shuts up ...
[ 34.345583]

favoretti wrote:Getting an oops trying to boot 2.6.17.3 with grsec on an x86_64 system.
Any ideas and help would be greately appreciated.

does the vanilla kernel boot/work? also, can you decode the oops (it's probably worth enabling some kernel debug options too)?

Vanilla kernel works/boots just perfectly. I got, however a backthought that I might have forgotten a vital part of kernel when I recompiled it, so I'll give it a more constructive shot tonight. Anything special you want me to test while I'll be at it?

Mine 2.6.17.3 + grsecuirity failed to boot, it produced tons of error traces very early after starting booting (scrolloing too fast to look)

I will retry with .configure identical to 2.6.16.19 that do work and with vanilla.

Also, after applying patch there was an error which I manually fixed, what was that?

kernel/sysctl.c +186

Code: Select all

#ifdef HAVE_ARCH_PICK_MMAP_LAYOUT
int sysctl_legacy_va_layout;
#endif
extern ctl_table grsecurity_table[];

#ifdef CONFIG_PAX_SOFTMODE
static ctl_table pax_table[] = {
  {
    .ctl_name = PAX_SOFTMODE,
    .procname = "softmode",
    .data   = &pax_softmode,
    .maxlen   = sizeof(unsigned int),
    .mode   = 0600,
    .proc_handler = &proc_dointvec,
  },

  { .ctl_name = 0 }
};
#endif

#ifdef CONFIG_PAX_SOFTMODE_wtf_raf256
static ctl_table pax_table[] = {
  {
    .ctl_name = PAX_SOFTMODE,
    .procname = "softmode",
    .data   = &pax_softmode,
    .maxlen   = sizeof(unsigned int),
    .mode   = 0600,
    .proc_handler = &proc_dointvec,
  },

  { .ctl_name = 0 }
};
#endif

/* /proc declarations: */

#ifdef CONFIG_PROC_FS

static ssize_t proc_readsys(struct file *, char __user *, size_t, loff_t *);



The block
#ifdef CONFIG_PAX_SOFTMODE
....
#endif

repeats twice, so I removed these second occurence by renaming it.. what was that, anyway?

Code: Select all

root@lore:/usr/src/kernel# md5sum grsecurity-2.1.9-2.6.17.3-200607022304.patch
d88c6a9decad2bed2f338f49ce6febe9  grsecurity-2.1.9-2.6.17.3-200607022304.patch
root@lore:/usr/src/kernel# md5sum linux-2.6.17.3.tar
082c624894951abd65fdeeced087d962  linux-2.6.17.3.tar
root@lore:/usr/src/kernel# cat linux-2.6.17.3.tar.sha1
651111183c2b10c138baadabddfce657617c543a  linux-2.6.17.3.tar


=== EDITED ===

I tested the newer grsecurity patch to 2.6.17.3 (
http://www.grsecurity.net/~spender/grsecurity-2.1.9-2.6.17.3-200607040032.patch
)
but it also failed with looking-identical problem.

I used configuration almost identical to that which works on 2.6.16.19+grsec (I turned on some devices drivers, but nothing that
should re rellevant for that)

The gastly scrolling text look like backtraces (oopses? ON_BUG's?) and it looks like there are 10..100 of them, the computer continues to boot for few more seconds and finally stops on one double fault excetption...

Can I somehow copy all thoes errors text? Perhaps I could attach other PC via COM or LPT? The ScrollLock key have no effect.

Btw, how about a patch that allows to write raw text of kprints() to some given raw partition (or to swap partition if swap is not used yet)?
Or to a file in /boot?

The .config that I used is here:
http://raf256.org/linux/grsec/misc/config-C-dontboot-2.6.17.3+grsec200607040032.txt[/url]

favoretti wrote:Vanilla kernel works/boots just perfectly. I got, however a backthought that I might have forgotten a vital part of kernel when I recompiled it, so I'll give it a more constructive shot tonight. Anything special you want me to test while I'll be at it?

can you also try the PaX patch alone (to determine if there was a mismerge in grsec)?

Raf256 wrote:The block
#ifdef CONFIG_PAX_SOFTMODE
....
#endif

repeats twice, so I removed these second occurence by renaming it.. what was that, anyway?

probably a mismerge, one instance is just fine .

Can I somehow copy all thoes errors text? Perhaps I could attach other PC via COM or LPT? The ScrollLock key have no effect.

you can get the logs via a serial console or netconsole (Documentation/networking/netconsole.txt).

Btw, how about a patch that allows to write raw text of kprints() to some given raw partition (or to swap partition if swap is not used yet)?
Or to a file in /boot?

i don't think you want to trust a crashing kernel with disk i/o...

The .config that I used is here:
http://raf256.org/linux/grsec/misc/config-C-dontboot-2.6.17.3+grsec200607040032.txt

it has CONFIG_SECURITY_SELINUX=y, i'm not sure if that's a good idea...

PaX Team wrote:

favoretti wrote:Vanilla kernel works/boots just perfectly. I got, however a backthought that I might have forgotten a vital part of kernel when I recompiled it, so I'll give it a more constructive shot tonight. Anything special you want me to test while I'll be at it?

can you also try the PaX patch alone (to determine if there was a mismerge in grsec)?

You mean enable PaX only? Or is there a separate PaX patch available somewhere?

Ok, here's a decode from the Oops.
I'll try PaX only in a sec.


>>RIP; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6> <=====

>>RAX; ffff81011fc668c0 <__crc_free_netdev+ffff81001fdec6d5/fffffffe80385e15>
>>RBX; ffff81011fc66790 <__crc_free_netdev+ffff81001fdec5a5/fffffffe80385e15>
>>RCX; ffff81011fc67650 <__crc_free_netdev+ffff81001fded465/fffffffe80385e15>
>>RDX; ffff81011fc67650 <__crc_free_netdev+ffff81001fded465/fffffffe80385e15>
>>RBP; ffff81011fc66790 <__crc_free_netdev+ffff81001fdec5a5/fffffffe80385e15>
>>R08; ffff81011fc442e8 <__crc_free_netdev+ffff81001fdca0fd/fffffffe80385e15>
>>R09; ffff81011fc442d8 <__crc_free_netdev+ffff81001fdca0ed/fffffffe80385e15>
>>R10; ffff81011fc442d8 <__crc_free_netdev+ffff81001fdca0ed/fffffffe80385e15>
>>R12; ffff81011f6b3180 <__crc_free_netdev+ffff81001f838f95/fffffffe80385e15>
>>R14; ffff81011fc668b0 <__crc_free_netdev+ffff81001fdec6c5/fffffffe80385e15>
>>R15; ffffffff80282422 <__call_usermodehelper+0/47>

Trace; ffffffff8031210b <gr_del_task_from_ip_table+1c/28>
Trace; ffffffff8021609d <release_task+21f/316>
Trace; ffffffff80282422 <__call_usermodehelper+0/47>
Trace; ffffffff80258d9a <child_rip+8/12>
Trace; ffffffff802826aa <____call_usermodehelper+0/bf>

Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6>
0000000000000000 <_RIP>:
Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6> <=====
0: 44 8b 97 80 02 00 00 mov 0x280(%rdi),%r10d <=====
Code; ffffffff80311f4c <gr_del_task_from_ip_table_nolock+9/a6>
7: 44 8b 8f 7c 02 00 00 mov 0x27c(%rdi),%r9d
Code; ffffffff80311f53 <gr_del_task_from_ip_table_nolock+10/a6>
e: 44 8b 87 84 02 00 00 mov 0x284(%rdi),%r8d

CR2: 0000000000000280
NMI Watchdog detected LOCKUP on CPU 0
CPU 0
Pid: 8, comm: khelper Not tainted 2.6.17.3-grsec #3
RIP: 0010:[<ffffffff8025a65b>] <ffffffff8025a65b>{__write_lock_failed+7}
RSP: 0000:ffff81011fc85c48 EFLAGS: 00000087
RAX: ffffffff80563a40 RBX: ffff81011f6b7c40 RCX: 0000000000000000
RDX: 00000000000001fd RSI: 0000000000000008 RDI: ffffffff80563a40
RBP: ffffffff80485d80 R08: ffff81011fc660c0 R09: ffff81011fc85da8
R10: ffff81011f6b7ca0 R11: ffff81011f6b7ca0 R12: ffff81011fc660c0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffffffff80563000(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000280 CR3: 0000000000201000 CR4: 00000000000006e0
Stack: ffffffff8025c624 ffffffff8021d839 ffff81011fc66790 0000000000000000
ffff81011fc84000 ffff81011fc85da8 ffffffffffffffff 0000000000804111
0000000000000000 ffff81011fc85d38
Call Trace: <ffffffff8025c624>{.text.lock.spinlock+123}
<ffffffff8021d839>{copy_process+3594} <ffffffff8022ea42>{do_fork+209}
<ffffffff80274455>{activate_task+75} <ffffffff80282422>{__call_usermodehelper+0}
<ffffffff80258d35>{kernel_thread+129} <ffffffff80282422>{__call_usermodehelper+0}
<ffffffff802826aa>{____call_usermodehelper+0} <ffffffff80258d92>{child_rip+0}
<ffffffff8028244f>{__call_usermodehelper+45} <ffffffff802497bd>{run_workqueue+146}
<ffffffff80246307>{worker_thread+0} <ffffffff802463f7>{worker_thread+240}
<ffffffff802756c3>{default_wake_function+0} <ffffffff8023005e>{kthread+203}
<ffffffff80258d9a>{child_rip+8} <ffffffff8022ff93>{kthread+0}
<ffffffff80258d92>{child_rip+0}
Code: f3 90 81 38 00 00 00 01 75 f6 f0 81 28 00 00 00 01 0f 85 e2


>>RIP; ffffffff8025a65b <__write_lock_failed+7/20> <=====

>>RAX; ffffffff80563a40 <tasklist_lock+0/40>
>>RBX; ffff81011f6b7c40 <__crc_free_netdev+ffff81001f83da55/fffffffe80385e15>
>>RDI; ffffffff80563a40 <tasklist_lock+0/40>
>>RBP; ffffffff80485d80 <init_fs+0/40>
>>R08; ffff81011fc660c0 <__crc_free_netdev+ffff81001fdebed5/fffffffe80385e15>
>>R09; ffff81011fc85da8 <__crc_free_netdev+ffff81001fe0bbbd/fffffffe80385e15>
>>R10; ffff81011f6b7ca0 <__crc_free_netdev+ffff81001f83dab5/fffffffe80385e15>
>>R11; ffff81011f6b7ca0 <__crc_free_netdev+ffff81001f83dab5/fffffffe80385e15>
>>R12; ffff81011fc660c0 <__crc_free_netdev+ffff81001fdebed5/fffffffe80385e15>

Trace; ffffffff8025c624 <.text.lock.spinlock+7b/8a>
Trace; ffffffff8021d839 <copy_process+e0a/1387>
Trace; ffffffff80274455 <activate_task+4b/93>
Trace; ffffffff80258d35 <kernel_thread+81/de>
Trace; ffffffff802826aa <____call_usermodehelper+0/bf>
Trace; ffffffff8028244f <__call_usermodehelper+2d/47>
Trace; ffffffff80246307 <worker_thread+0/122>
Trace; ffffffff802756c3 <default_wake_function+0/e>
Trace; ffffffff80258d9a <child_rip+8/12>
Trace; ffffffff80258d92 <child_rip+0/12>

Code; ffffffff8025a65b <__write_lock_failed+7/20>
0000000000000000 <_RIP>:
Code; ffffffff8025a65b <__write_lock_failed+7/20> <=====
0: f3 90 pause <=====
Code; ffffffff8025a65d <__write_lock_failed+9/20>
2: 81 38 00 00 00 01 cmpl $0x1000000,(%rax)
Code; ffffffff8025a663 <__write_lock_failed+f/20>
8: 75 f6 jne 0 <_RIP>
Code; ffffffff8025a665 <__write_lock_failed+11/20>
a: f0 81 28 00 00 00 01 lock subl $0x1000000,(%rax)
Code; ffffffff8025a66c <__write_lock_failed+18/20>
11: 0f 85 e2 00 00 00 jne f9 <_RIP+0xf9>

PaX-only kernel flies OK.

(17:51:34)[6] root@anarxi ~]$ cat /proc/cmdline
root=/dev/md0 ro console=tty0 console=ttyS0,115200n8 idle=poll
(17:51:55)[7] root@anarxi ~]$ uname -a
Linux anarxi.st 2.6.17.3-grsec #5 SMP Tue Jul 4 17:43:25 CEST 2006 x86_64 GNU/Linux

favoretti wrote:Trace; ffffffff8031210b <gr_del_task_from_ip_table+1c/28>
Trace; ffffffff8021609d <release_task+21f/316>
Trace; ffffffff80282422 <__call_usermodehelper+0/47>
Trace; ffffffff80258d9a <child_rip+8/12>
Trace; ffffffff802826aa <____call_usermodehelper+0/bf>

Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6>
0000000000000000 <_RIP>:
Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6> <=====
0: 44 8b 97 80 02 00 00 mov 0x280(%rdi),%r10d <=====
Code; ffffffff80311f4c <gr_del_task_from_ip_table_nolock+9/a6>
7: 44 8b 8f 7c 02 00 00 mov 0x27c(%rdi),%r9d
Code; ffffffff80311f53 <gr_del_task_from_ip_table_nolock+10/a6>
e: 44 8b 87 84 02 00 00 mov 0x284(%rdi),%r8d

ok, this is from grsec and it seems that task->signal can be NULL (probably for all kernel threads), spender's gonna have to fix it .

The problems that I got where (probably all) in khelper

-edited-

Screenshots of oops, from qemu:
http://www.raf256.org/linux/grsec/bug/2.6.17.3+grsec200607040032+oops/

I turned off the SeLinux.

Btw, how to capture console output to a file using qemu, is that possible?

I compiled the console on printer thingy into kernel, as build-in (not module), and then I used:

Code: Select all

qemu -kernel /boot/vmlinuz-2.6.17.3-grsec-d+gr-k8r-mem31+3rd -hda /dev/hda -snapshot -parallel file:lpt -append "console=lp0"

and

qemu -kernel /boot/vmlinuz-2.6.17.3-grsec-d+gr-k8r-mem31+3rd -hda /dev/hda -snapshot -serial file:com -append "console=ttyS1,9600"


but it didnt worked (first hanged, second created empty file)

PaX Team wrote:

favoretti wrote:Trace; ffffffff8031210b <gr_del_task_from_ip_table+1c/28>
Trace; ffffffff8021609d <release_task+21f/316>
Trace; ffffffff80282422 <__call_usermodehelper+0/47>
Trace; ffffffff80258d9a <child_rip+8/12>
Trace; ffffffff802826aa <____call_usermodehelper+0/bf>

Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6>
0000000000000000 <_RIP>:
Code; ffffffff80311f45 <gr_del_task_from_ip_table_nolock+2/a6> <=====
0: 44 8b 97 80 02 00 00 mov 0x280(%rdi),%r10d <=====
Code; ffffffff80311f4c <gr_del_task_from_ip_table_nolock+9/a6>
7: 44 8b 8f 7c 02 00 00 mov 0x27c(%rdi),%r9d
Code; ffffffff80311f53 <gr_del_task_from_ip_table_nolock+10/a6>
e: 44 8b 87 84 02 00 00 mov 0x284(%rdi),%r8d

ok, this is from grsec and it seems that task->signal can be NULL (probably for all kernel threads), spender's gonna have to fix it .

I see new patch up - safe to assume this is fixed? I see lots of pax stuff there too, not sure if this one was addressed

Raf256 wrote:

Screenshots of oops, from qemu:
http://www.raf256.org/linux/grsec/bug/2.6.17.3+grsec200607040032+oops/

Mate, you gotta decode this install ksymoops, read the man on it. Without it, the oops is rather useless.

As per Documentation/oops-tracing.txt, ksymoops is obsolete.

NOTE: ksymoops is useless on 2.6. Please use the Oops in its original format
(from dmesg, etc). Ignore any references in this or other docs to "decoding
the Oops" or "running it through ksymoops". If you post an Oops fron 2.6 that
has been run through ksymoops, people will just tell you to repost it.


That said, an oops on a custom-built kernel isn't much use without the symbol backtrace. :)

Nevertheless, it works