Page 1 of 1

2.6.21-hardened gentoo kernel causes suspicious faults

PostPosted: Sat May 05, 2007 4:03 pm
by Dwokfur
General protection fault is back! :wink:
Suspicious error messages started to show up yesterday, while I gave a try to the latest hardened gentoo kernel: 2.6.21-hardened. The machine is an IBM ThinkPad R50e. I'm using the hardened profile with pie-ssp enabled. The first instance of the error showed up just right after the grsec system became enabled. The second one appeared a few seconds later. I decided to reboot with the last stable kernel to avoid any possible data corruption. The rest of the error messages were generated during the shutdown process. Please see attached kern.log, pax.log log, kernel config and dmesg. I hope that the information will help to trace back and squash the problem.
This hardened gentoo kernel uses grsec-2.1.10-2.6.21-200705012327 patch. I've found no previous references for such errors.

Here is how it looks like:
Code: Select all
May  4 19:19:40 hostname PAX: suspicious general protection fault: 0000 [#1]
May  4 19:19:40 hostname Modules linked in: hdaps eeprom sn9c102 i915 drm tulip capability commoncap yenta_socket rsrc_nonstatic i2c_i801 ipw2200
May  4 19:19:40 hostname CPU:    0
May  4 19:19:40 hostname EIP:    0060:[<001815b0>]    Not tainted VLI
May  4 19:19:40 hostname EFLAGS: 00010203   (2.6.21-hardened #2)
May  4 19:19:40 hostname EIP is at gr_handle_sysctl+0x70/0x3a0
May  4 19:19:40 hostname eax: 00000002   ebx: 00000000   ecx: 00000006   edx: ffffffff
May  4 19:19:40 hostname esi: 00000000   edi: c087da02   ebp: 0000000f   esp: e809fe60
May  4 19:19:40 hostname ds: 0068   es: 0068   fs: 00d8  gs: 0033  ss: 0068
May  4 19:19:40 hostname Process touch (pid: 7087, ti=e809e000 task=ee06ca90 task.ti=e809e000)
May  4 19:19:40 hostname Stack: 4b09d750 c169cec0 e5f2a274 00000000 eef2b3e4 00051e85 c10066a0 00000000
May  4 19:19:40 hostname 00000000 00000000 ab12f3b0 00000001 eef2b3e4 00000002 ef23ab58 ef17f000
May  4 19:19:40 hostname c10063d8 0005233d e5f2a274 c169e100 e26c04bc 0002f388 ee2293c0 e5f2a4bc
May  4 19:19:40 hostname Call Trace:
May  4 19:19:40 hostname =======================
May  4 19:19:40 hostname Code: 83 c8 04 89 5c 24 2c 85 c9 8b 5c 24 40 0f 44 44 24 2c 81 fb c0 4a 00 c1 89 44 24 2c 74 37 31 f6 ba ff ff ff ff 8d b6 00 00 00 00 <8b> 7b 04 89 d1 89 f0 f2 ae f7 d1 49 8d 44 0d 01 0f b7 e8 8b 44
May  4 19:19:40 hostname EIP: [<001815b0>] gr_handle_sysctl+0x70/0x3a0 SS:ESP 0068:e809fe60


There were a bunch of these while rebooting the machine.
Please find more detailed information (attached config, dmesg, logs) at:
https://bugs.gentoo.org/show_bug.cgi?id=177234

I would report more details upon request.

Regards,
Dw.

Re: 2.6.21-hardened gentoo kernel causes suspicious faults

PostPosted: Sat May 05, 2007 4:24 pm
by PaX Team
Dwokfur wrote:I've found no previous references for such errors.
then you didn't look hard enough, just below your own report: http://forums.grsecurity.net/viewtopic.php?t=1722 ;-). note that the current grsec patch has got the PaX config bits wrong again so fix it by hand or wait till spender does it (hopefully for good this time ;-).

Re: 2.6.21-hardened gentoo kernel causes suspicious faults

PostPosted: Sun May 06, 2007 7:32 pm
by Dwokfur
PaX Team wrote:
Dwokfur wrote:I've found no previous references for such errors.
then you didn't look hard enough, just below your own report: http://forums.grsecurity.net/viewtopic.php?t=1722 ;-). note that the current grsec patch has got the PaX config bits wrong again so fix it by hand or wait till spender does it (hopefully for good this time ;-).


Ooops, sorry... It looks like I forgot to put on my glasses...