grsecurity forums


https://forums.grsecurity.net./

2.6.21.2 SATA

https://forums.grsecurity.net./viewtopic.php?f=3&t=1743

Page 1 of 1

2.6.21.2 SATA

PostPosted: Fri May 25, 2007 8:27 am
by Tommy
I have problem with 2.6.21.2-grsec

I got Uli/Ali chipset support and SCSI compiled in but after booting I see:

VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.

If I but same kernel from PATA disk it work fine and after loging in i can mount /dev/sda1 without problem.

My disk works on XFS.

What is wrong ?

ps.
Without grsecurity system boots ok.

PostPosted: Sat May 26, 2007 10:29 am
by harrygittens
i think this is same problem as here

http://forums.grsecurity.net/viewtopic. ... c7bee5d188

are you using a config that was for an earlier kernel, i think something to do with sata/scsi config changed in 2.6.21

PostPosted: Sat May 26, 2007 8:26 pm
by Tommy
harrygittens wrote:i think this is same problem as here

http://forums.grsecurity.net/viewtopic. ... c7bee5d188

are you using a config that was for an earlier kernel, i think something to do with sata/scsi config changed in 2.6.21

No I`m using the NEW drivers:
Serial ATA (prod) and Parallel ATA (experimental) drivers --->

on clean 2.6.21.2 all works fine and on grsec I cant mount /dev/sda1 at boot.
Same kernle on PATA can mount /dev/sda1 manualy, but not at boot.

I`m using Uli Electronics SATA

Re: 2.6.21.2 SATA

PostPosted: Sun May 27, 2007 6:24 am
by PaX Team
Tommy wrote:If I but same kernel from PATA disk it work fine and after loging in i can mount /dev/sda1 without problem.

My disk works on XFS.

What is wrong ?

ps.
Without grsecurity system boots ok.
can you capture and post the kernel boot messages for both cases (or just a diff)?

PostPosted: Sun May 27, 2007 6:39 pm
by Tommy
Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.

I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.

Same config but without grsec works fine. (it boots)

My lilo.conf in both cases is same:
Code: Select all
boot = /dev/sda
prompt
timeout = 120
change-rules
reset
vga=794

append="rootflags=quota" #XFS quota activation

image = /boot/vmlinuz
  root = /dev/sda1
  label = Linux
  read-only

sda1 is the first partition of my SATA disk flaged as bootable, is 40GB big and It works on XFS file system.

Part of my kernel config:
Code: Select all
# CONFIG_BLK_DEV_IDE_SATA is not set
# CONFIG_SATA_AHCI is not set
# CONFIG_SATA_SVW is not set
# CONFIG_SATA_MV is not set
# CONFIG_SATA_NV is not set
# CONFIG_SATA_QSTOR is not set
# CONFIG_SATA_PROMISE is not set
# CONFIG_SATA_SX4 is not set
# CONFIG_SATA_SIL is not set
# CONFIG_SATA_SIL24 is not set
# CONFIG_SATA_SIS is not set
CONFIG_SATA_ULI=y
# CONFIG_SATA_VIA is not set
# CONFIG_SATA_VITESSE is not set
# CONFIG_SATA_INIC162X is not set
# CONFIG_SATA_INTEL_COMBINED is not set
CONFIG_SATA_ACPI=y
CONFIG_XFS_FS=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
CONFIG_VXFS_FS=m
CONFIG_BLK_DEV_IDESCSI=y
CONFIG_SCSI=y
CONFIG_SCSI_TGT=y
CONFIG_SCSI_NETLINK=y
CONFIG_SCSI_PROC_FS=y

Security section of my config:
Code: Select all
#
# Security options
#

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
CONFIG_GRKERNSEC_BRUTE=y
# CONFIG_GRKERNSEC_MODSTOP is not set
CONFIG_GRKERNSEC_HIDESYM=y

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
# CONFIG_GRKERNSEC_PROC_ADD is not set
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
# CONFIG_GRKERNSEC_CHROOT is not set

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
# CONFIG_GRKERNSEC_SIGNAL is not set
# CONFIG_GRKERNSEC_FORKFAIL is not set
# CONFIG_GRKERNSEC_TIME is not set
CONFIG_GRKERNSEC_PROC_IPADDR=y

#
# Executable Protections
#
# CONFIG_GRKERNSEC_EXECVE is not set
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
# CONFIG_PAX_NOEXEC is not set

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_UDEREF=y
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_CAPABILITIES=y
CONFIG_SECURITY_ROOTPLUG=m

PostPosted: Thu May 31, 2007 6:52 am
by PaX Team
Tommy wrote:Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.

I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
it's the major/minor number pair for the /dev/sda1 device.
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.

Same config but without grsec works fine. (it boots)
ok, my bet is then on UDEREF, can you disable it and see if it works then? if so, we'll still have to find out where the kernel accesses memory without using set_fs.

PostPosted: Thu May 31, 2007 9:07 am
by Tommy
PaX Team wrote:
Tommy wrote:Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.

I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
it's the major/minor number pair for the /dev/sda1 device.
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.

Same config but without grsec works fine. (it boots)
ok, my bet is then on UDEREF, can you disable it and see if it works then? if so, we'll still have to find out where the kernel accesses memory without using set_fs.

I updated kernel to 2.6.21.3 with grsecurity-2.1.10-2.6.21.3-200705292345.patch without changing .config and all works fine.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/