grsecurity forums

Hi everybody!
I have problem with Grsecurity patch (grsecurity-2.1.11-2.6.24.2-200802151749.patch) for my 2.6.24.2 kernel. (I'm using x86 Debian Lenny) - Pax just kills modprobe during boot process, then it hangs, so i must press ctrl-C to continue).

PAX: modprobe:1617, uid/euid: 0/0, attempted to modify kernel code at virtual a
ddress c0a82e68
printing eip: 0001b427 *pde = 008001e1
Oops: 0003 [#1] PREEMPT SMP
Modules linked in: ehci_hcd soundcore snd_page_alloc usbcore evdev

Pid: 1617, comm: modprobe Not tainted (2.6.24.2-grsec #5)
EIP: 0060:[<0001b427>] EFLAGS: 00010082 CPU: 0
EAX: c0a82e68 EBX: e00d7173 ECX: fff9a000 EDX: 00a82000
ESI: 00000173 EDI: 00000002 EBP: e0000000 ESP: f7187cc8
DS: 0068 ES: 0068 FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 1617, ti=f7186000 task=f7dc5340 task.ti=f7186000)
Stack: 000000d7 00000000 001ad1cd f7187d1c 00000006 00000000 00000082 c141bfcc
000000d7 00000006 f7cefec0 001aee12 00000006 00000002 f7187d1c c141c1f0
00000282 00132653 00000002 f7187d1c 000000d7 00000000 f7cf0400 00000001
Call Trace:
[<001ad1cd>] <0> [<001aee12>] <0> [<00132653>] <0> [<001344e8>] <0> [<0007cdee
>] <0> [<001348e5>] <0> [<00134dba>] <0> [<0007cc7c>] <0> [<000a20aa>] <0> [<00
0a1dbc>] <0> [<00134f38>] <0> [<00134f7c>] <0> [<c0aa8018>] <0> [<0029419b>] <0
> [<001c73e7>] <0> [<00212477>] <0> [<0021259a>] <0> [<c0aa8018>] <0> [<0013712
f>] <0> [<0017e61e>] <0> [<0021259a>] <0> [<0020ffc1>] <0> [<0017e77c>] <0> [<0
017dc10>] <0> [<0017e492>] <0> [<0017e733>] <0> [<0017def9>] <0> [<c0aa800c>] <
0> [<00137279>] <0> [<000432cc>] <0> [<0012bf03>] <0> [<002876d0>] <0> [<c0a98f
3c>] <0> [<000051fa>] <0> [<000093ca>] <0> =======================
Code: 85 d2 75 04 0f 0b eb fe 89 c8 81 e2 00 f0 ff ff c1 e8 0a 25 fc 0f 00 00 8
5 f6 8d 84 02 00 00 00 c0 74 0c 81 e3 00 f0 ff ff 09 f3 <89> 18 eb 06 c7 00 00
00 00 00 0f 01 39 ff 05 78 01 44 c1 5b 5e
EIP: [<0001b427>] SS:ESP 0068:f7187cc8
---[ end trace 8912f723755ecff0 ]---
note: modprobe[1617] exited with preempt_count 2

Here is my .config file: http://mrkva.php5.cz/kernel.config

Mrkva wrote:Hi everybody!
I have problem with Grsecurity patch (grsecurity-2.1.11-2.6.24.2-200802151749.patch) for my 2.6.24.2 kernel. (I'm using x86 Debian Lenny) - Pax just kills modprobe during boot process, then it hangs, so i must press ctrl-C to continue).

can you send me the corresponding System.map and next time enable KALLSYMS (disable grsec's symbol hiding first)?

I've recompiled kernel with disabled symbol hiding and there's output:

PAX: modprobe:1615, uid/euid: 0/0, attempted to modify kernel code at virtual a
ddress c0ab0e68
printing eip: 0001b427 *pde = 008001e1
Oops: 0003 [#1] PREEMPT SMP
Modules linked in: uhci_hcd usbcore evdev

Pid: 1615, comm: modprobe Not tainted (2.6.24.2-grsec #6)
EIP: 0060:[<0001b427>] EFLAGS: 00010082 CPU: 0
EIP is at __set_fixmap+0x53/0x69
EAX: c0ab0e68 EBX: e00d0173 ECX: fff9a000 EDX: 00ab0000
ESI: 00000173 EDI: 00000002 EBP: e0000000 ESP: f7163ce4
DS: 0068 ES: 0068 FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 1615, ti=f7162000 task=f7402860 task.ti=f7162000)
Stack: 000000d0 00000000 001ae625 f7163d38 00000006 00000000 00000086 c141bfcc
000000d0 00000006 f7c9ac80 001b026a 00000006 00000002 f7163d38 c141c1f0
00000282 00133aab 00000002 f7163d38 000000d0 00000000 f7c8e000 00000001
Call Trace:
[<001ae625>] pci_mmcfg_read+0x9d/0x102
[<001b026a>] pci_read+0x2d/0x33
[<00133aab>] pci_bus_read_config_word+0x49/0x6c
[<00135940>] __pci_bus_find_cap_start+0x17/0x35
[<0007e19e>] find_inode+0x1b/0x56
[<00135d3d>] pci_find_capability+0x18/0x31
[<00136212>] pci_set_power_state+0x55/0x1c6
[<0007e02c>] iput+0x39/0x62
[<000a34ea>] sysfs_addrm_finish+0x50/0x1cc
[<000a31fc>] sysfs_find_dirent+0x13/0x23
[<00136390>] do_pci_enable_device+0xd/0x34
[<001363d4>] pci_enable_device_bars+0x1d/0x2e
[<c0ada0d4>] uhci_driver+0x0/0x564 [uhci_hcd]
[<002c31b7>] usb_hcd_pci_probe+0x36/0x283 [usbcore]
[<001c88e3>] netlink_broadcast+0x24b/0x28b
[<00213977>] _spin_lock+0xd/0x5a
[<00213a9a>] _spin_unlock+0xd/0x21
[<c0ada0d4>] uhci_driver+0x0/0x564 [uhci_hcd]
[<00138587>] pci_device_probe+0x36/0x55
[<0017fa66>] driver_probe_device+0xc5/0x148
[<00213a9a>] _spin_unlock+0xd/0x21
[<002114b9>] klist_next+0x58/0x6d
[<0017fbc4>] __driver_attach+0x49/0x7f
[<0017f058>] bus_for_each_dev+0x35/0x57
[<0017f8da>] driver_attach+0x16/0x18
[<0017fb7b>] __driver_attach+0x0/0x7f
[<0017f341>] bus_add_driver+0x6d/0x17d
[<c0ada0c8>] hcd_name+0x0/0xc [uhci_hcd]
[<001386d1>] __pci_register_driver+0x55/0x81
[<002de075>] uhci_hcd_init+0x75/0xc07fbfc8 [uhci_hcd]
[<00043a28>] sys_init_module+0x1940/0x1a15
[<000615c1>] mmap_region+0x3fc/0x4c6
[<00007000>] do_simd_coprocessor_error+0x179/0x19a
[<0006a5e0>] kmem_cache_destroy+0x0/0xb7
[<c0adb50c>] ____versions+0xec0/0x218a [uhci_hcd]
[<0000520a>] syscall_call+0x7/0xb
[<00006eba>] do_simd_coprocessor_error+0x33/0x19a
=======================
Code: 85 d2 75 04 0f 0b eb fe 89 c8 81 e2 00 f0 ff ff c1 e8 0a 25 fc 0f 00 00 8
5 f6 8d 84 02 00 00 00 c0 74 0c 81 e3 00 f0 ff ff 09 f3 <89> 18 eb 06 c7 00 00
00 00 00 0f 01 39 ff 05 78 01 44 c1 5b 5e
EIP: [<0001b427>] __set_fixmap+0x53/0x69 SS:ESP 0068:f7163ce4
---[ end trace 3a41c9bd9d98c2ad ]---

And my System.map file: http://mrkva.php5.cz/System.map

Mrkva wrote:I've recompiled kernel with disabled symbol hiding and there's output:
EIP: [<0001b427>] __set_fixmap+0x53/0x69 SS:ESP 0068:f7163ce4
---[ end trace 3a41c9bd9d98c2ad ]---
And my System.map file: http://mrkva.php5.cz/System.map

thanks, test30 should fix this, interdiff from test29 will apply to grsec as well if you want to test that instead.