grsecurity forums

$ uname -a
Linux debian 2.6.30.4 #1 Wed Aug 5 15:27:32 EEST 2009 i686 GNU/Linux

i wanted to test the kernel with paxtest-0.9.7-pre4
but it stuck on getstack2 and cpu work on 100%

$ ./paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Writing output to paxtest.log
It may take a while for the tests to complete

like this:

2568 0.7 3.7 4496 2496 pts/1 S+ 16:41 0:00 /bin/sh ./paxtest blackhat
2792 0.7 1.4 1920 948 pts/1 S+ 16:41 0:00 ./randstack2
2793 78.2 0.0 272 28 pts/1 R+ 16:41 0:03 ./getstack2

# strace -vf -p 2793
Process 2793 attached - interrupt to quit
no output

Any ideas ?
im with latest grsecurity patch

Did you run the test within VMWare on an older processor without NX support (or with NX support disabled in the BIOS) with only PAGEEXEC enabled?

-Brad

its P4 and without grsecurity patch paxtest work as normal

Was the test run within VMWare?
Can you paste your /proc/cpuinfo and your PaX config?

-Brad

its not vmware

# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 6
model name : Intel(R) Pentium(R) 4 CPU 3.00GHz
stepping : 5
cpu MHz : 2999.995
cache size : 2048 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 6
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pebs bts pni monitor ds_cpl est tm2 cid cx16 xtpr lahf_lm
bogomips : 5999.99
clflush size : 64
power management:

# grep PAX config-2.6.30.4
CONFIG_PAX=y
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y

I have exactly the same issue with debian 5, kernel 2.6.32.25 and the grsecurity patch at the same level and the paxtest 0.9.7.pre5. My debian box runs like a full virtualiazed vm under xen.
If you need additionnal info please let me know

romain wrote:I have exactly the same issue with debian 5, kernel 2.6.32.25 and the grsecurity patch at the same level and the paxtest 0.9.7.pre5. My debian box runs like a full virtualiazed vm under xen.
If you need additionnal info please let me know

does your CPU support the NX bit? is it available in domU as well? did you enable PAE support in the domU config? as a quick test, what happens if you disable PAGEEXEC in your config?