grsecurity forums

Yesterday I upgraded my gentoo hardened kernel.
Before the upgrade it was running hardened-sources-2.6.32 from hardened-development, after the upgrade it's hardened-sources-2.6.32-r3.
The new kernel spits out such messages every time I run something that reads /proc (these messages are from 'ls /proc'):

Feb 12 19:02:14 odon kernel: [ 451.498883] BUG: sleeping function called from invalid context at include/linux/kernel.h:158
Feb 12 19:02:14 odon kernel: [ 451.498887] in_atomic(): 1, irqs_disabled(): 0, pid: 5422, name: ls
Feb 12 19:02:14 odon kernel: [ 451.498891] Pid: 5422, comm: ls Not tainted 2.6.32-hardened-r3 #2
Feb 12 19:02:14 odon kernel: [ 451.498893] Call Trace:
Feb 12 19:02:14 odon kernel: [ 451.498901] [<c14af383>] ? printk+0x18/0x1a
Feb 12 19:02:14 odon kernel: [ 451.498907] [<c1028da0>] __might_sleep+0x100/0x110
Feb 12 19:02:14 odon kernel: [ 451.498912] [<c1596ac8>] ? wireless_seq_ops+0x8af00/0xf0438
Feb 12 19:02:14 odon kernel: [ 451.498917] [<c10bc425>] filldir64+0x205/0x230
Feb 12 19:02:14 odon kernel: [ 451.498922] [<c10f59c3>] proc_fill_cache+0xb3/0x120
Feb 12 19:02:14 odon kernel: [ 451.498926] [<c10bc220>] ? filldir64+0x0/0x230
Feb 12 19:02:14 odon kernel: [ 451.498930] [<c10f92af>] proc_pid_readdir+0x16f/0x220
Feb 12 19:02:14 odon kernel: [ 451.498933] [<c10f8bd0>] ? proc_pid_instantiate+0x0/0xb0
Feb 12 19:02:14 odon kernel: [ 451.498937] [<c10bc220>] ? filldir64+0x0/0x230
Feb 12 19:02:14 odon kernel: [ 451.498940] [<c10bc200>] ? generic_block_fiemap+0x50/0x70
Feb 12 19:02:14 odon kernel: [ 451.498944] [<c10bc220>] ? filldir64+0x0/0x230
Feb 12 19:02:14 odon kernel: [ 451.498947] [<c10f5512>] proc_root_readdir+0x42/0x60
Feb 12 19:02:14 odon kernel: [ 451.498951] [<c14d2a20>] ? proc_root_operations+0x0/0x80
Feb 12 19:02:14 odon kernel: [ 451.498955] [<c10bc903>] vfs_readdir+0x93/0xb0
Feb 12 19:02:14 odon kernel: [ 451.498958] [<c10bc220>] ? filldir64+0x0/0x230
Feb 12 19:02:14 odon kernel: [ 451.498962] [<c10bc9ba>] sys_getdents64+0x9a/0x150
Feb 12 19:02:14 odon kernel: [ 451.498966] [<c100356b>] sysenter_do_call+0x12/0x26

The processes do not die but I still don't like these messages.

Then I tested different versions to see which component brought in these errors.
Here are the results:

hardened-sources-2.6.32 (2.6.32 + grsecurity-2.1.14-2.6.32-200912121327): no bug
2.6.32.7 vanilla: no bug
hardened-sources-2.6.32-r3 (2.6.32.7 + grsecurity-2.1.14-2.6.32.7-201001291848): bug exists
2.6.32.8 + grsecurity-2.1.14-2.6.32.8-201002101507 patch: bug exists

I also tried removing this patch:
http://grsecurity.net/~spender/chroot_proc.diff
as it recently touched the affected part of the kernel, however, this did not help either.

Is this message only produced when the process reading /proc is run within a chroot?

-Brad

no, it happens always, even during my initramfs script these messages appear.

Could you enable the option to compile the kernel with frame pointer support and generate another BUG report? Are there any messages appearing before or after the BUG? Can you also email me your kernel configuration?

Thanks,
-Brad

Thanks for reporting this, it'll be fixed in the next version of the patch.

-Brad