grsecurity forums

Hi,

Sever shows a kernel panic on the server ( 64bit) with following specs :
1)
root@serverNAME [~]# uname -a
Linux serverNAME.someDOMAIN.net 2.6.18-164.6.1.el5 #1 SMP Tue Oct 27 11:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

2)
root@serverNAME [~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)

3)
root@serverNAME [~]# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --enable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic --host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)
root@serverNAME [~]#

4) binutils version is 2.20







Please check this url: http://img9.imageshack.us/img9/6272/kpanic.jpg , for screen shot of the kernel panic and advise.







Thank you

fed.linuxgossip wrote:Please check this url: http://img9.imageshack.us/img9/6272/kpanic.jpg , for screen shot of the kernel panic and advise.

can you post the info described in the wiki please?

Hi PaX Team,

I have sent you a private message with the url to download the details as described in your wiki. Please check your forum inbox.


Thank you

fed.linuxgossip wrote:I have sent you a private message with the url to download the details as described in your wiki. Please check your forum inbox.

thanks, got it (next time don't forget vmlinux . do you get the same panic message each time you try to boot this kernel? also, is there any reason why you didn't enable any of the NOEXEC options? in any case, a quick run under qemu didn't reveal much, so it'd be nice if you could find out which config option causes this (does the latest 32.9 patch behave the same way?). also try to boot with vga=ext (or a framebuffer console) to get more information about the crash (it's possible that what you got on the screenshot wasn't the first problem).

Hi,


1) next time don't forget vmlinux

==> Please try the url again which i sent you in PM, i have added vmlinux in the archive now.




2) is there any reason why you didn't enable any of the NOEXEC options?
==>
I am running a cpanel server and do not want to be too agressive to break anything.

I am basically using it to deny writing to

Deny writing to /dev/kmem, /dev/mem, and /dev/port

and a few others.

The current settings that i have works quite properly on a cpanel server.





3) it'd be nice if you could find out which config option causes this (does the latest 32.9 patch behave the same way?)

===>
i have not tried with 32.9 , however some time back, i tried with 2.6.31.6 and then with 2.6.32.2, ending up with the same result.




4)
also try to boot with vga=ext (or a framebuffer console) to get more information about the crash (it's possible that what you got on the screenshot wasn't the first problem).

==> I am using IMPI kvm to view the reboot process remotely. I will ask the DC to monitor the next reboot ( after a few hours ) on Kernel 2.6.33, and let us know, when does any error start to appear inlcuding screenshots.

fed.linuxgossip wrote:i have not tried with 32.9 , however some time back, i tried with 2.6.31.6 and then with 2.6.32.2, ending up with the same result.

oh, so it's an older problem then (presumably with a similar config)? can you tell me which was the last working version you tried there?

I have not been able to make a grsecurity patched kernel run on this server. I can give you access to the server, if you feel you can find something on the server. ( note i use oldconfig to copy the config of current kernel)


When i get a chance to reboot this server on or before this weeked through the DC, then I will have them post, all the error details and where the error starts from during boot up.

Kernel panic asside; do you have this in your configuration?

CONFIG_SYSFS_DEPRECATED_V2=y

This is generally needed to be able to boot old systems (such as rhel/centos 5).

fed.linuxgossip wrote:I have not been able to make a grsecurity patched kernel run on this server. I can give you access to the server, if you feel you can find something on the server. ( note i use oldconfig to copy the config of current kernel)

it'd be helpful but only if i could observe the boot process myself somehow (i.e., some sort of remote logging/console would be necessary). maybe netconsole would work, you could give it a try and if it works, let me know how i can access this machine (my pgp key is on the keyservers).