grsecurity forums

I had a bit of trouble configuring a 2.6.34.x-kernel but finally I was able to build a booting kernel.
However when I booted the kernel and tried to start firefox (debian-name iceweasel) the kernel printed a big oops on the screen. I've seen no possibility to close firefox after.
Booting chromium-browser instead also leads to an oops, but I think that will be a regression-test after fixing the firefox-bug.

Currently I use a 2.6.33.6-version of the kernel with grsec which does not give such problems.

Just for the record:

Code: Select all

$ ld --version
GNU ld (GNU Binutils for Debian) 2.20.1-system.20100303
Copyright 2009 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.


And the error-message, bzImage, vmlinux, config, System.map, ... :
http://www.aoi-karin.net/grsec

Please ask if you need more.

specs wrote:However when I booted the kernel and tried to start firefox (debian-name iceweasel) the kernel printed a big oops on the screen.

it's not an oops actually but one of my BUGs triggering . for now you can remove the vma->anon_vma != vma_m->anon_vma check in mm/mmap.c:pax_find_mirror_vma() as it's no longer a valid check.

I guess you mean removing the complete rule:

Code: Select all

1830:   BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);


specs wrote:I guess you mean removing the complete rule:

Code: Select all

1830:   BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);


no, i actually meant only the second part of the expression, but upon further consideration it should actually still be a correct check in .34, so there's something amiss here, i'm investigating.

I get the same error, apparently when I load a page calling the Flash plugin. (It goes away if I disable Flash).

linkfanel wrote:I get the same error, apparently when I load a page calling the Flash plugin. (It goes away if I disable Flash).

which grsec version was this?

PaX Team wrote:which grsec version was this?

The latest one, grsecurity-2.2.0-2.6.34.1-201007162107.patch

With the last patch I saw the problem on a i386 SMP system and a i386 single core system, both Atom and the latest patch (201007162107).
With the mmap.c quickfix mentioned it does not oops, but the system feels very slow. In short, I'm back to 2.6.32.x.

The easiest way to trigger the problem is indeed be starting a movie on youtube (flash).

linkfanel wrote:The latest one, grsecurity-2.2.0-2.6.34.1-201007162107.patch

can you post the kernel logs and the rest of the stuff we usually need please?

Like before, the error-message, bzImage, vmlinux, config, System.map, ... :
http://www.aoi-karin.net/grsec

Please ask if you need more.

PS on this netbook there are also some problems with cpufreq which I need to resolve (probably not related to pax). Therefore 2.6.34 will not be the first choice on this system.

can you guys try the 34.2 pax test patch please?

PaX Team wrote:can you guys try the 34.2 pax test patch please?

It doesn't help, the same thing happens.

Like said above, same problem.

Code: Select all

Aug  7 22:05:52 kernel: Modules linked in: i915 drm_kms_helper drm fb i2c_algo_bit cfbcopyarea cfbimgblt cfbfillrect parport_pc lp parport cpufreq_stats aes_i586 aes_generic nfs lockd nfs_acl auth_rpcgss sunrpc af_packet ipv6 8021q garp stp llc loop snd_hda_codec_realtek arc4 ecb usbhid snd_hda_intel snd_hda_codec snd_pcm_oss snd_mixer_oss option usbserial snd_pcm snd_seq_oss snd_seq_midi_event ath9k ath9k_common mac80211 snd_seq video ath9k_hw backlight ath snd_timer output battery ac snd_seq_device cfg80211 atl1e ehci_hcd uhci_hcd rfkill crc32 led_class snd thermal button processor usbcore i2c_i801 soundcore nls_base snd_page_alloc i2c_core evdev unix
Aug  7 22:05:52 kernel:
Aug  7 22:05:52 kernel: Pid: 4083, comm: firefox-bin Tainted: G      D    2.6.34.2-pax-test13 #1 1002HA/1002HA
Aug  7 22:05:52 kernel: EIP: 0060:[<0005d7bd>] EFLAGS: 00010206 CPU: 0
Aug  7 22:05:52 kernel: EIP is at 0x5d7bd
Aug  7 22:05:52 kernel: EAX: f2224a78 EBX: 00800000 ECX: f226e494 EDX: f6583544
Aug  7 22:05:52 kernel: ESI: 50489000 EDI: 00100077 EBP: f226e494 ESP: f6625ee0
Aug  7 22:05:52 kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0033 SS: 0068
Aug  7 22:05:52 kernel: 00000007 50c88bd8 f226e494 0005b1ae 000002c4 50c88bd8 f6573040 f6573074
Aug  7 22:05:52 kernel: <0> 00000b10 f22bf528 f22e42dc f6573080 00000000 00000000 00000000 00000000
Aug  7 22:05:52 kernel: <0> 00000007 50c88bd8 f226e494 f6625fb4 00013f39 00000001 00000000 00000000
Aug  7 22:05:52 kernel: [<0005b1ae>] ? 0x5b1ae
Aug  7 22:05:52 kernel: [<00013f39>] ? 0x13f39
Aug  7 22:05:52 kernel: [<00013c3e>] ? 0x13c3e
Aug  7 22:05:52 kernel: [<001e0dbf>] ? 0x1e0dbf
Aug  7 22:05:52 kernel: [<00013c3e>] ? 0x13c3e
Aug  7 22:05:52 kernel: [<000eafdb>] ? 0xeafdb
Aug  7 22:05:52 kernel: [<00013c3e>] ? 0x13c3e
Aug  7 22:05:52 kernel: [<001e0dbf>] ? 0x1e0dbf
Aug  7 22:05:52 kernel: [<00013c3e>] ? 0x13c3e
Aug  7 22:05:52 kernel: [<00010202>] ? 0x10202
Aug  7 22:05:52 kernel: ---[ end trace 6c3e3984266d10dc ]---


If you need to look at the symbols, see http://www.aoi-karin.net/grsec/ (for the pax-test13 version).
As the error changes slightly I also added a piece of the syslog.

The traces in the logs (and the garbage on all terminals) are gone with the latest patch (grsecurity-2.2.0-2.6.34.3-201008112233)

Thanks for your help.

specs wrote:The traces in the logs (and the garbage on all terminals) are gone with the latest patch (grsecurity-2.2.0-2.6.34.3-201008112233)

Well it doesn't work for me, the problem is still the same with the latest patch