grsecurity forums

Hello there,

I have the same problems reported by @jorgus and other strange kernel hang tasks.
I'm using ubuntu 12.04 / 64 bit - gcc 4.6.3 and had the same problem, described in this post viewtopic.php?f=3&t=3878
but I solved it by removing some related kernel modules. If you are interested in the kernel config, I can send you.

Code: Select all

INFO: task khubd:30 blocked for
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
khubd D 0000000000000000 0 30
ffff88028c947d00 0000000000000046 ffff88028c947c10 ffffffff00000000
ffff88028cf64410 ffff88028cf64860 ffff88028cf64860 ffff88028cf64860
ffff88028cead330 ffff88028cf64410 ffff88028c947c50 ffff88029dc8f240
Call Trace:   
[<ffffffff81040c14>] ? finish_task_switch+0x44/0xf0 
[<ffffffff81618b5f>] ? __schedule+0x2ff/0x8f0 
[<ffffffff8161943a>] schedule+0x3a/0x50   
[<ffffffff8161a207>] __mutex_lock_slowpath+0xc7/0x140   
[<ffffffff812d3022>] ? __list_add+0x22/0x50 
[<ffffffff81619fc5>] mutex_lock+0x25/0x40   
[<ffffffff8144150e>] hub_thread+0x10e/0x1370   
[<ffffffff810728b0>] ? remove_wait_queue+0x50/0x50 
[<ffffffff81441400>] ? usb_remote_wakeup+0x40/0x40 
[<ffffffff810720c7>] kthread+0x87/0x90   
[<ffffffff81623804>] kernel_thread_helper+0x4/0x10   
[<ffffffff81072040>] ? kthread_worker_fn+0x180/0x180 
[<ffffffff81623800>] ? gs_change+0x13/0x13 
INFO: task colord:2761 blocked for
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
colord D 0000000000000000 0 2761
ffff880287bd9b28 0000000000000082 ffff880287bd9b08 ffffffff810d8b48
ffff8802898ccba0 ffff8802898ccff0 ffff8802898ccff0 ffff8802898ccff0
ffff880287dc8790 ffff8802898ccba0 ffffffff00000072 0000000000000000
Call Trace:   
[<ffffffff810d8b48>] ? get_page_from_freelist+0x2f8/0x7c0 
[<ffffffff8161943a>] schedule+0x3a/0x50   
[<ffffffff8161a207>] __mutex_lock_slowpath+0xc7/0x140   
[<ffffffff8144de50>] ? driver_resume+0x10/0x10 
[<ffffffff81619fc5>] mutex_lock+0x25/0x40   
[<ffffffff8144e406>] usbdev_open+0xf6/0x240   
[<ffffffff811300aa>] chrdev_open+0xea/0x1b0   
[<ffffffff8112ffc0>] ? cdev_put+0x30/0x30 
[<ffffffff8112970e>] __dentry_open+0x26e/0x340   
[<ffffffff811394a1>] ? generic_permission+0x131/0x290 
[<ffffffff8112aa11>] nameidata_to_filp+0x71/0x80   
[<ffffffff8113c1f7>] do_last+0x397/0xb50   
[<ffffffff8113dbae>] path_openat+0xce/0x420   
[<ffffffff812bc4b9>] ? gr_log_resource+0x29/0x100 
[<ffffffff81141368>] ? filldir+0x178/0x210 
[<ffffffff812af9cc>] ? gr_learn_resource+0x3c/0x1d0 
[<ffffffff8113e00d>] do_filp_open+0x3d/0xa0   
[<ffffffff8114bca9>] ? alloc_fd+0x169/0x1d0 
[<ffffffff8112ab21>] do_sys_open+0x101/0x1e0   
[<ffffffff8112ac1b>] sys_open+0x1b/0x20   
[<ffffffff8162194d>] system_call_fastpath+0x18/0x1d   
INFO: task libvirtd:3395 blocked for
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
libvirtd D 0000000000000000 0 3395
ffff880287a29d68 0000000000000086 000280d000000000 ffffea000a2c93c0
ffff88028aa896b0 ffff88028aa89b00 ffff88028aa89b00 ffff88028aa89b00

and most usb devices have no function, except mouse and keyboard

Code: Select all

PAX: size overflow detected in
Pid: 2660, comm: colord Tainted:
Call Trace:   
[<ffffffff81131034>] report_size_overflow+0x24/0x30   
[<ffffffff81453785>] usbdev_read+0x1085/0x10b0   
[<ffffffff8112bc07>] vfs_read+0xd7/0x220   
[<ffffffff8112bd95>] sys_read+0x45/0x90   
[<ffffffff8162194d>] system_call_fastpath+0x18/0x1d   
activated service 'org.freedesktop.ColorManager'

on a ubuntu system 10.04 / i386 - gcc 4.4.3 it's running well

thank you for the project grsecurity!
best regards

Hi,
Which grsec patch version did you use? Could you send me the whole dmesg and your kernel .config?

I used the latest patch grsecurity-3.0-3.2.53-201312021727.patch. I want to update the thread. My described running system (gcc 4.4.3) is a server system, without graphical interface. The gcc 4.6.3 system is a desktop system and I have it running now by disabling the physical protection on "new USB connections after toggle" in the kernel config (which was disabled anyway in the sysctl.conf)

http://pastebin.com/bubuLDk0 dmesg (I have only the syslog but with all kernel messages)
I have only the new kernel config, but the only difference is the disabled "new USB connections after toggle"
http://pastebin.com/fEb2KEe2

the config you posted doesn't have the SIZE_OVERFLOW plugin enabled either, so i guess you disabled more than just that USB protection feature, so no wonder it no longer triggers . in any case, can you do a 'make drivers/usb/core/devio.o EXTRA_CFLAGS=-fdump-tree-all' and post the resulting drivers/usb/core/devio.* files?

PAX Team wrote:so i guess you disabled more than just that USB protection feature, so no wonder it no longer triggers

ups, now you are mention it, I remember there were some more options

I prepared the original kernel config file, I used http://pastebin.com/nDC6wi3Q

and here is the output of 'make drivers/usb/core/devio.o EXTRA_CFLAGS=-fdump-tree-all':

Code: Select all

-rw-rw-r-- 1 root root   53K Nov 28 15:02 drivers/usb/core/devio.c
-rw-r--r-- 1 root root  8,5M Dez  6 23:53 drivers/usb/core/devio.c.001t.tu
-rw-r--r-- 1 root root  769K Dez  6 23:53 drivers/usb/core/devio.c.003t.original
-rw-r--r-- 1 root root  241K Dez  6 23:53 drivers/usb/core/devio.c.004t.gimple
-rw-r--r-- 1 root root  294K Dez  6 23:53 drivers/usb/core/devio.c.006t.vcg
-rw-r--r-- 1 root root  248K Dez  6 23:53 drivers/usb/core/devio.c.009t.omplower
-rw-r--r-- 1 root root  238K Dez  6 23:53 drivers/usb/core/devio.c.010t.lower
-rw-r--r-- 1 root root  238K Dez  6 23:53 drivers/usb/core/devio.c.012t.eh
-rw-r--r-- 1 root root  186K Dez  6 23:53 drivers/usb/core/devio.c.013t.cfg
-rw-r--r-- 1 root root  223K Dez  6 23:53 drivers/usb/core/devio.c.017t.ssa
-rw-r--r-- 1 root root  203K Dez  6 23:53 drivers/usb/core/devio.c.018t.veclower
-rw-r--r-- 1 root root   26K Dez  6 23:53 drivers/usb/core/devio.c.019t.inline_param1
-rw-r--r-- 1 root root  540K Dez  6 23:53 drivers/usb/core/devio.c.020t.einline
-rw-r--r-- 1 root root  6,5K Dez  6 23:53 drivers/usb/core/devio.c.021t.early_optimizations
-rw-r--r-- 1 root root  447K Dez  6 23:53 drivers/usb/core/devio.c.022t.copyrename1
-rw-r--r-- 1 root root  424K Dez  6 23:53 drivers/usb/core/devio.c.023t.ccp1
-rw-r--r-- 1 root root  415K Dez  6 23:53 drivers/usb/core/devio.c.024t.forwprop1
-rw-r--r-- 1 root root 1018K Dez  6 23:53 drivers/usb/core/devio.c.025t.ealias
-rw-r--r-- 1 root root  414K Dez  6 23:53 drivers/usb/core/devio.c.026t.esra
-rw-r--r-- 1 root root  399K Dez  6 23:53 drivers/usb/core/devio.c.027t.copyprop1
-rw-r--r-- 1 root root  396K Dez  6 23:53 drivers/usb/core/devio.c.028t.mergephi1
-rw-r--r-- 1 root root  452K Dez  6 23:53 drivers/usb/core/devio.c.029t.cddce1
-rw-r--r-- 1 root root  433K Dez  6 23:53 drivers/usb/core/devio.c.030t.eipa_sra
-rw-r--r-- 1 root root  400K Dez  6 23:53 drivers/usb/core/devio.c.032t.switchconv
-rw-r--r-- 1 root root  229K Dez  6 23:53 drivers/usb/core/devio.c.034t.profile
-rw-r--r-- 1 root root  945K Dez  6 23:53 drivers/usb/core/devio.c.035t.local-pure-const1
-rw-r--r-- 1 root root  402K Dez  6 23:53 drivers/usb/core/devio.c.036t.fnsplit
-rw-r--r-- 1 root root  396K Dez  6 23:53 drivers/usb/core/devio.c.037t.release_ssa
-rw-r--r-- 1 root root   27K Dez  6 23:53 drivers/usb/core/devio.c.038t.inline_param2
-rw-r--r-- 1 root root  305K Dez  6 23:53 drivers/usb/core/devio.c.057t.copyrename2
-rw-r--r-- 1 root root  344K Dez  6 23:53 drivers/usb/core/devio.c.058t.cunrolli
-rw-r--r-- 1 root root  305K Dez  6 23:53 drivers/usb/core/devio.c.059t.ccp2
-rw-r--r-- 1 root root  304K Dez  6 23:53 drivers/usb/core/devio.c.060t.forwprop2
-rw-r--r-- 1 root root  299K Dez  6 23:53 drivers/usb/core/devio.c.061t.cdce
-rw-r--r-- 1 root root  662K Dez  6 23:53 drivers/usb/core/devio.c.062t.alias
-rw-r--r-- 1 root root  1,7K Dez  6 23:53 drivers/usb/core/devio.c.063t.retslot
-rw-r--r-- 1 root root  300K Dez  6 23:53 drivers/usb/core/devio.c.064t.phiprop
-rw-r--r-- 1 root root  297K Dez  6 23:53 drivers/usb/core/devio.c.065t.fre
-rw-r--r-- 1 root root  289K Dez  6 23:53 drivers/usb/core/devio.c.066t.copyprop2
-rw-r--r-- 1 root root  289K Dez  6 23:53 drivers/usb/core/devio.c.067t.mergephi2
-rw-r--r-- 1 root root  489K Dez  6 23:53 drivers/usb/core/devio.c.068t.vrp1
-rw-r--r-- 1 root root  280K Dez  6 23:53 drivers/usb/core/devio.c.069t.dce1
-rw-r--r-- 1 root root  278K Dez  6 23:53 drivers/usb/core/devio.c.070t.cselim
-rw-r--r-- 1 root root  278K Dez  6 23:53 drivers/usb/core/devio.c.071t.ifcombine
-rw-r--r-- 1 root root  278K Dez  6 23:53 drivers/usb/core/devio.c.072t.phiopt1
-rw-r--r-- 1 root root  333K Dez  6 23:53 drivers/usb/core/devio.c.074t.ch
-rw-r--r-- 1 root root  285K Dez  6 23:53 drivers/usb/core/devio.c.076t.cplxlower
-rw-r--r-- 1 root root  285K Dez  6 23:53 drivers/usb/core/devio.c.077t.sra
-rw-r--r-- 1 root root  285K Dez  6 23:53 drivers/usb/core/devio.c.078t.copyrename3
-rw-r--r-- 1 root root  272K Dez  6 23:53 drivers/usb/core/devio.c.079t.dom1
-rw-r--r-- 1 root root  221K Dez  6 23:53 drivers/usb/core/devio.c.080t.phicprop1
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.081t.dse1
-rw-r--r-- 1 root root  246K Dez  6 23:53 drivers/usb/core/devio.c.082t.reassoc1
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.083t.dce2
-rw-r--r-- 1 root root  219K Dez  6 23:53 drivers/usb/core/devio.c.084t.forwprop3
-rw-r--r-- 1 root root  216K Dez  6 23:53 drivers/usb/core/devio.c.085t.phiopt2
-rw-r--r-- 1 root root  217K Dez  6 23:53 drivers/usb/core/devio.c.086t.objsz
-rw-r--r-- 1 root root  212K Dez  6 23:53 drivers/usb/core/devio.c.087t.ccp3
-rw-r--r-- 1 root root  211K Dez  6 23:53 drivers/usb/core/devio.c.088t.copyprop3
-rw-r--r-- 1 root root  211K Dez  6 23:53 drivers/usb/core/devio.c.089t.sincos
-rw-r--r-- 1 root root  1,7K Dez  6 23:53 drivers/usb/core/devio.c.090t.bswap
-rw-r--r-- 1 root root  223K Dez  6 23:53 drivers/usb/core/devio.c.091t.crited
-rw-r--r-- 1 root root  586K Dez  6 23:53 drivers/usb/core/devio.c.092t.pre
-rw-r--r-- 1 root root  281K Dez  6 23:53 drivers/usb/core/devio.c.093t.sink
-rw-r--r-- 1 root root  234K Dez  6 23:53 drivers/usb/core/devio.c.094t.loop
-rw-r--r-- 1 root root  275K Dez  6 23:53 drivers/usb/core/devio.c.095t.loopinit
-rw-r--r-- 1 root root  234K Dez  6 23:53 drivers/usb/core/devio.c.096t.lim1
-rw-r--r-- 1 root root  230K Dez  6 23:53 drivers/usb/core/devio.c.097t.copyprop4
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.098t.dceloop1
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.100t.sccp
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.103t.copyprop5
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.109t.ivcanon
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.115t.cunroll
-rw-r--r-- 1 root root  219K Dez  6 23:53 drivers/usb/core/devio.c.119t.ivopts
-rw-r--r-- 1 root root  219K Dez  6 23:53 drivers/usb/core/devio.c.120t.loopdone
-rw-r--r-- 1 root root  245K Dez  6 23:53 drivers/usb/core/devio.c.122t.reassoc2
-rw-r--r-- 1 root root  338K Dez  6 23:53 drivers/usb/core/devio.c.123t.vrp2
-rw-r--r-- 1 root root  250K Dez  6 23:53 drivers/usb/core/devio.c.124t.dom2
-rw-r--r-- 1 root root  218K Dez  6 23:53 drivers/usb/core/devio.c.125t.phicprop2
-rw-r--r-- 1 root root  251K Dez  6 23:53 drivers/usb/core/devio.c.126t.cddce2
-rw-r--r-- 1 root root  1,7K Dez  6 23:53 drivers/usb/core/devio.c.128t.uninit
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.129t.dse2
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.130t.forwprop4
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.131t.phiopt3
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.132t.fab
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.133t.widening_mul
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.135t.copyrename4
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.136t.uncprop
-rw-r--r-- 1 root root  187K Dez  6 23:53 drivers/usb/core/devio.c.137t.local-pure-const2
-rw-r--r-- 1 root root  220K Dez  6 23:53 drivers/usb/core/devio.c.141t.nrv
-rw-r--r-- 1 root root  221K Dez  6 23:53 drivers/usb/core/devio.c.143t.optimized
-rw-r--r-- 1 root root   53K Dez  6 23:53 drivers/usb/core/devio.c.224t.statistics
-rw-r--r-- 1 root root  1,9K Dez  6 23:53 drivers/usb/core/devio.c.226t.latent_entropy
-rw-r--r-- 1 root root   51K Dez  6 23:53 drivers/usb/core/devio.o

thanks for your support!

thanks but we'll need the actual files .

Thanks for the report. This bug will be fixed in the next pax version.