grsecurity forums


https://forums.grsecurity.net./

Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

https://forums.grsecurity.net./viewtopic.php?f=3&t=4281

Page 1 of 1

Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Mon Oct 19, 2015 3:45 am
by nail
System: Archlinux 64-bit.
DE: XFCE4.12
DM: LightDM
Kernel log at boot with linux-grsec 4.2.3.201510171833:
http://pastebin.com/YtEVKi2M

After that me downgraded to previous version 4.2.3.201510130858. That's working. Kernel log:
http://pastebin.com/46weFK8p

Threads about similar bugs with freezes:
https://bbs.archlinux.org/viewtopic.php?id=203973
http://www.wilderssecurity.com/threads/ ... ng.380789/

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Mon Oct 19, 2015 4:36 pm
by ephox
it is same as this bug: https://bugs.archlinux.org/task/46794

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Mon Oct 19, 2015 5:07 pm
by nail
LightDM is OFF.
http://i.imgur.com/wFUPHum.jpg

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Mon Oct 19, 2015 5:29 pm
by nail
Another shot with size overflow...
http://i.imgur.com/FpG4ybS.jpg

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Mon Oct 19, 2015 6:08 pm
by ephox
Hi,
Could you please apply this patch and send me the result from dmesg?
Code: Select all
--- net/core/skbuff.c.orig      2015-10-20 00:32:27.592091107 +0200
+++ net/core/skbuff.c   2015-10-20 00:34:03.536086830 +0200
@@ -970,6 +970,7 @@
                skb->csum_start += off;
        /* {transport,network,mac}_header and tail are relative to skb->head */
        skb->transport_header += off;
+       printk(KERN_ERR "PAX overflow skb->network_header: %hx off: %x\n", skb->network_header, off);
        skb->network_header   += off;
        if (skb_mac_header_was_set(skb))
                skb->mac_header += off;

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 7:14 am
by nail
Code: Select all
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- net/core/skbuff.c.orig      2015-10-20 00:32:27.592091107 +0200
|+++ net/core/skbuff.c   2015-10-20 00:34:03.536086830 +0200
--------------------------
File to patch:

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 8:11 am
by spender
What patch command did you use? You should use -p0 for this one if done inside the root of the kernel source tree.

-Brad

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 8:24 am
by nail
Do I have to patch the original kernel from kernel.org or is this additional patch to kernel with grsecurity?

Tried to patch additionally after grsecurity main patch:
Code: Select all
patching file net/core/skbuff.c
patch: **** malformed patch at line 8: skb->network_header, off);

==> ERROR: A failure occurred in prepare().
    Aborting..

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 9:09 am
by nail
Second try to apply:
Code: Select all
patching file net/core/skbuff.c
Hunk #1 FAILED at 970.
1 out of 1 hunk FAILED -- saving rejects to file net/core/skbuff.c.rej

==> ERROR: A failure occurred in prepare().
    Aborting..

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 3:49 pm
by nail
ephox wrote:Hi,
Could you please apply this patch and send me the result from dmesg?
Code: Select all
--- net/core/skbuff.c.orig      2015-10-20 00:32:27.592091107 +0200
+++ net/core/skbuff.c   2015-10-20 00:34:03.536086830 +0200
@@ -970,6 +970,7 @@
                skb->csum_start += off;
        /* {transport,network,mac}_header and tail are relative to skb->head */
        skb->transport_header += off;
+       printk(KERN_ERR "PAX overflow skb->network_header: %hx off: %x\n", skb->network_header, off);
        skb->network_header   += off;
        if (skb_mac_header_was_set(skb))
                skb->mac_header += off;

i had compare "net/core/skbuff.c" file near 970-980 lines with your patch. Me edited your patch. Instead of spaces before each line there are tabs now. And new kernel compilation started succesfully...
Later i will send it...

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 6:10 pm
by nail
ephox wrote:Hi,
Could you please apply this patch and send me the result from dmesg?
Code: Select all
--- net/core/skbuff.c.orig      2015-10-20 00:32:27.592091107 +0200
+++ net/core/skbuff.c   2015-10-20 00:34:03.536086830 +0200
@@ -970,6 +970,7 @@
                skb->csum_start += off;
        /* {transport,network,mac}_header and tail are relative to skb->head */
        skb->transport_header += off;
+       printk(KERN_ERR "PAX overflow skb->network_header: %hx off: %x\n", skb->network_header, off);
        skb->network_header   += off;
        if (skb_mac_header_was_set(skb))
                skb->mac_header += off;

2 shots :) :
http://i.imgur.com/R6HqBYY.jpg
http://i.imgur.com/dsJBiq9.jpg
Will be it helpfull?

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 6:32 pm
by ephox
It looks like a real bug, could you please report it to the kernel (netdev) mailing list (send them the printed values and the backtrace)?

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 6:43 pm
by nail
ephox wrote:It looks like a real bug, could you please report it to the kernel (netdev) mailing list (send them the printed values and the backtrace)?

Ok. Thanks. I will send it them...
But there are no freezes when kernel loaded without last grsecurity patches and kernel loaded with grsecurity patch including until 4.2.3.201510130858 versions?

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Tue Oct 20, 2015 7:05 pm
by PaX Team
nail wrote:But there are no freezes when kernel loaded without last grsecurity patches and kernel loaded with grsecurity patch including until 4.2.3.201510130858 versions?
that's when spender re-enabled the size overflow plugin for 4.2 that grew some new features since 4.1 such as tracking and instrumenting global variables and structure fields. we did expect this new coverage to find new issues (both true and false positives) but not this amount, so we're trying our best to handle the fallout, please don't be discouraged and keep reporting them ;).

Re: Freezes with 4.2.3.201510161817 and 4.2.3.201510171833 !

PostPosted: Fri Nov 13, 2015 12:50 am
by strcat
Did this get reported upstream? It doesn't seem like it has been addressed yet.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/