grsecurity forums

Hello,

I have a machine (32 bit kernel; gcc 5.3.0) that will not boot. I can select a kernel from grub but then the screen goes blank and stays that way. I have tracked it down to CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL (until it was removed in 4.2.6) and CONFIG_PAX_SIZE_OVERFLOW (from then on).

With the CONFIG option commented out, I can boot grsecurity kernels from 4.2.6 to 4.3.5.

The "KILL" is happening before netconsole can show me anything (I verified I do get output without the CONFIG option).

As I get nothing on the screen or from netconsole, do you have any suggestions to troubleshoot this?

I have lost access to the site where I would have posted my config/kernel . Any suggestions for me to use now? Or I can email them to you.

Thanks

did you try to boot with pax_size_overflow_report_only?

Thanks for the reply.

I was not aware of that but will try that next and let you know.

Here is the output ...

[ 0.000000] No NUMA configuration found
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000012fffffff]
[ 0.000000] PAX: size overflow detected in function x86_numa_init arch/x86/mm/numa.c:691 cicus.311_502 max, count: 45, decl: memblock_clear_hotplug; num: 2; context: fndecl;
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.3.5-grsec-smp #201601311611
[ 0.000000] Hardware name: Dell Inc. Inspiron 530/0FM586, BIOS 1.0.13 03/20/2008
[ 0.000000] 00000000 00000000 c3c01e58 002d59ad c394f30a c3c01e80 0014d7ae c3972370
[ 0.000000] c394f35d c394f30a 000002b3 c3957ec4 c400c0a0 58ad3a28 43e9b7cf c3c01f1c
[ 0.000000] 02e3348c c3957ec4 ea5fa25e 69634953 00000000 8c98b36b 00000000 60e4e858
[ 0.000000] Call Trace:
[ 0.000000] [<002d59ad>] dump_stack+0x41/0x54
[ 0.000000] [<0014d7ae>] report_size_overflow+0x4e/0x60
[ 0.000000] [<02e3348c>] x86_numa_init+0x459/0xdcb
[ 0.000000] [<02e5c435>] ? early_acpi_os_unmap_memory+0x21/0x65
[ 0.000000] [<00003000>] ? nmi_print_seq+0x1a0/0x410
[ 0.000000] [<000464b0>] ? __native_set_fixmap+0x20/0x30
[ 0.000000] [<02e5b61c>] ? acpi_table_parse_entries+0xf8/0x14f
[ 0.000000] [<000464fc>] ? native_set_fixmap+0x3c/0x50
[ 0.000000] [<0003d3e4>] ? default_get_apic_id+0x14/0x40
[ 0.000000] [<02e33edb>] initmem_init+0x1e/0x115
[ 0.000000] [<02e0f50e>] setup_arch+0x12c0/0x151a
[ 0.000000] [<000964f6>] ? vprintk_emit+0x1c6/0x540
[ 0.000000] [<000969e2>] ? vprintk_default+0x12/0x20
[ 0.000000] [<02e08160>] start_kernel+0x84/0x4ef
[ 0.000000] [<000ed5c1>] ? printk+0x12/0x14
[ 0.000000] [<02e08160>] ? start_kernel+0x84/0x4ef
[ 0.000000] [<0009e800>] ? msi_create_irq_domain+0x10/0x180
[ 0.000000] [<02e0732e>] i386_start_kernel+0xf6/0xfd
[ 0.000000] [<00040800>] ? vmalloc_fault+0xe0/0x3a0
[ 0.000000] [<0008f800>] ? proc_sched_show_task+0x10/0x8d0
[ 0.000000] PAX: size overflow detected in function x86_numa_init arch/x86/mm/numa.c:507 cicus.312_503 max, count: 47, decl: memblock_clear_hotplug; num: 2; context: fndecl;
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.3.5-grsec-smp #201601311611
[ 0.000000] Hardware name: Dell Inc. Inspiron 530/0FM586, BIOS 1.0.13 03/20/2008
[ 0.000000] 00000000 00000000 c3c01e58 002d59ad c394f30a c3c01e80 0014d7ae c3972370
[ 0.000000] c394f35d c394f30a 000001fb c3957f1c c400c0a0 2a7fb137 4436bc12 c3c01f1c
[ 0.000000] 02e3350e c3957f1c ea5fa25e 69634953 00000000 8c98b36b 00000000 60e4e858
[ 0.000000] Call Trace:
[ 0.000000] [<002d59ad>] dump_stack+0x41/0x54
[ 0.000000] [<0014d7ae>] report_size_overflow+0x4e/0x60
[ 0.000000] [<02e3350e>] x86_numa_init+0x4db/0xdcb
[ 0.000000] [<02e5c435>] ? early_acpi_os_unmap_memory+0x21/0x65
[ 0.000000] [<00003000>] ? nmi_print_seq+0x1a0/0x410
[ 0.000000] [<000464b0>] ? __native_set_fixmap+0x20/0x30
[ 0.000000] [<02e5b61c>] ? acpi_table_parse_entries+0xf8/0x14f
[ 0.000000] [<000464fc>] ? native_set_fixmap+0x3c/0x50
[ 0.000000] [<02e33edb>] initmem_init+0x1e/0x115
[ 0.000000] [<02e0f50e>] setup_arch+0x12c0/0x151a
[ 0.000000] [<000964f6>] ? vprintk_emit+0x1c6/0x540
[ 0.000000] [<000969e2>] ? vprintk_default+0x12/0x20
[ 0.000000] [<02e08160>] start_kernel+0x84/0x4ef
[ 0.000000] [<000ed5c1>] ? printk+0x12/0x14
[ 0.000000] [<02e08160>] ? start_kernel+0x84/0x4ef
[ 0.000000] [<0009e800>] ? msi_create_irq_domain+0x10/0x180
[ 0.000000] [<02e0732e>] i386_start_kernel+0xf6/0xfd
[ 0.000000] [<00040800>] ? vmalloc_fault+0xe0/0x3a0
[ 0.000000] [<0008f800>] ? proc_sched_show_task+0x10/0x8d0

can you post your config or at least tell me which of CONFIG_ACPI_NUMA and CONFIG_AMD_NUMA is enabled? and i guess Emese will want to get the output files of make arch/x86/mm/numa.o EXTRA_CFLAGS="-fdump-tree-all -fdump-ipa-all" too (email is fine).

also try the following patch that should fix an integer truncation (have you got more than 4GB of memory?):

Code: Select all

--- a/arch/x86/mm/numa.c   2015-11-03 01:48:55.603331575 +0100
+++ b/arch/x86/mm/numa.c  2016-02-03 00:53:12.574516515 +0100
@@ -469,7 +469,7 @@
 {
        int i, nid;
        nodemask_t numa_kernel_nodes = NODE_MASK_NONE;
-       unsigned long start, end;
+       u64 start, end;
        struct memblock_region *r;

        /*


Your patch solved my problem after changing "u64 long" to "u64".

I assume you no linger need the .config or NUMA files ...

Thanks

yeah sorry about the typo, already corrected it in the post and no, don't worry about the earlier request if it all works now.

PS: you could submit this upstream as it's a real bug there.

I have reported the bug.

can you post a tracking URL please?

I have not received a reply yet. Will that have the tracking number in it?

where did you report it? if it's lkml or the kernel bugzilla then you have your URL .

I sent it via email to the output from " perl scripts/get_maintainer.pl -f arch/x86/mm/numa.c" per the REPORTING-BUGS in the top level kernel directory.