Page 1 of 1

Kernel panic when booting into grsecurity kernel

PostPosted: Sun Mar 27, 2016 9:32 pm
by Lindor
I used https://micahflee.com/2016/01/debian-grsecurity/ as a guide to installing a kernel patched with grsecurity. I tried it in a virtual machine first, and everything worked out just fine.

Not I have tested it on my laptop, and I get kernel panic at boot time. Here is a picture of the panic. http://postimg.org/image/o77aubp93/

After I compiled I installed it and got this:

Code: Select all
user@debian[~/grsec]-$ sudo dpkg -i linux-image-4.4.6-grsec_4.4.6-grsec-10.00.Custom_i386.deb
Selecting previously unselected package linux-image-4.4.6-grsec.
(Reading database ... 206149 files and directories currently installed.)
Preparing to unpack linux-image-4.4.6-grsec_4.4.6-grsec-10.00.Custom_i386.deb ...
Done.
Unpacking linux-image-4.4.6-grsec (4.4.6-grsec-10.00.Custom) ...
Setting up linux-image-4.4.6-grsec (4.4.6-grsec-10.00.Custom) ...
Running depmod.
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.4.6-grsec /boot/vmlinuz-4.4.6-grsec
run-parts: executing /etc/kernel/postinst.d/dkms 4.4.6-grsec /boot/vmlinuz-4.4.6-grsec
Error!  Build of vmhgfs.ko failed for: 4.4.6-grsec (i686)
Consult the make.log in the build directory
/var/lib/dkms/open-vm-tools/9.4.6/build/ for more information.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.4.6-grsec /boot/vmlinuz-4.4.6-grsec
update-initramfs: Generating /boot/initrd.img-4.4.6-grsec
W: Possible missing firmware /lib/firmware/i915/bxt_dmc_ver1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/skl_dmc_ver1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/skl_guc_ver4.bin for module i915
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.4.6-grsec /boot/vmlinuz-4.4.6-grsec
Generating grub configuration file ...
Found background image: .background_cache.png
Found linux image: /boot/vmlinuz-4.4.6-grsec
Found initrd image: /boot/initrd.img-4.4.6-grsec
Found linux image: /boot/vmlinuz-3.16.0-4-686-pae
Found initrd image: /boot/initrd.img-3.16.0-4-686-pae
Found linux image: /boot/vmlinuz-3.16.0-4-586
Found initrd image: /boot/initrd.img-3.16.0-4-586
Found memtest86+ image: /memtest86+.bin
Found memtest86+ multiboot image: /memtest86+_multiboot.bin
done


I notice the line "Error! Build of vmhgfs.ko failed for: 4.4.6-grsec (i686)", so I looked in the make.log
Code: Select all
DKMS make.log for open-vm-tools-9.4.6 for kernel 4.4.6-grsec (i686)
Sun Mar 27 20:39:43 EDT 2016
make: Entering directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs'
Using 2.6.x kernel build system.
Building vmhgfs without VMCI module symbols.
make -C /lib/modules/4.4.6-grsec/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR=/var/lib/dkms/open-vm-tools/9.4.6/build modules
make[1]: Entering directory '/home/shurik/grsec/linux-4.4.6'
  CC [M]  /var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/message.o
  CC [M]  /var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.o
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c: In function ‘HgfsPackDirOpenRequest’:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:417:26: error: ‘struct file’ has no member named ‘f_dentry’
                      file->f_dentry) < 0) {
                          ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c: In function ‘HgfsDirLlseek’:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:707:32: error: ‘struct file’ has no member named ‘f_dentry’
    struct dentry *dentry = file->f_dentry;
                                ^
In file included from /var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:39:0:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c: In function ‘HgfsReaddirNextEntry’:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:993:31: error: ‘struct file’ has no member named ‘f_dentry’
    si = HGFS_SB_TO_COMMON(file->f_dentry->d_inode->i_sb);
                               ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/module.h:88:62: note: in definition of macro ‘HGFS_SB_TO_COMMON’
 #define HGFS_SB_TO_COMMON(sb)             ((HgfsSuperInfo *)(sb)->s_fs_info)
                                                              ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:1082:26: error: ‘struct file’ has no member named ‘f_dentry’
          *entryIno = file->f_dentry->d_inode->i_ino;
                          ^
In file included from /var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:30:0:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:1088:44: error: ‘struct file’ has no member named ‘f_dentry’
          *entryIno = compat_parent_ino(file->f_dentry);
                                            ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/./shared/compat_fs.h:121:46: note: in definition of macro ‘compat_parent_ino’
 #define compat_parent_ino(dentry) parent_ino(dentry)
                                              ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:1093:52: error: ‘struct file’ has no member named ‘f_dentry’
      *entryIno = HgfsGetFileInode(&entryAttrs, file->f_dentry->d_inode->i_sb);
                                                    ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c: In function ‘HgfsDoReaddir’:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:1173:13: error: ‘struct file’ has no member named ‘f_dentry’
       !(file->f_dentry) ||
             ^
/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.c:1174:13: error: ‘struct file’ has no member named ‘f_dentry’
       !(file->f_dentry->d_inode)) {
             ^
scripts/Makefile.build:258: recipe for target '/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.o' failed
make[2]: *** [/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs/dir.o] Error 1
Makefile:1399: recipe for target '_module_/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs' failed
make[1]: *** [_module_/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs] Error 2
make[1]: Leaving directory '/home/shurik/grsec/linux-4.4.6'
Makefile:130: recipe for target 'vmhgfs.ko' failed
make: *** [vmhgfs.ko] Error 2
make: Leaving directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs'
make: Entering directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet'
Using 2.6.x kernel build system.
make -C /lib/modules/4.4.6-grsec/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR=/var/lib/dkms/open-vm-tools/9.4.6/build modules
make[1]: Entering directory '/home/shurik/grsec/linux-4.4.6'
  CC [M]  /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/vmxnet.o
In file included from /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/vmxnet.c:54:0:
/var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/./shared/vm_device_version.h:56:0: warning: "PCI_VENDOR_ID_VMWARE" redefined
 #define PCI_VENDOR_ID_VMWARE                    0x15AD
 ^
In file included from include/linux/pci.h:35:0,
                 from /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/./shared/compat_pci.h:27,
                 from /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/vmxnet.c:31:
include/linux/pci_ids.h:2252:0: note: this is the location of the previous definition
 #define PCI_VENDOR_ID_VMWARE  0x15ad
 ^
  Building modules, stage 2.
  MODPOST 1 modules
WARNING: modpost: Found 4 writable function pointer(s).
To see full details build your kernel with:
'make CONFIG_DEBUG_SECTION_MISMATCH=y'
  CC      /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/vmxnet.mod.o
  LD [M]  /var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet/vmxnet.ko
make[1]: Leaving directory '/home/shurik/grsec/linux-4.4.6'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR=/var/lib/dkms/open-vm-tools/9.4.6/build postbuild
make[1]: Entering directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet'
make[1]: 'postbuild' is up to date.
make[1]: Leaving directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet'
cp -f vmxnet.ko ./../vmxnet.o
make: Leaving directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmxnet'


I'm not sure if there is something wrong in that file. Also I forgot to mention, I do not know if it plays a role in this but I have a encrypted root partition.

Can anyone provide me with a solution?

Re: Kernel panic when booting into grsecurity kernel

PostPosted: Mon Mar 28, 2016 4:10 pm
by PaX Team
re: boot panic, you should enable frame pointers and a frame buffer video driver so that we can get more of the backtrace and register dump. re: open-vm-tools, does it compile under a vanilla kernel? by the look of it some data structure has changed and open-vm-tools needs a patch to work with newer kernels.