4.4.6-grsec on RaspberryPi - kernel panic during boot
Posted: Sat Apr 02, 2016 3:43 pmHi,
A while ago, I had a success running a RPI with mainline kernel and grsec, that was pre 4.x I think...
I decided to give it a go with the latest 4.4.6 mainline + grsecurity patches.
The vanilla works fine. Unfortunately, the grsec kernel dies at boot, while attempting to dereference something from the userland?
Please see the log below:
I've used the following toolchain (created on a amd64 gentoo hardened box using the crossdev tool):
Any help will be appreciated. Thanks in advance.
Radek
A while ago, I had a success running a RPI with mainline kernel and grsec, that was pre 4.x I think...
I decided to give it a go with the latest 4.4.6 mainline + grsecurity patches.
The vanilla works fine. Unfortunately, the grsec kernel dies at boot, while attempting to dereference something from the userland?
Please see the log below:
- Code: Select all
U-Boot 2016.03-gf23baa5-dirty (Mar 27 2016 - 12:50:30 +0200)
DRAM: 240 MiB
RPI Model B (0x2)
MMC: bcm2835_sdhci: 0
reading uboot.env
** Unable to read "uboot.env" from mmc0:1 **
Using default environment
In: serial
Out: lcd
Err: lcd
Net: Net Initialization Skipped
No ethernet found.
starting USB...
USB0: Core Release: 2.80a
scanning bus 0 for devices... 3 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
scanning usb for ethernet devices... 1 Ethernet Device(s) found
Hit any key to stop autoboot: 0
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
Found U-Boot script /boot.scr.uimg
reading /boot.scr.uimg
321 bytes read in 9 ms (34.2 KiB/s)
## Executing script at 02000000
switch to partitions #0, OK
mmc0 is current device
reading zImage
3308384 bytes read in 293 ms (10.8 MiB/s)
reading bcm2835-rpi-b.dtb
4257 bytes read in 14 ms (296.9 KiB/s)
Kernel image @ 0x1000000 [ 0x000000 - 0x327b60 ]
## Flattened Device Tree blob at 00000100
Booting using the fdt blob at 0x000100
Using Device Tree in place at 00000100, end 000041a0
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 4.4.6-grsec (radek@underground) (gcc version 4.9.3 (Gentoo Hardened 4.9.3 p1.5, pie-0.6.4) ) #2 Sun Mar 27 19:06:54 CEST 2016
[ 0.000000] CPU: ARMv6-compatible processor [410fb767] revision 7 (ARMv7), cr=00c5387d
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[ 0.000000] Machine model: Raspberry Pi Model B
[ 0.000000] bootconsole [earlycon0] enabled
[ 0.000000] Memory policy: Data cache writeback
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60960
[ 0.000000] Kernel command line: earlyprintk console=tty0 console=ttyAMA0 root=/dev/mmcblk0p2 rootwait
[ 0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[ 0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Memory: 234472K/245760K available (5120K kernel code, 108K rwdata, 1484K rodata, 1024K init, 772K bss, 11288K reserved, 0K cma-reserved)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xcf800000 - 0xff800000 ( 768 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xcf000000 ( 240 MB)
[ 0.000000] .text : 0xc0008000 - 0xc0600000 (6112 kB)
[ 0.000000] .init : 0xc0800000 - 0xc0900000 (1024 kB)
[ 0.000000] .data : 0xc0900000 - 0xc091b380 ( 109 kB)
[ 0.000000] .bss : 0xc091b380 - 0xc09dc3a8 ( 773 kB)
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000024] sched_clock: 32 bits at 1000kHz, resolution 1000ns, wraps every 2147483647500ns
[ 0.008576] clocksource: timer: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275 ns
[ 0.018141] bcm2835: system timer (irq = 27)
[ 0.022871] Console: colour dummy device 80x30
[ 0.028136] console [tty0] enabled
[ 0.031777] Calibrating delay loop... 697.95 BogoMIPS (lpj=3489792)
[ 0.091120] pid_max: default: 32768 minimum: 501
[ 0.096273] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.103149] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.110805] PAX: swapper:0, uid/euid: 0/0, attempted to access userland memory at 6f72702f
[ 0.119361] Unable to handle kernel paging request at virtual address 6f72702f
[ 0.126808] pgd = c0004000
[ 0.129679] [6f72702f] *pgd=00000000
[ 0.133428] Internal error: Oops: 5 [#1] ARM
[ 0.137869] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.6-grsec #2
[ 0.144230] Hardware name: BCM2835
[ 0.147783] task: c0906b08 ti: c0900000 task.ti: c0900000
[ 0.153378] PC is at strchr+0x4/0x40
[ 0.157122] LR is at register_filesystem+0x14/0x64
[ 0.162086] pc : [<c02fc484>] lr : [<c01e43a4>] psr: 60000053
[ 0.162086] sp : c0901f90 ip : c090b778 fp : 00e9c177
[ 0.173918] r10: c0902000 r9 : dad31104 r8 : 99ecea94
[ 0.179311] r7 : 17a82ef3 r6 : 64118f18 r5 : d5d5f936 r4 : c090c758
[ 0.186023] r3 : c09ad054 r2 : 00000001 r1 : 0000002e r0 : 6f72702f
[ 0.192736] Flags: nZCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment none
[ 0.200168] Control: 00c5387d Table: 00004008 DAC: 00000011
[ 0.206090] Process swapper (pid: 0, stack limit = 0xc0900188)
[ 0.212101] Stack: (0xc0901f90 to 0xc0902000)
[ 0.216622] 1f80: c09ad054 e3dd28a7 d5d5f936 c081e100
[ 0.225031] 1fa0: 0000016d e3dd28a7 d5d5f936 c08016ec ffffffff ffffffff 00000000 c0800b90
[ 0.233439] 1fc0: 00000000 c0842a28 00000000 c0842a28 00000000 c091b4f4 c0902018 c0842a24
[ 0.241845] 1fe0: c0907c58 00004008 410fb767 00840c14 00000000 00008074 00000000 00000000
[ 0.250261] Code: 00000000 00000000 00000000 e20110ff (e4d02001)
[ 0.256623] ---[ end trace 2cf4588acd0faf34 ]---
[ 0.261420] Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
[ 0.271761] ---[ end Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
[ 82.771404] random: nonblocking pool is initialized
[ 1056.783410] PAX: swapper:0, uid/euid: 0/0, attempted to access userland memory at 00000080
[ 1056.791914] Unable to handle kernel NULL pointer dereference at virtual address 00000080
[ 1056.800229] pgd = c0004000
[ 1056.803072] [00000080] *pgd=00000000
[ 1056.806807] Internal error: Oops: 5 [#2] ARM
[ 1056.811244] CPU: 0 PID: 0 Comm: swapper Tainted: G D 4.4.6-grsec #2
[ 1056.818852] Hardware name: BCM2835
[ 1056.822403] task: c0906b08 ti: c0900000 task.ti: c0900000
[ 1056.827995] PC is at __queue_work+0x40/0x204
[ 1056.832434] LR is at queue_work_on+0x34/0x40
[ 1056.836868] pc : [<c012d6b0>] lr : [<c012e94c>] psr: 000001d3
[ 1056.836868] sp : c0901bf8 ip : c0912664 fp : 00004000
[ 1056.848697] r10: 00000008 r9 : 00000008 r8 : 00000001
[ 1056.854091] r7 : c0912664 r6 : c0912704 r5 : 00000000 r4 : 800001d3
[ 1056.860803] r3 : 400001d3 r2 : c0912704 r1 : 00000000 r0 : 00000001
[ 1056.867515] Flags: nzcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none
[ 1056.875036] Control: 00c5387d Table: 00004008 DAC: 00000011
[ 1056.880958] Process swapper (pid: 0, stack limit = 0xc0900188)
[ 1056.886968] Stack: (0xc0901bf8 to 0xc0902000)
[ 1056.891485] 1be0: 00000001 00000000
[ 1056.899894] 1c00: 800001d3 ffffffe1 00008000 c0912664 00000000 c012e94c c0902044 00000381
[ 1056.908304] 1c20: c0912674 c0359788 c0901c28 00000001 00007ffe 00000011 00000010 c091263c
[ 1056.916713] 1c40: c0912674 a653edde 535f3c7b 04a79b8f a98d8197 00012750 3c30978c c035a978
[ 1056.925120] 1c60: df19d680 c0148560 00000000 c015af54 00000000 00000000 00000001 ce806d80
[ 1056.933529] 1c80: 00014280 0000001b 00000001 c091b166 c0901dcb c0148560 ce806d80 c0902358
[ 1056.941936] 1ca0: ce806d80 ce806d90 00000000 00000000 00000000 c07691b4 c02fc484 c01485c4
[ 1056.950344] 1cc0: ce806d80 c014ad54 c014ac90 0000001b c090e98c c0147f1c 00000058 c0147fa8
[ 1056.958754] 1ce0: c0901d08 c0902358 ffffffff c0901d3c 00000031 c0101710 c018b044 c02fc5a0
[ 1056.967162] 1d00: 20000153 c010ced8 0002787d ffffffff 00000d50 c02fc570 00000001 c091b628
[ 1056.975570] 1d20: 00102660 00102728 00000031 c07691b4 c02fc484 c0901dcb 600001d3 c0901d60
[ 1056.983977] 1d40: c018b044 c02fc5a0 20000153 ffffffff ffffffff 00000d50 00000011 c01195a0
[ 1056.992384] 1d60: c06f7f7e c0901d8c 0000000b c091b500 00000000 c02fc486 00000000 c0901dfa
[ 1057.000792] 1d80: c02fc484 c02ef8dc c06f7f7e 00000000 00000000 c0908dd8 00000000 0000000b
[ 1057.009199] 1da0: c091b500 00000001 c02fc486 c010c598 c0900188 0000000b 00000000 60000153
[ 1057.017609] 1dc0: c0907c48 00000008 30000153 30303030 20303030 30303030 30303030 30303020
[ 1057.026017] 1de0: 30303030 32652030 30313130 28206666 30643465 31303032 c0002029 c0901e1c
[ 1057.034424] 1e00: 00000026 6f72702f 00000005 c0901f38 00000000 00000000 00000005 c0902000
[ 1057.042833] 1e20: 00e9c177 c0115dbc 00000000 6f72702f 00000005 c0901f38 c0906b08 c01118ac
[ 1057.051240] 1e40: ce80c680 024000c0 c01f90d4 00000000 c09021a0 ceffe520 0000000c c01a3a78
[ 1057.059649] 1e60: c0901edc ceffe520 000005d0 6f72702f 00000005 c0901f38 c0908274 99ecea94
[ 1057.068057] 1e80: dad31104 c0902000 00e9c177 c01013c8 00000007 0000000c 00000002 00000001
[ 1057.076463] 1ea0: 00000007 ceffe520 00000000 00000010 00000001 ceffe520 00000001 00000010
[ 1057.084870] 1ec0: c0901ee0 c01a44b4 c0901edc 0000000b 00000060 0000000c 00001000 00000000
[ 1057.093277] 1ee0: 00000001 00000001 00001000 ce80c780 00000000 c09ab868 00060000 00000148
[ 1057.101684] 1f00: 00000000 c06d39bf 00000008 c01c5580 c06d39bf 00000148 00060000 00000148
[ 1057.110093] 1f20: c06d39bf c02fc484 60000053 ffffffff c0901f6c c010ce10 6f72702f 0000002e
[ 1057.118502] 1f40: 00000001 c09ad054 c090c758 d5d5f936 64118f18 17a82ef3 99ecea94 dad31104
[ 1057.126910] 1f60: c0902000 00e9c177 c090b778 c0901f90 c01e43a4 c02fc484 60000053 ffffffff
[ 1057.135318] 1f80: 0000002e 00000001 00000011 00200000 c09ad054 e3dd28a7 d5d5f936 c081e100
[ 1057.143727] 1fa0: 0000016d e3dd28a7 d5d5f936 c08016ec ffffffff ffffffff 00000000 c0800b90
[ 1057.152135] 1fc0: 00000000 c0842a28 00000000 c0842a28 00000000 c091b4f4 c0902018 c0842a24
[ 1057.160543] 1fe0: c0907c58 00004008 410fb767 00840c14 00000000 00008074 00000000 00000000
[ 1057.168974] [<c012d6b0>] (__queue_work+0x40/0x204) from [<c012e94c>] (queue_work_on+0x34/0x40)
[ 1057.177846] [<c012e94c>] (queue_work_on+0x34/0x40) from [<c0359788>] (credit_entropy_bits+0x2a4/0x2d8)
[ 1057.187414] [<c0359788>] (credit_entropy_bits+0x2a4/0x2d8) from [<c035a978>] (add_interrupt_randomness+0x24c/0x2e4)
[ 1057.198127] [<c035a978>] (add_interrupt_randomness+0x24c/0x2e4) from [<c0148560>] (handle_irq_event_percpu+0xf4/0x130)
[ 1057.209096] [<c0148560>] (handle_irq_event_percpu+0xf4/0x130) from [<c01485c4>] (handle_irq_event+0x28/0x3c)
[ 1057.219187] [<c01485c4>] (handle_irq_event+0x28/0x3c) from [<c014ad54>] (handle_level_irq+0xc4/0xf8)
[ 1057.228573] [<c014ad54>] (handle_level_irq+0xc4/0xf8) from [<c0147f1c>] (generic_handle_irq+0x18/0x28)
[ 1057.238133] [<c0147f1c>] (generic_handle_irq+0x18/0x28) from [<c0147fa8>] (__handle_domain_irq+0x7c/0xa0)
[ 1057.247960] [<c0147fa8>] (__handle_domain_irq+0x7c/0xa0) from [<c0101710>] (bcm2835_handle_irq+0x38/0x44)
[ 1057.257799] [<c0101710>] (bcm2835_handle_irq+0x38/0x44) from [<c010ced8>] (__irq_svc+0x78/0xb8)
[ 1057.266732] Exception stack(0xc0901d08 to 0xc0901d50)
[ 1057.271957] 1d00: 0002787d ffffffff 00000d50 c02fc570 00000001 c091b628
[ 1057.280366] 1d20: 00102660 00102728 00000031 c07691b4 c02fc484 c0901dcb 600001d3 c0901d60
[ 1057.288768] 1d40: c018b044 c02fc5a0 20000153 ffffffff
[ 1057.294016] [<c010ced8>] (__irq_svc+0x78/0xb8) from [<c02fc5a0>] (__loop_delay+0x0/0x10)
[ 1057.302343] Code: e59f11bc ebffb0b8 e3a03001 e5c43002 (e5953080)
[ 1057.308619] ---[ end trace 2cf4588acd0faf35 ]---
[ 1057.313398] Kernel panic - not syncing: Fatal exception in interrupt
[ 1057.319937] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
I've used the following toolchain (created on a amd64 gentoo hardened box using the crossdev tool):
- Code: Select all
/usr/bin/arm-unknown-linux-gnueabi-gcc -v
Using built-in specs.
COLLECT_GCC=/usr/x86_64-pc-linux-gnu/arm-unknown-linux-gnueabi/gcc-bin/4.9.3/arm-unknown-linux-gnueabi-gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/arm-unknown-linux-gnueabi/4.9.3/lto-wrapper
Target: arm-unknown-linux-gnueabi
Configured with: /var/tmp/portage/cross-arm-unknown-linux-gnueabi/gcc-4.9.3/work/gcc-4.9.3/configure --host=x86_64-pc-linux-gnu --target=arm-unknown-linux-gnueabi --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/arm-unknown-linux-gnueabi/gcc-bin/4.9.3 --includedir=/usr/lib/gcc/arm-unknown-linux-gnueabi/4.9.3/include --datadir=/usr/share/gcc-data/arm-unknown-linux-gnueabi/4.9.3 --mandir=/usr/share/gcc-data/arm-unknown-linux-gnueabi/4.9.3/man --infodir=/usr/share/gcc-data/arm-unknown-linux-gnueabi/4.9.3/info --with-gxx-include-dir=/usr/lib/gcc/arm-unknown-linux-gnueabi/4.9.3/include/g++-v4 --with-python-dir=/share/gcc-data/arm-unknown-linux-gnueabi/4.9.3/python --enable-languages=c,c++ --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.9.3 p1.5, pie-0.6.4' --enable-esp --enable-libstdcxx-time --enable-poison-system-directories --with-sysroot=/usr/arm-unknown-linux-gnueabi --disable-bootstrap --enable-__cxa_atexit --enable-clocale=gnu --disable-multilib --disable-altivec --disable-fixed-point --disable-libgcj --enable-libgomp --disable-libmudflap --disable-libssp --disable-libcilkrts --disable-libquadmath --enable-lto --without-cloog --enable-libsanitizer
Thread model: posix
gcc version 4.9.3 (Gentoo Hardened 4.9.3 p1.5, pie-0.6.4)
Any help will be appreciated. Thanks in advance.
Radek
