[SOLVED] grsecurity-3.1-4.5.2-201604281949 - kernel panic

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

[SOLVED] grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Thu Apr 28, 2016 9:05 pm

NOTE: New patch grsecurity-3.1-4.5.2-201604282058 does NOT fix this.

Hello,

The first 4.5.2 kernel patch panics for me on a 32 bit kernel - netconsole output is after the next section.

I also see quite a bit of this during the compile.

Thanks

4.5.2-grsec-smp: In file included from kernel/fork.c:41:0:
4.5.2-grsec-smp: kernel/fork.c: In function 'sys_set_tid_address':
4.5.2-grsec-smp: kernel/fork.c:1307:48: warning: passing argument 1 of 'SyS_set_tid_address' makes integer from pointer without a cast [-Wint-conversion]
4.5.2-grsec-smp: SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:112:25: note: in definition of macro '__SC_ARGS'
4.5.2-grsec-smp: #define __SC_ARGS(t, a) a
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:99:22: note: in expansion of macro '__MAP1'
4.5.2-grsec-smp: #define __MAP(n,...) __MAP##n(__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:210:20: note: in expansion of macro '__MAP'
4.5.2-grsec-smp: return SyS##name(__MAP(x,__SC_ARGS,__VA_ARGS__)); \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:187:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE1(name, ...) SYSCALL_DEFINEx(1, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1307:1: note: in expansion of macro 'SYSCALL_DEFINE1'
4.5.2-grsec-smp: SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:201:32: note: expected 'long int' but argument is of type 'int *'
4.5.2-grsec-smp: static inline asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:187:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE1(name, ...) SYSCALL_DEFINEx(1, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1307:1: note: in expansion of macro 'SYSCALL_DEFINE1'
4.5.2-grsec-smp: SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c: In function 'sys_clone':
4.5.2-grsec-smp: kernel/fork.c:1930:18: warning: passing argument 3 of 'SyS_clone' makes integer from pointer without a cast [-Wint-conversion]
4.5.2-grsec-smp: int __user *, parent_tidptr,
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:112:25: note: in definition of macro '__SC_ARGS'
4.5.2-grsec-smp: #define __SC_ARGS(t, a) a
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:96:35: note: in expansion of macro '__MAP3'
4.5.2-grsec-smp: #define __MAP4(m,t,a,...) m(t,a), __MAP3(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:97:35: note: in expansion of macro '__MAP4'
4.5.2-grsec-smp: #define __MAP5(m,t,a,...) m(t,a), __MAP4(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:99:22: note: in expansion of macro '__MAP5'
4.5.2-grsec-smp: #define __MAP(n,...) __MAP##n(__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:210:20: note: in expansion of macro '__MAP'
4.5.2-grsec-smp: return SyS##name(__MAP(x,__SC_ARGS,__VA_ARGS__)); \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:191:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE5(name, ...) SYSCALL_DEFINEx(5, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1929:1: note: in expansion of macro 'SYSCALL_DEFINE5'
4.5.2-grsec-smp: SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:201:32: note: expected 'long int' but argument is of type 'int *'
4.5.2-grsec-smp: static inline asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:191:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE5(name, ...) SYSCALL_DEFINEx(5, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1929:1: note: in expansion of macro 'SYSCALL_DEFINE5'
4.5.2-grsec-smp: SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1932:18: warning: passing argument 5 of 'SyS_clone' makes integer from pointer without a cast [-Wint-conversion]
4.5.2-grsec-smp: int __user *, child_tidptr)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:112:25: note: in definition of macro '__SC_ARGS'
4.5.2-grsec-smp: #define __SC_ARGS(t, a) a
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:94:35: note: in expansion of macro '__MAP1'
4.5.2-grsec-smp: #define __MAP2(m,t,a,...) m(t,a), __MAP1(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:95:35: note: in expansion of macro '__MAP2'
4.5.2-grsec-smp: #define __MAP3(m,t,a,...) m(t,a), __MAP2(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:96:35: note: in expansion of macro '__MAP3'
4.5.2-grsec-smp: #define __MAP4(m,t,a,...) m(t,a), __MAP3(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:97:35: note: in expansion of macro '__MAP4'
4.5.2-grsec-smp: #define __MAP5(m,t,a,...) m(t,a), __MAP4(m,__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:99:22: note: in expansion of macro '__MAP5'
4.5.2-grsec-smp: #define __MAP(n,...) __MAP##n(__VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:210:20: note: in expansion of macro '__MAP'
4.5.2-grsec-smp: return SyS##name(__MAP(x,__SC_ARGS,__VA_ARGS__)); \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:191:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE5(name, ...) SYSCALL_DEFINEx(5, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1929:1: note: in expansion of macro 'SYSCALL_DEFINE5'
4.5.2-grsec-smp: SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:201:32: note: expected 'long int' but argument is of type 'int *'
4.5.2-grsec-smp: static inline asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:196:2: note: in expansion of macro '__SYSCALL_DEFINEx'
4.5.2-grsec-smp: __SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: include/linux/syscalls.h:191:36: note: in expansion of macro 'SYSCALL_DEFINEx'
4.5.2-grsec-smp: #define SYSCALL_DEFINE5(name, ...) SYSCALL_DEFINEx(5, _##name, __VA_ARGS__)
4.5.2-grsec-smp: ^
4.5.2-grsec-smp: kernel/fork.c:1929:1: note: in expansion of macro 'SYSCALL_DEFINE5'
4.5.2-grsec-smp: SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
4.5.2-grsec-smp: ^



Apr 28 20:54:54 pc101 [ 6.258472] ------------[ cut here ]------------
Apr 28 20:54:54 pc101 [ 6.259599] kernel BUG at ./arch/x86/include/asm/pgtable.h:107!
Apr 28 20:54:54 pc101 [ 6.260607] invalid opcode: 0000 [#1]
Apr 28 20:54:54 pc101 SMP
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.261551] Modules linked in:
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.262213] CPU: 2 PID: 178 Comm: modprobe Not tainted 4.5.2-grsec-smp #201604281949
Apr 28 20:54:54 pc101 [ 6.262823] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Apr 28 20:54:54 pc101 [ 6.263445] task: f5320c80 ti: f532124c task.ti: f532124c
Apr 28 20:54:54 pc101 [ 6.264066] EIP: 0060:[<000bf973>] EFLAGS: 00010206 CPU: 2
Apr 28 20:54:54 pc101 [ 6.264691] EAX: 8005003b EBX: f823714c ECX: 00000020 EDX: f8235970
Apr 28 20:54:54 pc101 [ 6.265322] ESI: f4adfed4 EDI: f8237140 EBP: f4adfe14 ESP: f4adfe14
Apr 28 20:54:54 pc101 [ 6.265951] DS: 0068 ES: 0068 FS: 00d8 GS: 007b SS: 0068
Apr 28 20:54:54 pc101 [ 6.266590] CR0: 8005003b CR2: b18ddffc CR3: 03804080 CR4: 000406f0
Apr 28 20:54:54 pc101 [ 6.267236] Stack:
Apr 28 20:54:54 pc101 [ 6.267872] f4adfec0
Apr 28 20:54:54 pc101 000c2454
Apr 28 20:54:54 pc101 f4adff0c
Apr 28 20:54:54 pc101 c383dbc8
Apr 28 20:54:54 pc101 0000a9c0
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101 000000d8
Apr 28 20:54:54 pc101 f8235970
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.268619] 00000000
Apr 28 20:54:54 pc101 f4adfed4
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101 f8237310
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101 f823726c
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.269364] f8237144
Apr 28 20:54:54 pc101 f8237250
Apr 28 20:54:54 pc101 f8237140
Apr 28 20:54:54 pc101 f4adfed8
Apr 28 20:54:54 pc101 f4adfed4
Apr 28 20:54:54 pc101 00044615
Apr 28 20:54:54 pc101 00000000
Apr 28 20:54:54 pc101 00800003
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.270099] Call Trace:
Apr 28 20:54:54 pc101 [ 6.270743] [<000c2454>] load_module+0x16f4/0x2090
Apr 28 20:54:54 pc101 [ 6.271379] [<0000a9c0>] ? arch_install_hw_breakpoint+0x30/0x110
Apr 28 20:54:54 pc101 [ 6.272007] [<00044615>] ? __change_page_attr_set_clr+0x2c5/0xcc0
Apr 28 20:54:54 pc101 [ 6.272636] [<00800003>] ? 0x800003
Apr 28 20:54:54 pc101 [ 6.273253] [<00006c65>] ? do_nmi+0x2b5/0x4a0
Apr 28 20:54:54 pc101 [ 6.273861] [<000c305c>] sys_finit_module+0x7c/0x90
Apr 28 20:54:54 pc101 [ 6.274652] [<0000a9c0>] ? arch_install_hw_breakpoint+0x30/0x110
Apr 28 20:54:54 pc101 [ 6.276284] [<00005708>] ? check_irq_vectors_for_cpu_disable+0x148/0x170
Apr 28 20:54:54 pc101 [ 6.276888] [<00005c18>] ? dump_trace+0xe8/0x190
Apr 28 20:54:54 pc101 [ 6.277483] [<00001ca8>] ? kstat+0x28/0x2c
Apr 28 20:54:54 pc101 [ 6.278065] [<000024b8>] do_syscall_32_irqs_on+0x38/0xb0
Apr 28 20:54:54 pc101 [ 6.278651] [<0067a33b>] entry_INT80_32+0x3b/0x47
Apr 28 20:54:54 pc101 [ 6.279235] [<0067a347>] ? entry_INT80_32+0x47/0x47
Apr 28 20:54:54 pc101 [ 6.279815] [<0000a9c0>] ? arch_install_hw_breakpoint+0x30/0x110
Apr 28 20:54:54 pc101 [ 6.280399] Code:
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 8d
Apr 28 20:54:54 pc101 bc
Apr 28 20:54:54 pc101 27
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 last message repeated 3 times
Apr 28 20:54:54 pc101 55
Apr 28 20:54:54 pc101 89
Apr 28 20:54:54 pc101 e5
Apr 28 20:54:54 pc101 53
Apr 28 20:54:54 pc101 8b
Apr 28 20:54:54 pc101 42
Apr 28 20:54:54 pc101 24
Apr 28 20:54:54 pc101 89
Apr 28 20:54:54 pc101 cb
Apr 28 20:54:54 pc101 89
Apr 28 20:54:54 pc101 ca
Apr 28 20:54:54 pc101 05
Apr 28 20:54:54 pc101 90
Apr 28 20:54:54 pc101 01
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 e8
Apr 28 20:54:54 pc101 8b
Apr 28 20:54:54 pc101 ff
Apr 28 20:54:54 pc101 last message repeated 2 times
Apr 28 20:54:54 pc101 c6
Apr 28 20:54:54 pc101 04
Apr 28 20:54:54 pc101 03
Apr 28 20:54:54 pc101 0a
Apr 28 20:54:54 pc101 83
Apr 28 20:54:54 pc101 c0
Apr 28 20:54:54 pc101 01
Apr 28 20:54:54 pc101 5b
Apr 28 20:54:54 pc101 5d
Apr 28 20:54:54 pc101 c3
Apr 28 20:54:54 pc101 90
Apr 28 20:54:54 pc101 55
Apr 28 20:54:54 pc101 89
Apr 28 20:54:54 pc101 e5
Apr 28 20:54:54 pc101 <0f>
Apr 28 20:54:54 pc101 0b
Apr 28 20:54:54 pc101 8d
Apr 28 20:54:54 pc101 74
Apr 28 20:54:54 pc101 26
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 8d
Apr 28 20:54:54 pc101 bc
Apr 28 20:54:54 pc101 27
Apr 28 20:54:54 pc101 00
Apr 28 20:54:54 pc101 last message repeated 3 times
Apr 28 20:54:54 pc101 55
Apr 28 20:54:54 pc101 89
Apr 28 20:54:54 pc101 e5
Apr 28 20:54:54 pc101 0f
Apr 28 20:54:54 pc101 0b
Apr 28 20:54:54 pc101 8d
Apr 28 20:54:54 pc101 74
Apr 28 20:54:54 pc101 26
Apr 28 20:54:54 pc101
Apr 28 20:54:54 pc101 [ 6.282248] EIP: [<000bf973>]
Apr 28 20:54:54 pc101 native_pax_open_kernel.part.36+0x3/0x10
Apr 28 20:54:54 pc101 SS:ESP 0068:f4adfe14
Apr 28 20:54:54 pc101 [ 6.282920] ---[ end trace 5d9845b8c8ef1bd7 ]---
Apr 28 20:54:54 pc101 [ 6.283560] Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
Apr 28 20:54:54 pc101 [ 6.284447] Kernel Offset: disabled
Apr 28 20:54:54 pc101 [ 6.285100] ---[ end Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
Last edited by x14sg1 on Fri Apr 29, 2016 9:12 pm, edited 1 time in total.
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby PaX Team » Thu Apr 28, 2016 9:42 pm

can you resolve 0xc2454 via addr2line?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Thu Apr 28, 2016 10:05 pm

I have never used it - any hints while I keep looking?
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Thu Apr 28, 2016 10:07 pm

Not sure this is correct but

# addr2line -e vmlinux 0xc2454
module.c:?
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Thu Apr 28, 2016 10:12 pm

recompiling with DEBUG_INFO and DEBUG_INFO_REDUCED now
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Thu Apr 28, 2016 10:31 pm

The address changes with the DEBUG compile options and I got what appears to be a better result:

# addr2line -e vmlinux 0xc2434
/slackware/linux-4.5.2-grsec-smp/kernel/module.c:2242
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby spender » Fri Apr 29, 2016 6:34 am

Hi,

Thanks for the report -- this will be fixed in the next patch being uploaded shortly.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: grsecurity-3.1-4.5.2-201604281949 - kernel panic

Postby x14sg1 » Fri Apr 29, 2016 7:46 pm

Thanks.

That fixed it.
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm


Return to grsecurity support