grsecurity forums

[arekm]

Is grsecurity-2.2.0-2.6.35.8-201010311944.patch working for anyone on i686?
Here it works fine on x86_64 but i686 version reboots machine at:

[ 0.093334] ... fixed-purpose events: 3
[ 0.096668] ... event mask: 0000000700000003
[ 0.100370] ACPI: Core revision 20100428
[ 0.110046] Enabling APIC mode: Flat. Using 1 I/O APICs
[ 0.113640] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 0.151467] CPU0: Intel Pentium(R) Dual-Core CPU E6600 @ 3.06GHz stepping 0a
[ 0.163332] Booting Node 0, Processors #1

[spender]

What was the last patch that worked on that system?

-Brad

[moseleymark]

I've hit the same issue as well on both Dell Poweredge 1950s and Poweredge R610s with 2.6.35.8. I'm actually just in the process of booting a grsec-less 2.6.35.8 to see if it'd boot up (it does), so I could start to write a bug report. I'm seeing 2.6.35.8+grsec freeze during early boot on boxes that are running 2.6.35.7+grsec. I'm 3000 miles remote from my boxes but over serial, I get nothing at all post-freeze (i.e. no panic output). I was going to try to get someone to look at console sometime today/tomorrow. It occurs right about the same spot for me too -- information on the CPUs is cut off in the middle; there's a couple of physical CPUs on the box and it never reaches past the first CPU (though that could be completely coincidental).

[specs]

I've seen the same issues with a dualcore Atom:
A reboot after the first core was detected.

After 2.6.35.8 I tried grsecurity-2.6.35.7-201010232009 since that was the latest patch I had before 2.6.35.8.
The older patch runs without troubles.

I was waiting to report until I had the change to test a vanilla kernel. (I am just starting with compiling)

[specs]

Just for the record:
the vanilla kernel starts without a hitch.

This means I could start compiling kernels with certain options disabled or certain debug-options enabled.
Currently I have no idea where to start, except "i386" and "multicore".

[specs]

Changing a few options did result in a kernel with grsecurity-201010311944 which boots. (I changed only the SMP and the UP_APIC option.)

Code: Select all

# Linux kernel version: 2.6.35.8
# Tue Nov  2 21:08:04 2010
CONFIG_BROKEN_ON_SMP=y
# CONFIG_MUTEX_SPIN_ON_OWNER is not set
# CONFIG_SMP is not set
CONFIG_NR_CPUS=1
# CONFIG_X86_UP_APIC is not set
# CONFIG_ARCH_SUPPORTS_MSI is not set
CONFIG_GRKERNSEC_RWXMAP_LOG=y


But as you could guess it does run in uniprocessor mode (Atom, i386).

[spender]

Can you try the patch I just uploaded? It's working for me on SMP with the same config sent to me that was reported as broken.

-Brad

[moseleymark]

The new patch boots just fine for me. Thanks!

[arekm]

New patch works fine for me, too. Thanks!

[specs]

Can you try the patch I just uploaded? It's working for me on SMP with the same config sent to me that was reported as broken.

It works for me too.

Thank you.