grsecurity forums

[gryzor]

Greetings,

This is 2.9-3.2.8-201202272117.
I have been trying to recompile the kernel with different GRSEC and PAX options, with no success. I always get the very same error at the first stage of the boot :
The kernel won't load at all and I get a single liner :
"PANIC: early exception 00 rip 10:ffffffff8101daa5 error 0 cr2 1"

I have posted my .config file here : http://gryzor.com/config-3.2.8-grsec
The same behavior has been occuring since 2.2.2-3.1.1-201111201943 (I have not tested grseced earlier kernel versions on this system).
System is a Sony laptop, x86_64.

What am I missing ?

Thanks,

Vincent

[PaX Team]

The kernel won't load at all and I get a single liner :
"PANIC: early exception 00 rip 10:ffffffff8101daa5 error 0 cr2 1"

can you send me your bzImage and vmlinux files please?

[gryzor]

Here are links to those files :
http://gryzor.com/grsec/vmlinux
http://gryzor.com/grsec/bzImage

[PaX Team]

it looks like some PARAVIRT related register corruption, but it's not clear it's my doing or something in vanilla already. so two things to test when you have the time: grsec without PARAVIRT and vanilla with PARAVIRT enabled.

[gryzor]

You're correct.
The very same kernel config, without PaX not grsec, boots perfectly.
The patched kernel without PARAVIRT boots, too.

Thank you for your help,

Vincent

[PaX Team]

so it turns out that it's not exactly my fault but rather the kernel's paravirt magic isn't quite correctly implemented for a few static inlined functions. in any case i added a workaround for this case so you'll be able to enable PARAVIRT/STACKLEAK and size optimization at the same time.