grsecurity forums

Skip to content

Wine invalid opcode

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Wine invalid opcode

Postby shadowdaemon » Fri May 10, 2013 5:14 am

When I first started using a GRsec patched kernel (Gentoo hardened) Wine ran fine, now it has started to cause "random" kernel hangs. I haven't tried to record the error message with netconsole yet, but I do have some photos of the message. Anyway, the message always points to arch/x86/include/asm/pgtable.h line 100 in pax_open_kernel.

~ $ uname -a
Linux aether 3.7.5-hardened-r1 #6 SMP Thu May 9 09:11:01 EST 2013 x86_64 Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz GenuineIntel GNU/Linux

I'm happy to supply any extra details, these photos of the kernel message are really hard to read. :(
shadowdaemon
 
Posts: 11
Joined: Thu May 09, 2013 9:42 pm
Top

Re: Wine invalid opcode

Postby PaX Team » Fri May 10, 2013 7:04 am

trying a newer kernel (of the 3.2 or 3.8 series) would be helpful. also if the register context and backtrace are legible then a screenshot is fine ;).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re: Wine invalid opcode

Postby shadowdaemon » Fri May 10, 2013 9:59 pm

I'll try updating the kernel. Here are the (horrible) pics. I have to figure out how to do netconsole from Linux to Plan 9 since that is my only other system now.

Image
Image
Image
shadowdaemon
 
Posts: 11
Joined: Thu May 09, 2013 9:42 pm
Top

Re: Wine invalid opcode

Postby PaX Team » Sat May 11, 2013 5:26 am

can you tell me what you run under wine when this problem triggers? also send me your config please, at least the PaX related bits (and in particular, if you have UDEREF enabled, can you try to disable it?). as for netconsole, read Documentation/networking/netconsole.txt (on the target you'll just need netcat).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re: Wine invalid opcode

Postby shadowdaemon » Sun May 12, 2013 7:41 pm

I've seen this happen with Diablo II and Orbiter 2010 (both computer games). I haven't run any other applications under Wine for long enough to see the fault.
Code: Select all
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
CONFIG_GRKERNSEC_PROC_GID=2023
CONFIG_GRKERNSEC_TPE_TRUSTED_GID=2022
CONFIG_GRKERNSEC_SYMLINKOWN_GID=100
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_RAND_THREADSTACK=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_KERN_LOCKOUT=y
# CONFIG_GRKERNSEC_NO_RBAC is not set
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_SYMLINKOWN=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
CONFIG_GRKERNSEC_ROFS=y
CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_PTRACE=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_RWXMAP_LOG=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
CONFIG_GRKERNSEC_PTRACE_READEXEC=y
CONFIG_GRKERNSEC_SETXID=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=2022
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=65534
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=2020
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=2021
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=1
CONFIG_GRKERNSEC_FLOODBURST=2
CONFIG_PAX_KERNEXEC_PLUGIN=y
CONFIG_PAX_PER_CPU_PGD=y
CONFIG_PAX_USERCOPY_SLABS=y
CONFIG_PAX=y
# CONFIG_PAX_SOFTMODE is not set
# CONFIG_PAX_PT_PAX_FLAGS is not set
CONFIG_PAX_XATTR_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_MPROTECT_COMPAT is not set
# CONFIG_PAX_ELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts"
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_STACKLEAK=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y
CONFIG_PAX_SIZE_OVERFLOW=y
CONFIG_PAX_LATENT_ENTROPY=y

Netconsole should be working now, although I haven't properly tested it yet. I'll try to get Wine to crash (but it does seem rather random) later. I'd like to get a copy of the error before rebuilding the kernel without UDEREF, or upgrading the kernel. When it happens again and I can post the message I'll try either turning off UDEREF or updating the kernel, which is preferable?
shadowdaemon
 
Posts: 11
Joined: Thu May 09, 2013 9:42 pm
Top

Re: Wine invalid opcode

Postby PaX Team » Mon May 13, 2013 4:54 pm

shadowdaemon wrote:When it happens again and I can post the message I'll try either turning off UDEREF or updating the kernel, which is preferable?
first try a newer kernel because i added some extra checks since that should catch the problem earlier (and hopefully closer to the root cause).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re: Wine invalid opcode

Postby shadowdaemon » Tue May 14, 2013 4:08 pm

Okay I'm going to try a new kernel with the same configuration. Thanks for your help.
shadowdaemon
 
Posts: 11
Joined: Thu May 09, 2013 9:42 pm
Top

Re: Wine invalid opcode

Postby shadowdaemon » Thu May 16, 2013 2:55 am

I've had another kernel panic, this time with Gentoo "hardened sources" 3.8.10. This kernel is configured mostly the same as the last one, but this time the panic occured when I was testing a usermode Linux system, not Wine. The error message looks much the same though, and I was able to capture it with netconsole. I did test Wine for a short while and it was okay for the short time I was testing it. I'm going to try turning off UDEREF.

Code: Select all
[105367.679543] kernel BUG at /usr/src/linux-3.8.10-hardened/arch/x86/include/asm/pgtable.h:100!
[105367.679585] invalid opcode: 0000 [#1] SMP
[105367.679614] Modules linked in: usb_storage netconsole snd_hda_intel snd_hda_codec snd_pcm snd_page_alloc snd_timer snd broadcom tg3 ptp pps_core
[105367.679734] CPU 2
[105367.679750] Pid: 0, comm: swapper/2 Not tainted 3.8.10-hardened #1 Acer             Aspire 5741     /Aspire 5741     
[105367.679805] RIP: 0010:[<ffffffff81084d84>]  [<ffffffff81084d84>] native_pax_open_kernel+0x24/0x30
[105367.679858] RSP: 0000:ffff88006c7dde68  EFLAGS: 00010006
[105367.679885] RAX: 000000008004003b RBX: ffff88006f50e200 RCX: 0000000000000001
[105367.679924] RDX: 000000008005003b RSI: ffff880069ae8710 RDI: ffff88006c7ad4c0
[105367.679958] RBP: ffff88006c7dde68 R08: 0000000000000001 R09: 0000000000000001
[105367.679992] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8800699bc380
[105367.680027] R13: ffff8800699bc380 R14: 0000000000000002 R15: 0000000000000002
[105367.680061] FS:  0000000000000000(0000) GS:ffff88006f500000(0000) knlGS:0000000000000000
[105367.680101] CS:  0038 DS: 0000 ES: 0000 CR0: 000000008005003b
[105367.680133] CR2: 00000000553f4000 CR3: 00000000017c5000 CR4: 00000000000007f0
[105367.680168] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[105367.680203] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[105367.680238] Process swapper/2 (pid: 0, threadinfo ffff88006c7ad8f8, task ffff88006c7ad4c0)
[105367.680274] Stack:
[105367.680288]  ffff88006c7ddec8 ffffffff817b3e2d ffffffff8108d5d0 ffff88006c7ad8f8[105367.680565]  [<ffffffff817a12c6>] ? set_multi+0x3c/0x3c
[105367.699464] ---[ end trace e17b53532f239296 ]---
[105367.699473] Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
[105367.699550] drm_kms_helper: panic occurred, switching back to text console
shadowdaemon
 
Posts: 11
Joined: Thu May 09, 2013 9:42 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group