Kernel Panic on simple code related with IPC/SHM

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Kernel Panic on simple code related with IPC/SHM

Postby movax » Tue Sep 06, 2005 2:41 pm

Linux smp.if.uj.edu.pl 2.6.11.11 #4 Fri Jun 17 15:58:44 CEST 2005 i686 GNU/Linux
grsecurity-2.1.5-2.6.11.9-200505121617.patch
gcc version 3.3.5 (Debian 1:3.3.5-13)

config:
baryluk@smp:~/studia/so/so/meisner/cztpis$ grep -i grkern /usr/src/linux/.config
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
CONFIG_GRKERNSEC_HIGH=y
# CONFIG_GRKERNSEC_CUSTOM is not set
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDSRC=y
# CONFIG_GRKERNSEC_SOCKET is not set
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4


baryluk@smp:~/studia/so/so/meisner/cztpis$ grep -i pax /usr/src/linux/.confi
# PaX
CONFIG_PAX=y
# PaX Control
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_DEFAULT_PAGEEXEC is not set
CONFIG_PAX_DEFAULT_SEGMEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y



Program:

#include <stdio.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>

#include <sys/shm.h>

#include <sys/types.h>
#include <sys/wait.h>

#include <unistd.h>

#define KE2 ('D')

struct czytelnia {
int N;
} *cbuf;

key_t shm_key;
int shmid;

int main(int argc, char **argv) {
shm_key = ftok(".", KE2);
if ((shmid = shmget(shm_key, sizeof(struct czytelnia), IPC_CREAT|0660)) < 0) {
perror("shmget");
exit(1);
}

if ((cbuf = (struct czytelnia*)shmat(shmid, NULL, 0)) == NULL) {
perror("shmat");
exit(1);
}

return 0;
}


kernel panic/oops on normal account. I try one time run this (it is cut from bigger program) on root account, and everything is ok. On other machines (with 2.6, 2.4) it is also everything ok.

i was trying to save oops from console, but i didnt found any information related to library/kernel symbols, so i don't know where are problem, and if it is related to grsec/pax.


any one can reproduce this error?
movax
 
Posts: 3
Joined: Tue Sep 06, 2005 2:32 pm

Re: Kernel Panic on simple code related with IPC/SHM

Postby Hue-Bond » Wed Sep 07, 2005 7:42 am

> kernel panic/oops on normal account.

> any one can reproduce this error?

2.6.11.12 with grsec 2.1.6, gcc 3.3.6 and everythink ok here. Config different to yours, though.
Hue-Bond
 
Posts: 34
Joined: Mon Dec 13, 2004 4:31 pm

Re: Kernel Panic on simple code related with IPC/SHM

Postby PaX Team » Wed Sep 07, 2005 4:33 pm

movax wrote:kernel panic/oops on normal account. I try one time run this (it is cut from bigger program) on root account, and everything is ok. On other machines (with 2.6, 2.4) it is also everything ok.

i was trying to save oops from console, but i didnt found any information related to library/kernel symbols, so i don't know where are problem, and if it is related to grsec/pax.


any one can reproduce this error?
i tried it on .13-pax and couldn't reproduce it either. you could give .13 a try as well, so that we at least know it still fails there (and can look at it). as for the oops, what did you see in the console? no stack/register dump at all?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby movax » Thu Sep 08, 2005 9:18 am

OK i have 2.6.13 sources, but how properly patch it against grsec? when applying 2.1.6 grsecurity patch for 2.6.11.12 i have few HUNK failed messages. :-/
movax
 
Posts: 3
Joined: Tue Sep 06, 2005 2:32 pm

Postby PaX Team » Thu Sep 08, 2005 9:28 am

movax wrote:OK i have 2.6.13 sources, but how properly patch it against grsec? when applying 2.1.6 grsecurity patch for 2.6.11.12 i have few HUNK failed messages. :-/
it's worth following the mailing list:http://grsecurity.net/pipermail/grsecurity/2005-September/000548.html
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby movax » Thu Sep 08, 2005 2:03 pm

Problem disapear. I dont know how, mayby i compile it now with other flags. i wil check this.

ps. 2.6.13-grsec compiled but kernel panic on boot when trying to run init -- failed loding /lib/ld-linux.so.2
movax
 
Posts: 3
Joined: Tue Sep 06, 2005 2:32 pm

Postby PaX Team » Thu Sep 08, 2005 6:17 pm

movax wrote:Problem disapear. I dont know how, mayby i compile it now with other flags. i wil check this.

ps. 2.6.13-grsec compiled but kernel panic on boot when trying to run init -- failed loding /lib/ld-linux.so.2
can you give me:
- your PaX .config
- readelf -e /lib/ld-linux.so.2 output
- your glibc version
- your distro version
- exact error message?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support