grsecurity forums

by **forsaken** » Thu Sep 08, 2005 2:26 am

Yes I have KERNEXEC enabled with SEGMEXEC.

by **PaX Team** » Thu Sep 08, 2005 5:30 am

PaX Team wrote:i'll fix it up tomorrow.

and here it is:

Code: Select all: --- linux-2.6.13-pax/arch/i386/kernel/vmlinux.lds.S 2005-08-30 15:16:11.000000000 +0100 +++ linux-2.6.13-pax/arch/i386/kernel/vmlinux.lds.S 2005-09-08 02:14:23.000000000 +0100 @@ -10,7 +10,12 @@ #include <asm/thread_info.h> #include <asm/page.h> #include <asm/segment.h> -#include <asm/pgtable.h> + +#ifdef CONFIG_X86_PAE +#define PMD_SHIFT 21 +#else +#define PMD_SHIFT 22 +#endif OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386") OUTPUT_ARCH(i386)

by **alien88** » Thu Sep 08, 2005 10:31 pm

Yeah, I have problems w/ 2.6.13 + the latest grsec patch... it ran fine for ~45 minutes then crashed hardcore:

kernel BUG at mm/slab.c:1806!
invalid operand: 0000 [#1]
SMP
Modules linked in: capability commoncap
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00010002 (2.6.13-grsec)
EIP is at cache_grow+0x17/0x160
eax: c191f680 ebx: 00000008 ecx: c191f6a8 edx: 00000000
esi: 0000003c edi: c191f680 ebp: 00006e48 esp: f6711d34
ds: 007b es: 007b ss: 0068
Process qmail-remote (pid: 14834, threadinfo=f6710000 task=f6632020)
Stack: 3500b5d8 00000000 00000000 f6a2889c c0171e51 f6a2894c 00000000 c1bde680
c191ac00 0000003c 00000008 00006e48 c017367b c191f680 00000008 ffffffff
18639d3c c191f6e0 c191f6a8 c191f6b0 00000292 f663fe00 f663fe00 00006e48
Call Trace:
[] __do_page_cache_readahead+0xb1/0x170
[] cache_alloc_refill+0x17b/0x230
[] kmem_cache_alloc+0x49/0x50
[] gr_add_to_task_ip_table_nolock+0x54/0x80
[] gr_update_task_in_ip_table+0x83/0xa0
[] tcp_v4_connect+0x4cd/0xbc0
[] __alloc_pages+0x2fe/0x480
[] gr_search_connect+0x3b/0x370
[] cache_alloc_refill+0x140/0x230
[] inet_stream_connect+0x8b/0x1b0
[] sys_connect+0xd1/0xe0
[] sock_map_fd+0xfa/0x130
[] __sock_create+0xd5/0x200
[] sys_socket+0x76/0xb0
[] copy_from_user+0x46/0x80
[] sys_socketcall+0xb1/0x260
[] syscall_call+0x7/0xb
[] build_zonelists_node+0x2b/0x70
Code: 8d 74 26 00 89 58 18 89 70 1c 83 c0 20 4a 75 f4 5b 5e c3 90 55 57 56 53 83 ec 20 8b 5c 24 38 8b 7c 24 34 f7 c3 0e 80 fc ff 74 08 0b 0e 07 30 85 30 c0 31 c0 f6 c7 20 0f 85 06 01 00 00 b8 01
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 180 seconds..

by **forsaken** » Fri Sep 09, 2005 2:41 am

Great Pax, it compiles with that patch.

Thanks.

by **onyx** » Sat Sep 10, 2005 11:49 am

alien88 wrote:Yeah, I have problems w/ 2.6.13 + the latest grsec patch... it ran fine for ~45 minutes then crashed hardcore:

kernel BUG at mm/slab.c:1806!
invalid operand: 0000 [#1]
SMP
Modules linked in: capability commoncap
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00010002 (2.6.13-grsec)
EIP is at cache_grow+0x17/0x160
eax: c191f680 ebx: 00000008 ecx: c191f6a8 edx: 00000000
esi: 0000003c edi: c191f680 ebp: 00006e48 esp: f6711d34
ds: 007b es: 007b ss: 0068
Process qmail-remote (pid: 14834, threadinfo=f6710000 task=f6632020)
Stack: 3500b5d8 00000000 00000000 f6a2889c c0171e51 f6a2894c 00000000 c1bde680
c191ac00 0000003c 00000008 00006e48 c017367b c191f680 00000008 ffffffff
18639d3c c191f6e0 c191f6a8 c191f6b0 00000292 f663fe00 f663fe00 00006e48
Call Trace:
[] __do_page_cache_readahead+0xb1/0x170
[] cache_alloc_refill+0x17b/0x230
[] kmem_cache_alloc+0x49/0x50
[] gr_add_to_task_ip_table_nolock+0x54/0x80
[] gr_update_task_in_ip_table+0x83/0xa0
[] tcp_v4_connect+0x4cd/0xbc0
[] __alloc_pages+0x2fe/0x480
[] gr_search_connect+0x3b/0x370
[] cache_alloc_refill+0x140/0x230
[] inet_stream_connect+0x8b/0x1b0
[] sys_connect+0xd1/0xe0
[] sock_map_fd+0xfa/0x130
[] __sock_create+0xd5/0x200
[] sys_socket+0x76/0xb0
[] copy_from_user+0x46/0x80
[] sys_socketcall+0xb1/0x260
[] syscall_call+0x7/0xb
[] build_zonelists_node+0x2b/0x70
Code: 8d 74 26 00 89 58 18 89 70 1c 83 c0 20 4a 75 f4 5b 5e c3 90 55 57 56 53 83 ec 20 8b 5c 24 38 8b 7c 24 34 f7 c3 0e 80 fc ff 74 08 0b 0e 07 30 85 30 c0 31 c0 f6 c7 20 0f 85 06 01 00 00 b8 01
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 180 seconds..

Same thing happend to me as well, i don't know if the bug was the same, but it ended pretty the same: kernel panic. It is an smp system as well.

by **alien88** » Sat Sep 10, 2005 1:03 pm

onyx wrote:
Same thing happend to me as well, i don't know if the bug was the same, but it ended pretty the same: kernel panic. It is an smp system as well.

I've ran grsecurity for a while and I have had problems with random lockups. At first I thought it was an hardware issue, which in fairness it was.. but once that was swapped out, IPMI was no longer logging detecting problems.. and the machine would still randomly lock up.

After reading the forums, it seems like others have experienced this as well with SMP systems.

by **tuxq** » Sat Sep 10, 2005 2:09 pm

....and............. 2.6.13.1 is out. heh

by **Fab** » Sun Sep 11, 2005 2:46 pm

http://www.grsecurity.net/~spender/grse ... 2142.patch

by **tuxq** » Mon Sep 12, 2005 5:40 am

Fast response with that one eh?

(re: 2.6.13.1)

by **Hal9000** » Mon Sep 12, 2005 4:36 pm

yeh tahts because the were not many changes in the code as with 2.6.11->2.6.13

by **Fab** » Tue Sep 13, 2005 5:30 am

But 10828585 pages of changelog ;-)

by **Fab** » Tue Sep 13, 2005 5:37 am

http://www.grsecurity.net/~spender/grse ... 1648.patch

New patch out too :/ Hope it will be final soon!

by **tuxq** » Tue Sep 13, 2005 2:07 pm

I'm waiting for final. I have no problems with the first 2.6.13.1 patch on my workstation or router.

by **nkukard** » Thu Sep 15, 2005 4:36 am

No problem here either

by **tuxq** » Sun Sep 18, 2005 6:40 pm

And 2.6.13.2 arrives.

grsecurity forums

Linux 2.6.13 is out