I have problem with 2.6.21.2-grsec
I got Uli/Ali chipset support and SCSI compiled in but after booting I see:
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.
If I but same kernel from PATA disk it work fine and after loging in i can mount /dev/sda1 without problem.
My disk works on XFS.
What is wrong ?
ps.
Without grsecurity system boots ok.
2.6.21.2 SATA
7 posts
• Page 1 of 1
by harrygittens » Sat May 26, 2007 10:29 am
i think this is same problem as here
http://forums.grsecurity.net/viewtopic. ... c7bee5d188
are you using a config that was for an earlier kernel, i think something to do with sata/scsi config changed in 2.6.21
http://forums.grsecurity.net/viewtopic. ... c7bee5d188
are you using a config that was for an earlier kernel, i think something to do with sata/scsi config changed in 2.6.21
- harrygittens
- Posts: 21
- Joined: Fri Feb 16, 2007 2:20 pm
by Tommy » Sat May 26, 2007 8:26 pm
harrygittens wrote:i think this is same problem as here
http://forums.grsecurity.net/viewtopic. ... c7bee5d188
are you using a config that was for an earlier kernel, i think something to do with sata/scsi config changed in 2.6.21
No I`m using the NEW drivers:
Serial ATA (prod) and Parallel ATA (experimental) drivers --->
on clean 2.6.21.2 all works fine and on grsec I cant mount /dev/sda1 at boot.
Same kernle on PATA can mount /dev/sda1 manualy, but not at boot.
I`m using Uli Electronics SATA
- Tommy
- Posts: 10
- Joined: Fri Sep 23, 2005 7:19 am
Re: 2.6.21.2 SATA
by PaX Team » Sun May 27, 2007 6:24 am
can you capture and post the kernel boot messages for both cases (or just a diff)?Tommy wrote:If I but same kernel from PATA disk it work fine and after loging in i can mount /dev/sda1 without problem.
My disk works on XFS.
What is wrong ?
ps.
Without grsecurity system boots ok.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by Tommy » Sun May 27, 2007 6:39 pm
Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.
I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.
Same config but without grsec works fine. (it boots)
My lilo.conf in both cases is same:
sda1 is the first partition of my SATA disk flaged as bootable, is 40GB big and It works on XFS file system.
Part of my kernel config:
Security section of my config:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.
I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.
Same config but without grsec works fine. (it boots)
My lilo.conf in both cases is same:
- Code: Select all
boot = /dev/sda
prompt
timeout = 120
change-rules
reset
vga=794
append="rootflags=quota" #XFS quota activation
image = /boot/vmlinuz
root = /dev/sda1
label = Linux
read-only
sda1 is the first partition of my SATA disk flaged as bootable, is 40GB big and It works on XFS file system.
Part of my kernel config:
- Code: Select all
# CONFIG_BLK_DEV_IDE_SATA is not set
# CONFIG_SATA_AHCI is not set
# CONFIG_SATA_SVW is not set
# CONFIG_SATA_MV is not set
# CONFIG_SATA_NV is not set
# CONFIG_SATA_QSTOR is not set
# CONFIG_SATA_PROMISE is not set
# CONFIG_SATA_SX4 is not set
# CONFIG_SATA_SIL is not set
# CONFIG_SATA_SIL24 is not set
# CONFIG_SATA_SIS is not set
CONFIG_SATA_ULI=y
# CONFIG_SATA_VIA is not set
# CONFIG_SATA_VITESSE is not set
# CONFIG_SATA_INIC162X is not set
# CONFIG_SATA_INTEL_COMBINED is not set
CONFIG_SATA_ACPI=y
CONFIG_XFS_FS=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
CONFIG_VXFS_FS=m
CONFIG_BLK_DEV_IDESCSI=y
CONFIG_SCSI=y
CONFIG_SCSI_TGT=y
CONFIG_SCSI_NETLINK=y
CONFIG_SCSI_PROC_FS=y
Security section of my config:
- Code: Select all
#
# Security options
#
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
CONFIG_GRKERNSEC_BRUTE=y
# CONFIG_GRKERNSEC_MODSTOP is not set
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
# CONFIG_GRKERNSEC_PROC_ADD is not set
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
# CONFIG_GRKERNSEC_CHROOT is not set
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
# CONFIG_GRKERNSEC_SIGNAL is not set
# CONFIG_GRKERNSEC_FORKFAIL is not set
# CONFIG_GRKERNSEC_TIME is not set
CONFIG_GRKERNSEC_PROC_IPADDR=y
#
# Executable Protections
#
# CONFIG_GRKERNSEC_EXECVE is not set
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_SOCKET is not set
#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
# CONFIG_PAX_NOEXEC is not set
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_UDEREF=y
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_CAPABILITIES=y
CONFIG_SECURITY_ROOTPLUG=m
- Tommy
- Posts: 10
- Joined: Fri Sep 23, 2005 7:19 am
by PaX Team » Thu May 31, 2007 6:52 am
it's the major/minor number pair for the /dev/sda1 device.Tommy wrote:Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.
I dont know what is this 801 but if I set root=/dev/sda1 I see same message:
ok, my bet is then on UDEREF, can you disable it and see if it works then? if so, we'll still have to find out where the kernel accesses memory without using set_fs.VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.
Same config but without grsec works fine. (it boots)
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by Tommy » Thu May 31, 2007 9:07 am
PaX Team wrote:it's the major/minor number pair for the /dev/sda1 device.Tommy wrote:Only diff is that If im booting grsec patched kernel I see:
VFS: Cannot open root device "801" or unknown block (8,1)
Please append or correct "root=" boot option.
I dont know what is this 801 but if I set root=/dev/sda1 I see same message:ok, my bet is then on UDEREF, can you disable it and see if it works then? if so, we'll still have to find out where the kernel accesses memory without using set_fs.VFS: Cannot open root device "sda1" or unknown block (0,0)
Please append or correct "root=" boot option.
Same config but without grsec works fine. (it boots)
I updated kernel to 2.6.21.3 with grsecurity-2.1.10-2.6.21.3-200705292345.patch without changing .config and all works fine.
- Tommy
- Posts: 10
- Joined: Fri Sep 23, 2005 7:19 am
7 posts
• Page 1 of 1