Problems with (K)QEMU and PAX

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Problems with (K)QEMU and PAX

Postby john_taucher » Thu Jun 21, 2007 8:04 pm

Hello. I am trying to use (K)QEMU with PAX on 2.6.19.2. I have used paxctl to disable pax on `qemu` and related binaries. However, when starting up a VM, I get the following error (in dmesg):

<0>PAX: suspicious general protection fault: 0000 [#4]
Modules linked in: kqemu nvidia(P)
CPU: 0
EIP: 0060:[<00770297>] Tainted: P VLI
EFLAGS: 00210046 (2.6.19.2 #3)
eax: 1b6de001 ebx: e2584000 ecx: 00000000 edx: ddd7b5b0
esi: 00000000 edi: 00000000 ebp: 00200286 esp: d7913ee8
ds: 0068 es: 0068 ss: 0068
Process qemu (pid: 636, ti=d7912000 task=d12f2ab0 task.ti=d7912000)
Stack: e2584000 00066c01 d12f2ab0 d948d900 d12f2ab0 00000000 00000000 00000000
e256c014 00200086 00000033 e2584120 cfffd420 00000007 e2584000 0076e1cf
e2584000 00000068 ffff037f ffff0020 ffffffff 00000000 00000000 00000000
Call Trace:
[<0076e1cf>] <0> [<0076e0d0>] <0> =======================
Code: 84 83 ac 00 00 00 8b 10 8b 48 04 89 8b 94 00 00 00 89 93 90 00 00 00 8b 8b 9c 00 00 00 8b 93 98 00 00 00 89 48 04 89 10 89 1c 24 <ff> 54 24 20 31 c0 8b
93 88 00 00 00 80 bb 50 02 00 00 03 0f 94
EIP: [<00770297>] SS:ESP 0068:d7913ee8

The guest OS then dies. The last message it prints out is "Freeing unused kernel memory". Does anyone know how to disable pax in such a way so that qemu works properly? (Note: When invoking qemu with the -no-kqemu option the guest OS boots, but this is not the desired way of running the guest os)
john_taucher
 
Posts: 2
Joined: Thu Jun 21, 2007 7:57 pm

Re: Problems with (K)QEMU and PAX

Postby PaX Team » Fri Jun 22, 2007 5:10 am

john_taucher wrote:Does anyone know how to disable pax in such a way so that qemu works properly?
disable KERNEXEC as it prevents kqemu from executing runtime generated code (or it looks that way at least based on the addresses involved). but just in case it was due to a bug i fixed in PaX/KERNEXEC/module handling, you should give the latest test patch a try.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

KERNEXEC

Postby john_taucher » Fri Jun 22, 2007 10:02 pm

Can KERNEXEC be toggled on a per-device basis (for example, only on /dev/kqemu) or must it be turned off on a system wide basis? I will give the latest test patch a try when I get back from my business trip. Thank you!

- John
john_taucher
 
Posts: 2
Joined: Thu Jun 21, 2007 7:57 pm

Re: KERNEXEC

Postby PaX Team » Mon Jun 25, 2007 7:32 am

john_taucher wrote:Can KERNEXEC be toggled on a per-device basis (for example, only on /dev/kqemu) or must it be turned off on a system wide basis?
KERNEXEC protects the kernel itself, it has no sense of anything userland, so your only remedy is to disable it in the kernel's config.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support