Hy all! I'm successfully using the latest grsec patch on many PIII, PIV, and Core2 based architectures. But I had to update a damn old machine, a VIA motherboard with sdram and Celeron (PII) processor. the old kernel was 2.6.17 on it. I copied the .config and used my fresh and patched kernel, then I got an oops, just after the CPU init, after the NET: Registered protocol family xy... It says: General protection fault, Attemt to kill init, Not tainted VLI. Only reboot helps. I tried to turn off grsec features, but nothing helped, while I completely turned off grsec in the 2.6.22.6 patched kernel. And it was still not working. Than I tried a nonpatched original kernel, and that could run without problem. So I think that grsec or PAX must be the point of falure.
This intend to be a bug report... How can I help you tracing the problem?
Anyway I got this interresting thingie:
grsec completely turned off (but patched kernel)
-rw-r--r-- 1 root 1002 1209688 Sep 17 12:08 vmlinuz-2.6.22.6-grsec
grsec and some features turned on:
-rw-r--r-- 1 root 1002 1197368 Sep 17 11:52 vmlinuz-2.6.22.6-grsec.old
why the kernel code becomes greater if I turn OFF grsec features?
grsec patch oopses 2.6.19 and later on PII and old Celeron
3 posts
• Page 1 of 1
grsec patch oopses 2.6.19 and later on PII and old Celeron
by eliast » Mon Sep 17, 2007 11:39 am
- eliast
- Posts: 3
- Joined: Sat May 05, 2007 5:09 pm
Re: grsec patch oopses 2.6.19 and later on PII and old Celer
by PaX Team » Fri Sep 21, 2007 4:39 pm
please see http://forums.grsecurity.net/viewtopic.php?t=1808.eliast wrote:I copied the .config and used my fresh and patched kernel, then I got an oops, just after the CPU init, after the NET: Registered protocol family xy... It says: General protection fault, Attemt to kill init, Not tainted VLI. Only reboot helps. I tried to turn off grsec features, but nothing helped, while I completely turned off grsec in the 2.6.22.6 patched kernel. And it was still not working. Than I tried a nonpatched original kernel, and that could run without problem. So I think that grsec or PAX must be the point of falure.
file size alone is not comparable, look at the section layout (readelf -e vmlinux), then you can determine what grew/shrank exactly.Anyway I got this interresting thingie:
grsec completely turned off (but patched kernel)
-rw-r--r-- 1 root 1002 1209688 Sep 17 12:08 vmlinuz-2.6.22.6-grsec
grsec and some features turned on:
-rw-r--r-- 1 root 1002 1197368 Sep 17 11:52 vmlinuz-2.6.22.6-grsec.old
why the kernel code becomes greater if I turn OFF grsec features?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
3 posts
• Page 1 of 1