kernel 4.0.2 + grsec does not boot

Discuss and suggest new grsecurity features

Moderators: spender, PaX Team

kernel 4.0.2 + grsec does not boot

Postby hanno » Tue May 12, 2015 7:07 am

I'm currently struggling with an update of the kernel on our servers. If I try to update to 4.0.2 + grsec patch (at the moment latest: grsecurity-3.1-4.0.2-201505101122.patch) the system does not boot any more.

The problem is: There is hardly anything that gives a hint what's going on. On normal boot it does not print out anything, it will just reboot and return to grub again and again. When I pass early_printk parameter I get some boot messages, it stops at the NR_IRQS message (this seems to be a default on every kernel boot). I noted that past that the first thing that happens on a working system the next thing that is happening is the initialization of the console:
[ 0.000000] NR_IRQS:4352 nr_irqs:256 0
[ 0.000000] Console: colour VGA+ 80x25
[ 0.000000] console [ttyS0] enabled

Kernel 4.0 introduces some new options regarding console (CONFIG_DUMMY_CONSOLE_COLUMNS, CONFIG_DUMMY_CONSOLE_ROWS), so it might have something to do with that and is failing at the console initialization.

Some further info that might be relevant:
* Right now the system is running kernel 3.19.5 with patch grsecurity-3.1-3.19.5-201504270827.patch, which is working.
* Disabling the grsec patch the system boots again.
* It's a virtualized system (kvm), with a virtual serial console (virsh console).
hanno
 
Posts: 26
Joined: Thu Dec 16, 2004 4:37 am

Re: kernel 4.0.2 + grsec does not boot

Postby PaX Team » Tue May 12, 2015 7:40 am

since it seems to be reproducible and in kvm at that, just send me your .config and your kvm command line (at least the parts that may be relevant like -append and device and cpu setup) and i'll debug it.

PS: this may be faster if you can also get on irc ;)
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: kernel 4.0.2 + grsec does not boot

Postby hanno » Tue May 12, 2015 9:50 am

I'll idle in #grsecurity, have sent you via mail the kernel and libvirt config (no kvm command line, as I'm using it through libvirt).
hanno
 
Posts: 26
Joined: Thu Dec 16, 2004 4:37 am

Re: kernel 4.0.2 + grsec does not boot

Postby hanno » Fri May 15, 2015 3:28 pm

In case others had the same problem:
This has now been fixed with the latest patch grsecurity-3.1-4.0.3-201505141746.patch. Just tested and confirmed that.
hanno
 
Posts: 26
Joined: Thu Dec 16, 2004 4:37 am


Return to grsecurity development

cron