Page 1 of 1

kernel 4.0.2 + grsec does not boot

PostPosted: Tue May 12, 2015 7:07 am
by hanno
I'm currently struggling with an update of the kernel on our servers. If I try to update to 4.0.2 + grsec patch (at the moment latest: grsecurity-3.1-4.0.2-201505101122.patch) the system does not boot any more.

The problem is: There is hardly anything that gives a hint what's going on. On normal boot it does not print out anything, it will just reboot and return to grub again and again. When I pass early_printk parameter I get some boot messages, it stops at the NR_IRQS message (this seems to be a default on every kernel boot). I noted that past that the first thing that happens on a working system the next thing that is happening is the initialization of the console:
[ 0.000000] NR_IRQS:4352 nr_irqs:256 0
[ 0.000000] Console: colour VGA+ 80x25
[ 0.000000] console [ttyS0] enabled

Kernel 4.0 introduces some new options regarding console (CONFIG_DUMMY_CONSOLE_COLUMNS, CONFIG_DUMMY_CONSOLE_ROWS), so it might have something to do with that and is failing at the console initialization.

Some further info that might be relevant:
* Right now the system is running kernel 3.19.5 with patch grsecurity-3.1-3.19.5-201504270827.patch, which is working.
* Disabling the grsec patch the system boots again.
* It's a virtualized system (kvm), with a virtual serial console (virsh console).

Re: kernel 4.0.2 + grsec does not boot

PostPosted: Tue May 12, 2015 7:40 am
by PaX Team
since it seems to be reproducible and in kvm at that, just send me your .config and your kvm command line (at least the parts that may be relevant like -append and device and cpu setup) and i'll debug it.

PS: this may be faster if you can also get on irc ;)

Re: kernel 4.0.2 + grsec does not boot

PostPosted: Tue May 12, 2015 9:50 am
by hanno
I'll idle in #grsecurity, have sent you via mail the kernel and libvirt config (no kvm command line, as I'm using it through libvirt).

Re: kernel 4.0.2 + grsec does not boot

PostPosted: Fri May 15, 2015 3:28 pm
by hanno
In case others had the same problem:
This has now been fixed with the latest patch grsecurity-3.1-4.0.3-201505141746.patch. Just tested and confirmed that.