Freeze on AMD FX-4100 when grsec enabled

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

Freeze on AMD FX-4100 when grsec enabled

Postby staples1347 » Mon Aug 29, 2016 2:30 am

With gentoo hardened versions of 4.4.8-r1, possibly 4.4.2 (I wasn't fully aware of what was causing the crash back when that kernel was running), 4.6.5 and 4.7.2, when I enable a lot of options in grsec and then run a full raid check (3 drives, software raid5) while running memtester, the system will often freeze after a few hours with no crash log (not even to netconsole with dmesg -n 8). The CPU is an AMD FX-4100 on a motherboard: Asus M5A97 EVO Rev 1. Another server running AMD FX-6100 with motherboard: M5A97 Rev 1 that wasn't running memtester, but raid scan also froze when I tried one of the "most options enabled" builds on it so it doesn't seem like a hardware issue, although the same build didn't crash or freeze on an AMD Athlon II X2 270 system when I did a similar load test (also using software raid5 with 3 drives). The CPU type in the kernel build is set to Generic, but I made a patch to enable X86_ALIGNMENT_16, X86_INTEL_USERCOPY, and X86_USE_PPRO_CHECKSUM as they are approved for K8, I also have a Core2 most options enabled build of 4.6.5-hardened with SMEP running on an Intel i7-4790 CPU that hasn't crashed yet, but I have run a raid check on it yet. On the AMD, I have tried enabling all the lock debugging options, changing from full preempt to voluntary, and disabling dynticks on the boot command line. Enabling just REFCOUNT as the only grsec option caused a freeze and also just UDEREF with pax_nouderef boot option caused a freeze, but enabling just NOEXEC, PAGEEXEC, EMUTRAMP, GCC_PLUGINS, KERNEXEC, and CONSTIFY didn't seem to cause a freeze, although have only been running the test builds for 24 hours or less so may have missed a freeze in this case. HZ is currently set to 1000. I am currently using EFI with radeon drm framebuffer but non-EFI with VGA console also froze with no output. If I turn off all the grsec options or use a vanilla kernel, I can run for multiple days with no freeze. When I say freeze, I mean the console cursor stops flashing, nothing works on the usb keyboard, and the hard drive is on solid. Sensors reports temps under 60C as well for cpu, motherboard, hard drives, and graphics card during high load. I am passing nmi_watchdog=1 parameter and the NMI interrupt count goes up just under every 2 minutes (hang check is set to 120 seconds). I am also using gentoo's hardened version of gcc 4.9.3. Any ideas on how I can get a kernel panic to display instead of just a freeze or what the freeze might be from? I can post my full config or partial config if needed.
staples1347
 
Posts: 1
Joined: Sun Aug 28, 2016 9:32 pm

Return to grsecurity support

cron