Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 01, 2016 12:15 am

Hello,

It OOPSed after loading loop.ko and again after I renamed loop.ko.

Here is the netconsole output after loop.ko was loaded (with CONFIG GRKERNSEC/PAX options below that):

Sep 1 00:03:23 pc101 [ 6.158841] PAX: swapper/0:0, uid/euid: 0/0, attempted to modify kernel code
Sep 1 00:03:23 pc101 [ 6.159601] BUG: unable to handle kernel
Sep 1 00:03:23 pc101 paging request
Sep 1 00:03:23 pc101 at c16a2000
Sep 1 00:03:23 pc101 [ 6.160382] IP:
Sep 1 00:03:23 pc101 [<003134f2>] llist_add_batch+0x12/0x30
Sep 1 00:03:23 pc101 [ 6.161107] *pdpt = 0000000003ad4001
Sep 1 00:03:23 pc101 *pde = 000000003592d063
Sep 1 00:03:23 pc101 *pte = 00000000016a2161
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.161846] Oops: 0003 [#1] SMP
Sep 1 00:03:23 pc101 [ 6.162567] Modules linked in:
Sep 1 00:03:23 pc101 loop
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.163316] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.7.2-grsec-smp #201608312326
Sep 1 00:03:23 pc101 [ 6.164040] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Sep 1 00:03:23 pc101 [ 6.164800] task: c3c04980 ti: c3c04e58 task.ti: c3c04e58
Sep 1 00:03:23 pc101 [ 6.168426] EIP: 0060:[<003134f2>] EFLAGS: 00010282 CPU: 0
Sep 1 00:03:23 pc101 [ 6.170240] EAX: c16a2000 EBX: 00000000 ECX: f65d6ed0 EDX: c16a2000
Sep 1 00:03:23 pc101 [ 6.171541] ESI: c16a2000 EDI: 4d7b25f1 EBP: f6011f10 ESP: f6011f08
Sep 1 00:03:23 pc101 [ 6.172292] DS: 0068 ES: 0068 FS: 00d8 GS: 0000 SS: 0068
Sep 1 00:03:23 pc101 [ 6.173042] CR0: 80050033 CR2: c16a2000 CR3: 03ad9000 CR4: 000406f0
Sep 1 00:03:23 pc101 [ 6.173799] Stack:
Sep 1 00:03:23 pc101 [ 6.174554] c16a2000
Sep 1 00:03:23 pc101 f65d6ed0
Sep 1 00:03:23 pc101 f6011f20
Sep 1 00:03:23 pc101 0013d4f7
Sep 1 00:03:23 pc101 f614e9d0
Sep 1 00:03:23 pc101 41f3d8c6
Sep 1 00:03:23 pc101 f6011f28
Sep 1 00:03:23 pc101 0003f978
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.175403] f6011f34
Sep 1 00:03:23 pc101 000c5106
Sep 1 00:03:23 pc101 f5932b40
Sep 1 00:03:23 pc101 f6011fcc
Sep 1 00:03:23 pc101 000a87dc
Sep 1 00:03:23 pc101 c56f0c45
Sep 1 00:03:23 pc101 377aa67a
Sep 1 00:03:23 pc101 f65d95c0
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.176248] ed63b592
Sep 1 00:03:23 pc101 f5142267
Sep 1 00:03:23 pc101 f61b3ac8
Sep 1 00:03:23 pc101 62c135b8
Sep 1 00:03:23 pc101 a56410df
Sep 1 00:03:23 pc101 5f286401
Sep 1 00:03:23 pc101 8d3e6a5c
Sep 1 00:03:23 pc101 c3c04980
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.177175] Call Trace:
Sep 1 00:03:23 pc101 [ 6.178011] [<0013d4f7>] vunmap+0x47/0x60
Sep 1 00:03:23 pc101 [ 6.178805] [<0003f978>] module_memfree_exec+0x8/0x10
Sep 1 00:03:23 pc101 [ 6.179586] [<000c5106>] do_free_init+0x16/0x30
Sep 1 00:03:23 pc101 [ 6.180349] [<000a87dc>] rcu_process_callbacks+0x53c/0xa90
Sep 1 00:03:23 pc101 [ 6.181102] [<000ad763>] ? run_timer_softirq+0x63/0x430
Sep 1 00:03:23 pc101 [ 6.181835] [<000592c0>] __do_softirq+0xc0/0x1b0
Sep 1 00:03:23 pc101 [ 6.182577] [<00200000>] ? ext4_ext_zeroout+0x10/0x30
Sep 1 00:03:23 pc101 [ 6.183313] [<00059200>] ? cpu_callback+0x140/0x140
Sep 1 00:03:23 pc101 [ 6.184035] [<0001a516>] do_softirq_own_stack+0x26/0x40
Sep 1 00:03:23 pc101 [ 6.184321] <IRQ>
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.184321] [<000594e5>] irq_exit+0x95/0xa0
Sep 1 00:03:23 pc101 [ 6.186323] [<0003a323>] smp_trace_apic_timer_interrupt+0x53/0x80
Sep 1 00:03:23 pc101 [ 6.187033] [<0003a358>] smp_apic_timer_interrupt+0x8/0x10
Sep 1 00:03:23 pc101 [ 6.187741] [<00695039>] apic_timer_interrupt+0x39/0x40
Sep 1 00:03:23 pc101 [ 6.192632] [<00021515>] ? default_idle+0x5/0x10
Sep 1 00:03:23 pc101 [ 6.193332] [<000219c9>] arch_cpu_idle+0x9/0x10
Sep 1 00:03:23 pc101 [ 6.194019] [<00091919>] default_idle_call+0x19/0x30
Sep 1 00:03:23 pc101 [ 6.194806] [<00091abc>] cpu_startup_entry+0x18c/0x1d0
Sep 1 00:03:23 pc101 [ 6.195509] [<0068e9e2>] rest_init+0x62/0x70
Sep 1 00:03:23 pc101 [ 6.196221] [<02e099b0>] 0x2e099b0
Sep 1 00:03:23 pc101 [ 6.196892] [<02e082fd>] 0x2e082fd
Sep 1 00:03:23 pc101 [ 6.197580] [<00020800>] ? native_calibrate_tsc+0x2e0/0x5f0
Sep 1 00:03:23 pc101 [ 6.198254] [<0008f800>] ? __dequeue_dl_entity+0xf0/0x150
Sep 1 00:03:23 pc101 [ 6.198917] Code:
Sep 1 00:03:23 pc101 db
Sep 1 00:03:23 pc101 8d
Sep 1 00:03:23 pc101 04
Sep 1 00:03:23 pc101 19
Sep 1 00:03:23 pc101 5b
Sep 1 00:03:23 pc101 5d
Sep 1 00:03:23 pc101 c3
Sep 1 00:03:23 pc101 66
Sep 1 00:03:23 pc101 90
Sep 1 00:03:23 pc101 31
Sep 1 00:03:23 pc101 c0
Sep 1 00:03:23 pc101 c3
Sep 1 00:03:23 pc101 90
Sep 1 00:03:23 pc101 8d
Sep 1 00:03:23 pc101 74
Sep 1 00:03:23 pc101 26
Sep 1 00:03:23 pc101 00
Sep 1 00:03:23 pc101 89
Sep 1 00:03:23 pc101 d0
Sep 1 00:03:23 pc101 5b
Sep 1 00:03:23 pc101 5d
Sep 1 00:03:23 pc101 c3
Sep 1 00:03:23 pc101 66
Sep 1 00:03:23 pc101 90
Sep 1 00:03:23 pc101 90
Sep 1 00:03:23 pc101 55
Sep 1 00:03:23 pc101 89
Sep 1 00:03:23 pc101 e5
Sep 1 00:03:23 pc101 56
Sep 1 00:03:23 pc101 53
Sep 1 00:03:23 pc101 89
Sep 1 00:03:23 pc101 c6
Sep 1 00:03:23 pc101 89
Sep 1 00:03:23 pc101 f6
Sep 1 00:03:23 pc101 8d
Sep 1 00:03:23 pc101 bc
Sep 1 00:03:23 pc101 27
Sep 1 00:03:23 pc101 00
Sep 1 00:03:23 pc101 last message repeated 3 times
Sep 1 00:03:23 pc101 8b
Sep 1 00:03:23 pc101 19
Sep 1 00:03:23 pc101 <89>
Sep 1 00:03:23 pc101 1a
Sep 1 00:03:23 pc101 89
Sep 1 00:03:23 pc101 d8
Sep 1 00:03:23 pc101 f0
Sep 1 00:03:23 pc101 0f
Sep 1 00:03:23 pc101 b1
Sep 1 00:03:23 pc101 31
Sep 1 00:03:23 pc101 39
Sep 1 00:03:23 pc101 c3
Sep 1 00:03:23 pc101 75
Sep 1 00:03:23 pc101 f2
Sep 1 00:03:23 pc101 85
Sep 1 00:03:23 pc101 db
Sep 1 00:03:23 pc101 0f
Sep 1 00:03:23 pc101 94
Sep 1 00:03:23 pc101 c0
Sep 1 00:03:23 pc101 5b
Sep 1 00:03:23 pc101 5e
Sep 1 00:03:23 pc101 5d
Sep 1 00:03:23 pc101 c3
Sep 1 00:03:23 pc101
Sep 1 00:03:23 pc101 [ 6.200851] EIP: [<003134f2>]
Sep 1 00:03:23 pc101 llist_add_batch+0x12/0x30
Sep 1 00:03:23 pc101 SS:ESP 0068:f6011f08
Sep 1 00:03:23 pc101 [ 6.201606] CR2: 00000000c16a2000
Sep 1 00:03:23 pc101 [ 6.202331] ---[ end trace 5d83e37e52ab7744 ]---
Sep 1 00:03:23 pc101 [ 6.203057] Kernel panic - not syncing: Fatal exception in interrupt
Sep 1 00:03:23 pc101 [ 6.203901] Kernel Offset: disabled
Sep 1 00:03:23 pc101 [ 6.204246] ---[ end Kernel panic - not syncing: Fatal exception in interrupt

--------------------------------------

GRKERNSEC/PAX lines from kernel config:

CONFIG_PAX_PER_CPU_PGD=y
CONFIG_PAX_USERCOPY_SLABS=y
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CONFIG_AUTO=y
# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
CONFIG_GRKERNSEC_CONFIG_SERVER=y
# CONFIG_GRKERNSEC_CONFIG_DESKTOP is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_NONE is not set
CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST=y
# CONFIG_GRKERNSEC_CONFIG_VIRT_HOST is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_EPT is not set
CONFIG_GRKERNSEC_CONFIG_VIRT_SOFT=y
# CONFIG_GRKERNSEC_CONFIG_VIRT_XEN is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_VMWARE is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_KVM is not set
CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX=y
# CONFIG_GRKERNSEC_CONFIG_VIRT_HYPERV is not set
# CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF is not set
CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY=y
CONFIG_GRKERNSEC_PROC_GID=756
CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=1005
CONFIG_GRKERNSEC_SYMLINKOWN_GID=1006
CONFIG_PAX=y
# CONFIG_PAX_SOFTMODE is not set
# CONFIG_PAX_EI_PAX is not set
# CONFIG_PAX_PT_PAX_FLAGS is not set
CONFIG_PAX_XATTR_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_MPROTECT_COMPAT is not set
# CONFIG_PAX_ELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_KERNEXEC_PLUGIN=y
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_NONE is not set
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_STACKLEAK=y
CONFIG_PAX_MEMORY_STRUCTLEAK=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_CONSTIFY_PLUGIN=y
CONFIG_PAX_USERCOPY=y
# CONFIG_PAX_USERCOPY_DEBUG is not set
CONFIG_PAX_SIZE_OVERFLOW=y
CONFIG_PAX_LATENT_ENTROPY=y
# CONFIG_PAX_RAP is not set
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_BPF_HARDEN=y
CONFIG_GRKERNSEC_PERF_HARDEN=y
CONFIG_GRKERNSEC_RAND_THREADSTACK=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_KSTACKOVERFLOW=y
# CONFIG_GRKERNSEC_BRUTE is not set
CONFIG_GRKERNSEC_MODHARDEN=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_RANDSTRUCT=y
# CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE is not set
CONFIG_GRKERNSEC_KERN_LOCKOUT=y
CONFIG_GRKERNSEC_NO_RBAC=y
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_SYMLINKOWN=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
# CONFIG_GRKERNSEC_ROFS is not set
CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_RENAME=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
CONFIG_GRKERNSEC_CHROOT_INITRD=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
CONFIG_GRKERNSEC_SIGNAL=y
# CONFIG_GRKERNSEC_FORKFAIL is not set
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_RWXMAP_LOG=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
CONFIG_GRKERNSEC_PTRACE_READEXEC=y
CONFIG_GRKERNSEC_SETXID=y
CONFIG_GRKERNSEC_HARDEN_IPC=y
CONFIG_GRKERNSEC_HARDEN_TTY=y
CONFIG_GRKERNSEC_TPE=y
# CONFIG_GRKERNSEC_TPE_ALL is not set
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=1005
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
# CONFIG_GRKERNSEC_SOCKET is not set
CONFIG_GRKERNSEC_DENYUSB=y
# CONFIG_GRKERNSEC_DENYUSB_FORCE is not set
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=6
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 01, 2016 12:39 am

I forgot to mention that grsecurity-3.1-4.7.2-201608211829.patch boots.
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby spender » Thu Sep 01, 2016 7:46 pm

Just to confirm (though the change is likely correct, it may have revealed a latent issue), does reverting the change in the latest patch to arch/x86/mm/pageattr.c resolve the issue? Are you able to reproduce it on x64?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 01, 2016 9:59 pm

Hello,

The problem does not occur on x64.

A different OOPs occurs when I revert the if stmt for the pageattr.c patch (to the one from the previous patch):

Sep 1 21:54:56 pc101 [ 6.458723] PAX: rc.S:198, uid/euid: 0/0, attempted to modify kernel code
Sep 1 21:54:56 pc101 [ 6.459461] BUG: unable to handle kernel
Sep 1 21:54:56 pc101 paging request
Sep 1 21:54:56 pc101 at c16a2000
Sep 1 21:54:56 pc101 [ 6.459928] IP:
Sep 1 21:54:56 pc101 [<003134f2>] llist_add_batch+0x12/0x30
Sep 1 21:54:56 pc101 [ 6.460647] *pdpt = 0000000003ad4001
Sep 1 21:54:56 pc101 *pde = 0000000034a17063
Sep 1 21:54:56 pc101 *pte = 00000000016a2161
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.461662] Oops: 0003 [#1] SMP
Sep 1 21:54:56 pc101 [ 6.461931] Modules linked in:
Sep 1 21:54:56 pc101 loop
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.462655] CPU: 3 PID: 198 Comm: rc.S Not tainted 4.7.2-grsec-smp #201608312326
Sep 1 21:54:56 pc101 [ 6.463729] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Sep 1 21:54:56 pc101 [ 6.464490] task: f4a81800 ti: f4a81cd8 task.ti: f4a81cd8
Sep 1 21:54:56 pc101 [ 6.464959] EIP: 0060:[<003134f2>] EFLAGS: 00010282 CPU: 3
Sep 1 21:54:56 pc101 [ 6.465708] EAX: c16a2000 EBX: 00000000 ECX: f56dfed0 EDX: c16a2000
Sep 1 21:54:56 pc101 [ 6.466480] ESI: c16a2000 EDI: a7902e4e EBP: f50e3f10 ESP: f50e3f08
Sep 1 21:54:56 pc101 [ 6.466959] DS: 0068 ES: 0068 FS: 00d8 GS: 0000 SS: 0068
Sep 1 21:54:56 pc101 [ 6.467717] CR0: 80050033 CR2: c16a2000 CR3: 03ad90c0 CR4: 000406f0
Sep 1 21:54:56 pc101 [ 6.468473] Stack:
Sep 1 21:54:56 pc101 [ 6.472725] c16a2000
Sep 1 21:54:56 pc101 f56dfed0
Sep 1 21:54:56 pc101 f50e3f20
Sep 1 21:54:56 pc101 0013d4f7
Sep 1 21:54:56 pc101 f52fa740
Sep 1 21:54:56 pc101 b3088342
Sep 1 21:54:56 pc101 f50e3f28
Sep 1 21:54:56 pc101 0003f978
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.474580] f50e3f34
Sep 1 21:54:56 pc101 000c5106
Sep 1 21:54:56 pc101 f48ddc00
Sep 1 21:54:56 pc101 f50e3fcc
Sep 1 21:54:56 pc101 000a87ec
Sep 1 21:54:56 pc101 d6a7cdba
Sep 1 21:54:56 pc101 be628e9a
Sep 1 21:54:56 pc101 f56e25c0
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.475164] f56dee00
Sep 1 21:54:56 pc101 f50e3f54
Sep 1 21:54:56 pc101 f48dd540
Sep 1 21:54:56 pc101 f50e3f5c
Sep 1 21:54:56 pc101 000ad228
Sep 1 21:54:56 pc101 87e646c4
Sep 1 21:54:56 pc101 093c8eb1
Sep 1 21:54:56 pc101 f4a81800
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.475978] Call Trace:
Sep 1 21:54:56 pc101 [ 6.476787] [<0013d4f7>] vunmap+0x47/0x60
Sep 1 21:54:56 pc101 [ 6.477576] [<0003f978>] module_memfree_exec+0x8/0x10
Sep 1 21:54:56 pc101 [ 6.478701] [<000c5106>] do_free_init+0x16/0x30
Sep 1 21:54:56 pc101 [ 6.479507] [<000a87ec>] rcu_process_callbacks+0x53c/0xa80
Sep 1 21:54:56 pc101 [ 6.479991] [<000ad228>] ? process_timeout+0x8/0x10
Sep 1 21:54:56 pc101 [ 6.480750] [<000ad763>] ? run_timer_softirq+0x63/0x430
Sep 1 21:54:56 pc101 [ 6.481494] [<00e09315>] ? 0xe09315
Sep 1 21:54:56 pc101 [ 6.482723] [<000592d0>] __do_softirq+0xc0/0x1b0
Sep 1 21:54:56 pc101 [ 6.483040] [<00404040>] ? device_add+0x3b0/0x5e0
Sep 1 21:54:56 pc101 [ 6.483768] [<00059210>] ? cpu_callback+0x140/0x140
Sep 1 21:54:56 pc101 [ 6.484490] [<0001a516>] do_softirq_own_stack+0x26/0x40
Sep 1 21:54:56 pc101 [ 6.485622] <IRQ>
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.485658] [<000594f5>] irq_exit+0x95/0xa0
Sep 1 21:54:56 pc101 [ 6.486693] [<0003a323>] smp_trace_apic_timer_interrupt+0x53/0x80
Sep 1 21:54:56 pc101 [ 6.487396] [<0003a358>] smp_apic_timer_interrupt+0x8/0x10
Sep 1 21:54:56 pc101 [ 6.487920] [<00695039>] apic_timer_interrupt+0x39/0x40
Sep 1 21:54:56 pc101 [ 6.488615] [<00010246>] ? pt_handle_status+0x146/0x270
Sep 1 21:54:56 pc101 [ 6.489710] [<00043800>] ? vmalloc_sync_all+0x10/0x10
Sep 1 21:54:56 pc101 [ 6.490452] [<00694717>] ? entry_INT80_32+0x47/0x47
Sep 1 21:54:56 pc101 [ 6.490898] [<00010246>] ? pt_handle_status+0x146/0x270
Sep 1 21:54:56 pc101 [ 6.491581] [<00694717>] ? entry_INT80_32+0x47/0x47
Sep 1 21:54:56 pc101 [ 6.494912] [<01200011>] ? 0x1200011
Sep 1 21:54:56 pc101 [ 6.495693] [<00010246>] ? pt_handle_status+0x146/0x270
Sep 1 21:54:56 pc101 [ 6.497416] Code:
Sep 1 21:54:56 pc101 db
Sep 1 21:54:56 pc101 8d
Sep 1 21:54:56 pc101 04
Sep 1 21:54:56 pc101 19
Sep 1 21:54:56 pc101 5b
Sep 1 21:54:56 pc101 5d
Sep 1 21:54:56 pc101 c3
Sep 1 21:54:56 pc101 66
Sep 1 21:54:56 pc101 90
Sep 1 21:54:56 pc101 31
Sep 1 21:54:56 pc101 c0
Sep 1 21:54:56 pc101 c3
Sep 1 21:54:56 pc101 90
Sep 1 21:54:56 pc101 8d
Sep 1 21:54:56 pc101 74
Sep 1 21:54:56 pc101 26
Sep 1 21:54:56 pc101 00
Sep 1 21:54:56 pc101 89
Sep 1 21:54:56 pc101 d0
Sep 1 21:54:56 pc101 5b
Sep 1 21:54:56 pc101 5d
Sep 1 21:54:56 pc101 c3
Sep 1 21:54:56 pc101 66
Sep 1 21:54:56 pc101 90
Sep 1 21:54:56 pc101 90
Sep 1 21:54:56 pc101 55
Sep 1 21:54:56 pc101 89
Sep 1 21:54:56 pc101 e5
Sep 1 21:54:56 pc101 56
Sep 1 21:54:56 pc101 53
Sep 1 21:54:56 pc101 89
Sep 1 21:54:56 pc101 c6
Sep 1 21:54:56 pc101 89
Sep 1 21:54:56 pc101 f6
Sep 1 21:54:56 pc101 8d
Sep 1 21:54:56 pc101 bc
Sep 1 21:54:56 pc101 27
Sep 1 21:54:56 pc101 00
Sep 1 21:54:56 pc101 last message repeated 3 times
Sep 1 21:54:56 pc101 8b
Sep 1 21:54:56 pc101 19
Sep 1 21:54:56 pc101 <89>
Sep 1 21:54:56 pc101 1a
Sep 1 21:54:56 pc101 89
Sep 1 21:54:56 pc101 d8
Sep 1 21:54:56 pc101 f0
Sep 1 21:54:56 pc101 0f
Sep 1 21:54:56 pc101 b1
Sep 1 21:54:56 pc101 31
Sep 1 21:54:56 pc101 39
Sep 1 21:54:56 pc101 c3
Sep 1 21:54:56 pc101 75
Sep 1 21:54:56 pc101 f2
Sep 1 21:54:56 pc101 85
Sep 1 21:54:56 pc101 db
Sep 1 21:54:56 pc101 0f
Sep 1 21:54:56 pc101 94
Sep 1 21:54:56 pc101 c0
Sep 1 21:54:56 pc101 5b
Sep 1 21:54:56 pc101 5e
Sep 1 21:54:56 pc101 5d
Sep 1 21:54:56 pc101 c3
Sep 1 21:54:56 pc101
Sep 1 21:54:56 pc101 [ 6.499704] EIP: [<003134f2>]
Sep 1 21:54:56 pc101 llist_add_batch+0x12/0x30
Sep 1 21:54:56 pc101 SS:ESP 0068:f50e3f08
Sep 1 21:54:56 pc101 [ 6.500573] CR2: 00000000c16a2000
Sep 1 21:54:56 pc101 [ 6.500955] ---[ end trace 3d1a9ff7235fc847 ]---
Sep 1 21:54:56 pc101 [ 6.501691] Kernel panic - not syncing: Fatal exception in interrupt
Sep 1 21:54:56 pc101 [ 6.503218] Kernel Offset: disabled
Sep 1 21:54:56 pc101 [ 6.503940] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby spender » Thu Sep 01, 2016 10:25 pm

Can you show me the diff between the working kernel and this non-working kernel with the revert?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 01, 2016 10:48 pm

Here it is but I am not sure it is what you are after - it is a diff of kernel source patched by 201608211829 and 201608312326 without the pageattr.c patch since the if stmt I reverted was the only thing in it):

diff -urp 201608211829/arch/x86/include/asm/uaccess.h 201608312326/arch/x86/include/asm/uaccess.h
--- 201608211829/arch/x86/include/asm/uaccess.h 2016-09-01 22:11:46.000000000 -0400
+++ 201608312326/arch/x86/include/asm/uaccess.h 2016-09-01 22:37:37.000000000 -0400
@@ -816,7 +816,7 @@ copy_from_user(void *to, const void __us
* case, and do only runtime checking for non-constant sizes.
*/

- if (likely(sz != (size_t)-1 && sz < n)) {
+ if (unlikely(sz != (size_t)-1 && sz < n)) {
if(__builtin_constant_p(n))
copy_from_user_overflow();
else
@@ -839,7 +839,7 @@ copy_to_user(void __user *to, const void
might_fault();

/* See the comment in copy_from_user() above. */
- if (likely(sz != (size_t)-1 && sz < n)) {
+ if (unlikely(sz != (size_t)-1 && sz < n)) {
if(__builtin_constant_p(n))
copy_to_user_overflow();
else
diff -urp 201608211829/fs/binfmt_elf.c 201608312326/fs/binfmt_elf.c
--- 201608211829/fs/binfmt_elf.c 2016-09-01 22:11:47.000000000 -0400
+++ 201608312326/fs/binfmt_elf.c 2016-09-01 22:37:37.000000000 -0400
@@ -1290,6 +1290,7 @@ static int load_elf_binary(struct linux_
current->flags |= PF_RANDOMIZE;

setup_new_exec(bprm);
+ install_exec_creds(bprm);

/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
@@ -1521,7 +1522,6 @@ static int load_elf_binary(struct linux_
goto out;
#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */

- install_exec_creds(bprm);
retval = create_elf_tables(bprm, &loc->elf_ex,
load_addr, interp_load_addr);
if (retval < 0)
diff -urp 201608211829/fs/dcache.c 201608312326/fs/dcache.c
--- 201608211829/fs/dcache.c 2016-09-01 22:11:47.000000000 -0400
+++ 201608312326/fs/dcache.c 2016-09-01 22:37:38.000000000 -0400
@@ -798,8 +798,6 @@ void dput(struct dentry *dentry)
return;

repeat:
- might_sleep();
-
rcu_read_lock();
if (likely(fast_dput(dentry))) {
rcu_read_unlock();
diff -urp 201608211829/net/iucv/af_iucv.c 201608312326/net/iucv/af_iucv.c
--- 201608211829/net/iucv/af_iucv.c 2016-09-01 22:11:48.000000000 -0400
+++ 201608312326/net/iucv/af_iucv.c 2016-09-01 22:37:39.000000000 -0400
@@ -1326,7 +1326,7 @@ static int iucv_sock_recvmsg(struct sock
unsigned int copied, rlen;
struct sk_buff *skb, *rskb, *cskb;
int err = 0;
- u32 offset;
+ u32 offset, class;

if ((sk->sk_state == IUCV_DISCONN) &&
skb_queue_empty(&iucv->backlog_skb_q) &&
@@ -1370,9 +1370,8 @@ static int iucv_sock_recvmsg(struct sock
/* create control message to store iucv msg target class:
* get the trgcls from the control buffer of the skb due to
* fragmentation of original iucv message. */
- err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS,
- sizeof(IUCV_SKB_CB(skb)->class),
- (void *)&IUCV_SKB_CB(skb)->class);
+ class = IUCV_SKB_CB(skb)->class;
+ err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(class), &class);
if (err) {
if (!(flags & MSG_PEEK))
skb_queue_head(&sk->sk_receive_queue, skb);
diff -urp 201608211829/net/netlink/af_netlink.c 201608312326/net/netlink/af_netlink.c
--- 201608211829/net/netlink/af_netlink.c 2016-09-01 22:11:48.000000000 -0400
+++ 201608312326/net/netlink/af_netlink.c 2016-09-01 22:37:39.000000000 -0400
@@ -1703,11 +1703,12 @@ static void netlink_cmsg_recv_pktinfo(st
static void netlink_cmsg_listen_all_nsid(struct sock *sk, struct msghdr *msg,
struct sk_buff *skb)
{
+ int nsid = NETLINK_CB(skb).nsid;
+
if (!NETLINK_CB(skb).nsid_is_set)
return;

- put_cmsg(msg, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, sizeof(int),
- &NETLINK_CB(skb).nsid);
+ put_cmsg(msg, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, sizeof(nsid), &nsid);
}

static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby spender » Fri Sep 02, 2016 5:57 am

How much RAM do you have dedicated to the VM?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Fri Sep 02, 2016 10:51 am

3.5G Memory/1G SWAP
VT-x/AMD-v is enabled
Nested Paging is enabled
PAE/NX is enabled
Paravirt interface is KVM
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Fri Sep 02, 2016 6:45 pm

I re-ran the test of reverting pageattr.c in 201608312326 to the version in 201608211829 and this time it booted so I must have done something wrong the first time.
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Wed Sep 07, 2016 10:11 pm

Hello,

201609072139 also OOPs but the stack trace (further down) is a little different

201609072139 boots if I revert the following pageattr.c "if" stmt:

< + if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)) >> PAGE_SHIFT, __pa((unsigned long)&_sdata) >> PAGE_SHIFT)) {
---
> + if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)), __pa((unsigned long)&_sdata))) {

Sep 7 21:51:41 pc101 [ 6.234702] loop: module loaded
Sep 7 21:51:41 pc101 [ 6.245991] PAX: swapper/0:0, uid/euid: 0/0, attempted to modify kernel code
Sep 7 21:51:41 pc101 [ 6.246743] BUG: unable to handle kernel
Sep 7 21:51:41 pc101 paging request
Sep 7 21:51:41 pc101 at c16a3000
Sep 7 21:51:41 pc101 [ 6.247621] IP:
Sep 7 21:51:41 pc101 [<003142d2>] llist_add_batch+0x12/0x30
Sep 7 21:51:41 pc101 [ 6.248383] *pdpt = 0000000003ad4001
Sep 7 21:51:41 pc101 *pde = 0000000034a32063
Sep 7 21:51:41 pc101 *pte = 00000000016a3161
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.249167] Oops: 0003 [#1] SMP
Sep 7 21:51:41 pc101 [ 6.249900] Modules linked in:
Sep 7 21:51:41 pc101 loop
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.250719] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.7.3-grsec-smp #201609072139
Sep 7 21:51:41 pc101 [ 6.251517] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Sep 7 21:51:41 pc101 [ 6.253242] task: c3c04980 ti: c3c04a34 task.ti: c3c04a34
Sep 7 21:51:41 pc101 [ 6.255078] EIP: 0060:[<003142d2>] EFLAGS: 00010282 CPU: 0
Sep 7 21:51:41 pc101 [ 6.255834] EAX: c16a3000 EBX: 00000000 ECX: f56b2ed0 EDX: c16a3000
Sep 7 21:51:41 pc101 [ 6.256655] ESI: c16a3000 EDI: e4d2cb0f EBP: f500ff10 ESP: f500ff08
Sep 7 21:51:41 pc101 [ 6.257394] DS: 0068 ES: 0068 FS: 00d8 GS: 0000 SS: 0068
Sep 7 21:51:41 pc101 [ 6.258137] CR0: 80050033 CR2: c16a3000 CR3: 03ad9000 CR4: 000406f0
Sep 7 21:51:41 pc101 [ 6.258886] Stack:
Sep 7 21:51:41 pc101 [ 6.259683] c16a3000
Sep 7 21:51:41 pc101 f56b2ed0
Sep 7 21:51:41 pc101 f500ff20
Sep 7 21:51:41 pc101 0013dab7
Sep 7 21:51:41 pc101 f5187b30
Sep 7 21:51:41 pc101 c20a1aef
Sep 7 21:51:41 pc101 f500ff28
Sep 7 21:51:41 pc101 0003f918
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.260506] f500ff34
Sep 7 21:51:41 pc101 000c5326
Sep 7 21:51:41 pc101 f5370ac8
Sep 7 21:51:41 pc101 f500ffcc
Sep 7 21:51:41 pc101 000a898c
Sep 7 21:51:41 pc101 00000000
Sep 7 21:51:41 pc101 00000000
Sep 7 21:51:41 pc101 f56b55c0
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.261331] 00000001
Sep 7 21:51:41 pc101 00000000
Sep 7 21:51:41 pc101 f494a090
Sep 7 21:51:41 pc101 00000000
Sep 7 21:51:41 pc101 11baf81e
Sep 7 21:51:41 pc101 7bf1c530
Sep 7 21:51:41 pc101 7b1a2ac3
Sep 7 21:51:41 pc101 c3c04980
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.262162] Call Trace:
Sep 7 21:51:41 pc101 [ 6.262982] [<0013dab7>] vunmap+0x47/0x60
Sep 7 21:51:41 pc101 [ 6.263768] [<0003f918>] module_memfree_exec+0x8/0x10
Sep 7 21:51:41 pc101 [ 6.264557] [<000c5326>] do_free_init+0x16/0x30
Sep 7 21:51:41 pc101 [ 6.265324] [<000a898c>] rcu_process_callbacks+0x53c/0xa90
Sep 7 21:51:41 pc101 [ 6.266077] [<0008b42d>] ? run_rebalance_domains+0x2dd/0x390
Sep 7 21:51:41 pc101 [ 6.266830] [<00059310>] __do_softirq+0xc0/0x1b0
Sep 7 21:51:41 pc101 [ 6.267643] [<00200000>] ? ext4_resize_fs+0x7e0/0x1170
Sep 7 21:51:41 pc101 [ 6.268380] [<00059250>] ? cpu_callback+0x140/0x140
Sep 7 21:51:41 pc101 [ 6.269100] [<0001a516>] do_softirq_own_stack+0x26/0x40
Sep 7 21:51:41 pc101 [ 6.269828] <IRQ>
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.269843] [<00059535>] irq_exit+0x95/0xa0
Sep 7 21:51:41 pc101 [ 6.271324] [<0003a2c3>] smp_trace_apic_timer_interrupt+0x53/0x80
Sep 7 21:51:41 pc101 [ 6.272109] [<0003a2f8>] smp_apic_timer_interrupt+0x8/0x10
Sep 7 21:51:41 pc101 [ 6.274363] [<00696439>] apic_timer_interrupt+0x39/0x40
Sep 7 21:51:41 pc101 [ 6.275071] [<000214f5>] ? default_idle+0x5/0x10
Sep 7 21:51:41 pc101 [ 6.275787] [<000219a9>] arch_cpu_idle+0x9/0x10
Sep 7 21:51:41 pc101 [ 6.276494] [<00091b29>] default_idle_call+0x19/0x30
Sep 7 21:51:41 pc101 [ 6.277192] [<00091ccc>] cpu_startup_entry+0x18c/0x1d0
Sep 7 21:51:41 pc101 [ 6.277896] [<0068fce2>] rest_init+0x62/0x70
Sep 7 21:51:41 pc101 [ 6.278631] [<02e099b4>] 0x2e099b4
Sep 7 21:51:41 pc101 [ 6.279312] [<02e082fd>] 0x2e082fd
Sep 7 21:51:41 pc101 [ 6.279698] [<00040800>] ? hpet_rtc_interrupt+0x1d0/0x370
Sep 7 21:51:41 pc101 [ 6.279698] [<0008f800>] ? switched_to_dl+0x60/0x140
Sep 7 21:51:41 pc101 [ 6.281808] Code:
Sep 7 21:51:41 pc101 db
Sep 7 21:51:41 pc101 8d
Sep 7 21:51:41 pc101 04
Sep 7 21:51:41 pc101 19
Sep 7 21:51:41 pc101 5b
Sep 7 21:51:41 pc101 5d
Sep 7 21:51:41 pc101 c3
Sep 7 21:51:41 pc101 66
Sep 7 21:51:41 pc101 90
Sep 7 21:51:41 pc101 31
Sep 7 21:51:41 pc101 c0
Sep 7 21:51:41 pc101 c3
Sep 7 21:51:41 pc101 90
Sep 7 21:51:41 pc101 8d
Sep 7 21:51:41 pc101 74
Sep 7 21:51:41 pc101 26
Sep 7 21:51:41 pc101 00
Sep 7 21:51:41 pc101 89
Sep 7 21:51:41 pc101 d0
Sep 7 21:51:41 pc101 5b
Sep 7 21:51:41 pc101 5d
Sep 7 21:51:41 pc101 c3
Sep 7 21:51:41 pc101 66
Sep 7 21:51:41 pc101 90
Sep 7 21:51:41 pc101 90
Sep 7 21:51:41 pc101 55
Sep 7 21:51:41 pc101 89
Sep 7 21:51:41 pc101 e5
Sep 7 21:51:41 pc101 56
Sep 7 21:51:41 pc101 53
Sep 7 21:51:41 pc101 89
Sep 7 21:51:41 pc101 c6
Sep 7 21:51:41 pc101 89
Sep 7 21:51:41 pc101 f6
Sep 7 21:51:41 pc101 8d
Sep 7 21:51:41 pc101 bc
Sep 7 21:51:41 pc101 27
Sep 7 21:51:41 pc101 00
Sep 7 21:51:41 pc101 last message repeated 3 times
Sep 7 21:51:41 pc101 8b
Sep 7 21:51:41 pc101 19
Sep 7 21:51:41 pc101 <89>
Sep 7 21:51:41 pc101 1a
Sep 7 21:51:41 pc101 89
Sep 7 21:51:41 pc101 d8
Sep 7 21:51:41 pc101 f0
Sep 7 21:51:41 pc101 0f
Sep 7 21:51:41 pc101 b1
Sep 7 21:51:41 pc101 31
Sep 7 21:51:41 pc101 39
Sep 7 21:51:41 pc101 c3
Sep 7 21:51:41 pc101 75
Sep 7 21:51:41 pc101 f2
Sep 7 21:51:41 pc101 85
Sep 7 21:51:41 pc101 db
Sep 7 21:51:41 pc101 0f
Sep 7 21:51:41 pc101 94
Sep 7 21:51:41 pc101 c0
Sep 7 21:51:41 pc101 5b
Sep 7 21:51:41 pc101 5e
Sep 7 21:51:41 pc101 5d
Sep 7 21:51:41 pc101 c3
Sep 7 21:51:41 pc101
Sep 7 21:51:41 pc101 [ 6.284172] EIP: [<003142d2>]
Sep 7 21:51:41 pc101 llist_add_batch+0x12/0x30
Sep 7 21:51:41 pc101 SS:ESP 0068:f500ff08
Sep 7 21:51:41 pc101 [ 6.284952] CR2: 00000000c16a3000
Sep 7 21:51:41 pc101 [ 6.285685] ---[ end trace c0bc310085806ff4 ]---
Sep 7 21:51:41 pc101 [ 6.286458] Kernel panic - not syncing: Fatal exception in interrupt
Sep 7 21:51:41 pc101 [ 6.287456] Kernel Offset: disabled
Sep 7 21:51:41 pc101 [ 6.288168] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 15, 2016 9:21 pm

I looked back over this in case you were waiting for something from me - the only difference in patches that do not work versus patches that do is in arch/x86/mm/pageattr.c:

diff -urp arch/x86/mm/pageattr.c.oops arch/x86/mm/pageattr.c
--- arch/x86/mm/pageattr.c.oops 2016-09-15 21:15:57.168620825 -0400
+++ arch/x86/mm/pageattr.c 2016-09-07 21:53:58.000000000 -0400
@@ -315,7 +315,7 @@ static inline pgprot_t static_protection
#endif

#ifdef CONFIG_PAX_KERNEXEC
- if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)) >> PAGE_SHIFT, __pa((unsigned long)&_sdata) >> PAGE_SHIFT)) {
+ if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)), __pa((unsigned long)&_sdata))) {
pgprot_val(forbidden) |= _PAGE_RW;
pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
}
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Thu Sep 15, 2016 11:34 pm

Hello,

grsecurity-3.1-4.7.4-201609152234.patch boots fine without reverting pageattr.c if statement. What changed?
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby PaX Team » Sun Sep 18, 2016 5:56 pm

i fixed a latent bug that was exposed by the above fix.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Kernel OOPS: grsecurity-3.1-4.7.2-201608312326

Postby x14sg1 » Mon Sep 19, 2016 4:15 am

Thanks
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm


Return to grsecurity support