I've been using grsec for quite a long time now. Recently I've began upgrading all of my servers from 2.4.20, grsec-1.9.9e to 2.4.21, grsec-1.9.11. The upgrade was fine for most computers except for a few. Grsecurity is set to 'medium'.
Minor issue was that 'ide' modules would fail during modprobe, although if i were to compile ide modules within kernel then they work.
The major issue is highmem support. When I enable 'highmem' support in kernel and when computer starts up all the modules fail during modprobe. The same thing happens when I enable SMP support in kernel. I am pretty sure this is a grsec issue because when I compile unpatched kernel then it works. With grsec kernel even if i disable everything, the 'highmem' and SMP support just break all the modules.
This is a new issue, and I never had anything like this with previous kernels/grsec versions.
I would appreciate if any of the developers respond to this, because of this issue I am unable to upgrade my most critical servers.
Thank You,
Walter.
2.4.21, grsec-1.9.11, smp/highmem woes
12 posts
• Page 1 of 1
2.4.21, grsec-1.9.11, smp/highmem woes
by aiwntrmute » Tue Jul 22, 2003 1:47 pm
- aiwntrmute
- Posts: 11
- Joined: Tue Jul 22, 2003 1:36 pm
by spender » Tue Jul 22, 2003 5:13 pm
Modules don't work when you compile your system with SMP and not highmem?
I'm sure there are hundreds if not thousands of people with that kind of configuration using grsecurity right now with no problems.
Did you remember to make modules modules_install ?
-Brad
I'm sure there are hundreds if not thousands of people with that kind of configuration using grsecurity right now with no problems.
Did you remember to make modules modules_install ?
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by aiwntrmute » Fri Jul 25, 2003 12:04 pm
Yes, I remembered compiling modules and installing them.
I've compiled hundreds of kernels before this one, so this is not my first time.
Is there anyone else having a problem with the new kernel/grsec?
Thanks,
Walter.
I've compiled hundreds of kernels before this one, so this is not my first time.
Is there anyone else having a problem with the new kernel/grsec?
Thanks,
Walter.
- aiwntrmute
- Posts: 11
- Joined: Tue Jul 22, 2003 1:36 pm
by aiwntrmute » Fri Jul 25, 2003 1:26 pm
Yes, modules do compile after selecting highmem or SMP. But after installing/rebooting and when modprobe starts up I see a whole list of module errors.
I test out the modules with modprobe and I get errors that either mention highmem or SMP support. I guess I could just select things that I need and not use modules at all, but this looks like a definite error/bug.
I have tried this on more than 10 servers and I am able to reproduce the same errors on each of them.
Also, on servers where do not require highmem or SMP support they start up fine and modules work except for ide modules. modprobe spits out some errors when probing ide modules. In those cases where ide were actually used I compiled them within the kernel. In any case, I'm not sure if this is related but I thought I'd mention it anyways.
Thank You,
Walter.
I test out the modules with modprobe and I get errors that either mention highmem or SMP support. I guess I could just select things that I need and not use modules at all, but this looks like a definite error/bug.
I have tried this on more than 10 servers and I am able to reproduce the same errors on each of them.
Also, on servers where do not require highmem or SMP support they start up fine and modules work except for ide modules. modprobe spits out some errors when probing ide modules. In those cases where ide were actually used I compiled them within the kernel. In any case, I'm not sure if this is related but I thought I'd mention it anyways.
Thank You,
Walter.
- aiwntrmute
- Posts: 11
- Joined: Tue Jul 22, 2003 1:36 pm
by aiwntrmute » Fri Jul 25, 2003 4:32 pm
I can reproduce the problems with highmem and/or with smp. Here's the errors I get when I compile with highmem:
--------------------------------------------------------------------
[root@euler root]# depmod -a
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfs/nfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/smbfs/smbfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o
[root@euler root]# modprobe nfs
sunrpc.o: unresolved symbol kunmap_high
sunrpc.o: unresolved symbol highmem_start_page
sunrpc.o: unresolved symbol kmap_prot
sunrpc.o: unresolved symbol kmap_high
sunrpc.o: unresolved symbol kmap_pte
sunrpc.o: insmod /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o failed
sunrpc.o: insmod nfs failed
--------------------------------------------------------------------
Here are the errors I get if I turn off highmem and turn on SMP support:
[root@euler root]# depmod -a
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/block/floppy.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/char/serial.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/3c59x.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/8139too.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/acenic.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/e100/e100.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/eepro100.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/pnp/isa-pnp.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/scsi/sg.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/autofs4/autofs4.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/lockd/lockd.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfs/nfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfsd/nfsd.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/smbfs/smbfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/arp_tables.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/ip_conntrack.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/ip_tables.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/iptable_nat.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o
[root@euler root]# modprobe nfs
sunrpc.o: unresolved symbol del_timer_sync
sunrpc.o: unresolved symbol kernel_flag_cacheline
sunrpc.o: unresolved symbol atomic_dec_and_lock
sunrpcc.o: insmod /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o failed
sunrpc.o: insmod nfs failed
--------------------------------------------------------------------
Notice that SMP support breaks alot more modules. While highmem only breaks some fs modules.
Also, all of these errors go away if I just compile unpatched(grsec) kernel.
Thank You,
Walter.
[/quote][/code]
--------------------------------------------------------------------
[root@euler root]# depmod -a
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfs/nfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/smbfs/smbfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o
[root@euler root]# modprobe nfs
sunrpc.o: unresolved symbol kunmap_high
sunrpc.o: unresolved symbol highmem_start_page
sunrpc.o: unresolved symbol kmap_prot
sunrpc.o: unresolved symbol kmap_high
sunrpc.o: unresolved symbol kmap_pte
sunrpc.o: insmod /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o failed
sunrpc.o: insmod nfs failed
--------------------------------------------------------------------
Here are the errors I get if I turn off highmem and turn on SMP support:
[root@euler root]# depmod -a
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/block/floppy.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/char/serial.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/3c59x.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/8139too.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/acenic.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/e100/e100.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/net/eepro100.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/pnp/isa-pnp.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/drivers/scsi/sg.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/autofs4/autofs4.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/lockd/lockd.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfs/nfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/nfsd/nfsd.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/fs/smbfs/smbfs.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/arp_tables.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/ip_conntrack.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/ip_tables.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/ipv4/netfilter/iptable_nat.o
depmod: *** Unresolved symbols in /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o
[root@euler root]# modprobe nfs
sunrpc.o: unresolved symbol del_timer_sync
sunrpc.o: unresolved symbol kernel_flag_cacheline
sunrpc.o: unresolved symbol atomic_dec_and_lock
sunrpcc.o: insmod /lib/modules/2.4.21-grsec/kernel/net/sunrpc/sunrpc.o failed
sunrpc.o: insmod nfs failed
--------------------------------------------------------------------
Notice that SMP support breaks alot more modules. While highmem only breaks some fs modules.
Also, all of these errors go away if I just compile unpatched(grsec) kernel.
Thank You,
Walter.
[/quote][/code]
- aiwntrmute
- Posts: 11
- Joined: Tue Jul 22, 2003 1:36 pm
System.map
by k1ngdrew » Sun Jul 27, 2003 2:38 am
Have you tried copying the new System.map into your /boot directory after you compile the new kernel with SMP/highmem & grsecurity? Unresolved Symbol errors usually mean the system doesn't know about system calls you are trying to make - System.map is a map for all of the system calls that the kernel understands. 
- k1ngdrew
- Posts: 1
- Joined: Sun Jul 27, 2003 2:36 am
make mrproper
by thyrihad » Thu Aug 21, 2003 1:09 pm
You sure you've called a make mrproper after patching? Or even between builds... looks like bad linking.
- thyrihad
- Posts: 1
- Joined: Thu Aug 21, 2003 1:07 pm
12 posts
• Page 1 of 1