issue with virtio_net in KVM guests with >= 3.14.5

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

issue with virtio_net in KVM guests with >= 3.14.5

Postby hagar-dunor » Thu Jun 12, 2014 11:59 am

Hi all,

The host qemu process crashes, at least exits silently (nothing in host dmesg or syslog) when the guest OS initialises the virtual network interface.
More precisely, I can modprobe virtio_net in the guest, but the host qemu exits if I attempt a "ifconfig eth0 up" in the guest.

I was upgrading my guests since 3.7.x and it always went fine, the issue appeared with 3.14.5. It's still there with 3.14.6.
Both host and guest OS are hardened gentoo. I tried with qemu stable (gentoo stable) 1.5.3 or 2.0.0-r1, same behavior. It doesn't seem to be related to the host kernel version. Also the issue in the guest doesn't happen if GRSEC is disabled in the guest kernel.

Hope it helps to look into it...
If there is anything I can do please ask, I have a test system I can mess with.

Cheers
hagar-dunor
 
Posts: 4
Joined: Thu Jun 12, 2014 10:48 am

Re: issue with virtio_net in KVM guests with >= 3.14.5

Postby PaX Team » Thu Jun 12, 2014 5:18 pm

does disabling KSTACKOVERFLOW in the guest kernel help?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: issue with virtio_net in KVM guests with >= 3.14.5

Postby hagar-dunor » Fri Jun 13, 2014 6:21 am

yes it does ! the issue is gone with KSTACKOVERFLOW disabled
hagar-dunor
 
Posts: 4
Joined: Thu Jun 12, 2014 10:48 am

Re: issue with virtio_net in KVM guests with >= 3.14.5

Postby jed » Wed Jun 18, 2014 9:31 am

I am experiencing the same issue with Arch Linux. Both host and guest are running Arch Linux with grsec kernels. In case this is helpful, the issue appeared in 3.14.4.201405252047 and persists through 3.14.6.201406101411. The version before, 3.14.4.201405141623, worked fine with guest virtio. Disabling KSTACKOVERFLOW in 3.14.5.201406051310 fixed the issue.
jed
 
Posts: 1
Joined: Wed Jun 18, 2014 9:14 am

Re: issue with virtio_net in KVM guests with >= 3.14.5

Postby strcat » Wed Jun 18, 2014 10:49 am

Here's another user with the same issue, along with some more details: https://bugs.archlinux.org/task/40627
strcat
 
Posts: 20
Joined: Tue Jun 10, 2014 12:22 pm

Re: issue with virtio_net in KVM guests with >= 3.14.5

Postby hagar-dunor » Wed Jun 25, 2014 11:44 am

On my systems it's solved in grsecurity-3.0-3.14.8-201406220132 (gentoo hardened-sources 3.14.8-r1) i.e. no issues anymore with KSTACKOVERFLOW enabled

Thanks guys for fixing it !
hagar-dunor
 
Posts: 4
Joined: Thu Jun 12, 2014 10:48 am


Return to grsecurity support

cron