177234 – hardened-sources-2.6.21 causes suspicious general protection fault reported by PAX

Bug 177234 - hardened-sources-2.6.21 causes suspicious general protection fault reported by PAX

Summary: hardened-sources-2.6.21 causes suspicious general protection fault reported b...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-05-05 20:01 UTC by Attila Tóth
Modified:	2007-06-02 17:12 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
kern.log (kern.log,32.51 KB, text/plain) 2007-05-05 20:02 UTC, Attila Tóth	Details
pax.log (pax.log,1.67 KB, text/plain) 2007-05-05 20:03 UTC, Attila Tóth	Details
dmesg (dmesg,34.72 KB, text/plain) 2007-05-05 20:04 UTC, Attila Tóth	Details
config (config,56.22 KB, text/plain) 2007-05-05 20:05 UTC, Attila Tóth	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Attila Tóth 2007-05-05 20:01:25 UTC

Suspicious error messages started to show up yesterday, while I gave a try to the latest hardened gentoo kernel (2.6.21-hardened). The machine is an IBM ThinkPad R50e. I'm using the hardened profile with pie-ssp enabled. The first instance of the error showed up just right after the grsec system was enabled. The second one appeared a few seconds later. I decided to reboot with the last stable kernel to avoid any possible data corruption. The rest of the error messages were generated during the shutdown process. Please see attached kern.log, pax.log log, kernel config and dmesg. I hope that the information will help to trace back and eliminate this problem.
I can provide more information upon request.

Reproducible: Always

Steps to Reproduce:

Actual Results:  
May  4 19:19:40 hostname PAX: suspicious general protection fault: 0000 [#1]
May  4 19:19:40 hostname Modules linked in: hdaps eeprom sn9c102 i915 drm tulip capability commoncap yenta_socket rsrc_nonstatic i2c_i801 ipw2200
May  4 19:19:40 hostname CPU:    0
May  4 19:19:40 hostname EIP:    0060:[<001815b0>]    Not tainted VLI
May  4 19:19:40 hostname EFLAGS: 00010203   (2.6.21-hardened #2)
May  4 19:19:40 hostname EIP is at gr_handle_sysctl+0x70/0x3a0
May  4 19:19:40 hostname eax: 00000002   ebx: 00000000   ecx: 00000006   edx: ffffffff
May  4 19:19:40 hostname esi: 00000000   edi: c087da02   ebp: 0000000f   esp: e809fe60
May  4 19:19:40 hostname ds: 0068   es: 0068   fs: 00d8  gs: 0033  ss: 0068
May  4 19:19:40 hostname Process touch (pid: 7087, ti=e809e000 task=ee06ca90 task.ti=e809e000)
May  4 19:19:40 hostname Stack: 4b09d750 c169cec0 e5f2a274 00000000 eef2b3e4 00051e85 c10066a0 00000000 
May  4 19:19:40 hostname 00000000 00000000 ab12f3b0 00000001 eef2b3e4 00000002 ef23ab58 ef17f000 
May  4 19:19:40 hostname c10063d8 0005233d e5f2a274 c169e100 e26c04bc 0002f388 ee2293c0 e5f2a4bc 
May  4 19:19:40 hostname Call Trace:
May  4 19:19:40 hostname =======================
May  4 19:19:40 hostname Code: 83 c8 04 89 5c 24 2c 85 c9 8b 5c 24 40 0f 44 44 24 2c 81 fb c0 4a 00 c1 89 44 24 2c 74 37 31 f6 ba ff ff ff ff 8d b6 00 00 00 00 <8b> 7b 04 89 d1 89 f0 f2 ae f7 d1 49 8d 44 0d 01 0f b7 e8 8b 44 
May  4 19:19:40 hostname EIP: [<001815b0>] gr_handle_sysctl+0x70/0x3a0 SS:ESP 0068:e809fe60


Portage 2.1.2.2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.20-hardened-r2 i686)
=================================================================
System uname: 2.6.20-hardened-r2 i686 Intel(R) Celeron(R) M processor         1.40GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 05 May 2007 17:29:01 +0000
ccache version 2.4 [disabled]
dev-java/java-config: 1.3.7, 2.0.31-r5
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r7
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -mtune=pentium-m -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -mtune=pentium-m -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ http://gentoo.inode.at/"
LANG="hu_HU"
LC_ALL="hu_HU"
LINGUAS="hu en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="7zip X X509 Xaw3d a52 aac aalib acl acpi aiglx alsa amr aotuv apache2 asf audiofile bash-completion bcmath bdf berkdb bidi binfilter bitmap-fonts bittorrent blas bluetooth branding browserplugin bzip2 cairo caps cdda cddb cdparanoia cdr cdrom chardet checkpath cli crypt css cups curl d dba dbm dbus dga dhcp discard-path divx divx4linux djbfft djvu dlloader dmi dri dts dv dvd dvdnav dvdr dvdread dvi eds encode evo exif expat extensions fam fame ffmpeg fftw finger firefox flac flash flatfile fontconfig foomaticdb force-cgi-redirect fortran fpx ftp gd gdl gif gimp gimpprint gmedia gmp gnet gnome gopher gphoto2 gpm graphviz gs gsm gstreamer gtk gtk2 gtkhtml hal hardened hub i8x0 iconv idea idn imagemagick imap imlib irda jabber java javascript jingle jpeg jpeg2k ladspa lapack latin1 lcms libburn libcaca libnotify libplot lm_sensors log4j logitech-mouse lzo lzw mad matroska mbox mcal md5sum memlimit midi mikmod mjpeg mmap mmx mng mode-owner motif mozbranding mozcalendar mp2 mp3 mp4 mpeg musepack mysql mysqli nautilus ncurses network nls nopop3d nsplugin ntfs oav ofx ogg oggvorbis onaccess openexr opengl pam pam_chroot pam_console pam_timestamp pango pccts pcmcia pda pdf pear perl php pic plotutils png pnm posix ppds python quicktime quotas rar rc5 readline real realmedia reiserfs remote rle rtc samba sasl scanner scenarios screen sdl sensord session sftplogging sharedext sharedmem sid skins slang smp sms sndfile soap sockets sound speex spell spf srt sse sse2 ssl svg syslog sysvipc t1lib tagwriting tcl tcltk tcpd tetex tga theora tiff timidity tk tlen tokenizer toolbar tools totem transcode truetype truetype-fonts type1-fonts udev underscores unicode urandom usb userlocales v4l v4l2 vcd vidix virus-scan visualization vlm vorbis webdav wifi win32codecs wma wmf wmp wxwindows x264 x86 xattr xforms xine xml xml2 xmlrpc xorg xpm xsl xv xvid yahoo zip zlib zvbi" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="hu en" USERLAND="GNU" VIDEO_CARDS="i810 i830 v4l"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Attila Tóth 2007-05-05 20:02:31 UTC

Created attachment 118284 [details]
kern.log

kern.log showing the symptoms

Comment 2 Attila Tóth 2007-05-05 20:03:08 UTC

Created attachment 118285 [details]
pax.log

pax.log

Comment 3 Attila Tóth 2007-05-05 20:04:08 UTC

Comment on attachment 118284 [details]
kern.log

kern.log

Comment 4 Attila Tóth 2007-05-05 20:04:37 UTC

Created attachment 118286 [details]
dmesg

dmesg

Comment 5 Attila Tóth 2007-05-05 20:05:06 UTC

Created attachment 118288 [details]
config

config

Comment 6 PaX Team 2007-05-06 14:26:21 UTC

http://forums.grsecurity.net/viewtopic.php?t=1723

Comment 7 Christian Heim (RETIRED) gentoo-dev

2007-05-06 15:58:01 UTC

(In reply to comment #6)
> http://forums.grsecurity.net/viewtopic.php?t=1723

According to Brad in http://forums.grsecurity.net/viewtopic.php?t=1722, it should be fixed w/ his latest snapshot (that being 200705041939).

I'm currently committing the necessary changes for 2.6.21 and they should be on your favorite gentoo-portage mirror in about an hour. Just remerge hardened-sources and this problem should be fixed.

Comment 8 PaX Team 2007-05-06 17:11:05 UTC

did you also fix the GRSECURITY/GRKERNSEC mixup?

Comment 9 Kevin F. Quinn (RETIRED) gentoo-dev

2007-05-07 11:21:24 UTC

*** Bug 177387 has been marked as a duplicate of this bug. ***

Comment 10 Attila Tóth 2007-05-07 16:14:38 UTC

(In reply to comment #8)
> did you also fix the GRSECURITY/GRKERNSEC mixup?
> 

Can you give a short hint on this one? Just to avoid spending my time unecessary on an erroneus version.

Dw.

Comment 11 PaX Team 2007-05-07 19:56:41 UTC

(In reply to comment #10)
> (In reply to comment #8)
> > did you also fix the GRSECURITY/GRKERNSEC mixup?
> > 
> 
> Can you give a short hint on this one? Just to avoid spending my time
> unecessary on an erroneus version.

http://forums.grsecurity.net/viewtopic.php?t=1719&start=15

Comment 12 Christian Heim (RETIRED) gentoo-dev

2007-06-02 17:12:17 UTC

Should be fixed now.