const char *arch_vma_name(struct vm_area_struct *vma)
 {
-	if (vma->vm_start == vma->vm_mm->context.vdso)
+	if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)

		return "[vdso]";

 #ifdef CONFIG_PAX_SEGMEXEC
-	if (vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
+	if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)

		return "[vdso]";
 #endif

	return NULL;
 }

Comment 2 Christian Heim (RETIRED) 2007-10-13 17:40:00 UTC

OK, 2.6.23 should fix your problems.

Not fixed in 2.6.23.
Same bug in hardened-sources 2.6.22-r5 -r7 and 2.6.23

Some software like Java, Flash are returning without been executed.
$java --version && echo 1
1
$dmesg
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000017c
 printing eip:
c041d687
*pde = 00000000
Oops: 0000 [#2]
SMP 
Modules linked in: tg3 ipw3945
CPU:    0
EIP:    0060:[<c041d687>]    Tainted: G      D VLI
EFLAGS: 00210246   (2.6.23-hardened #2)
EIP is at arch_vma_name+0x7/0x20
eax: 00000000   ebx: 00000078   ecx: 00000000   edx: ffffe000
esi: 00000070   edi: 00000000   ebp: 00000000   esp: eb9afe8c
ds: 007b   es: 0068   fs: 00d8  gs: 0033  ss: 0068
Process java (pid: 4815, ti=eb9ae000 task=eb841ab0 task.ti=eb9ae000)
Stack: c04a6709 ebb90680 c0913880 ffffe000 fffff000 00000072 0000002d 00000078 
       00000070 00000000 00000000 00000000 00000000 eb9afee8 00000000 c0a17460 
       ebb90680 eb652570 00000000 00000000 00000000 00000000 00000000 00000028 
Call Trace:
 [<c04a6709>] show_map_internal+0x249/0x300
 [<c048fd73>] seq_read+0x1d3/0x2b0
 [<c04761c1>] vfs_read+0xa1/0x130
 [<c048fba0>] seq_read+0x0/0x2b0
 [<c04766e1>] sys_read+0x41/0x70
 [<c04043a9>] sysenter_past_esp+0x66/0x99
 =======================
Code: 00 00 00 00 89 d0 e9 e9 cb 04 00 89 f6 8d bc 27 00 00 00 00 85 c0 75 03 31 c0 c3 e9 64 ce 04 00 90 90 90 90 8b 08 8b 50 04 31 c0 <3b> 91 7c 01 00 00 ba 4d 16 90 c0 0f 44 c2 c3 8d 76 00 8d bc 27 
EIP: [<c041d687>] arch_vma_name+0x7/0x20 SS:ESP 0068:eb9afe8c

It's may due to my kernel config:
# CONFIG_PAX_NOEXEC is not set
I will take a look

It's not due to CONFIG_PAX_NOEXEC: same bug with: CONFIG_PAX_NOEXEC=y

my pax config:
#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
# CONFIG_PAX_EI_PAX is not set
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

the test:
$java -version && echo 1
1
#dmesg
BUG: [...]

Comment 5 Christian Heim (RETIRED) 2007-10-30 19:53:40 UTC

(In reply to comment #1)
>  const char *arch_vma_name(struct vm_area_struct *vma)
>  {
> -       if (vma->vm_start == vma->vm_mm->context.vdso)
> +       if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
> 
>                 return "[vdso]";
> 
>  #ifdef CONFIG_PAX_SEGMEXEC
> -       if (vma->vm_mirror && vma->vm_mirror->vm_start ==
> vma->vm_mm->context.vdso)
> +       if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start ==
> vma->vm_mm->context.vdso)
> 
>                 return "[vdso]";
>  #endif
> 
>         return NULL;
>  }

Any insight about this pipacs ?

(In reply to comment #5)
> Any insight about this pipacs ?

yeah, mea culpa, i simply forgot to forward port this fix to .23, i'll push a new patch when i tested out some other changes i've done since.

Fixed in hardened-sources-2.6.23-r1