This seems to correspond to an upstream bug. Refer to the link. Excerpt: grsecurity-2.1.14-2.6.32.11-201004071936 and above when configured with KERNEXEC enabled on older p4 & xeon cpu's either lacking NX support or having NX support set to disabled in BIOS results in fairly frequent seemingly random application crashed with the kernel logging "corrupted page table at adress xxxxx " Reproducible: Always Steps to Reproduce: This problem started today, during an 'emerge -e world'. Reviewing log files, I confirm it has not happened prior. Actual Results: Refer to attached kernel.log (grep Corruption) and grsec.log tempest ~ # emerge --info Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.4.4, glibc-2.11.1-r0, 2.6.33-hardened-r2-grsec i686) ================================================================= System uname: Linux-2.6.33-hardened-r2-grsec-i686-Pentium_III_-Coppermine-with-gentoo-2.0.1 Timestamp of tree: Fri, 21 May 2010 13:15:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r2, 3.1.2-r3 dev-util/ccache: 2.4-r8 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.65 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.33 ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://ftp.gtlib.gatech.edu/pub/gentoo http://gentoo.osuosl.org/ http://open-systems.ufl.edu/mirrors/gentoo " LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1,--hash-style=gnu" LINGUAS="en_US en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/hardened-development /var/lib/layman/anarchy /usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="berkdb bzip2 caps cli cracklib crypt cxx dri gdbm gpm hardened iconv modules mudflap ncurses nls nptl nptlonly openmp pam pcre perl pic python readline reflection session spl ssl sysfs syslog unicode urandom x86 xorg zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LINGUAS="en_US en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nv" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 232423 [details] kernel log showing pagetable corruption
Created attachment 232425 [details] grsec log for the same time period as kernel log
Here is an example of what is occurring during some emerges: >>> Emerging (4 of 196) sys-apps/chpax-0.7 . <lines skipped> . * CPV: sys-apps/chpax-0.7 * REPO: gentoo * USE: elibc_glibc kernel_linux userland_GNU x86 >>> Unpacking source... >>> Unpacking chpax-0.7.tar.gz to /var/tmp/portage/sys-apps/chpax-0.7/work >>> Source unpacked in /var/tmp/portage/sys-apps/chpax-0.7/work >>> Compiling source in /var/tmp/portage/sys-apps/chpax-0.7/work/chpax-0.7 ... make -j2 CC=i686-pc-linux-gnu-gcc i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o chpax.o chpax.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o io.o io.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o elf32.o elf32.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o elf64.o elf64.c 2010 May 21 20:18:25 tempest [ 1456.714807] as: Corrupted page table at address 84efa9a0 2010 May 21 20:18:25 tempest [ 1456.715007] Bad pagetable: 000d [#1] 2010 May 21 20:18:25 tempest [ 1456.715007] last sysfs file: /sys/devices/virtual/misc/microcode/uevent 2010 May 21 20:18:25 tempest [ 1456.715007] Process as (pid: 6458, ti=d66e8000 task=d6597b00 task.ti=d66e8000) 2010 May 21 20:18:25 tempest [ 1456.715007] EIP: [<24efa9a0>] SS:ESP 007b:5fe3e230 i686-pc-linux-gnu-gcc: Internal error: Killed (program as) Please submit a full bug report. See <http://bugs.gentoo.org/> for instructions. make: *** [elf32.o] Error 1 make: *** Waiting for unfinished jobs.... * ERROR: sys-apps/chpax-0.7 failed: * Parallel Make Failed * * Call stack: * ebuild.sh, line 54: Called src_compile * environment, line 2570: Called die * The specific snippet of code: * emake CC="$(tc-getCC)" || die "Parallel Make Failed" * * If you need support, post the output of 'emerge --info =sys-apps/chpax-0.7', * the complete build log and the output of 'emerge -pqv =sys-apps/chpax-0.7'. * The complete build log is located at '/var/log/portage/sys-apps:chpax-0.7:20100522-001801.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-apps/chpax-0.7/temp/environment'. * S: '/var/tmp/portage/sys-apps/chpax-0.7/work/chpax-0.7'
I think I may have isolated what triggered this. Yesterday, I enabled PAE in my kernel config. I hadn't activated it prior because I have < 4 GiB RAM. However, it occurred to me that using the actual NX bit might be beneficial (as opposed to relying purely on PaX). /proc/cpuinfo says the cpu (a fairly early Pentium IV, I believe) supports pae. typhoon ~ # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 0 model name : Intel(R) Pentium(R) 4 CPU 1300MHz stepping : 10 cpu MHz : 1295.969 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pebs bts bogomips : 2591.93 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 32 bits virtual Shouldn't I be able to enable PAE without problems? If so, am I then indeed encountering the bug I pointed out? I have disabled PAE in the meantime to work around this.
Let me get this straight: PAE disabled and KERNEXEC enabled on cpu's lacking NX flag is okay, but PAE enabled leads to the pagetable corruption?
I don't understand it. I included the link because it appeared to be the same problem I was encountering (in my case, apparently after enabling PAE). All I know for sure is the behavior I observed (per the attachments and the emerge output above).
Can't even rebuild my kernel (fortunately I've still got the last two I built). CC drivers/ata/ata_piix.o LD drivers/ata/built-in.o CC drivers/base/core.o CC drivers/base/sys.o CC drivers/base/bus.o CC drivers/base/dd.o gcc: Internal error: Segmentation fault (program as) Please submit a full bug report. See <http://bugs.gentoo.org/> for instructions. make[2]: *** [drivers/base/dd.o] Error 1 make[1]: *** [drivers/base] Error 2 make: *** [drivers] Error 2
