599432 – sys-kernel/hardened-sources-4.8.6 - Resume from suspend causes kernel panic

Bug 599432 - sys-kernel/hardened-sources-4.8.6 - Resume from suspend causes kernel panic

Summary: sys-kernel/hardened-sources-4.8.6 - Resume from suspend causes kernel panic

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal critical (vote)
Assignee:	Anthony Basile

URL:	https://bugs.archlinux.org/task/51767
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-11-10 23:59 UTC by anoteros
Modified:	2016-11-12 02:10 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description anoteros 2016-11-10 23:59:00 UTC

Resuming from suspend on 4.8.6-hardened causes a kernel panic (every time). This is due to a recent change in grsecurity. The bug was caught (see archlinux bug tracker link), and the grsecurity team pushed a fix, which the changelog mentions fixes this issue. (see https://grsecurity.net/changelog-test.txt). This package is most likely built against an older version of the grsecurity patches.

(Looking at the ebuild and the archive it sources from http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/, it seems to already include the newest patch. Something else must be interfering.)

Reproducible: Always

Steps to Reproduce:
1. Suspend to RAM (pm-suspend)
2. Attempt to resume from suspend

Actual Results:  
Kernel panic hard crash (no logs)

Expected Results:  
Resume from suspend

Comment 1 anoteros 2016-11-11 01:41:53 UTC

I did some testing and recompiled by changing arch/x86/kernel/setup.c such that the boot_cpu_data __read_only attribute is changed back to a __read_mostly (as it was in previous versions). After making this change and recompiling, all is working as expected. 

This is a potential fix for the maintainer and could help to diagnose which patches are breaking resume from suspend.

Comment 2 Anthony Basile gentoo-dev

2016-11-11 19:11:32 UTC

(In reply to anoteros from comment #1)
> I did some testing and recompiled by changing arch/x86/kernel/setup.c such
> that the boot_cpu_data __read_only attribute is changed back to a
> __read_mostly (as it was in previous versions). After making this change and
> recompiling, all is working as expected. 
> 
> This is a potential fix for the maintainer and could help to diagnose which
> patches are breaking resume from suspend.

Okay I've made upstream aware of this.

To be clear, sys-kernel/hardened-sources-4.8.6 does use grsecurity-3.1-4.8.6-201611091800

Comment 3 PaX Team 2016-11-11 22:12:29 UTC

(In reply to Anthony Basile from comment #2)
> To be clear, sys-kernel/hardened-sources-4.8.6 does use
> grsecurity-3.1-4.8.6-201611091800

grsecurity-3.1-4.8.7-201611102210 has the remaining fixes for the resume problem.

Comment 4 Anthony Basile gentoo-dev

2016-11-12 00:24:56 UTC

(In reply to PaX Team from comment #3)
> (In reply to Anthony Basile from comment #2)
> > To be clear, sys-kernel/hardened-sources-4.8.6 does use
> > grsecurity-3.1-4.8.6-201611091800
> 
> grsecurity-3.1-4.8.7-201611102210 has the remaining fixes for the resume
> problem.

i've pushed out =sys-kernel/hardened-sources-4.8.7 which has that patch.

Comment 5 anoteros 2016-11-12 02:10:14 UTC

(In reply to Anthony Basile from comment #4)
> i've pushed out =sys-kernel/hardened-sources-4.8.7 which has that patch.

I just tested with sys-kernel/hardened-sources-4.8.7 and all is back to the way it should be. Thanks for your help!