After upgrading from 2.6.7-hardened-r8 to 2.6.10-hardened-r3, copying .config over, making, installing, and rebooting, the new kernel begins to boot fine. However, after mounting my init ramdisk, it panics: RAMDISK: Compressed image found at block 0 VFS Mounted root (ext2 filesystem). Freeing unused kernel memory: 144k freed Kernel Panic: no init found. Try passing init= option to kernel Passing the asked-for option doesn't do anything. Even passing init=/bin/bash doesn't work. That test DOES work on 2.6.7-hardened-r8, however. Reproducible: Always Steps to Reproduce: 1. Produce a system that boots via an initrd.gz. 2. Boot with 2.6.7-hardened-r8. 3. Try booting with 2.6.10-hardened-r3 Actual Results: A kernel panic. Expected Results: Boot! It should have run /sbin/init, a bash script. I'm booting with grub: default 1 timeout 30 root (hd0,0) #splashimage=(hd2,0)/grub/splash.xpm.gz #OS 0 title=New Stuff kernel /kernel-2.6.8-gentoo-r6 root=/dev/ram0 hdc=cdrom initrd /initrd.gz #OS 1 title=Hardened kernel /kernel-hardened root=/dev/ram0 hdc=cdrom initrd /initrd.gz #OS 2 title=2.6.10-hardened-r3 kernel /kernel-2.6.10-hardened-r3 root=/dev/ram0 hdc=cdrom initrd /initrd.gz The two kernels' config and boot parameters are exactly the same. I cannot figure out what has changed that breaks the initrd. # emerge info Portage 2.0.51-r14 (default-linux/x86/2004.3, gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.7-hardened-r8 i686) ================================================================= System uname: 2.6.7-hardened-r8 i686 Intel(R) Pentium(R) 4 CPU 2.53GHz Gentoo Base System version 1.6.8 Python: dev-lang/python-2.1.3-r1,dev-lang/python-2.3.4 [2.3.4 (#1, Oct 3 2004, 02:14:47)] ccache version 2.3 [enabled] dev-lang/python: 2.1.3-r1, 2.3.4 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r3 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4 -falign-functions=4 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -falign-functions=4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig candy ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/Linux/distributions/gentoo/ ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo ftp://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://gentoo.ccccom.com http://mirrors.tds.net/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X Xaw3d a52 aac aalib alsa apache2 apm audiofile avi berkdb bitmap-fonts cdr crypt cups directfb dvd dvdr dvdread emacs encode esd f77 faac faad fam flac font-server foomaticdb fortran ftp gd gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hardenedphp imagemagick imlib java javascript jbig jce jpeg junit kde lcms leim lesstif libcaca libg++ libwww live lzo lzw lzw-tiff mad matroska mbox mikmod mmap mmx mmx2 motif mozilla mpeg mpeg2 mpeg4 mplayer mysql ncurses nls nntp nptl offensive ogg oggvorbis opengl oss pam pdflib perl pic png python qt quicktime readline real rtc sdl slang sndfile speex spell sqlite sse sse2 ssl svga tcltk tcpd theora threads tiff truetype truetype-fonts type1-fonts unicode userlocales utf8 vorbis xinerama xml xml2 xmms xprint xv xvid xvmc zlib" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS, PORTDIR_OVERLAY 'ls -l' in /lib dir of ramdisk: -rwxr-xr-x 1 root root 79912 Sep 27 12:12 ld-2.3.3.so* lrwxr-xr-x 1 root root 11 Sep 27 12:09 ld-linux.so.2 -> ld-2.3.3.so* -rwxr-xr-x 1 root root 27236 Sep 22 20:58 libacl.so.1* -rwxr-xr-x 1 root root 11944 Sep 22 21:00 libattr.so.1* -rwxr-xr-x 1 root root 1181560 Sep 22 20:58 libc.so.6* -rwxr-xr-x 1 root root 19308 Sep 22 20:56 libcrypt-2.3.3.so* lrwxr-xr-x 1 root root 17 Sep 27 12:09 libcrypt.so.1 -> libcrypt-2.3.3.so* -r-xr-xr-x 1 root root 21352 Sep 22 20:58 libdevmapper.so.1.00* -rwxr-xr-x 1 root root 10964 Sep 22 20:58 libdl-2.3.3.so* lrwxr-xr-x 1 root root 14 Sep 27 12:11 libdl.so.2 -> libdl-2.3.3.so* -rwxr-xr-x 1 root root 154632 Sep 28 11:31 libm.so.6* lrwxr-xr-x 1 root root 17 Sep 27 12:11 libncurses.so.5 -> libncurses.so.5.4* -rwxr-xr-x 1 root root 270480 Sep 22 20:58 libncurses.so.5.4* lrwxr-xr-x 1 root root 15 Sep 27 12:11 libnsl.so.1 -> libnsl-2.3.3.so -rwxr-xr-x 1 root root 66348 Sep 22 20:59 libpthread.so.0* -rwxr-xr-x 1 root root 33896 Sep 22 20:58 librt.so.1*
Can you attach your .config please.
Created attachment 49631 [details] .config from 2.6.10-r3 I should have attached it in the first place.
When you copied your .config from your 2.6.7 did you remember to run make oldconfig in your /usr/src/linux directory before building? Also is it possible for you to test that same config with a vanilla 2.6.10 kernel?
Make oldconfig? I've never heard of that before. I'll give that a shot as well as using the vanilla sources. Give me a day =)
Okay, 2.6.10-gentoo-r6 is working fine. I ran 'make oldconfig' in .10-hardened-r3 but it still didn't boot. Then I copied that .config into .10-gentoo-r6 and ran 'make oldconfig' again. It looks like an issue with the latest hardened kernel. Maybe it's some grsec configuration.
Can you please attach those two configs so I can check the differences between them?
Created attachment 49900 [details] 2.6.10-gentoo-r6 config
Created attachment 49901 [details] 'make oldconfig' version of 2.6.10-hardened-r3 config
Created attachment 58027 [details, diff] Diff between the user's gentoo-sources .config and the one of hardened-dev-sources Quite a bit things changed, some of them are critical. Disable grsecurity and the like and try again, if it still hits panic(), then file a bug regarding broken grsecurity support in the ebuild at issue, but please, be sure it concerns grsecurity and you haven't done something "strange" with your config. Better if you test directly the 2.6.11 ebuilds: http://packages.gentoo.org/ebuilds/?hardened-dev-sources-2.6.11-r1 Cheers, Lorenzo.
2.6.11-hardened-r1 works well; no panics even with PaX and grsecurity. Thank you for nudging me after so long.
