Bug 271871

Created attachment 192977 [details]
My .config (working version, set CONFIG_PAX_KERNEXEC=y to reproduce the bug).

Comment 2 Gordon Malm (RETIRED) 2009-05-30 19:42:59 UTC

Please post your emerge --info and attach the output of the BUG please (with GRKERNSEC_HIDESYM disabled). This may be fixed already.  Can you try the latest PaX test patch[1] against vanilla 2.6.29.4?

[1] http://www.grsecurity.net/~paxguy1/pax-linux-2.6.29.4-test26.patch

Created attachment 193007 [details]
emerge --info

Don't know how to save the BUG (or panic?):
The system hangs completely before root is mounted r/w and before login is possible.

On the screen, I only see the last few lines of a (numeric, hence useless)
stack backtrace. The important information has already scrolled off the screen,
scrollback doesn't work.

I tried in slow motion earlier today (with a printk delay), and it said
something like "Unable to handle kernel paging request".

I will try the kernel you proposed tomorrow (it is already late night here).

pax-linux-2.6.29.4-test27 works fine with CONFIG_PAX_KERNEXEC.

As the problem is fixed upstream for some time now:
Any hope for fixed hardened-sources any time soon?

Klaus, rest assured that a new version is imminent (I'm proxying some of the work that's going into it). I'm just as keen to see a new release as you are but I want to ensure that it is a strong one! I'm estimating that my work will continue for 2-3 more days before I consider it ready for submission to Gordon. In the meantime, please accept our apologies for the release lag on this occasion.

Comment 8 Wolfram Schlich (RETIRED) 2009-10-19 16:26:12 UTC

Kerin, any news on this one?

Well, I do have a patchset for 2.6.29; it contains a range of backported fixes as far as 2.6.30.5 and was used in production by myself up until quite recently. Essentially, I went as far as I felt I could possibly go in terms of making a release-worthy patchset. Obviously, I am in no position to push this to the tree myself so I leave it in the hands of anyone who wishes to do so (indeed, several people involved in the project have already been kept abreast of the revisions that I made up until this point). I won't be doing any further work on it as it takes a disproportionate amount of time and energy and sufficient time has elapsed now to render this work virtually obsolete. hardened-sources is currently stagnating, save for the recent work carried out by Anarchy which is currently sitting in an overlay.

At such time as this stagnation ends, I would envisage that 2.6.31 - or any recent release - is targetted for stabilisation. After all, even the grsecurity people are quick to focus their attention on new kernel.org releases. Doing this kind of work seems like a losing battle and is ultimately pointless if we have a problem getting releases out the door. I've already rebased my kernels on Anarchy's recent work and reverted to the strategy of minimal maintenance.

I also have an updated patchset for 2.6.28 which resolves a large number of hardened-kernel assigned bugs which pertain to that branch. I believe gengor has a copy and anyone else is very much welcome to it, although it should be noted that I have not heavily tested it (in particular, someone would need to make sure that CIFS support is A-OK).

After a long period of "testing" grsecurity releases only,
the grsecurity team has released a "stable" grsecurity release for 2.6.31.6.

Time for a new hardened-sources release?

Comment 11 Anthony Basile 2010-07-08 10:20:57 UTC

(In reply to comment #10)
> 
> Time for a new hardened-sources release?
> 

Yes, it is.  2.6.32-r9 is the latest stable on amd64.  Can you test it and see if this is still an issue.

I don't use hardened-sources any longer.
I'm building my own for some months now from vanilla-sources and the grsec patch.