Summary: | grsec causing pagetable corruption | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Boney McCracker <brendlerjg> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | http://forums.grsecurity.net/viewtopic.php?f=3&t=2285 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
kernel log showing pagetable corruption
grsec log for the same time period as kernel log |
Description
Boney McCracker
2010-05-22 00:31:03 UTC
Created attachment 232423 [details]
kernel log showing pagetable corruption
Created attachment 232425 [details]
grsec log for the same time period as kernel log
Here is an example of what is occurring during some emerges: >>> Emerging (4 of 196) sys-apps/chpax-0.7 . <lines skipped> . * CPV: sys-apps/chpax-0.7 * REPO: gentoo * USE: elibc_glibc kernel_linux userland_GNU x86 >>> Unpacking source... >>> Unpacking chpax-0.7.tar.gz to /var/tmp/portage/sys-apps/chpax-0.7/work >>> Source unpacked in /var/tmp/portage/sys-apps/chpax-0.7/work >>> Compiling source in /var/tmp/portage/sys-apps/chpax-0.7/work/chpax-0.7 ... make -j2 CC=i686-pc-linux-gnu-gcc i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o chpax.o chpax.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o io.o io.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o elf32.o elf32.c i686-pc-linux-gnu-gcc -O2 -march=pentium3 -pipe -fomit-frame-pointer -Wall -W -g3 -c -o elf64.o elf64.c 2010 May 21 20:18:25 tempest [ 1456.714807] as: Corrupted page table at address 84efa9a0 2010 May 21 20:18:25 tempest [ 1456.715007] Bad pagetable: 000d [#1] 2010 May 21 20:18:25 tempest [ 1456.715007] last sysfs file: /sys/devices/virtual/misc/microcode/uevent 2010 May 21 20:18:25 tempest [ 1456.715007] Process as (pid: 6458, ti=d66e8000 task=d6597b00 task.ti=d66e8000) 2010 May 21 20:18:25 tempest [ 1456.715007] EIP: [<24efa9a0>] SS:ESP 007b:5fe3e230 i686-pc-linux-gnu-gcc: Internal error: Killed (program as) Please submit a full bug report. See <http://bugs.gentoo.org/> for instructions. make: *** [elf32.o] Error 1 make: *** Waiting for unfinished jobs.... * ERROR: sys-apps/chpax-0.7 failed: * Parallel Make Failed * * Call stack: * ebuild.sh, line 54: Called src_compile * environment, line 2570: Called die * The specific snippet of code: * emake CC="$(tc-getCC)" || die "Parallel Make Failed" * * If you need support, post the output of 'emerge --info =sys-apps/chpax-0.7', * the complete build log and the output of 'emerge -pqv =sys-apps/chpax-0.7'. * The complete build log is located at '/var/log/portage/sys-apps:chpax-0.7:20100522-001801.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-apps/chpax-0.7/temp/environment'. * S: '/var/tmp/portage/sys-apps/chpax-0.7/work/chpax-0.7' I think I may have isolated what triggered this. Yesterday, I enabled PAE in my kernel config. I hadn't activated it prior because I have < 4 GiB RAM. However, it occurred to me that using the actual NX bit might be beneficial (as opposed to relying purely on PaX). /proc/cpuinfo says the cpu (a fairly early Pentium IV, I believe) supports pae. typhoon ~ # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 0 model name : Intel(R) Pentium(R) 4 CPU 1300MHz stepping : 10 cpu MHz : 1295.969 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pebs bts bogomips : 2591.93 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 32 bits virtual Shouldn't I be able to enable PAE without problems? If so, am I then indeed encountering the bug I pointed out? I have disabled PAE in the meantime to work around this. Let me get this straight: PAE disabled and KERNEXEC enabled on cpu's lacking NX flag is okay, but PAE enabled leads to the pagetable corruption? I don't understand it. I included the link because it appeared to be the same problem I was encountering (in my case, apparently after enabling PAE). All I know for sure is the behavior I observed (per the attachments and the emerge output above). Can't even rebuild my kernel (fortunately I've still got the last two I built). CC drivers/ata/ata_piix.o LD drivers/ata/built-in.o CC drivers/base/core.o CC drivers/base/sys.o CC drivers/base/bus.o CC drivers/base/dd.o gcc: Internal error: Segmentation fault (program as) Please submit a full bug report. See <http://bugs.gentoo.org/> for instructions. make[2]: *** [drivers/base/dd.o] Error 1 make[1]: *** [drivers/base] Error 2 make: *** [drivers] Error 2 |