Bug 402427

Summary:	app-emulation/virtualbox-4.1.8: fails with kernel linux-3.2.2-hardened-r1 and above
Product:	Gentoo Linux	Reporter:	Gabriel <gabriel>
Component:	Current packages	Assignee:	Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	hardened, lubomir.krajcovic, pageexec, patrick, proxy-maint, spender, swapon
Priority:	Normal
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Kernel crashes logs log for failing vanilla 64-bit gentoo on hardened host hardened kernel config under which the problem occurs kernel config for hardened-sources-3.2.11 kernel crash log

Description Gabriel 2012-02-06 17:52:11 UTC

I have recently upgraded my hardened kernel to the last stable in gentoo, unfortunately app-emulation/virtualbox-modules-4.1.4 is not able to compile with this new kernel (see Bug 400871) so I had to use the non-stable version app-emulation/virtualbox-*-4.1.8.
However even though the new version is compiling and installing fine, it is also generating a kernel Oops when launching a VM.

To summarize, this configuration crashes:
linux-3.2.2-hardened-r1
app-emulation/virtualbox-4.1.8                                                                                                             
app-emulation/virtualbox-additions-4.1.8                                                                                                   
app-emulation/virtualbox-extpack-oracle-4.1.8                                                                                              
app-emulation/virtualbox-modules-4.1.8

Ironically this configuration runs fine:
3.1.5-hardened
app-emulation/virtualbox-4.1.4 (note the use of the old modules)
app-emulation/virtualbox-additions-4.1.8
app-emulation/virtualbox-extpack-oracle-4.1.8
app-emulation/virtualbox-modules-4.1.8

So I am back using the previous stable kernel.

I have tried to play wit the suid permissions as I saw some issues in the past on this, but still the same results.
I also launched VirtualBox with sudo, still the same crash.

It should be noted that the crash log is exactly the same in all cases.


Reproducible: Always




emerge --info


Portage 2.1.10.44 (hardened/linux/amd64, gcc-4.5.3, glibc-2.13-r4, 3.1.5-hardened x86_64)
=================================================================
System uname: Linux-3.1.5-hardened-x86_64-Intel-R-_Core-TM-_i7_CPU_Q_840_@_1.87GHz-with-gentoo-2.0.3
Timestamp of tree: Sat, 04 Feb 2012 18:30:01 +0000
app-shells/bash:          4.1_p9
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.2-r3, 3.1.4-r3
dev-util/cmake:           2.8.6-r4
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.9.8.4
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:       2.21.1-r1
sys-devel/gcc:            4.5.3-r1
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc:           2.13-r4
Repositories: gentoo
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=core2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /usr/share/themes/oxygen-gtk/gtk-2.0 /var/spool/torque"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=core2"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
LANG="en_GB.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en gb en_GB fr"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
USE="X acl alsa amd64 bash-completion berkdb bzip2 cairo caps cleartype cli consolekit cracklib crypt ctypes-python curl cxx dbus device-mapper djvu dmraid doc dri dvb dvd ewf fam fontconfig gdbm gif gmp gnutls gpm gtk hal handbook hardened iconv icu idn ipv6 jadetex java jbig jbig2 jpeg jpeg2k justify kde laptop lzma lzo midi mmx mng modules mp3 mpi mudflap multilib mysql ncurses networkmanager nls nptl nptlonly ogg openexr opengl openmp pam pax_kernel pcmcia pcre pkcs11 png policykit pppd private-headers pulseaudio qt3support qt4 readline rle ruby sdl semantic-desktop session spell sql sqlite sqlite3 sse sse2 sse3 ssl ssse3 subversion svg sysfs system-sqlite tcpd threads tiff tk trace truetype udev unicode urandom v4l vim-syntax vorbis webkit xcb xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev mouse keyboard synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en gb en_GB fr" PHP_TARGETS="php5-3" QEMU_USER_TARGETS="arm armeb i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Gabriel 2012-02-06 17:55:03 UTC

Created attachment 301047 [details]
Kernel crashes logs

Comment 2 Gabriel 2012-02-06 17:58:36 UTC

Apparently I cannot change my comment, so just to be clear, this is the configuration that works fine:

3.1.5-hardened
app-emulation/virtualbox-4.1.8 
app-emulation/virtualbox-additions-4.1.8
app-emulation/virtualbox-extpack-oracle-4.1.8
app-emulation/virtualbox-modules-4.1.4 (note the use of the old modules)

Comment 3 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2012-02-07 05:51:11 UTC

@ hardened team. Can you look into this, please?

Comment 4 Anthony Basile gentoo-dev

2012-02-28 11:39:47 UTC

(In reply to comment #3)
> @ hardened team. Can you look into this, please?

I can confirm this.  Specifically I looked at virtualbox-4.1.8 (modules and all) and hardened-sources-3.2.7 = grsecurity-2.9-3.2.7-201202251203.

When I try to start vbox I get the following pop-up warning:

<quote>
A critical error has occurred while running the virtual machine and the machine execution has been stopped.
For help, please see the Community section on http://www.virtualbox.org or your support contract. Please provide the contents of the log file VBox.log and the image file VBox.png, which you can find in the /home/blueness/.VirtualBox/Machines/soft64/Logs directory, as well as a description of what you were doing when this error happened. Note that you can also access the above files by selecting Show Log from the Machine menu of the main VirtualBox window.
Press OK if you want to power off the machine or press Ignore if you want to leave it as is for debugging. Please note that debugging requires special knowledge and tools, so it is recommended to press OK now.
</quote>

One can then kill the machine or ignore, in which case the vm goes suspended (what they call "guru meditation").  The log ends with

<log>
00:02:38.993 VMSetError: /var/tmp/portage/app-emulation/virtualbox-4.1.8-r1/work/VirtualBox-4.1.8_OSE/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_VMM_SET_JMP_ABORTED_RESUME
00:02:38.993 VMSetError: Failed to reserve physical memory (0x1004 -> 0x1000; VMMDev Heap)
00:02:38.994 VMSetError: /var/tmp/portage/app-emulation/virtualbox-4.1.8-r1/work/VirtualBox-4.1.8_OSE/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_VMM_SET_JMP_ABORTED_RESUME
00:02:38.994 VMSetError: Failed to reserve physical memory (0x1004 -> 0xc04; VMMDev)
00:02:38.996 VMSetError: /var/tmp/portage/app-emulation/virtualbox-4.1.8-r1/work/VirtualBox-4.1.8_OSE/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_VMM_SET_JMP_ABORTED_RESUME
00:02:38.996 VMSetError: Failed to reserve physical memory (0x1004 -> 0x404; VRam)
00:02:39.031 AssertLogRel /var/tmp/portage/app-emulation/virtualbox-4.1.8-r1/work/VirtualBox-4.1.8_OSE/src/VBox/VMM/VMMR3/VMM.cpp(1969) int VMMR3CallR0(VM*, uint32_t, uint64_t, SUPVMMR0REQHDR*): rc == VINF_SUCCESS || RT_FAILURE(rc)
00:02:39.031 uOperation=29 rc=VINF_PGM_SYNC_CR3
</log>


I'll attach a full copy of the log for comparison.  Note: I do not get any kernel messages.

Comment 5 Anthony Basile gentoo-dev

2012-02-28 11:42:35 UTC

Created attachment 303583 [details]
log for failing vanilla 64-bit gentoo on hardened host

Comment 6 PaX Team 2012-02-28 18:03:24 UTC

what's the host kernel .config? in particular, is any of UDEREF/KERNEXEC enabled?

Comment 7 Anthony Basile gentoo-dev

2012-02-28 22:06:34 UTC

Created attachment 303641 [details]
hardened kernel config under which the problem occurs

Pipacs, note that this is our VIRTUALIZATION option which masks out UDEREF and KERNEXEC so that it doesn't even show up in the config file.

Comment 8 Lubomir Krajcovic 2012-03-06 11:15:25 UTC

I'm confirming exactly the same problem with hardened kernels in .32 stable series. I've tested hardened-sources-2.6.32-r90 & -r92. -r77 works. Virtualbox 4.1.8 and whole environment except kernel) remains the same. 

emerge --info: http://pastebin.com/dVppY0tw
used kernel config for -r90 (obtained from -r77 with make oldconfig): http://pastebin.com/DeGJsGa8

Comment 9 Lubomir Krajcovic 2012-03-06 12:22:23 UTC

Just tested newest hardened-sources-2.6.32-r93 (based on 2.6.32.57 + genpatches-2.6.32-48 + grsecurity-2.9-2.6.32.57-201203022148), problem remains. Virtualbox log: http://pastebin.com/naZp8EST

Comment 10 Gabriel 2012-04-28 11:42:19 UTC

Is there any update on this?

I have just tried with hardened-sources-3.2.11 and virtualbox-4.1.14* and still the same results.

It is still working with hardened-sources-3.1.5 though.

Comment 11 Gabriel 2012-04-28 11:43:00 UTC

Created attachment 310335 [details]
kernel config for hardened-sources-3.2.11

Comment 12 Gabriel 2012-04-28 11:43:28 UTC

Created attachment 310337 [details]
kernel crash log

Comment 13 Sergey Popov (RETIRED) gentoo-dev

2013-07-13 09:26:15 UTC

Currently, some kind of workaround like

pax-mark m "/usr/$(get_libdir)/virtualbox/VirtualBox"

may help for now. After that - it will not fail, so - works for me.