| Summary: | app-emulation/virtualbox-4.{1.22,2.6}-r1 on sys-kernel/hardened-sources - Can't start virtual machines. - dmesg BUG: unable to handle kernel paging request | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | bsod |
| Component: | [OLD] Core system | Assignee: | The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled> |
| Status: | RESOLVED CANTFIX | ||
| Severity: | normal | CC: | hardened, kernel, pageexec, proxy-maint, spender |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
I'm alerting upstream. Was this working on an earlier version of hardened-sources and then broke? the short story is that virtualbox is not compatible with PaX and it's unlikely to change anytime soon. this particular problem is due to some vbox kernel code trying to access userland memory without going through the normal linux accessors (that PaX instruments when UDEREF or KERNEXEC are enabled). Its starting to sound like virtualbox is a lost cause on hardened. |
Virtual machines will not start and produce Fehlercode: VBOX_E_VM_ERROR (0x80BB0003) Komponente: Machine Interface: IMachine {22781af3-1c96-4126-9edf-67a020e0e858} and Fehlercode:NS_ERROR_UNEXPECTED (0x8000FFFF) Komponente:Session Interface:ISession {12f4dcdb-12b2-4ec1-b7cd-ddd9f6c5bf4d} in dmesg I can see: PAX: please report this to pageexec@freemail.hu BUG: unable to handle kernel paging request at 00000371c3ab5798 IP: [<ffffffffa09ee9b2>] 0xffffffffa09ee9b1 PGD 6c9a3000 Thread overran stack, or stack corrupted Oops: 0000 [#4] SMP Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) ipv6 acpi_cpufreq mperf snd_hda_codec_hdmi processor snd_hda_intel snd_hda_codec snd_hwdep freq_table snd_pcm snd_page_alloc thermal_sys kvm_amd kvm i2c_piix4 i2c_core rtc_cmos r8169 mii snd_timer snd pcspkr button xts gf128mul aes_x86_64 cbc libiscsi scsi_transport_iscsi fuse xfs exportfs nfs lockd sunrpc jfs reiserfs multipath linear raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 dm_snapshot dm_crypt dm_mirror dm_region_hash dm_log dm_mod hid_monterey hid_microsoft hid_logitech hid_ezkey hid_cypress hid_chicony hid_cherry hid_belkin hid_apple hid_a4tech sl811_hcd usbhid xhci_hcd ohci_hcd uhci_hcd usb_storage ehci_hcd usbcore usb_common aic94xx libsas lpfc qla2xxx megaraid_sas megaraid_mbox megaraid_mm megaraid aacraid sx8 DAC960 cciss 3w_9xxx 3w_xxxx mptsas scsi_transport_sas mptfc scsi_transport_fc scsi_tgt mptspi mptscsih mptbase atp870u dc395x qla1280 imm parport dmx3191d sym53c8xx gdth advansys initio BusLogic arcmsr aic7xxx aic79xx scsi_transport_spi sg pdc_adma sata_inic162x sata_mv ata_piix ahci libahci sata_qstor sata_vsc sata_uli sata_sis sata_sx4 sata_nv sata_via sata_svw sata_sil sata_promise pata_sl82c105 pata_cs5530 pata_cs5520 pata_via pata_jmicron pata_marvell pata_sis pata_netcell pata_sc1200 pata_pdc202xx_old pata_triflex pata_atiixp pata_opti pata_amd pata_ali pata_it8213 pata_pcmcia pcmcia pcmcia_core pata_ns87415 pata_ns87410 pata_serverworks pata_artop pata_it821x pata_optidma pata_hpt3x2n pata_hpt3x3 pata_hpt37x pata_hpt366 pata_cmd64x pata_efar pata_rz1000 pata_sil680 pata_radisys pata_pdc2027x pata_mpiix libata [last unloaded: vboxdrv] CPU 1 Pid: 2561, comm: EMT Tainted: G D O 3.7.6-hardened #1 Gigabyte Technology Co., Ltd. GA-A75N-USB3/GA-A75N-USB3 RIP: 0010:[<ffffffffa09ee9b2>] [<ffffffffa09ee9b2>] 0xffffffffa09ee9b1 RSP: 0018:ffff8800773c9c68 EFLAGS: 00010246 RAX: 0000000000000001 RBX: ffffc90010223000 RCX: ffffffffffffffff RDX: 0000000000000001 RSI: ffffc9001023e000 RDI: 00000371c3ab5790 RBP: ffff8800773c9ca8 R08: 0000000000000001 R09: 0000000000000004 R10: 00000000ffffffe7 R11: 0000000000000246 R12: 0000000000000000 R13: ffffc9001022b9a0 R14: ffff8800a02d7810 R15: 000000000000000b FS: 00000371e0b20700(0000) GS:ffff88010ec40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000371c3ab5798 CR3: 00000000014a7000 CR4: 00000000000007f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process EMT (pid: 2561, threadinfo ffff880069f29c98, task ffff880069f29880) Stack: ffffffffffff4111 ffffc9001023e000 ffffffffffff4111 00000000ffff4111 ffffffffffff4111 ffffc9001023e000 ffffc90010223000 ffff8800773c9ccc ffff8800773c9d08 ffffffffa09b782b ffffffffffff4111 ffffffffffff4111 Call Trace: [<ffffffffa0cee21f>] ? supdrvIOCtlFast+0xcf/0x110 [vboxdrv] [<ffffffffa0cea3b3>] ? SUPR0Printf+0xe3/0x5b0 [vboxdrv] [<ffffffff81220969>] ? avc_has_perm_flags+0x49/0x130 [<ffffffff8112c436>] ? do_vfs_ioctl+0xb6/0x830 [<ffffffff812284d7>] ? file_has_perm+0xa7/0xb0 [<ffffffff81228b08>] ? selinux_file_ioctl+0x68/0x130 [<ffffffff8112cc51>] ? sys_ioctl+0xa1/0xc0 [<ffffffff8149ac63>] ? system_call_fastpath+0x18/0x1d Code: ff 85 c0 48 8b 75 c8 0f 88 ae fe ff ff 31 c0 86 83 3c 89 00 00 48 8b bb 68 89 00 00 41 b9 04 00 00 00 45 31 e4 41 b8 01 00 00 00 <8b> 47 08 85 c0 74 2f 48 98 48 01 f8 74 28 8b 50 44 44 39 e2 76 RIP [<ffffffffa09ee9b2>] 0xffffffffa09ee9b1 RSP <ffff8800773c9c68> CR2: 00000371c3ab5798 I can reproduce this with two machines both similar configurations with hardened-sources-3.7.6 with selinux support but disabled/permissive and enabled pax. Reproducible: Always Steps to Reproduce: 1.VirtualBox 2.start a virtual machine Actual Results: crashes with the above message Expected Results: starting the virtual machine Emerge Info from one system Portage 2.1.11.50 (hardened/linux/amd64/selinux, gcc-4.6.3, glibc-2.15-r3, 3.7.6-hardened x86_64) ================================================================= System uname: Linux-3.7.6-hardened-x86_64-AMD_A4-3300_APU_with_Radeon-tm-_HD_Graphics-with-gentoo-2.1 KiB Mem: 3515788 total, 808108 free KiB Swap: 16383996 total, 16383996 free Timestamp of tree: Fri, 15 Feb 2013 13:45:01 +0000 ld GNU ld (GNU Binutils) 2.22 distcc 3.1 x86_64-pc-linux-gnu [enabled] app-shells/bash: 4.2_p37 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/cmake: 2.8.9 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo luman lua gnustep sunrise x-dragon ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=amdfam10 -mcx16 -mpopcnt -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/redmine/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /var/lib/redmine/config/locales /var/lib/redmine/config/settings.yml" CXXFLAGS="-O2 -march=amdfam10 -mcx16 -mpopcnt -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo" LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j13" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/luman /var/lib/layman/lua /var/lib/layman/gnustep /var/lib/layman/sunrise /var/lib/layman/dragon" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X amd64 berkdb bindist bzip2 cli cracklib crypt cxx dbus dri gdbm gnutls gpm hardened iconv ipv6 justify ldap ldapdb memcached mmx mmxext modules mudflap multilib mysql ncurses nls nptl open_perms openldap openmp pam pax_kernel pcre readline selinux session sse sse2 sse3 sse4a ssl tcpd unicode urandom zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_http proxy_balancer header" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON The other configuration Portage 2.1.11.50 (hardened/linux/amd64/selinux, gcc-4.6.3, glibc-2.15-r3, 3.7.6-hardened x86_64) ================================================================= System uname: Linux-3.7.6-hardened-x86_64-AMD_Phenom-tm-_9950_Quad-Core_Processor-with-gentoo-2.1 KiB Mem: 8174840 total, 194944 free KiB Swap: 16777212 total, 16777112 free Timestamp of tree: Wed, 13 Feb 2013 10:15:01 +0000 ld GNU ld (GNU Binutils) 2.22 distcc 3.1 x86_64-pc-linux-gnu [enabled] app-shells/bash: 4.2_p37 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/cmake: 2.8.9 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo seden x-dragon lua flora ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=amdfam10 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=amdfam10 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://de-mirror.org/gentoo/ http://gentoo.mneisen.org/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://ftp.halifax.rwth-aachen.de/gentoo/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp6.uni-muenster.de/pub/linux/distributions/gentoo http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://lug.mtu.edu/gentoo/" LANG="de_DE.UTF8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j13" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/seden /var/lib/layman/dragon /var/lib/layman/lua /var/lib/layman/flora" SYNC="rsync://rsync8.de.gentoo.org/gentoo-portage" USE="X acpi alsa amd64 apng avahi bash-completion berkdb bluetooth bluray bzip2 cairo cli consolekit cracklib crypt cups cxx dbus dhcpcd dri dvd dvdr emacs embedded gdbm gif gpm gudev hardened hibernate hwdb iconv ipv6 jpeg justify kde mmx mng modules mp3 mpi mplayer mudflap multilib ncurses networkmanager nls nptl ntfs nvidia ogg open_perms opengl openmp pam pax_kernel pcre png policykit python qt3support qt4 readline selinux session sleep smpeg sse sse2 ssl symlink tcpd udev unicode urandom vorbis webkit xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en en_US" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON I build virtualbox with FEATURES="-distcc" because with distcc the build failed for me. Would like to add more info when requested!