Hello all, first of all, sorry if this bug report is really a stub or duplicate, but I didn't have much time to report (lots of work) but thought that someone else might want to know this here: We recently upgraded our hardened-sources kernels to 2.6.23-r7 (to fix the root exploit problem). Before the upgrade, we were running 2.6.16-r7 with grsecurity set to "High". After the upgrade, one of the machines didn't boot anymore, the display showed /sbin/init segfaulting again and again. After some research, I disabled the VDSO_COMPAT option (which was enabled there for some reason), the system booted up fine. Reproducible: Always Steps to Reproduce: 1. Compile hardened-sources-2.6.23-r7 with VDSO_COMPAT enabled and grsecurity on "High" 2. Reboot Actual Results: /sbin/init getting SIGSEGV until you hardreset Expected Results: Normal bootup Portage 2.1.3.19 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, 2.6.23-hardened-r7 i686) ================================================================= System uname: 2.6.23-hardened-r7 i686 AMD Athlon(TM) XP 1500+ Timestamp of tree: Wed, 13 Feb 2008 22:46:01 +0000 app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.6-r3, 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=i686 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=i686 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://bugfix.cs.uni-sb.de/gentoo-portage" USE="apache2 apm avi bash-completion bzip2 chroot cracklib crypt dba expat fortran gd gdbm gif hardened idn iproute2 ipv6 ipv6arpa jpeg logrotate logwatch memlimit midi mmx mmxext mysql ncurses nptl nptlonly pam pcre pdflib perl php pic posix python readline session simplexml slang soap sockets sse ssl suhosin truetype truetype-fonts type1-fonts udev unicode urandom vhosts x86 xml xml2 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access auth auth_basic auth_dbm auth_anon auth_digest authz_host authn_alias authn_anon authn_default authz_default authz_groupfile authz_owner authz_user alias authn_file file-cache echo charset-lite cache disk-cache mem-cache filter ext-filter case_filter case-filter-in deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir unique_id so" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Indeeed, VDSO_COMPAT is a problem. It's disabled in the defconfig in 2.6.23-r7 but that doesn't help those who import prior .config files where the option is enabled. Given the amount of problems it causes, and now in light of this bug, I think there's a good case for disabling it on a mandatory basis. Cross-referencing this bug to the -r8 tracker.
Created attachment 143516 [details, diff] disable-compat_vdso-kconfig.patch
Isn't the proper name: COMPAT_VDSO ?
(In reply to comment #3) > Isn't the proper name: COMPAT_VDSO ? > You are right, the kernel option is CONFIG_COMPAT_VDSO, my fault (I have lots of kernel updates to do atm ;))
Created attachment 143517 [details, diff] disable-compat_vdso-kconfig.patch Accidentally chopped out the bool type before.
COMPAT_VDSO is now forcibly disabled as of 2.6.23-r8.