| 1 |
Hi! |
| 2 |
|
| 3 |
I've just converted my system from x86 to amd64 (Core i7), and one of |
| 4 |
things which become broken because of this is vmware. When I start any |
| 5 |
guest my host immediately reset, and after booting I didn't see anything |
| 6 |
in logs - neither in kernel nor in vmware's logs. |
| 7 |
|
| 8 |
I've experimented with different kernels, and here is what I found: |
| 9 |
|
| 10 |
- hardened-sources-3.2.2-r1 work ok on x86 |
| 11 |
- gentoo-sources-3.2.1-r2 work ok on amd64 |
| 12 |
- no one hardened-sources since 2.6.39-r8 work on amd64 (I didn't tried |
| 13 |
older versions) |
| 14 |
|
| 15 |
Disabling both GRSEC and PAX in hardened kernels doesn't solve this issue, |
| 16 |
so this bug probably in that part of hardened patches which is active even |
| 17 |
with disabled GRSEC and PAX config options. |
| 18 |
|
| 19 |
I can't try gentoo-sources and hardened-sources with exactly same |
| 20 |
vmware-modules, because of extra patches needed for vmware-modules to make |
| 21 |
it compatible with hardened, and these patches incompatible with non-hardened. |
| 22 |
So, gentoo-sources work ok with vmware-modules from main portage, while |
| 23 |
hardened-sources work on x86 and doesn't work on amd64 with vmware-modules |
| 24 |
patched using these 3 patches: |
| 25 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295017 |
| 26 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295019 |
| 27 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295021 |
| 28 |
|
| 29 |
I've also tried hardened-sources-3.2.1, both x86 and amd64 - vmware work |
| 30 |
on x86 and didn't work on amd64. I've tried to keep .config same, but |
| 31 |
there are a lot of differences anyway (I suppose they all should be |
| 32 |
related to 32/64-bit). |
| 33 |
|
| 34 |
So, here is diff between -gentoo and -hardened on amd64: |
| 35 |
|
| 36 |
--- /tmp/config-amd64-gentoo 2012-02-14 20:33:31.579285488 +0200 |
| 37 |
+++ /tmp/config-amd64-hardened 2012-02-14 20:33:40.383285603 +0200 |
| 38 |
@@ -179,6 +179,7 @@ |
| 39 |
CONFIG_X86_L1_CACHE_SHIFT=6 |
| 40 |
CONFIG_X86_XADD=y |
| 41 |
CONFIG_X86_WP_WORKS_OK=y |
| 42 |
+CONFIG_X86_ALIGNMENT_16=y |
| 43 |
CONFIG_X86_INTEL_USERCOPY=y |
| 44 |
CONFIG_X86_USE_PPRO_CHECKSUM=y |
| 45 |
CONFIG_X86_P6_NOP=y |
| 46 |
@@ -599,7 +600,6 @@ |
| 47 |
CONFIG_NTFS_FS=y |
| 48 |
CONFIG_PROC_FS=y |
| 49 |
CONFIG_PROC_SYSCTL=y |
| 50 |
-CONFIG_PROC_PAGE_MONITOR=y |
| 51 |
CONFIG_SYSFS=y |
| 52 |
CONFIG_TMPFS=y |
| 53 |
CONFIG_CONFIGFS_FS=y |
| 54 |
@@ -647,6 +647,7 @@ |
| 55 |
CONFIG_IO_DELAY_TYPE_NONE=3 |
| 56 |
CONFIG_IO_DELAY_0X80=y |
| 57 |
CONFIG_DEFAULT_IO_DELAY_TYPE=0 |
| 58 |
+CONFIG_TASK_SIZE_MAX_SHIFT=47 |
| 59 |
CONFIG_SECURITY_DMESG_RESTRICT=y |
| 60 |
CONFIG_SECURITY=y |
| 61 |
CONFIG_DEFAULT_SECURITY_DAC=y |
| 62 |
|
| 63 |
And here is diff between -hardened x86 and -hardened amd64: |
| 64 |
|
| 65 |
--- /tmp/config-x86 2012-02-14 20:31:08.183283609 +0200 |
| 66 |
+++ /tmp/config-amd64 2012-02-14 20:30:53.192283412 +0200 |
| 67 |
@@ -1,26 +1,31 @@ |
| 68 |
-CONFIG_X86_32=y |
| 69 |
+CONFIG_64BIT=y |
| 70 |
+CONFIG_X86_64=y |
| 71 |
CONFIG_X86=y |
| 72 |
CONFIG_INSTRUCTION_DECODER=y |
| 73 |
-CONFIG_OUTPUT_FORMAT="elf32-i386" |
| 74 |
-CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig" |
| 75 |
+CONFIG_OUTPUT_FORMAT="elf64-x86-64" |
| 76 |
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" |
| 77 |
CONFIG_GENERIC_CMOS_UPDATE=y |
| 78 |
CONFIG_CLOCKSOURCE_WATCHDOG=y |
| 79 |
CONFIG_GENERIC_CLOCKEVENTS=y |
| 80 |
+CONFIG_ARCH_CLOCKSOURCE_DATA=y |
| 81 |
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y |
| 82 |
CONFIG_LOCKDEP_SUPPORT=y |
| 83 |
CONFIG_STACKTRACE_SUPPORT=y |
| 84 |
CONFIG_HAVE_LATENCYTOP_SUPPORT=y |
| 85 |
CONFIG_MMU=y |
| 86 |
CONFIG_ZONE_DMA=y |
| 87 |
+CONFIG_NEED_DMA_MAP_STATE=y |
| 88 |
CONFIG_NEED_SG_DMA_LENGTH=y |
| 89 |
CONFIG_GENERIC_ISA_DMA=y |
| 90 |
CONFIG_GENERIC_IOMAP=y |
| 91 |
CONFIG_GENERIC_BUG=y |
| 92 |
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y |
| 93 |
CONFIG_GENERIC_HWEIGHT=y |
| 94 |
CONFIG_ARCH_MAY_HAVE_PC_FDC=y |
| 95 |
CONFIG_RWSEM_XCHGADD_ALGORITHM=y |
| 96 |
CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y |
| 97 |
CONFIG_GENERIC_CALIBRATE_DELAY=y |
| 98 |
+CONFIG_GENERIC_TIME_VSYSCALL=y |
| 99 |
CONFIG_ARCH_HAS_CPU_RELAX=y |
| 100 |
CONFIG_ARCH_HAS_DEFAULT_IDLE=y |
| 101 |
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y |
| 102 |
@@ -29,13 +34,14 @@ |
| 103 |
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y |
| 104 |
CONFIG_ARCH_HIBERNATION_POSSIBLE=y |
| 105 |
CONFIG_ARCH_SUSPEND_POSSIBLE=y |
| 106 |
+CONFIG_ZONE_DMA32=y |
| 107 |
CONFIG_ARCH_POPULATES_NODE_MAP=y |
| 108 |
+CONFIG_AUDIT_ARCH=y |
| 109 |
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y |
| 110 |
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y |
| 111 |
-CONFIG_X86_32_SMP=y |
| 112 |
+CONFIG_X86_64_SMP=y |
| 113 |
CONFIG_X86_HT=y |
| 114 |
-CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" |
| 115 |
-CONFIG_KTIME_SCALAR=y |
| 116 |
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" |
| 117 |
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" |
| 118 |
CONFIG_HAVE_IRQ_WORK=y |
| 119 |
CONFIG_IRQ_WORK=y |
| 120 |
@@ -131,7 +137,6 @@ |
| 121 |
CONFIG_HAVE_PERF_EVENTS_NMI=y |
| 122 |
CONFIG_HAVE_ARCH_JUMP_LABEL=y |
| 123 |
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y |
| 124 |
-CONFIG_HAVE_GENERIC_DMA_COHERENT=y |
| 125 |
CONFIG_SLABINFO=y |
| 126 |
CONFIG_RT_MUTEXES=y |
| 127 |
CONFIG_BASE_SMALL=0 |
| 128 |
@@ -140,9 +145,9 @@ |
| 129 |
CONFIG_MODULE_FORCE_UNLOAD=y |
| 130 |
CONFIG_STOP_MACHINE=y |
| 131 |
CONFIG_BLOCK=y |
| 132 |
-CONFIG_LBDAF=y |
| 133 |
CONFIG_BLK_DEV_BSG=y |
| 134 |
CONFIG_BLK_DEV_THROTTLING=y |
| 135 |
+CONFIG_BLOCK_COMPAT=y |
| 136 |
CONFIG_IOSCHED_NOOP=y |
| 137 |
CONFIG_IOSCHED_DEADLINE=y |
| 138 |
CONFIG_IOSCHED_CFQ=y |
| 139 |
@@ -174,26 +179,24 @@ |
| 140 |
CONFIG_X86_L1_CACHE_SHIFT=6 |
| 141 |
CONFIG_X86_XADD=y |
| 142 |
CONFIG_X86_WP_WORKS_OK=y |
| 143 |
-CONFIG_X86_INVLPG=y |
| 144 |
-CONFIG_X86_BSWAP=y |
| 145 |
-CONFIG_X86_POPAD_OK=y |
| 146 |
CONFIG_X86_ALIGNMENT_16=y |
| 147 |
CONFIG_X86_INTEL_USERCOPY=y |
| 148 |
CONFIG_X86_USE_PPRO_CHECKSUM=y |
| 149 |
+CONFIG_X86_P6_NOP=y |
| 150 |
CONFIG_X86_TSC=y |
| 151 |
CONFIG_X86_CMPXCHG64=y |
| 152 |
CONFIG_X86_CMOV=y |
| 153 |
-CONFIG_X86_MINIMUM_CPU_FAMILY=5 |
| 154 |
+CONFIG_X86_MINIMUM_CPU_FAMILY=64 |
| 155 |
CONFIG_X86_DEBUGCTLMSR=y |
| 156 |
CONFIG_CPU_SUP_INTEL=y |
| 157 |
-CONFIG_CPU_SUP_CYRIX_32=y |
| 158 |
CONFIG_CPU_SUP_AMD=y |
| 159 |
CONFIG_CPU_SUP_CENTAUR=y |
| 160 |
-CONFIG_CPU_SUP_TRANSMETA_32=y |
| 161 |
-CONFIG_CPU_SUP_UMC_32=y |
| 162 |
CONFIG_HPET_TIMER=y |
| 163 |
CONFIG_HPET_EMULATE_RTC=y |
| 164 |
CONFIG_DMI=y |
| 165 |
+CONFIG_GART_IOMMU=y |
| 166 |
+CONFIG_SWIOTLB=y |
| 167 |
+CONFIG_IOMMU_HELPER=y |
| 168 |
CONFIG_NR_CPUS=8 |
| 169 |
CONFIG_SCHED_MC=y |
| 170 |
CONFIG_PREEMPT_VOLUNTARY=y |
| 171 |
@@ -201,27 +204,25 @@ |
| 172 |
CONFIG_X86_IO_APIC=y |
| 173 |
CONFIG_X86_MCE=y |
| 174 |
CONFIG_X86_MCE_INTEL=y |
| 175 |
-CONFIG_X86_MCE_AMD=y |
| 176 |
CONFIG_X86_MCE_THRESHOLD=y |
| 177 |
CONFIG_X86_THERMAL_VECTOR=y |
| 178 |
-CONFIG_VM86=y |
| 179 |
CONFIG_X86_MSR=y |
| 180 |
CONFIG_X86_CPUID=y |
| 181 |
-CONFIG_HIGHMEM64G=y |
| 182 |
-CONFIG_PAGE_OFFSET=0xC0000000 |
| 183 |
-CONFIG_HIGHMEM=y |
| 184 |
-CONFIG_X86_PAE=y |
| 185 |
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y |
| 186 |
CONFIG_ARCH_DMA_ADDR_T_64BIT=y |
| 187 |
-CONFIG_ARCH_FLATMEM_ENABLE=y |
| 188 |
+CONFIG_DIRECT_GBPAGES=y |
| 189 |
CONFIG_ARCH_SPARSEMEM_ENABLE=y |
| 190 |
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y |
| 191 |
CONFIG_ARCH_SELECT_MEMORY_MODEL=y |
| 192 |
-CONFIG_ILLEGAL_POINTER_VALUE=0 |
| 193 |
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 |
| 194 |
CONFIG_SELECT_MEMORY_MODEL=y |
| 195 |
-CONFIG_FLATMEM_MANUAL=y |
| 196 |
-CONFIG_FLATMEM=y |
| 197 |
-CONFIG_FLAT_NODE_MEM_MAP=y |
| 198 |
-CONFIG_SPARSEMEM_STATIC=y |
| 199 |
+CONFIG_SPARSEMEM_MANUAL=y |
| 200 |
+CONFIG_SPARSEMEM=y |
| 201 |
+CONFIG_HAVE_MEMORY_PRESENT=y |
| 202 |
+CONFIG_SPARSEMEM_EXTREME=y |
| 203 |
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y |
| 204 |
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y |
| 205 |
+CONFIG_SPARSEMEM_VMEMMAP=y |
| 206 |
CONFIG_HAVE_MEMBLOCK=y |
| 207 |
CONFIG_PAGEFLAGS_EXTENDED=y |
| 208 |
CONFIG_SPLIT_PTLOCK_CPUS=4 |
| 209 |
@@ -247,7 +248,7 @@ |
| 210 |
CONFIG_HZ=1000 |
| 211 |
CONFIG_SCHED_HRTICK=y |
| 212 |
CONFIG_PHYSICAL_START=0x1000000 |
| 213 |
-CONFIG_PHYSICAL_ALIGN=0x400000 |
| 214 |
+CONFIG_PHYSICAL_ALIGN=0x1000000 |
| 215 |
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y |
| 216 |
CONFIG_PM_RUNTIME=y |
| 217 |
CONFIG_PM=y |
| 218 |
@@ -266,8 +267,6 @@ |
| 219 |
CONFIG_CPU_IDLE_GOV_LADDER=y |
| 220 |
CONFIG_INTEL_IDLE=y |
| 221 |
CONFIG_PCI=y |
| 222 |
-CONFIG_PCI_GOANY=y |
| 223 |
-CONFIG_PCI_BIOS=y |
| 224 |
CONFIG_PCI_DIRECT=y |
| 225 |
CONFIG_PCI_MMCONFIG=y |
| 226 |
CONFIG_PCI_DOMAINS=y |
| 227 |
@@ -282,8 +281,12 @@ |
| 228 |
CONFIG_ISA_DMA_API=y |
| 229 |
CONFIG_AMD_NB=y |
| 230 |
CONFIG_BINFMT_ELF=y |
| 231 |
-CONFIG_HAVE_AOUT=y |
| 232 |
-CONFIG_HAVE_ATOMIC_IOMAP=y |
| 233 |
+CONFIG_COMPAT_BINFMT_ELF=y |
| 234 |
+CONFIG_IA32_EMULATION=y |
| 235 |
+CONFIG_IA32_AOUT=y |
| 236 |
+CONFIG_COMPAT=y |
| 237 |
+CONFIG_COMPAT_FOR_U64_ALIGNMENT=y |
| 238 |
+CONFIG_SYSVIPC_COMPAT=y |
| 239 |
CONFIG_HAVE_TEXT_POKE_SMP=y |
| 240 |
CONFIG_NET=y |
| 241 |
CONFIG_PACKET=y |
| 242 |
@@ -351,6 +354,7 @@ |
| 243 |
CONFIG_RPS=y |
| 244 |
CONFIG_RFS_ACCEL=y |
| 245 |
CONFIG_XPS=y |
| 246 |
+CONFIG_HAVE_BPF_JIT=y |
| 247 |
CONFIG_FIB_RULES=y |
| 248 |
CONFIG_NET_9P=y |
| 249 |
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" |
| 250 |
@@ -547,7 +551,6 @@ |
| 251 |
CONFIG_USB_STORAGE=y |
| 252 |
CONFIG_USB_UAS=y |
| 253 |
CONFIG_EDAC=y |
| 254 |
-CONFIG_EDAC_DECODE_MCE=y |
| 255 |
CONFIG_EDAC_MM_EDAC=y |
| 256 |
CONFIG_RTC_LIB=y |
| 257 |
CONFIG_RTC_CLASS=y |
| 258 |
@@ -559,7 +562,6 @@ |
| 259 |
CONFIG_RTC_INTF_DEV_UIE_EMUL=y |
| 260 |
CONFIG_RTC_DRV_CMOS=y |
| 261 |
CONFIG_DMADEVICES=y |
| 262 |
-CONFIG_CLKSRC_I8253=y |
| 263 |
CONFIG_CLKEVT_I8253=y |
| 264 |
CONFIG_I8253_LOCK=y |
| 265 |
CONFIG_CLKBLD_I8253=y |
| 266 |
@@ -638,7 +640,6 @@ |
| 267 |
CONFIG_STRICT_DEVMEM=y |
| 268 |
CONFIG_X86_VERBOSE_BOOTUP=y |
| 269 |
CONFIG_EARLY_PRINTK=y |
| 270 |
-CONFIG_DOUBLEFAULT=y |
| 271 |
CONFIG_HAVE_MMIOTRACE_SUPPORT=y |
| 272 |
CONFIG_IO_DELAY_TYPE_0X80=0 |
| 273 |
CONFIG_IO_DELAY_TYPE_0XED=1 |
| 274 |
@@ -646,7 +647,7 @@ |
| 275 |
CONFIG_IO_DELAY_TYPE_NONE=3 |
| 276 |
CONFIG_IO_DELAY_0X80=y |
| 277 |
CONFIG_DEFAULT_IO_DELAY_TYPE=0 |
| 278 |
-CONFIG_PAX_ENABLE_PAE=y |
| 279 |
+CONFIG_TASK_SIZE_MAX_SHIFT=47 |
| 280 |
CONFIG_SECURITY_DMESG_RESTRICT=y |
| 281 |
CONFIG_SECURITY=y |
| 282 |
CONFIG_DEFAULT_SECURITY_DAC=y |
| 283 |
@@ -687,7 +688,6 @@ |
| 284 |
CONFIG_CRC_ITU_T=y |
| 285 |
CONFIG_CRC32=y |
| 286 |
CONFIG_LIBCRC32C=y |
| 287 |
-CONFIG_AUDIT_GENERIC=y |
| 288 |
CONFIG_ZLIB_INFLATE=y |
| 289 |
CONFIG_ZLIB_DEFLATE=y |
| 290 |
CONFIG_HAS_IOMEM=y |
| 291 |
|
| 292 |
|
| 293 |
Maybe this is same bug as https://bugs.gentoo.org/show_bug.cgi?id=382793 |
| 294 |
|
| 295 |
-- |
| 296 |
WBR, Alex. |
Archives