Re: [gentoo-hardened] Re: probably bug in rsbac_sources - gentoo-hardened

From:	"Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Re: probably bug in rsbac_sources
Date:	Tue, 16 Jul 2013 19:10:20
Message-Id:	`CAD98N_GJzVvHQ+ngTz2fiQskRVxchkD=+NZJVm-t0S9m=18jGw@mail.gmail.com`
In Reply to:	Re: [gentoo-hardened] Re: probably bug in rsbac_sources by Jens Kasten

1

It's rsbac ebuild made by Anthony Basile, its related with this:

2

3

http://www.gossamer-threads.com/lists/gentoo/hardened/263114

4

5

In the thread appears the fixation Patch I made. In concrete, This.

6

7

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

8

linuxnopax-3.4.1/0000_README linux-3.4.1/0000_README

9

--- linuxnopax-3.4.1/0000_README	1970-01-01 01:00:00.000000000 +0100

10

+++ linux-3.4.1/0000_README	2012-08-29 21:46:21.000000000 +0200

11

@@ -0,0 +1,12 @@

12

+README

13

+-----------------------------------------------------------------------------

14

+

15

+Individual Patch Descriptions:

16

+-----------------------------------------------------------------------------

17

+Patch:	4500_patch-linux-3.4.1-rsbac-1.4.6.diff

18

+From:	Amon Ott <ao@×××××.org>

19

+Desc:	RSBAC patch from http://www.rsbac.org/

20

+

21

+Patch:  4520_pax-linux-3.4-test7.patch

22

+From:	pipacs <pageexec@××××××××.hu>

23

+Desc:	http://grsecurity.net/test.php

24

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

25

linuxnopax-3.4.1/fs/aio.c linux-3.4.1/fs/aio.c

26

--- linuxnopax-3.4.1/fs/aio.c	2012-12-03 17:36:16.000000000 +0100

27

+++ linux-3.4.1/fs/aio.c	2012-08-29 22:08:45.000000000 +0200

28

@@ -1440,21 +1440,26 @@ static ssize_t aio_fsync(struct kiocb *i

29

 static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb,

30

bool compat)

31

{

32

 	ssize_t ret;

33

+	struct iovec iovstack;

34

35

 #ifdef CONFIG_COMPAT

36

 	if (compat)

37

 		ret = compat_rw_copy_check_uvector(type,

38

 				(struct compat_iovec __user *)kiocb->ki_buf,

39

-				kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,

40

-				&kiocb->ki_iovec, 1);

41

+kiocb->ki_nbytes, 1, &iovstack, &kiocb->ki_iovec, 1);

42

+

43

 	else

44

 #endif

45

 		ret = rw_copy_check_uvector(type,

46

 				(struct iovec __user *)kiocb->ki_buf,

47

-				kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,

48

+				kiocb->ki_nbytes, 1, &iovstack,

49

 				&kiocb->ki_iovec, 1);

50

 	if (ret < 0)

51

 		goto out;

52

+	if (kiocb->ki_iovec == &iovstack) {

53

+		kiocb->ki_inline_vec = iovstack;

54

+		kiocb->ki_iovec = &kiocb->ki_inline_vec;

55

+	}

56

57

 	ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret);

58

 	if (ret < 0)

59

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

60

linuxnopax-3.4.1/fs/namei.c linux-3.4.1/fs/namei.c

61

--- linuxnopax-3.4.1/fs/namei.c	2012-12-03 17:36:16.000000000 +0100

62

+++ linux-3.4.1/fs/namei.c	2012-08-29 23:23:38.000000000 +0200

63

@@ -4198,8 +4198,15 @@ int vfs_readlink(struct dentry *dentry,

64

}

65

 	else

66

 #endif

67

-	if (copy_to_user(buffer, link, len))

68

-		len = -EFAULT;

69

+

70

+	if (len < sizeof(tmpbuf)) {

71

+		memcpy(tmpbuf, link, len);

72

+		newlink = tmpbuf;

73

+	} else

74

+		newlink = link;

75

+

76

+	if (copy_to_user(buffer, newlink, len))

77

+ 		len = -EFAULT;

78

 out:

79

 	return len;

80

}

81

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

82

linuxnopax-3.4.1/fs/pipe.c linux-3.4.1/fs/pipe.c

83

--- linuxnopax-3.4.1/fs/pipe.c	2012-12-03 17:36:16.000000000 +0100

84

+++ linux-3.4.1/fs/pipe.c	2012-08-29 23:19:39.000000000 +0200

85

@@ -816,19 +816,15 @@ static int

86

 pipe_release(struct inode *inode, int decr, int decw)

87

{

88

 	struct pipe_inode_info *pipe;

89

-

90

 	mutex_lock(&inode->i_mutex);

91

 	pipe = inode->i_pipe;

92

-	pipe->readers -= decr;

93

-	pipe->writers -= decw;

94

-

95

-	if (!pipe->readers && !pipe->writers) {

96

-

97

+	atomic_sub(decr, &pipe->readers);

98

+	atomic_sub(decw, &pipe->writers);

99

+	if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {	

100

 #ifdef CONFIG_RSBAC

101

-		union rsbac_target_id_t rsbac_target_id;

102

+	union rsbac_target_id_t rsbac_target_id;

103

 #endif

104

-

105

-		free_pipe_info(inode);

106

+	free_pipe_info(inode);

107

108

 #ifdef CONFIG_RSBAC

109

 		rsbac_pr_debug(aef, "calling ACI remove_target()\n");

110

@@ -836,7 +832,7 @@ pipe_release(struct inode *inode, int de

111

 		rsbac_target_id.ipc.id.id_nr  = inode->i_ino;

112

 		rsbac_remove_target(T_IPC, rsbac_target_id);

113

 #endif

114

-

115

+

116

 	} else {

117

 		wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT |

118

POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);

119

 		kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);

120

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

121

linuxnopax-3.4.1/init/do_mounts.c linux-3.4.1/init/do_mounts.c

122

--- linuxnopax-3.4.1/init/do_mounts.c	2012-12-03 17:36:16.000000000 +0100

123

+++ linux-3.4.1/init/do_mounts.c	2012-08-29 22:00:26.000000000 +0200

124

@@ -563,8 +563,8 @@ void __init prepare_namespace(void)

125

 	mount_root();

126

 out:

127

 	devtmpfs_mount("dev");

128

-	sys_mount(".", "/", NULL, MS_MOVE, NULL);

129

-	sys_chroot((const char __user __force *)".");

130

+	sys_mount((char __force_user *)".", (char __force_user *)"/", NULL,

131

MS_MOVE, NULL);

132

+	sys_chroot((const char __force_user *)".");

133

134

 #ifdef CONFIG_RSBAC

135

 #ifdef CONFIG_RSBAC_INIT_DELAY

136

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

137

linuxnopax-3.4.1/mm/mempolicy.c linux-3.4.1/mm/mempolicy.c

138

--- linuxnopax-3.4.1/mm/mempolicy.c	2012-12-03 17:36:16.000000000 +0100

139

+++ linux-3.4.1/mm/mempolicy.c	2012-08-29 21:55:27.000000000 +0200

140

@@ -1109,6 +1109,17 @@ static long do_mbind(unsigned long start

141

142

 	if (end < start)

143

 		return -EINVAL;

144

+

145

+#ifdef CONFIG_PAX_SEGMEXEC

146

+	if (mm->pax_flags & MF_PAX_SEGMEXEC) {

147

+		if (end > SEGMEXEC_TASK_SIZE)

148

+			return -EINVAL;

149

+	} else

150

+#endif

151

+

152

+	if (end > TASK_SIZE)

153

+		return -EINVAL;

154

+

155

 	if (end == start)

156

 		return 0;

157

158

diff -rupN '--exclude=*.rej' '--exclude=*.orig'

159

linuxnopax-3.4.1/mm/mprotect.c linux-3.4.1/mm/mprotect.c

160

--- linuxnopax-3.4.1/mm/mprotect.c	2012-12-03 17:36:16.000000000 +0100

161

+++ linux-3.4.1/mm/mprotect.c	2012-08-29 21:51:37.000000000 +0200

162

@@ -28,7 +28,11 @@

163

 #include <asm/cacheflush.h>

164

 #include <asm/tlbflush.h>

165

 #include <rsbac/hooks.h>

166

-

167

+#ifdef CONFIG_PAX_MPROTECT

168

+#include <linux/elf.h>

169

+#include <linux/binfmts.h>

170

+#endif

171

+#include <asm/mmu_context.h>

172

 #ifndef pgprot_modify

173

 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)

174

{

2013/7/16 Jens Kasten <jens@××××××××××.de>

180

181

> Hi,

182

>

183

> first which rsbac version you are using.

184

> Appears this bug also when you try the rsbac-sources without pax?

185

>

186

> Jens

187

>

188

> Am 2013-07-15 03:07, schrieb Javier Juan Martínez Cabezón:

189

>

190

>  I send related PaX .config if you need it:

191

>>

192

>> #

193

>> # PaX

194

>> #

195

>> CONFIG_ARCH_TRACK_EXEC_LIMIT=y

196

>> CONFIG_PAX_PER_CPU_PGD=y

197

>> CONFIG_PAX=y

198

>>

199

>> #

200

>> # PaX Control

201

>> #

202

>> CONFIG_PAX_SOFTMODE=y

203

>> # CONFIG_PAX_EI_PAX is not set

204

>>  CONFIG_PAX_PT_PAX_FLAGS=y

205

>> # CONFIG_PAX_XATTR_PAX_FLAGS is not set

206

>> # CONFIG_PAX_NO_ACL_FLAGS is not set

207

>> CONFIG_PAX_HAVE_ACL_FLAGS=y

208

>> # CONFIG_PAX_HOOK_ACL_FLAGS is not set

209

>>

210

>> #

211

>> # Non-executable pages

212

>> #

213

>>  CONFIG_PAX_NOEXEC=y

214

>> CONFIG_PAX_PAGEEXEC=y

215

>> # CONFIG_PAX_SEGMEXEC is not set

216

>> CONFIG_PAX_EMUTRAMP=y

217

>> CONFIG_PAX_MPROTECT=y

218

>> # CONFIG_PAX_ELFRELOCS is not set

219

>> CONFIG_PAX_KERNEXEC=y

220

>> CONFIG_PAX_KERNEXEC_PLUGIN_**METHOD=""

221

>>

222

>> #

223

>> # Address Space Layout Randomization

224

>> #

225

>> CONFIG_PAX_ASLR=y

226

>> CONFIG_PAX_RANDKSTACK=y

227

>> CONFIG_PAX_RANDUSTACK=y

228

>> CONFIG_PAX_RANDMMAP=y

229

>>

230

>> #

231

>> # Miscellaneous hardening features

232

>> #

233

>> # CONFIG_PAX_MEMORY_SANITIZE is not set

234

>>  # CONFIG_PAX_MEMORY_STACKLEAK is not set

235

>> # CONFIG_PAX_MEMORY_UDEREF is not set

236

>> CONFIG_PAX_REFCOUNT=y

237

>> # CONFIG_PAX_USERCOPY is not set

238

>> # CONFIG_PAX_CONSTIFY_PLUGIN is not set

239

>> # CONFIG_PAX_SIZE_OVERFLOW is not set

240

>>  # CONFIG_KEYS is not set

241

>> CONFIG_SECURITY_DMESG_**RESTRICT=y

242

>> # CONFIG_SECURITY is not set

243

>> # CONFIG_SECURITYFS is not set

244

>> CONFIG_DEFAULT_SECURITY_DAC=y

245

>> CONFIG_DEFAULT_SECURITY=""

246

>> CONFIG_XOR_BLOCKS=y

247

>>  CONFIG_ASYNC_CORE=y

248

>> CONFIG_ASYNC_MEMCPY=y

249

>> CONFIG_ASYNC_XOR=y

250

>> CONFIG_ASYNC_PQ=y

251

>> CONFIG_ASYNC_RAID6_RECOV=y

252

>> CONFIG_CRYPTO=y

253

>>

254

>> #

255

>>

256

>> 2013/7/15 Javier Juan Martínez Cabezón <tazok.id0@×××××.com>

257

>>

258

>>  Hi all

259

>>>

260

>>> I'm with this several months and I still without knowing if it was

261

>>> mistake from me while patching  PaX with rsbac at hand or is a

262

>>> kernel bug, or it's from VirtualBox (the behaviour is horrible,

263

>>> sorry):

264

>>>

265

>>> After the bug hits system guest gets unusable, hard reset is

266

>>> required, every command executed gets segfaulted from there.

267

>>>

268

>>> I can reproduce it easily, using backup_all (a shell script that

269

>>> makes the sec policy backup (as in this case)) or with ./configure

270

>>> when compiling (as emerge does something), so emerge usually does

271

>>> seg fault. The EIP is always at the same, strnlen+0x6/0x18

272

>>>

273

>>> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging

274

>>> request at 00001033

275

>>> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18

276

>>> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde =

277

>>> 0000000000000000

278

>>> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]

279

>>> Jul 13 22:50:02 orion kernel:

280

>>> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted

281

>>> 3.4.0-rsbac #9 innotek GmbH VirtualBox

282

>>> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:

283

>>> 00010217 CPU: 0

284

>>> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18

285

>>> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX:

286

>>> 00001033 EDX: 0000000e

287

>>> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP:

288

>>> ce9c07f5 ESP: c66d3b38

289

>>> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000

290

>>> SS: 0068

291

>>> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3:

292

>>> 01415000 CR4: 000006f0

293

>>> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2:

294

>>> 00000000 DR3: 00000000

295

>>> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400

296

>>> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c

297

>>> task=e738ebd0 task.ti=e738ee3c)

298

>>> Jul 13 22:50:02 orion kernel: Stack:

299

>>> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4

300

>>> ce9c0069 ce9c0069 001a916e 000fff00

301

>>> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b

302

>>> c1514bcb 000007ea ff0a0004 000fffff

303

>>> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc

304

>>> 0004dfc6 c66d3ba8 e702a4c0 c66d3bdc

305

>>> Jul 13 22:50:02 orion kernel: Call Trace:

306

>>> Jul 13 22:50:02 orion kernel: [<001a884b>] ?

307

>>> string.isra.1+0x25/0x8c

308

>>> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257

309

>>> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25

310

>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9

311

>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9

312

>>> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e

313

>>> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?

314

>>> rsbac_adf_set_attr_cap+0x680/**0x9a6

315

>>> Jul 13 22:50:02 orion kernel: [<00038a00>] ?

316

>>> smp_apic_timer_interrupt+0x62/**0x6a

317

>>> Jul 13 22:50:02 orion kernel: [<00407f91>] ?

318

>>> resume_userspace_sig+0x1b/0x2a

319

>>> Jul 13 22:50:02 orion kernel: [<0007148e>] ?

320

>>> rsbac_adf_set_attr+0x45f/**0x12b3

321

>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000

322

>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550

323

>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?

324

>>> do_path_lookup+0x17/0x4a

325

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

326

>>> user_path_at_empty+0x4b/0x69

327

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

328

>>> user_path_at_empty+0x4b/0x69

329

>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389

330

>>> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ?

331

>>> free_thread_xstate+0x17/0x23

332

>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?

333

>>> load_elf_binary+0xf05/0xfbf

334

>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?

335

>>> load_elf_binary+0xf05/0xfbf

336

>>> Jul 13 22:50:02 orion kernel: [<00030502>] ?

337

>>> x86_pmu_event_init+0x23c/0x2d1

338

>>> Jul 13 22:50:02 orion kernel: [<000e2f53>] ?

339

>>> do_execve_common+0x363/0x45e

340

>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000

341

>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550

342

>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?

343

>>> do_path_lookup+0x17/0x4a

344

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

345

>>> user_path_at_empty+0x4b/0x69

346

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

347

>>> user_path_at_empty+0x4b/0x69

348

>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389

349

>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000

350

>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?

351

>>> do_adjtimex+0x2ab/0x550

352

>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000

353

>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550

354

>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?

355

>>> do_path_lookup+0x17/0x4a

356

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

357

>>> user_path_at_empty+0x4b/0x69

358

>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?

359

>>> user_path_at_empty+0x4b/0x69

360

>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000

361

>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?

362

>>> do_adjtimex+0x2ab/0x550

363

>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389

364

>>> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf

365

>>> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb

366

>>> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50

367

>>> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20

368

>>> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb

369

>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7

370

>>> Jul 13 22:50:02 orion kernel: [<000290d5>] ?

371

>>> math_state_restore+0x96/0x96

372

>>> Jul 13 22:50:02 orion kernel: [<00010206>] ?

373

>>> kvm_arch_vcpu_ioctl_run+0x79a/**0xbdc

374

>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?

375

>>> vmalloc_sync_all+0x1/0x1

376

>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7

377

>>> Jul 13 22:50:02 orion kernel: [<0040007b>] ?

378

>>> pcnet32_remove_one+0x22/0xe3

379

>>> Jul 13 22:50:02 orion kernel: [<0001007b>] ?

380

>>> kvm_arch_vcpu_ioctl_run+0x60f/**0xbdc

381

>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?

382

>>> vmalloc_sync_all+0x1/0x1

383

>>> Jul 13 22:50:02 orion kernel: [<00010287>] ?

384

>>> kvm_arch_vcpu_ioctl_run+0x81b/**0xbdc

385

>>> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f

386

>>> eb 02 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89

387

>>> f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29

388

>>> c8 c3 90 90 90 57 83 c9

389

>>> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18

390

>>> SS:ESP 0068:c66d3b38

391

>>> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033

392

>>> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---

393

>>>

394

>>> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging

395

>>> request at 000010a1

396

>>> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18

397

>>> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde =

398

>>> 0000000000000000

399

>>> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]

400

>>> Jul 13 22:59:01 orion kernel:

401

>>> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted:

402

>>> G      D      3.4.0-rsbac #9 innotek GmbH VirtualBox

403

>>> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:

404

>>> 00010217 CPU: 0

405

>>> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18

406

>>> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX:

407

>>> 000010a1 EDX: 0000000e

408

>>> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP:

409

>>> ce9c0ff5 ESP: c66cfb48

410

>>> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000

411

>>> SS: 0068

412

>>> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3:

413

>>> 01415000 CR4: 000006f0

414

>>> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2:

415

>>> 00000000 DR3: 00000000

416

>>> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400

417

>>> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c

418

>>> task=e738ebd0 task.ti=e738ee3c)

419

>>>

420

>>

421

>

1	It's rsbac ebuild made by Anthony Basile, its related with this:
2
3	http://www.gossamer-threads.com/lists/gentoo/hardened/263114
4
5	In the thread appears the fixation Patch I made. In concrete, This.
6
7	diff -rupN '--exclude=.rej' '--exclude=.orig'
8	linuxnopax-3.4.1/0000_README linux-3.4.1/0000_README
9	--- linuxnopax-3.4.1/0000_README 1970-01-01 01:00:00.000000000 +0100
10	+++ linux-3.4.1/0000_README 2012-08-29 21:46:21.000000000 +0200
11	@@ -0,0 +1,12 @@
12	+README
13	+-----------------------------------------------------------------------------
14	+
15	+Individual Patch Descriptions:
16	+-----------------------------------------------------------------------------
17	+Patch: 4500_patch-linux-3.4.1-rsbac-1.4.6.diff
18	+From: Amon Ott <ao@×××××.org>
19	+Desc: RSBAC patch from http://www.rsbac.org/
20	+
21	+Patch: 4520_pax-linux-3.4-test7.patch
22	+From: pipacs <pageexec@××××××××.hu>
23	+Desc: http://grsecurity.net/test.php
24	diff -rupN '--exclude=.rej' '--exclude=.orig'
25	linuxnopax-3.4.1/fs/aio.c linux-3.4.1/fs/aio.c
26	--- linuxnopax-3.4.1/fs/aio.c 2012-12-03 17:36:16.000000000 +0100
27	+++ linux-3.4.1/fs/aio.c 2012-08-29 22:08:45.000000000 +0200
28	@@ -1440,21 +1440,26 @@ static ssize_t aio_fsync(struct kiocb *i
29	static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb,
30	bool compat)
31	{
32	ssize_t ret;
33	+ struct iovec iovstack;
34
35	#ifdef CONFIG_COMPAT
36	if (compat)
37	ret = compat_rw_copy_check_uvector(type,
38	(struct compat_iovec __user *)kiocb->ki_buf,
39	- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,
40	- &kiocb->ki_iovec, 1);
41	+kiocb->ki_nbytes, 1, &iovstack, &kiocb->ki_iovec, 1);
42	+
43	else
44	#endif
45	ret = rw_copy_check_uvector(type,
46	(struct iovec __user *)kiocb->ki_buf,
47	- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,
48	+ kiocb->ki_nbytes, 1, &iovstack,
49	&kiocb->ki_iovec, 1);
50	if (ret < 0)
51	goto out;
52	+ if (kiocb->ki_iovec == &iovstack) {
53	+ kiocb->ki_inline_vec = iovstack;
54	+ kiocb->ki_iovec = &kiocb->ki_inline_vec;
55	+ }
56
57	ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret);
58	if (ret < 0)
59	diff -rupN '--exclude=.rej' '--exclude=.orig'
60	linuxnopax-3.4.1/fs/namei.c linux-3.4.1/fs/namei.c
61	--- linuxnopax-3.4.1/fs/namei.c 2012-12-03 17:36:16.000000000 +0100
62	+++ linux-3.4.1/fs/namei.c 2012-08-29 23:23:38.000000000 +0200
63	@@ -4198,8 +4198,15 @@ int vfs_readlink(struct dentry *dentry,
64	}
65	else
66	#endif
67	- if (copy_to_user(buffer, link, len))
68	- len = -EFAULT;
69	+
70	+ if (len < sizeof(tmpbuf)) {
71	+ memcpy(tmpbuf, link, len);
72	+ newlink = tmpbuf;
73	+ } else
74	+ newlink = link;
75	+
76	+ if (copy_to_user(buffer, newlink, len))
77	+ len = -EFAULT;
78	out:
79	return len;
80	}
81	diff -rupN '--exclude=.rej' '--exclude=.orig'
82	linuxnopax-3.4.1/fs/pipe.c linux-3.4.1/fs/pipe.c
83	--- linuxnopax-3.4.1/fs/pipe.c 2012-12-03 17:36:16.000000000 +0100
84	+++ linux-3.4.1/fs/pipe.c 2012-08-29 23:19:39.000000000 +0200
85	@@ -816,19 +816,15 @@ static int
86	pipe_release(struct inode *inode, int decr, int decw)
87	{
88	struct pipe_inode_info *pipe;
89	-
90	mutex_lock(&inode->i_mutex);
91	pipe = inode->i_pipe;
92	- pipe->readers -= decr;
93	- pipe->writers -= decw;
94	-
95	- if (!pipe->readers && !pipe->writers) {
96	-
97	+ atomic_sub(decr, &pipe->readers);
98	+ atomic_sub(decw, &pipe->writers);
99	+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
100	#ifdef CONFIG_RSBAC
101	- union rsbac_target_id_t rsbac_target_id;
102	+ union rsbac_target_id_t rsbac_target_id;
103	#endif
104	-
105	- free_pipe_info(inode);
106	+ free_pipe_info(inode);
107
108	#ifdef CONFIG_RSBAC
109	rsbac_pr_debug(aef, "calling ACI remove_target()\n");
110	@@ -836,7 +832,7 @@ pipe_release(struct inode *inode, int de
111	rsbac_target_id.ipc.id.id_nr = inode->i_ino;
112	rsbac_remove_target(T_IPC, rsbac_target_id);
113	#endif
114	-
115	+
116	} else {
117	wake_up_interruptible_sync_poll(&pipe->wait, POLLIN \| POLLOUT \|
118	POLLRDNORM \| POLLWRNORM \| POLLERR \| POLLHUP);
119	kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
120	diff -rupN '--exclude=.rej' '--exclude=.orig'
121	linuxnopax-3.4.1/init/do_mounts.c linux-3.4.1/init/do_mounts.c
122	--- linuxnopax-3.4.1/init/do_mounts.c 2012-12-03 17:36:16.000000000 +0100
123	+++ linux-3.4.1/init/do_mounts.c 2012-08-29 22:00:26.000000000 +0200
124	@@ -563,8 +563,8 @@ void __init prepare_namespace(void)
125	mount_root();
126	out:
127	devtmpfs_mount("dev");
128	- sys_mount(".", "/", NULL, MS_MOVE, NULL);
129	- sys_chroot((const char __user __force *)".");
130	+ sys_mount((char __force_user )".", (char __force_user )"/", NULL,
131	MS_MOVE, NULL);
132	+ sys_chroot((const char __force_user *)".");
133
134	#ifdef CONFIG_RSBAC
135	#ifdef CONFIG_RSBAC_INIT_DELAY
136	diff -rupN '--exclude=.rej' '--exclude=.orig'
137	linuxnopax-3.4.1/mm/mempolicy.c linux-3.4.1/mm/mempolicy.c
138	--- linuxnopax-3.4.1/mm/mempolicy.c 2012-12-03 17:36:16.000000000 +0100
139	+++ linux-3.4.1/mm/mempolicy.c 2012-08-29 21:55:27.000000000 +0200
140	@@ -1109,6 +1109,17 @@ static long do_mbind(unsigned long start
141
142	if (end < start)
143	return -EINVAL;
144	+
145	+#ifdef CONFIG_PAX_SEGMEXEC
146	+ if (mm->pax_flags & MF_PAX_SEGMEXEC) {
147	+ if (end > SEGMEXEC_TASK_SIZE)
148	+ return -EINVAL;
149	+ } else
150	+#endif
151	+
152	+ if (end > TASK_SIZE)
153	+ return -EINVAL;
154	+
155	if (end == start)
156	return 0;
157
158	diff -rupN '--exclude=.rej' '--exclude=.orig'
159	linuxnopax-3.4.1/mm/mprotect.c linux-3.4.1/mm/mprotect.c
160	--- linuxnopax-3.4.1/mm/mprotect.c 2012-12-03 17:36:16.000000000 +0100
161	+++ linux-3.4.1/mm/mprotect.c 2012-08-29 21:51:37.000000000 +0200
162	@@ -28,7 +28,11 @@
163	#include <asm/cacheflush.h>
164	#include <asm/tlbflush.h>
165	#include <rsbac/hooks.h>
166	-
167	+#ifdef CONFIG_PAX_MPROTECT
168	+#include <linux/elf.h>
169	+#include <linux/binfmts.h>
170	+#endif
171	+#include <asm/mmu_context.h>
172	#ifndef pgprot_modify
173	static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
174	{
175
176
177
178
179	2013/7/16 Jens Kasten <jens@××××××××××.de>
180
181	> Hi,
182	>
183	> first which rsbac version you are using.
184	> Appears this bug also when you try the rsbac-sources without pax?
185	>
186	> Jens
187	>
188	> Am 2013-07-15 03:07, schrieb Javier Juan Martínez Cabezón:
189	>
190	> I send related PaX .config if you need it:
191	>>
192	>> #
193	>> # PaX
194	>> #
195	>> CONFIG_ARCH_TRACK_EXEC_LIMIT=y
196	>> CONFIG_PAX_PER_CPU_PGD=y
197	>> CONFIG_PAX=y
198	>>
199	>> #
200	>> # PaX Control
201	>> #
202	>> CONFIG_PAX_SOFTMODE=y
203	>> # CONFIG_PAX_EI_PAX is not set
204	>> CONFIG_PAX_PT_PAX_FLAGS=y
205	>> # CONFIG_PAX_XATTR_PAX_FLAGS is not set
206	>> # CONFIG_PAX_NO_ACL_FLAGS is not set
207	>> CONFIG_PAX_HAVE_ACL_FLAGS=y
208	>> # CONFIG_PAX_HOOK_ACL_FLAGS is not set
209	>>
210	>> #
211	>> # Non-executable pages
212	>> #
213	>> CONFIG_PAX_NOEXEC=y
214	>> CONFIG_PAX_PAGEEXEC=y
215	>> # CONFIG_PAX_SEGMEXEC is not set
216	>> CONFIG_PAX_EMUTRAMP=y
217	>> CONFIG_PAX_MPROTECT=y
218	>> # CONFIG_PAX_ELFRELOCS is not set
219	>> CONFIG_PAX_KERNEXEC=y
220	>> CONFIG_PAX_KERNEXEC_PLUGIN_**METHOD=""
221	>>
222	>> #
223	>> # Address Space Layout Randomization
224	>> #
225	>> CONFIG_PAX_ASLR=y
226	>> CONFIG_PAX_RANDKSTACK=y
227	>> CONFIG_PAX_RANDUSTACK=y
228	>> CONFIG_PAX_RANDMMAP=y
229	>>
230	>> #
231	>> # Miscellaneous hardening features
232	>> #
233	>> # CONFIG_PAX_MEMORY_SANITIZE is not set
234	>> # CONFIG_PAX_MEMORY_STACKLEAK is not set
235	>> # CONFIG_PAX_MEMORY_UDEREF is not set
236	>> CONFIG_PAX_REFCOUNT=y
237	>> # CONFIG_PAX_USERCOPY is not set
238	>> # CONFIG_PAX_CONSTIFY_PLUGIN is not set
239	>> # CONFIG_PAX_SIZE_OVERFLOW is not set
240	>> # CONFIG_KEYS is not set
241	>> CONFIG_SECURITY_DMESG_**RESTRICT=y
242	>> # CONFIG_SECURITY is not set
243	>> # CONFIG_SECURITYFS is not set
244	>> CONFIG_DEFAULT_SECURITY_DAC=y
245	>> CONFIG_DEFAULT_SECURITY=""
246	>> CONFIG_XOR_BLOCKS=y
247	>> CONFIG_ASYNC_CORE=y
248	>> CONFIG_ASYNC_MEMCPY=y
249	>> CONFIG_ASYNC_XOR=y
250	>> CONFIG_ASYNC_PQ=y
251	>> CONFIG_ASYNC_RAID6_RECOV=y
252	>> CONFIG_CRYPTO=y
253	>>
254	>> #
255	>>
256	>> 2013/7/15 Javier Juan Martínez Cabezón <tazok.id0@×××××.com>
257	>>
258	>> Hi all
259	>>>
260	>>> I'm with this several months and I still without knowing if it was
261	>>> mistake from me while patching PaX with rsbac at hand or is a
262	>>> kernel bug, or it's from VirtualBox (the behaviour is horrible,
263	>>> sorry):
264	>>>
265	>>> After the bug hits system guest gets unusable, hard reset is
266	>>> required, every command executed gets segfaulted from there.
267	>>>
268	>>> I can reproduce it easily, using backup_all (a shell script that
269	>>> makes the sec policy backup (as in this case)) or with ./configure
270	>>> when compiling (as emerge does something), so emerge usually does
271	>>> seg fault. The EIP is always at the same, strnlen+0x6/0x18
272	>>>
273	>>> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging
274	>>> request at 00001033
275	>>> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
276	>>> Jul 13 22:50:02 orion kernel: pdpt = 000000000e965001 pde =
277	>>> 0000000000000000
278	>>> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]
279	>>> Jul 13 22:50:02 orion kernel:
280	>>> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted
281	>>> 3.4.0-rsbac #9 innotek GmbH VirtualBox
282	>>> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:
283	>>> 00010217 CPU: 0
284	>>> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18
285	>>> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX:
286	>>> 00001033 EDX: 0000000e
287	>>> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP:
288	>>> ce9c07f5 ESP: c66d3b38
289	>>> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000
290	>>> SS: 0068
291	>>> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3:
292	>>> 01415000 CR4: 000006f0
293	>>> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2:
294	>>> 00000000 DR3: 00000000
295	>>> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400
296	>>> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c
297	>>> task=e738ebd0 task.ti=e738ee3c)
298	>>> Jul 13 22:50:02 orion kernel: Stack:
299	>>> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4
300	>>> ce9c0069 ce9c0069 001a916e 000fff00
301	>>> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b
302	>>> c1514bcb 000007ea ff0a0004 000fffff
303	>>> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc
304	>>> 0004dfc6 c66d3ba8 e702a4c0 c66d3bdc
305	>>> Jul 13 22:50:02 orion kernel: Call Trace:
306	>>> Jul 13 22:50:02 orion kernel: [<001a884b>] ?
307	>>> string.isra.1+0x25/0x8c
308	>>> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257
309	>>> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25
310	>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
311	>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
312	>>> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e
313	>>> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?
314	>>> rsbac_adf_set_attr_cap+0x680/**0x9a6
315	>>> Jul 13 22:50:02 orion kernel: [<00038a00>] ?
316	>>> smp_apic_timer_interrupt+0x62/**0x6a
317	>>> Jul 13 22:50:02 orion kernel: [<00407f91>] ?
318	>>> resume_userspace_sig+0x1b/0x2a
319	>>> Jul 13 22:50:02 orion kernel: [<0007148e>] ?
320	>>> rsbac_adf_set_attr+0x45f/**0x12b3
321	>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
322	>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
323	>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
324	>>> do_path_lookup+0x17/0x4a
325	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
326	>>> user_path_at_empty+0x4b/0x69
327	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
328	>>> user_path_at_empty+0x4b/0x69
329	>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
330	>>> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ?
331	>>> free_thread_xstate+0x17/0x23
332	>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?
333	>>> load_elf_binary+0xf05/0xfbf
334	>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?
335	>>> load_elf_binary+0xf05/0xfbf
336	>>> Jul 13 22:50:02 orion kernel: [<00030502>] ?
337	>>> x86_pmu_event_init+0x23c/0x2d1
338	>>> Jul 13 22:50:02 orion kernel: [<000e2f53>] ?
339	>>> do_execve_common+0x363/0x45e
340	>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
341	>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
342	>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
343	>>> do_path_lookup+0x17/0x4a
344	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
345	>>> user_path_at_empty+0x4b/0x69
346	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
347	>>> user_path_at_empty+0x4b/0x69
348	>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
349	>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
350	>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?
351	>>> do_adjtimex+0x2ab/0x550
352	>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
353	>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
354	>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
355	>>> do_path_lookup+0x17/0x4a
356	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
357	>>> user_path_at_empty+0x4b/0x69
358	>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
359	>>> user_path_at_empty+0x4b/0x69
360	>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
361	>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?
362	>>> do_adjtimex+0x2ab/0x550
363	>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
364	>>> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf
365	>>> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb
366	>>> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50
367	>>> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20
368	>>> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb
369	>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
370	>>> Jul 13 22:50:02 orion kernel: [<000290d5>] ?
371	>>> math_state_restore+0x96/0x96
372	>>> Jul 13 22:50:02 orion kernel: [<00010206>] ?
373	>>> kvm_arch_vcpu_ioctl_run+0x79a/**0xbdc
374	>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?
375	>>> vmalloc_sync_all+0x1/0x1
376	>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
377	>>> Jul 13 22:50:02 orion kernel: [<0040007b>] ?
378	>>> pcnet32_remove_one+0x22/0xe3
379	>>> Jul 13 22:50:02 orion kernel: [<0001007b>] ?
380	>>> kvm_arch_vcpu_ioctl_run+0x60f/**0xbdc
381	>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?
382	>>> vmalloc_sync_all+0x1/0x1
383	>>> Jul 13 22:50:02 orion kernel: [<00010287>] ?
384	>>> kvm_arch_vcpu_ioctl_run+0x81b/**0xbdc
385	>>> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f
386	>>> eb 02 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89
387	>>> f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29
388	>>> c8 c3 90 90 90 57 83 c9
389	>>> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18
390	>>> SS:ESP 0068:c66d3b38
391	>>> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033
392	>>> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---
393	>>>
394	>>> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging
395	>>> request at 000010a1
396	>>> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
397	>>> Jul 13 22:59:01 orion kernel: pdpt = 000000000df00001 pde =
398	>>> 0000000000000000
399	>>> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]
400	>>> Jul 13 22:59:01 orion kernel:
401	>>> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted:
402	>>> G D 3.4.0-rsbac #9 innotek GmbH VirtualBox
403	>>> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:
404	>>> 00010217 CPU: 0
405	>>> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18
406	>>> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX:
407	>>> 000010a1 EDX: 0000000e
408	>>> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP:
409	>>> ce9c0ff5 ESP: c66cfb48
410	>>> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000
411	>>> SS: 0068
412	>>> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3:
413	>>> 01415000 CR4: 000006f0
414	>>> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2:
415	>>> 00000000 DR3: 00000000
416	>>> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400
417	>>> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c
418	>>> task=e738ebd0 task.ti=e738ee3c)
419	>>>
420	>>
421	>

Gentoo Archives: gentoo-hardened