1 |
It's not PaX related, I've disable PaX and recompiled completly and stills |
2 |
segfault when emerge does the .configure of xz package (it happened to me |
3 |
too when enabling some flags in .configure of samhain, I have disable too |
4 |
ACPI completly too and stills segfaulting. |
5 |
|
6 |
I changed VirtualBox with KVM and segfaults in both. |
7 |
|
8 |
I |
9 |
|
10 |
2013/7/16 Jens Kasten <jens@××××××××××.de> |
11 |
|
12 |
> Hi, |
13 |
> |
14 |
> first which rsbac version you are using. |
15 |
> Appears this bug also when you try the rsbac-sources without pax? |
16 |
> |
17 |
> Jens |
18 |
> |
19 |
> Am 2013-07-15 03:07, schrieb Javier Juan Martínez Cabezón: |
20 |
> |
21 |
> I send related PaX .config if you need it: |
22 |
>> |
23 |
>> # |
24 |
>> # PaX |
25 |
>> # |
26 |
>> CONFIG_ARCH_TRACK_EXEC_LIMIT=y |
27 |
>> CONFIG_PAX_PER_CPU_PGD=y |
28 |
>> CONFIG_PAX=y |
29 |
>> |
30 |
>> # |
31 |
>> # PaX Control |
32 |
>> # |
33 |
>> CONFIG_PAX_SOFTMODE=y |
34 |
>> # CONFIG_PAX_EI_PAX is not set |
35 |
>> CONFIG_PAX_PT_PAX_FLAGS=y |
36 |
>> # CONFIG_PAX_XATTR_PAX_FLAGS is not set |
37 |
>> # CONFIG_PAX_NO_ACL_FLAGS is not set |
38 |
>> CONFIG_PAX_HAVE_ACL_FLAGS=y |
39 |
>> # CONFIG_PAX_HOOK_ACL_FLAGS is not set |
40 |
>> |
41 |
>> # |
42 |
>> # Non-executable pages |
43 |
>> # |
44 |
>> CONFIG_PAX_NOEXEC=y |
45 |
>> CONFIG_PAX_PAGEEXEC=y |
46 |
>> # CONFIG_PAX_SEGMEXEC is not set |
47 |
>> CONFIG_PAX_EMUTRAMP=y |
48 |
>> CONFIG_PAX_MPROTECT=y |
49 |
>> # CONFIG_PAX_ELFRELOCS is not set |
50 |
>> CONFIG_PAX_KERNEXEC=y |
51 |
>> CONFIG_PAX_KERNEXEC_PLUGIN_**METHOD="" |
52 |
>> |
53 |
>> # |
54 |
>> # Address Space Layout Randomization |
55 |
>> # |
56 |
>> CONFIG_PAX_ASLR=y |
57 |
>> CONFIG_PAX_RANDKSTACK=y |
58 |
>> CONFIG_PAX_RANDUSTACK=y |
59 |
>> CONFIG_PAX_RANDMMAP=y |
60 |
>> |
61 |
>> # |
62 |
>> # Miscellaneous hardening features |
63 |
>> # |
64 |
>> # CONFIG_PAX_MEMORY_SANITIZE is not set |
65 |
>> # CONFIG_PAX_MEMORY_STACKLEAK is not set |
66 |
>> # CONFIG_PAX_MEMORY_UDEREF is not set |
67 |
>> CONFIG_PAX_REFCOUNT=y |
68 |
>> # CONFIG_PAX_USERCOPY is not set |
69 |
>> # CONFIG_PAX_CONSTIFY_PLUGIN is not set |
70 |
>> # CONFIG_PAX_SIZE_OVERFLOW is not set |
71 |
>> # CONFIG_KEYS is not set |
72 |
>> CONFIG_SECURITY_DMESG_**RESTRICT=y |
73 |
>> # CONFIG_SECURITY is not set |
74 |
>> # CONFIG_SECURITYFS is not set |
75 |
>> CONFIG_DEFAULT_SECURITY_DAC=y |
76 |
>> CONFIG_DEFAULT_SECURITY="" |
77 |
>> CONFIG_XOR_BLOCKS=y |
78 |
>> CONFIG_ASYNC_CORE=y |
79 |
>> CONFIG_ASYNC_MEMCPY=y |
80 |
>> CONFIG_ASYNC_XOR=y |
81 |
>> CONFIG_ASYNC_PQ=y |
82 |
>> CONFIG_ASYNC_RAID6_RECOV=y |
83 |
>> CONFIG_CRYPTO=y |
84 |
>> |
85 |
>> # |
86 |
>> |
87 |
>> 2013/7/15 Javier Juan Martínez Cabezón <tazok.id0@×××××.com> |
88 |
>> |
89 |
>> Hi all |
90 |
>>> |
91 |
>>> I'm with this several months and I still without knowing if it was |
92 |
>>> mistake from me while patching PaX with rsbac at hand or is a |
93 |
>>> kernel bug, or it's from VirtualBox (the behaviour is horrible, |
94 |
>>> sorry): |
95 |
>>> |
96 |
>>> After the bug hits system guest gets unusable, hard reset is |
97 |
>>> required, every command executed gets segfaulted from there. |
98 |
>>> |
99 |
>>> I can reproduce it easily, using backup_all (a shell script that |
100 |
>>> makes the sec policy backup (as in this case)) or with ./configure |
101 |
>>> when compiling (as emerge does something), so emerge usually does |
102 |
>>> seg fault. The EIP is always at the same, strnlen+0x6/0x18 |
103 |
>>> |
104 |
>>> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging |
105 |
>>> request at 00001033 |
106 |
>>> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
107 |
>>> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde = |
108 |
>>> 0000000000000000 |
109 |
>>> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1] |
110 |
>>> Jul 13 22:50:02 orion kernel: |
111 |
>>> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted |
112 |
>>> 3.4.0-rsbac #9 innotek GmbH VirtualBox |
113 |
>>> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: |
114 |
>>> 00010217 CPU: 0 |
115 |
>>> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18 |
116 |
>>> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: |
117 |
>>> 00001033 EDX: 0000000e |
118 |
>>> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: |
119 |
>>> ce9c07f5 ESP: c66d3b38 |
120 |
>>> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 |
121 |
>>> SS: 0068 |
122 |
>>> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: |
123 |
>>> 01415000 CR4: 000006f0 |
124 |
>>> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: |
125 |
>>> 00000000 DR3: 00000000 |
126 |
>>> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
127 |
>>> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c |
128 |
>>> task=e738ebd0 task.ti=e738ee3c) |
129 |
>>> Jul 13 22:50:02 orion kernel: Stack: |
130 |
>>> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 |
131 |
>>> ce9c0069 ce9c0069 001a916e 000fff00 |
132 |
>>> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b |
133 |
>>> c1514bcb 000007ea ff0a0004 000fffff |
134 |
>>> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc |
135 |
>>> 0004dfc6 c66d3ba8 e702a4c0 c66d3bdc |
136 |
>>> Jul 13 22:50:02 orion kernel: Call Trace: |
137 |
>>> Jul 13 22:50:02 orion kernel: [<001a884b>] ? |
138 |
>>> string.isra.1+0x25/0x8c |
139 |
>>> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257 |
140 |
>>> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25 |
141 |
>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
142 |
>>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
143 |
>>> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e |
144 |
>>> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ? |
145 |
>>> rsbac_adf_set_attr_cap+0x680/**0x9a6 |
146 |
>>> Jul 13 22:50:02 orion kernel: [<00038a00>] ? |
147 |
>>> smp_apic_timer_interrupt+0x62/**0x6a |
148 |
>>> Jul 13 22:50:02 orion kernel: [<00407f91>] ? |
149 |
>>> resume_userspace_sig+0x1b/0x2a |
150 |
>>> Jul 13 22:50:02 orion kernel: [<0007148e>] ? |
151 |
>>> rsbac_adf_set_attr+0x45f/**0x12b3 |
152 |
>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
153 |
>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
154 |
>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
155 |
>>> do_path_lookup+0x17/0x4a |
156 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
157 |
>>> user_path_at_empty+0x4b/0x69 |
158 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
159 |
>>> user_path_at_empty+0x4b/0x69 |
160 |
>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
161 |
>>> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? |
162 |
>>> free_thread_xstate+0x17/0x23 |
163 |
>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ? |
164 |
>>> load_elf_binary+0xf05/0xfbf |
165 |
>>> Jul 13 22:50:02 orion kernel: [<00110c60>] ? |
166 |
>>> load_elf_binary+0xf05/0xfbf |
167 |
>>> Jul 13 22:50:02 orion kernel: [<00030502>] ? |
168 |
>>> x86_pmu_event_init+0x23c/0x2d1 |
169 |
>>> Jul 13 22:50:02 orion kernel: [<000e2f53>] ? |
170 |
>>> do_execve_common+0x363/0x45e |
171 |
>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
172 |
>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
173 |
>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
174 |
>>> do_path_lookup+0x17/0x4a |
175 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
176 |
>>> user_path_at_empty+0x4b/0x69 |
177 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
178 |
>>> user_path_at_empty+0x4b/0x69 |
179 |
>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
180 |
>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
181 |
>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? |
182 |
>>> do_adjtimex+0x2ab/0x550 |
183 |
>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
184 |
>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
185 |
>>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
186 |
>>> do_path_lookup+0x17/0x4a |
187 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
188 |
>>> user_path_at_empty+0x4b/0x69 |
189 |
>>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
190 |
>>> user_path_at_empty+0x4b/0x69 |
191 |
>>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
192 |
>>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? |
193 |
>>> do_adjtimex+0x2ab/0x550 |
194 |
>>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
195 |
>>> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf |
196 |
>>> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb |
197 |
>>> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50 |
198 |
>>> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20 |
199 |
>>> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb |
200 |
>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
201 |
>>> Jul 13 22:50:02 orion kernel: [<000290d5>] ? |
202 |
>>> math_state_restore+0x96/0x96 |
203 |
>>> Jul 13 22:50:02 orion kernel: [<00010206>] ? |
204 |
>>> kvm_arch_vcpu_ioctl_run+0x79a/**0xbdc |
205 |
>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? |
206 |
>>> vmalloc_sync_all+0x1/0x1 |
207 |
>>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
208 |
>>> Jul 13 22:50:02 orion kernel: [<0040007b>] ? |
209 |
>>> pcnet32_remove_one+0x22/0xe3 |
210 |
>>> Jul 13 22:50:02 orion kernel: [<0001007b>] ? |
211 |
>>> kvm_arch_vcpu_ioctl_run+0x60f/**0xbdc |
212 |
>>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? |
213 |
>>> vmalloc_sync_all+0x1/0x1 |
214 |
>>> Jul 13 22:50:02 orion kernel: [<00010287>] ? |
215 |
>>> kvm_arch_vcpu_ioctl_run+0x81b/**0xbdc |
216 |
>>> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f |
217 |
>>> eb 02 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 |
218 |
>>> f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 |
219 |
>>> c8 c3 90 90 90 57 83 c9 |
220 |
>>> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 |
221 |
>>> SS:ESP 0068:c66d3b38 |
222 |
>>> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033 |
223 |
>>> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]--- |
224 |
>>> |
225 |
>>> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging |
226 |
>>> request at 000010a1 |
227 |
>>> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
228 |
>>> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde = |
229 |
>>> 0000000000000000 |
230 |
>>> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2] |
231 |
>>> Jul 13 22:59:01 orion kernel: |
232 |
>>> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: |
233 |
>>> G D 3.4.0-rsbac #9 innotek GmbH VirtualBox |
234 |
>>> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: |
235 |
>>> 00010217 CPU: 0 |
236 |
>>> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18 |
237 |
>>> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: |
238 |
>>> 000010a1 EDX: 0000000e |
239 |
>>> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: |
240 |
>>> ce9c0ff5 ESP: c66cfb48 |
241 |
>>> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 |
242 |
>>> SS: 0068 |
243 |
>>> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: |
244 |
>>> 01415000 CR4: 000006f0 |
245 |
>>> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: |
246 |
>>> 00000000 DR3: 00000000 |
247 |
>>> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
248 |
>>> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c |
249 |
>>> task=e738ebd0 task.ti=e738ee3c) |
250 |
>>> |
251 |
>> |
252 |
> |