1 |
On 05/17/2012 01:42 PM, RB wrote: |
2 |
> On Thu, May 17, 2012 at 6:04 AM, Anthony G. Basile |
3 |
> <basile@××××××××××××××.edu> wrote: |
4 |
>> Please open a bug, attach both config files. It would be useful if you also |
5 |
>> identify on which options it breaks. Liberte, last I looked, has quite a |
6 |
>> few hardening features off. Pay attention to GRKERNSEC_IO, PAX_PAGEEXEC, |
7 |
>> PAX_KERNEXEC, PAX_MEMORY_UDEREF. |
8 |
> |
9 |
> It took less time to work it out than I expected; a bit of a binary |
10 |
> search through the grsecurity/PaX options I had enabled pretty clearly |
11 |
> indicates the culprint is PAX_MEMORY_UDEREF. Using both |
12 |
> xf86-video-intel-2.17.0-r3 and 2.19.0 and xorg-server-1.11.3 and |
13 |
> 1.12.1, there's a bug introduced between hardened-sources-3.2.2-r1 and |
14 |
>> =3.2.11 that by enabling PAX_MEMORY_UDEREF the i915/i965 kernel |
15 |
> module gets a "BUG: unable to handle kernel NULL pointer dereference" |
16 |
> in i915_gem_execbuffer_reserve when starting X. |
17 |
> |
18 |
> I'll submit a bug shortly. |
19 |
> |
20 |
must be why I never hit it (I enable kernexec but leave uderef disabled |
21 |
for virt). |
22 |
|
23 |
-- |
24 |
-- Matthew Thode (prometheanfire) |