| 1 |
On Thu, May 17, 2012 at 6:04 AM, Anthony G. Basile |
| 2 |
<basile@××××××××××××××.edu> wrote: |
| 3 |
> Please open a bug, attach both config files. It would be useful if you also |
| 4 |
> identify on which options it breaks. Liberte, last I looked, has quite a |
| 5 |
> few hardening features off. Pay attention to GRKERNSEC_IO, PAX_PAGEEXEC, |
| 6 |
> PAX_KERNEXEC, PAX_MEMORY_UDEREF. |
| 7 |
|
| 8 |
It took less time to work it out than I expected; a bit of a binary |
| 9 |
search through the grsecurity/PaX options I had enabled pretty clearly |
| 10 |
indicates the culprint is PAX_MEMORY_UDEREF. Using both |
| 11 |
xf86-video-intel-2.17.0-r3 and 2.19.0 and xorg-server-1.11.3 and |
| 12 |
1.12.1, there's a bug introduced between hardened-sources-3.2.2-r1 and |
| 13 |
>=3.2.11 that by enabling PAX_MEMORY_UDEREF the i915/i965 kernel |
| 14 |
module gets a "BUG: unable to handle kernel NULL pointer dereference" |
| 15 |
in i915_gem_execbuffer_reserve when starting X. |
| 16 |
|
| 17 |
I'll submit a bug shortly. |
Archives