1 |
Hi! |
2 |
|
3 |
I've just converted my system from x86 to amd64 (Core i7), and one of |
4 |
things which become broken because of this is vmware. When I start any |
5 |
guest my host immediately reset, and after booting I didn't see anything |
6 |
in logs - neither in kernel nor in vmware's logs. |
7 |
|
8 |
I've experimented with different kernels, and here is what I found: |
9 |
|
10 |
- hardened-sources-3.2.2-r1 work ok on x86 |
11 |
- gentoo-sources-3.2.1-r2 work ok on amd64 |
12 |
- no one hardened-sources since 2.6.39-r8 work on amd64 (I didn't tried |
13 |
older versions) |
14 |
|
15 |
Disabling both GRSEC and PAX in hardened kernels doesn't solve this issue, |
16 |
so this bug probably in that part of hardened patches which is active even |
17 |
with disabled GRSEC and PAX config options. |
18 |
|
19 |
I can't try gentoo-sources and hardened-sources with exactly same |
20 |
vmware-modules, because of extra patches needed for vmware-modules to make |
21 |
it compatible with hardened, and these patches incompatible with non-hardened. |
22 |
So, gentoo-sources work ok with vmware-modules from main portage, while |
23 |
hardened-sources work on x86 and doesn't work on amd64 with vmware-modules |
24 |
patched using these 3 patches: |
25 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295017 |
26 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295019 |
27 |
https://384739.bugs.gentoo.org/attachment.cgi?id=295021 |
28 |
|
29 |
I've also tried hardened-sources-3.2.1, both x86 and amd64 - vmware work |
30 |
on x86 and didn't work on amd64. I've tried to keep .config same, but |
31 |
there are a lot of differences anyway (I suppose they all should be |
32 |
related to 32/64-bit). |
33 |
|
34 |
So, here is diff between -gentoo and -hardened on amd64: |
35 |
|
36 |
--- /tmp/config-amd64-gentoo 2012-02-14 20:33:31.579285488 +0200 |
37 |
+++ /tmp/config-amd64-hardened 2012-02-14 20:33:40.383285603 +0200 |
38 |
@@ -179,6 +179,7 @@ |
39 |
CONFIG_X86_L1_CACHE_SHIFT=6 |
40 |
CONFIG_X86_XADD=y |
41 |
CONFIG_X86_WP_WORKS_OK=y |
42 |
+CONFIG_X86_ALIGNMENT_16=y |
43 |
CONFIG_X86_INTEL_USERCOPY=y |
44 |
CONFIG_X86_USE_PPRO_CHECKSUM=y |
45 |
CONFIG_X86_P6_NOP=y |
46 |
@@ -599,7 +600,6 @@ |
47 |
CONFIG_NTFS_FS=y |
48 |
CONFIG_PROC_FS=y |
49 |
CONFIG_PROC_SYSCTL=y |
50 |
-CONFIG_PROC_PAGE_MONITOR=y |
51 |
CONFIG_SYSFS=y |
52 |
CONFIG_TMPFS=y |
53 |
CONFIG_CONFIGFS_FS=y |
54 |
@@ -647,6 +647,7 @@ |
55 |
CONFIG_IO_DELAY_TYPE_NONE=3 |
56 |
CONFIG_IO_DELAY_0X80=y |
57 |
CONFIG_DEFAULT_IO_DELAY_TYPE=0 |
58 |
+CONFIG_TASK_SIZE_MAX_SHIFT=47 |
59 |
CONFIG_SECURITY_DMESG_RESTRICT=y |
60 |
CONFIG_SECURITY=y |
61 |
CONFIG_DEFAULT_SECURITY_DAC=y |
62 |
|
63 |
And here is diff between -hardened x86 and -hardened amd64: |
64 |
|
65 |
--- /tmp/config-x86 2012-02-14 20:31:08.183283609 +0200 |
66 |
+++ /tmp/config-amd64 2012-02-14 20:30:53.192283412 +0200 |
67 |
@@ -1,26 +1,31 @@ |
68 |
-CONFIG_X86_32=y |
69 |
+CONFIG_64BIT=y |
70 |
+CONFIG_X86_64=y |
71 |
CONFIG_X86=y |
72 |
CONFIG_INSTRUCTION_DECODER=y |
73 |
-CONFIG_OUTPUT_FORMAT="elf32-i386" |
74 |
-CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig" |
75 |
+CONFIG_OUTPUT_FORMAT="elf64-x86-64" |
76 |
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" |
77 |
CONFIG_GENERIC_CMOS_UPDATE=y |
78 |
CONFIG_CLOCKSOURCE_WATCHDOG=y |
79 |
CONFIG_GENERIC_CLOCKEVENTS=y |
80 |
+CONFIG_ARCH_CLOCKSOURCE_DATA=y |
81 |
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y |
82 |
CONFIG_LOCKDEP_SUPPORT=y |
83 |
CONFIG_STACKTRACE_SUPPORT=y |
84 |
CONFIG_HAVE_LATENCYTOP_SUPPORT=y |
85 |
CONFIG_MMU=y |
86 |
CONFIG_ZONE_DMA=y |
87 |
+CONFIG_NEED_DMA_MAP_STATE=y |
88 |
CONFIG_NEED_SG_DMA_LENGTH=y |
89 |
CONFIG_GENERIC_ISA_DMA=y |
90 |
CONFIG_GENERIC_IOMAP=y |
91 |
CONFIG_GENERIC_BUG=y |
92 |
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y |
93 |
CONFIG_GENERIC_HWEIGHT=y |
94 |
CONFIG_ARCH_MAY_HAVE_PC_FDC=y |
95 |
CONFIG_RWSEM_XCHGADD_ALGORITHM=y |
96 |
CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y |
97 |
CONFIG_GENERIC_CALIBRATE_DELAY=y |
98 |
+CONFIG_GENERIC_TIME_VSYSCALL=y |
99 |
CONFIG_ARCH_HAS_CPU_RELAX=y |
100 |
CONFIG_ARCH_HAS_DEFAULT_IDLE=y |
101 |
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y |
102 |
@@ -29,13 +34,14 @@ |
103 |
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y |
104 |
CONFIG_ARCH_HIBERNATION_POSSIBLE=y |
105 |
CONFIG_ARCH_SUSPEND_POSSIBLE=y |
106 |
+CONFIG_ZONE_DMA32=y |
107 |
CONFIG_ARCH_POPULATES_NODE_MAP=y |
108 |
+CONFIG_AUDIT_ARCH=y |
109 |
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y |
110 |
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y |
111 |
-CONFIG_X86_32_SMP=y |
112 |
+CONFIG_X86_64_SMP=y |
113 |
CONFIG_X86_HT=y |
114 |
-CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" |
115 |
-CONFIG_KTIME_SCALAR=y |
116 |
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" |
117 |
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" |
118 |
CONFIG_HAVE_IRQ_WORK=y |
119 |
CONFIG_IRQ_WORK=y |
120 |
@@ -131,7 +137,6 @@ |
121 |
CONFIG_HAVE_PERF_EVENTS_NMI=y |
122 |
CONFIG_HAVE_ARCH_JUMP_LABEL=y |
123 |
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y |
124 |
-CONFIG_HAVE_GENERIC_DMA_COHERENT=y |
125 |
CONFIG_SLABINFO=y |
126 |
CONFIG_RT_MUTEXES=y |
127 |
CONFIG_BASE_SMALL=0 |
128 |
@@ -140,9 +145,9 @@ |
129 |
CONFIG_MODULE_FORCE_UNLOAD=y |
130 |
CONFIG_STOP_MACHINE=y |
131 |
CONFIG_BLOCK=y |
132 |
-CONFIG_LBDAF=y |
133 |
CONFIG_BLK_DEV_BSG=y |
134 |
CONFIG_BLK_DEV_THROTTLING=y |
135 |
+CONFIG_BLOCK_COMPAT=y |
136 |
CONFIG_IOSCHED_NOOP=y |
137 |
CONFIG_IOSCHED_DEADLINE=y |
138 |
CONFIG_IOSCHED_CFQ=y |
139 |
@@ -174,26 +179,24 @@ |
140 |
CONFIG_X86_L1_CACHE_SHIFT=6 |
141 |
CONFIG_X86_XADD=y |
142 |
CONFIG_X86_WP_WORKS_OK=y |
143 |
-CONFIG_X86_INVLPG=y |
144 |
-CONFIG_X86_BSWAP=y |
145 |
-CONFIG_X86_POPAD_OK=y |
146 |
CONFIG_X86_ALIGNMENT_16=y |
147 |
CONFIG_X86_INTEL_USERCOPY=y |
148 |
CONFIG_X86_USE_PPRO_CHECKSUM=y |
149 |
+CONFIG_X86_P6_NOP=y |
150 |
CONFIG_X86_TSC=y |
151 |
CONFIG_X86_CMPXCHG64=y |
152 |
CONFIG_X86_CMOV=y |
153 |
-CONFIG_X86_MINIMUM_CPU_FAMILY=5 |
154 |
+CONFIG_X86_MINIMUM_CPU_FAMILY=64 |
155 |
CONFIG_X86_DEBUGCTLMSR=y |
156 |
CONFIG_CPU_SUP_INTEL=y |
157 |
-CONFIG_CPU_SUP_CYRIX_32=y |
158 |
CONFIG_CPU_SUP_AMD=y |
159 |
CONFIG_CPU_SUP_CENTAUR=y |
160 |
-CONFIG_CPU_SUP_TRANSMETA_32=y |
161 |
-CONFIG_CPU_SUP_UMC_32=y |
162 |
CONFIG_HPET_TIMER=y |
163 |
CONFIG_HPET_EMULATE_RTC=y |
164 |
CONFIG_DMI=y |
165 |
+CONFIG_GART_IOMMU=y |
166 |
+CONFIG_SWIOTLB=y |
167 |
+CONFIG_IOMMU_HELPER=y |
168 |
CONFIG_NR_CPUS=8 |
169 |
CONFIG_SCHED_MC=y |
170 |
CONFIG_PREEMPT_VOLUNTARY=y |
171 |
@@ -201,27 +204,25 @@ |
172 |
CONFIG_X86_IO_APIC=y |
173 |
CONFIG_X86_MCE=y |
174 |
CONFIG_X86_MCE_INTEL=y |
175 |
-CONFIG_X86_MCE_AMD=y |
176 |
CONFIG_X86_MCE_THRESHOLD=y |
177 |
CONFIG_X86_THERMAL_VECTOR=y |
178 |
-CONFIG_VM86=y |
179 |
CONFIG_X86_MSR=y |
180 |
CONFIG_X86_CPUID=y |
181 |
-CONFIG_HIGHMEM64G=y |
182 |
-CONFIG_PAGE_OFFSET=0xC0000000 |
183 |
-CONFIG_HIGHMEM=y |
184 |
-CONFIG_X86_PAE=y |
185 |
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y |
186 |
CONFIG_ARCH_DMA_ADDR_T_64BIT=y |
187 |
-CONFIG_ARCH_FLATMEM_ENABLE=y |
188 |
+CONFIG_DIRECT_GBPAGES=y |
189 |
CONFIG_ARCH_SPARSEMEM_ENABLE=y |
190 |
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y |
191 |
CONFIG_ARCH_SELECT_MEMORY_MODEL=y |
192 |
-CONFIG_ILLEGAL_POINTER_VALUE=0 |
193 |
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 |
194 |
CONFIG_SELECT_MEMORY_MODEL=y |
195 |
-CONFIG_FLATMEM_MANUAL=y |
196 |
-CONFIG_FLATMEM=y |
197 |
-CONFIG_FLAT_NODE_MEM_MAP=y |
198 |
-CONFIG_SPARSEMEM_STATIC=y |
199 |
+CONFIG_SPARSEMEM_MANUAL=y |
200 |
+CONFIG_SPARSEMEM=y |
201 |
+CONFIG_HAVE_MEMORY_PRESENT=y |
202 |
+CONFIG_SPARSEMEM_EXTREME=y |
203 |
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y |
204 |
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y |
205 |
+CONFIG_SPARSEMEM_VMEMMAP=y |
206 |
CONFIG_HAVE_MEMBLOCK=y |
207 |
CONFIG_PAGEFLAGS_EXTENDED=y |
208 |
CONFIG_SPLIT_PTLOCK_CPUS=4 |
209 |
@@ -247,7 +248,7 @@ |
210 |
CONFIG_HZ=1000 |
211 |
CONFIG_SCHED_HRTICK=y |
212 |
CONFIG_PHYSICAL_START=0x1000000 |
213 |
-CONFIG_PHYSICAL_ALIGN=0x400000 |
214 |
+CONFIG_PHYSICAL_ALIGN=0x1000000 |
215 |
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y |
216 |
CONFIG_PM_RUNTIME=y |
217 |
CONFIG_PM=y |
218 |
@@ -266,8 +267,6 @@ |
219 |
CONFIG_CPU_IDLE_GOV_LADDER=y |
220 |
CONFIG_INTEL_IDLE=y |
221 |
CONFIG_PCI=y |
222 |
-CONFIG_PCI_GOANY=y |
223 |
-CONFIG_PCI_BIOS=y |
224 |
CONFIG_PCI_DIRECT=y |
225 |
CONFIG_PCI_MMCONFIG=y |
226 |
CONFIG_PCI_DOMAINS=y |
227 |
@@ -282,8 +281,12 @@ |
228 |
CONFIG_ISA_DMA_API=y |
229 |
CONFIG_AMD_NB=y |
230 |
CONFIG_BINFMT_ELF=y |
231 |
-CONFIG_HAVE_AOUT=y |
232 |
-CONFIG_HAVE_ATOMIC_IOMAP=y |
233 |
+CONFIG_COMPAT_BINFMT_ELF=y |
234 |
+CONFIG_IA32_EMULATION=y |
235 |
+CONFIG_IA32_AOUT=y |
236 |
+CONFIG_COMPAT=y |
237 |
+CONFIG_COMPAT_FOR_U64_ALIGNMENT=y |
238 |
+CONFIG_SYSVIPC_COMPAT=y |
239 |
CONFIG_HAVE_TEXT_POKE_SMP=y |
240 |
CONFIG_NET=y |
241 |
CONFIG_PACKET=y |
242 |
@@ -351,6 +354,7 @@ |
243 |
CONFIG_RPS=y |
244 |
CONFIG_RFS_ACCEL=y |
245 |
CONFIG_XPS=y |
246 |
+CONFIG_HAVE_BPF_JIT=y |
247 |
CONFIG_FIB_RULES=y |
248 |
CONFIG_NET_9P=y |
249 |
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" |
250 |
@@ -547,7 +551,6 @@ |
251 |
CONFIG_USB_STORAGE=y |
252 |
CONFIG_USB_UAS=y |
253 |
CONFIG_EDAC=y |
254 |
-CONFIG_EDAC_DECODE_MCE=y |
255 |
CONFIG_EDAC_MM_EDAC=y |
256 |
CONFIG_RTC_LIB=y |
257 |
CONFIG_RTC_CLASS=y |
258 |
@@ -559,7 +562,6 @@ |
259 |
CONFIG_RTC_INTF_DEV_UIE_EMUL=y |
260 |
CONFIG_RTC_DRV_CMOS=y |
261 |
CONFIG_DMADEVICES=y |
262 |
-CONFIG_CLKSRC_I8253=y |
263 |
CONFIG_CLKEVT_I8253=y |
264 |
CONFIG_I8253_LOCK=y |
265 |
CONFIG_CLKBLD_I8253=y |
266 |
@@ -638,7 +640,6 @@ |
267 |
CONFIG_STRICT_DEVMEM=y |
268 |
CONFIG_X86_VERBOSE_BOOTUP=y |
269 |
CONFIG_EARLY_PRINTK=y |
270 |
-CONFIG_DOUBLEFAULT=y |
271 |
CONFIG_HAVE_MMIOTRACE_SUPPORT=y |
272 |
CONFIG_IO_DELAY_TYPE_0X80=0 |
273 |
CONFIG_IO_DELAY_TYPE_0XED=1 |
274 |
@@ -646,7 +647,7 @@ |
275 |
CONFIG_IO_DELAY_TYPE_NONE=3 |
276 |
CONFIG_IO_DELAY_0X80=y |
277 |
CONFIG_DEFAULT_IO_DELAY_TYPE=0 |
278 |
-CONFIG_PAX_ENABLE_PAE=y |
279 |
+CONFIG_TASK_SIZE_MAX_SHIFT=47 |
280 |
CONFIG_SECURITY_DMESG_RESTRICT=y |
281 |
CONFIG_SECURITY=y |
282 |
CONFIG_DEFAULT_SECURITY_DAC=y |
283 |
@@ -687,7 +688,6 @@ |
284 |
CONFIG_CRC_ITU_T=y |
285 |
CONFIG_CRC32=y |
286 |
CONFIG_LIBCRC32C=y |
287 |
-CONFIG_AUDIT_GENERIC=y |
288 |
CONFIG_ZLIB_INFLATE=y |
289 |
CONFIG_ZLIB_DEFLATE=y |
290 |
CONFIG_HAS_IOMEM=y |
291 |
|
292 |
|
293 |
Maybe this is same bug as https://bugs.gentoo.org/show_bug.cgi?id=382793 |
294 |
|
295 |
-- |
296 |
WBR, Alex. |