Mailing List Archive

Hi all

I'm with this several months and I still without knowing if it was mistake
from me while patching PaX with rsbac at hand or is a kernel bug, or it's
from VirtualBox (the behaviour is horrible, sorry):

After the bug hits system guest gets unusable, hard reset is required,
every command executed gets segfaulted from there.

I can reproduce it easily, using backup_all (a shell script that makes the
sec policy backup (as in this case)) or with ./configure when compiling (as
emerge does something), so emerge usually does seg fault. The EIP is always
at the same, strnlen+0x6/0x18

Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging request
at 00001033
Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde =
0000000000000000
Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]
Jul 13 22:50:02 orion kernel:
Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted 3.4.0-rsbac
#9 innotek GmbH VirtualBox
Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: 0
Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18
Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: 00001033
EDX: 0000000e
Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: ce9c07f5
ESP: c66d3b38
Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: 01415000
CR4: 000006f0
Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
DR3: 00000000
Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400
Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c
task=e738ebd0 task.ti=e738ee3c)
Jul 13 22:50:02 orion kernel: Stack:
Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 ce9c0069
ce9c0069 001a916e 000fff00
Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b c1514bcb
000007ea ff0a0004 000fffff
Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc 0004dfc6
c66d3ba8 e702a4c0 c66d3bdc
Jul 13 22:50:02 orion kernel: Call Trace:
Jul 13 22:50:02 orion kernel: [<001a884b>] ? string.isra.1+0x25/0x8c
Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257
Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25
Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e
Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?
rsbac_adf_set_attr_cap+0x680/0x9a6
Jul 13 22:50:02 orion kernel: [<00038a00>] ?
smp_apic_timer_interrupt+0x62/0x6a
Jul 13 22:50:02 orion kernel: [<00407f91>] ? resume_userspace_sig+0x1b/0x2a
Jul 13 22:50:02 orion kernel: [<0007148e>] ? rsbac_adf_set_attr+0x45f/0x12b3
Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? free_thread_xstate+0x17/0x23
Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
Jul 13 22:50:02 orion kernel: [<00030502>] ? x86_pmu_event_init+0x23c/0x2d1
Jul 13 22:50:02 orion kernel: [<000e2f53>] ? do_execve_common+0x363/0x45e
Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf
Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb
Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50
Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20
Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb
Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
Jul 13 22:50:02 orion kernel: [<000290d5>] ? math_state_restore+0x96/0x96
Jul 13 22:50:02 orion kernel: [<00010206>] ?
kvm_arch_vcpu_ioctl_run+0x79a/0xbdc
Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
Jul 13 22:50:02 orion kernel: [<0040007b>] ? pcnet32_remove_one+0x22/0xe3
Jul 13 22:50:02 orion kernel: [<0001007b>] ?
kvm_arch_vcpu_ioctl_run+0x60f/0xbdc
Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
Jul 13 22:50:02 orion kernel: [<00010287>] ?
kvm_arch_vcpu_ioctl_run+0x81b/0xbdc
Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f eb 02
31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 f8 5f c3 89
c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57
83 c9
Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 SS:ESP
0068:c66d3b38
Jul 13 22:50:02 orion kernel: CR2: 0000000000001033
Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---

Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging request
at 000010a1
Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde =
0000000000000000
Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]
Jul 13 22:59:01 orion kernel:
Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: G D
3.4.0-rsbac #9 innotek GmbH VirtualBox
Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: 0
Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18
Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: 000010a1
EDX: 0000000e
Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: ce9c0ff5
ESP: c66cfb48
Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: 01415000
CR4: 000006f0
Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
DR3: 00000000
Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400
Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c
task=e738ebd0 task.ti=e738ee3c)