Opened 16 years ago
Last modified 12 years ago
#2652 new defect
Gentoo hardened (grsecurity) hosts not supported
Reported by: | Christian Holler | Owned by: | |
---|---|---|---|
Component: | VMM | Version: | VirtualBox 4.2.2 |
Keywords: | Cc: | ||
Guest type: | Linux | Host type: | Linux |
Description (last modified by )
Hello,
I am running VirtualBox 2.0.6 on a Gentoo Hardened Host (2.6.23-r7).
Running normal linux systems as guest works fine, however when I try to boot a Gentoo Hardened _Guest_ system, VirtualBox reports a Guru Mediation Error and the VM freezes on kernel bootup. I tried with various hardened Guest kernels (2.6.23-r7, 2.6.24-r3 and 2.6.25-r9, all hardened-sources from Gentoo) but the error remains. Grsecurity/PAX presetting in the kernel is set to "high". The produced log is attached.
I will try to narrow down the search on why the kernel crashes by disabling some of the hardened options but so far I didn't have much success.
Best regards,
Christian Holler
Attachments (2)
Change History (12)
by , 16 years ago
comment:2 by , 16 years ago
Not yet, but I could provide you with the kernel sources and configuration if that helps. The whole machine is too big. I might also be able to create an ISO that reproduces the error if that helps.
comment:3 by , 16 years ago
Addition: I discovered that the crash does _not_ occur when an ISO image is mounted as well and VirtualBox would boot off that iso image. So when the iso image is mounted and I hit "F12" to boot from the SATA controller anyway, it does _not_ crash. Booting normally from the sata controller without an iso attached crashes.
It might hence be hard to reproduce using an iso. Also, the kernel output shows that the last thing the kernel does before the whole VM crashes has to do with IDE. I'll attach a screenshot once I get home.
comment:4 by , 16 years ago
I have additional material now:
1) ISO file to reproduce (attached). Kernel is compiled for opteron as the underlying host system is a 64 bit opteron system. If it doesn't work for you because of that reason, I might be able to produce a more generic example.
2) Screenshot of freeze (attached). Shows output when the ISO is booted until it gets stuck with guru meditation.
Referencing to what I said in the previous comment, it seems that it was coincidence that it didn't crash with an iso attached, as it does now... might be dependent on more factors there.
comment:6 by , 16 years ago
I also found the offending option in the kernel now: CONFIG_PAX_MEMORY_UDEREF (Click for description)
As the description says, it isn't recommended to use it in a VM environment because of slowdowns, nevertheless I believe that a guru meditation still indicates that something unexpected happened here because of a bug in VirtualBox so I guess it might be of interest to investigate this.
Note: If you want to reproduce this yourself with your own kernel configuration and it hangs even earlier at "Booting up the kernel", try enabling all the options under CONFIG_PAX_NOEXEC. Otherwise, I wasn't even able to boot the kernel.
comment:7 by , 16 years ago
Component: | other → VMM |
---|
comment:8 by , 12 years ago
Description: | modified (diff) |
---|---|
Summary: | Guru Mediation (VERR_TRPM_DONT_PANIC) with Gentoo Hardened Guest → Guru Mediation with Gentoo Hardened Guest (grsecurity) |
Version: | VirtualBox 2.0.6 → VirtualBox 4.2.2 |
comment:9 by , 12 years ago
A user reported in #3688 that he is able to run VirtualBox by leaving grsecurity enabled but PAX disabled.
comment:10 by , 12 years ago
Summary: | Guru Mediation with Gentoo Hardened Guest (grsecurity) → Gentoo hardened (grsecurity) hosts not supported |
---|
Crash Log with Gentoo Hardened Guest