VirtualBox

Ticket #2652 (new defect)

Opened 5 years ago

Last modified 18 months ago

Gentoo hardened (grsecurity) hosts not supported

Reported by: decoder Owned by:
Priority: major Component: VMM
Version: VirtualBox 4.2.2 Keywords:
Cc: Guest type: Linux
Host type: Linux

Description (last modified by frank) (diff)

Hello,

I am running VirtualBox 2.0.6 on a Gentoo Hardened Host (2.6.23-r7).

Running normal linux systems as guest works fine, however when I try to boot a Gentoo Hardened _Guest_ system, VirtualBox reports a Guru Mediation Error and the VM freezes on kernel bootup. I tried with various hardened Guest kernels (2.6.23-r7, 2.6.24-r3 and 2.6.25-r9, all hardened-sources from Gentoo) but the error remains. Grsecurity/PAX presetting in the kernel is set to "high". The produced log is attached.

I will try to narrow down the search on why the kernel crashes by disabling some of the hardened options but so far I didn't have much success.

Best regards,

Christian Holler

Attachments

VBox.log Download (156.5 KB) - added by decoder 5 years ago.
Crash Log with Gentoo Hardened Guest
freeze.png Download (16.4 KB) - added by decoder 5 years ago.
Output on console until Guru Meditation

Change History

Changed 5 years ago by decoder

Crash Log with Gentoo Hardened Guest

comment:1 Changed 5 years ago by sandervl73

Is there a bootable iso available somewhere?

comment:2 Changed 5 years ago by decoder

Not yet, but I could provide you with the kernel sources and configuration if that helps. The whole machine is too big. I might also be able to create an ISO that reproduces the error if that helps.

comment:3 Changed 5 years ago by decoder

Addition: I discovered that the crash does _not_ occur when an ISO image is mounted as well and VirtualBox would boot off that iso image. So when the iso image is mounted and I hit "F12" to boot from the SATA controller anyway, it does _not_ crash. Booting normally from the sata controller without an iso attached crashes.

It might hence be hard to reproduce using an iso. Also, the kernel output shows that the last thing the kernel does before the whole VM crashes has to do with IDE. I'll attach a screenshot once I get home.

comment:4 Changed 5 years ago by decoder

I have additional material now:

1) ISO file to reproduce (attached). Kernel is compiled for opteron as the underlying host system is a 64 bit opteron system. If it doesn't work for you because of that reason, I might be able to produce a more generic example.

2) Screenshot of freeze (attached). Shows output when the ISO is booted until it gets stuck with guru meditation.

Referencing to what I said in the previous comment, it seems that it was coincidence that it didn't crash with an iso attached, as it does now... might be dependent on more factors there.

Changed 5 years ago by decoder

Output on console until Guru Meditation

comment:5 Changed 5 years ago by decoder

ISO exceeds maximum size for upload, please  download from here

comment:6 Changed 5 years ago by decoder

I also found the offending option in the kernel now:  CONFIG_PAX_MEMORY_UDEREF (Click for description)

As the description says, it isn't recommended to use it in a VM environment because of slowdowns, nevertheless I believe that a guru meditation still indicates that something unexpected happened here because of a bug in VirtualBox so I guess it might be of interest to investigate this.

Note: If you want to reproduce this yourself with your own kernel configuration and it hangs even earlier at "Booting up the kernel", try enabling all the options under CONFIG_PAX_NOEXEC. Otherwise, I wasn't even able to boot the kernel.

comment:7 Changed 5 years ago by frank

  • Component changed from other to VMM

comment:8 Changed 18 months ago by frank

  • Version changed from VirtualBox 2.0.6 to VirtualBox 4.2.2
  • Description modified (diff)
  • Summary changed from Guru Mediation (VERR_TRPM_DONT_PANIC) with Gentoo Hardened Guest to Guru Mediation with Gentoo Hardened Guest (grsecurity)

comment:9 Changed 18 months ago by frank

A user reported in #3688 that he is able to run VirtualBox by leaving grsecurity enabled but PAX disabled.

comment:10 Changed 18 months ago by frank

  • Summary changed from Guru Mediation with Gentoo Hardened Guest (grsecurity) to Gentoo hardened (grsecurity) hosts not supported
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use