VirtualBox

Opened 15 years ago

Last modified 11 years ago

#2652 new defect

Gentoo hardened (grsecurity) hosts not supported

Reported by: Christian Holler Owned by:
Component: VMM Version: VirtualBox 4.2.2
Keywords: Cc:
Guest type: Linux Host type: Linux

Description (last modified by Frank Mehnert)

Hello,

I am running VirtualBox 2.0.6 on a Gentoo Hardened Host (2.6.23-r7).

Running normal linux systems as guest works fine, however when I try to boot a Gentoo Hardened _Guest_ system, VirtualBox reports a Guru Mediation Error and the VM freezes on kernel bootup. I tried with various hardened Guest kernels (2.6.23-r7, 2.6.24-r3 and 2.6.25-r9, all hardened-sources from Gentoo) but the error remains. Grsecurity/PAX presetting in the kernel is set to "high". The produced log is attached.

I will try to narrow down the search on why the kernel crashes by disabling some of the hardened options but so far I didn't have much success.

Best regards,

Christian Holler

Attachments (2)

VBox.log (156.5 KB ) - added by Christian Holler 15 years ago.
Crash Log with Gentoo Hardened Guest
freeze.png (16.4 KB ) - added by Christian Holler 15 years ago.
Output on console until Guru Meditation

Download all attachments as: .zip

Change History (12)

by Christian Holler, 15 years ago

Attachment: VBox.log added

Crash Log with Gentoo Hardened Guest

comment:1 by Sander van Leeuwen, 15 years ago

Is there a bootable iso available somewhere?

comment:2 by Christian Holler, 15 years ago

Not yet, but I could provide you with the kernel sources and configuration if that helps. The whole machine is too big. I might also be able to create an ISO that reproduces the error if that helps.

comment:3 by Christian Holler, 15 years ago

Addition: I discovered that the crash does _not_ occur when an ISO image is mounted as well and VirtualBox would boot off that iso image. So when the iso image is mounted and I hit "F12" to boot from the SATA controller anyway, it does _not_ crash. Booting normally from the sata controller without an iso attached crashes.

It might hence be hard to reproduce using an iso. Also, the kernel output shows that the last thing the kernel does before the whole VM crashes has to do with IDE. I'll attach a screenshot once I get home.

comment:4 by Christian Holler, 15 years ago

I have additional material now:

1) ISO file to reproduce (attached). Kernel is compiled for opteron as the underlying host system is a 64 bit opteron system. If it doesn't work for you because of that reason, I might be able to produce a more generic example.

2) Screenshot of freeze (attached). Shows output when the ISO is booted until it gets stuck with guru meditation.

Referencing to what I said in the previous comment, it seems that it was coincidence that it didn't crash with an iso attached, as it does now... might be dependent on more factors there.

by Christian Holler, 15 years ago

Attachment: freeze.png added

Output on console until Guru Meditation

comment:5 by Christian Holler, 15 years ago

ISO exceeds maximum size for upload, please download from here

comment:6 by Christian Holler, 15 years ago

I also found the offending option in the kernel now: CONFIG_PAX_MEMORY_UDEREF (Click for description)

As the description says, it isn't recommended to use it in a VM environment because of slowdowns, nevertheless I believe that a guru meditation still indicates that something unexpected happened here because of a bug in VirtualBox so I guess it might be of interest to investigate this.

Note: If you want to reproduce this yourself with your own kernel configuration and it hangs even earlier at "Booting up the kernel", try enabling all the options under CONFIG_PAX_NOEXEC. Otherwise, I wasn't even able to boot the kernel.

comment:7 by Frank Mehnert, 15 years ago

Component: otherVMM

comment:8 by Frank Mehnert, 11 years ago

Description: modified (diff)
Summary: Guru Mediation (VERR_TRPM_DONT_PANIC) with Gentoo Hardened GuestGuru Mediation with Gentoo Hardened Guest (grsecurity)
Version: VirtualBox 2.0.6VirtualBox 4.2.2

comment:9 by Frank Mehnert, 11 years ago

A user reported in #3688 that he is able to run VirtualBox by leaving grsecurity enabled but PAX disabled.

comment:10 by Frank Mehnert, 11 years ago

Summary: Guru Mediation with Gentoo Hardened Guest (grsecurity)Gentoo hardened (grsecurity) hosts not supported
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use