* [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init @ 2009-04-02 14:05 Alex Efros 2009-04-02 15:29 ` Alex Efros 0 siblings, 1 reply; 26+ messages in thread From: Alex Efros @ 2009-04-02 14:05 UTC (permalink / raw To: gentoo-hardened Hi! subj. same kernel with GrSecurity&PaX switched off boot ok. more details: http://bugs.gentoo.org/show_bug.cgi?id=264617 anybody have idea which options in GrSecurity/PaX _MAY_ trigger that behaviour, or I have to try switch on/off all of them, one by one? :( -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 14:05 [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init Alex Efros @ 2009-04-02 15:29 ` Alex Efros 2009-04-02 15:37 ` RB 2009-04-02 21:17 ` pageexec 0 siblings, 2 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 15:29 UTC (permalink / raw To: gentoo-hardened Hi! switching off CONFIG_PAX_MPROTECT solve this issue Now I'll try to paxctl -m for /bin/bash and /sbin/runit-init (with switched on CONFIG_PAX_MPROTECT, of course)... yeah, that solves this issue too. So, now we've very strange situation: PaX require -m for process N1. This isn't related to my init (runit-init) because same happens for bash. This happens only on one server - several other servers with exactly same hardware, kernel and gentoo configuration doesn't have this issue. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 15:29 ` Alex Efros @ 2009-04-02 15:37 ` RB 2009-04-02 16:09 ` Alex Efros 2009-04-02 21:17 ` pageexec 1 sibling, 1 reply; 26+ messages in thread From: RB @ 2009-04-02 15:37 UTC (permalink / raw To: gentoo-hardened On Thu, Apr 2, 2009 at 09:29, Alex Efros <powerman@powerman.asdfgroup.com> wrote: > Hi! > > switching off CONFIG_PAX_MPROTECT solve this issue > > Now I'll try to paxctl -m for /bin/bash and /sbin/runit-init (with > switched on CONFIG_PAX_MPROTECT, of course)... yeah, that solves this > issue too. > > > So, now we've very strange situation: PaX require -m for process N1. > This isn't related to my init (runit-init) because same happens for bash. > This happens only on one server - several other servers with exactly same > hardware, kernel and gentoo configuration doesn't have this issue. I question whether your configurations are *precisely* the same. If I had to guess (and I do), I'd guess that the system in question wasn't wholly built with the -hardened toolchain. Once you grow beyond a few identical systems, it often becomes beneficial to use a single central build system and PORTAGE_BINHOST with 'emerge -gK' to install the other systems. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 15:37 ` RB @ 2009-04-02 16:09 ` Alex Efros 2009-04-02 16:36 ` Alex Efros 0 siblings, 1 reply; 26+ messages in thread From: Alex Efros @ 2009-04-02 16:09 UTC (permalink / raw To: gentoo-hardened Hi! On Thu, Apr 02, 2009 at 09:37:09AM -0600, RB wrote: > I question whether your configurations are *precisely* the same. If I > had to guess (and I do), I'd guess that the system in question wasn't > wholly built with the -hardened toolchain. Yesterday servers was upgraded to sys-libs/glibc-2.8_p20080602-r1. After that I've rebuild everything (just for the case) using: emerge linux-headers glibc binutils gcc-config gcc && emerge -1 libtool && emerge -b glibc binutils gcc portage && emerge -bke system && emerge -ke world The `gcc-config -l` output is same on all servers: [1] i686-pc-linux-gnu-3.4.6 * [2] i686-pc-linux-gnu-3.4.6-hardenednopie [3] i686-pc-linux-gnu-3.4.6-hardenednopiessp [4] i686-pc-linux-gnu-3.4.6-hardenednossp [5] i686-pc-linux-gnu-3.4.6-vanilla Here is `emerge --info`: server with this issue: http://powerman.name/tmp/emerge-info1 server without this issue: http://powerman.name/tmp/emerge-info2 /proc/config.gz on both servers are same (except compile date): http://powerman.name/tmp/config1 As far as I able to check - server configurations are *same*. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 16:09 ` Alex Efros @ 2009-04-02 16:36 ` Alex Efros 2009-04-02 16:45 ` Alex Efros 2009-04-02 18:54 ` RB 0 siblings, 2 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 16:36 UTC (permalink / raw To: gentoo-hardened Hi! Also, I've just compared runit-init & bash binaries on both servers. Here results from server with this issue: # for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done -rwxr-xr-x 1 root root 858476 2009-04-01 23:44 /bin/bash 1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash PaX control v0.5 Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu> - PaX flags: -------x-e-- [/bin/bash] RANDEXEC is disabled EMUTRAMP is disabled -rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init PaX control v0.5 Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu> - PaX flags: -----m-x-e-- [/sbin/runit-init] MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled Here from server without this issue: # for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done -rwxr-xr-x 1 root root 858476 2009-04-01 23:38 /bin/bash 1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash PaX control v0.5 Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu> - PaX flags: -------x-e-- [/bin/bash] RANDEXEC is disabled EMUTRAMP is disabled -rwxr-xr-x 1 root root 13616 2009-04-02 00:37 /sbin/runit-init 8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init PaX control v0.5 Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu> - PaX flags: -------x-e-- [/sbin/runit-init] RANDEXEC is disabled EMUTRAMP is disabled As you see, bash is *same* on both servers, but on first server failed to boot with init=/bin/bash unless I do paxctl -m /bin/bash. I've no idea why runit-init differ, but it's ease to test - I've copied runit-init from second server to first, and tried to boot it using that runit-init (without marking it with paxctl -m): # ls -l /sbin/runit-init* -rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init -rwxr-xr-x 1 root root 13616 2009-04-02 16:25 /sbin/runit-init2 # md5sum /sbin/runit-init* c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init 8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init2 And... yeah, it doesn't boot with init=/sbin/runit-init2, as expected. Only possible difference between servers which I can't see may be in hardware. But: - server should be same, at least we buy them both as "HP ProLiant DL140 G3" and they both has same BIOS version "1.14 08/13/07" so I suppose they should be same unless some hardware is broken - previous kernel sys-kernel/hardened-sources-2.6.27-r8 works ok on both servers with same kernel configuration (CONFIG_PAX_MPROTECT enabled, paxctl -m doesn't applied to runit-init) So, this issue in some way related to PaX changes between 2.6.27-r8 and 2.6.28-r7. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 16:36 ` Alex Efros @ 2009-04-02 16:45 ` Alex Efros 2009-04-02 18:54 ` RB 1 sibling, 0 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 16:45 UTC (permalink / raw To: gentoo-hardened Hi! On Thu, Apr 02, 2009 at 07:36:18PM +0300, Alex Efros wrote: > - server should be same, at least we buy them both as "HP ProLiant DL140 G3" > and they both has same BIOS version "1.14 08/13/07" so I suppose they > should be same unless some hardware is broken Actually only difference I see in hardware configuration is different IRQ for Video: server with this issue use IRQ 7, server without use IRQ 11: # diff lspci* 273c273 < Flags: bus master, medium devsel, latency 128, IRQ 11 --- > Flags: bus master, medium devsel, latency 128, IRQ 7 It's strange, but on both servers I don't see IRQ 7 in /proc/interrupts. On both it looks this way (only numbers are different): # cat /proc/interrupts CPU0 CPU1 CPU2 CPU3 0: 34 0 0 1 IO-APIC-edge timer 1: 0 0 0 0 IO-APIC-edge i8042 4: 11 16 13 13 IO-APIC-edge serial 8: 16 17 17 15 IO-APIC-edge rtc0 9: 0 0 0 0 IO-APIC-fasteoi acpi 14: 2218 2239 2218 2245 IO-APIC-edge ata_piix 15: 2 1 2 2 IO-APIC-edge ata_piix 16: 12647 12621 12644 12618 IO-APIC-fasteoi eth0 NMI: 0 0 0 0 Non-maskable interrupts LOC: 51049 51563 50775 51689 Local timer interrupts RES: 999 1102 1250 1186 Rescheduling interrupts CAL: 90 132 125 61 Function call interrupts TLB: 719 856 605 965 TLB shootdowns TRM: 0 0 0 0 Thermal event interrupts SPU: 0 0 0 0 Spurious interrupts ERR: 0 MIS: 0 -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 16:36 ` Alex Efros 2009-04-02 16:45 ` Alex Efros @ 2009-04-02 18:54 ` RB 2009-04-02 19:06 ` Alex Efros 1 sibling, 1 reply; 26+ messages in thread From: RB @ 2009-04-02 18:54 UTC (permalink / raw To: gentoo-hardened > So, this issue in some way related to PaX changes between 2.6.27-r8 and > 2.6.28-r7. Maybe; there are also a lot of core kernel changes between those versions, any of which could interact with the hardened patchset in a negative manner. Given that identical systems with identical configurations work, I find the specific, physical machine more suspect than something with PaX. The memory management changes it provides in combination with the memory management changes introduced in 2.6.28 could well exacerbate existing issues in a RAM module that weren't being triggered previously. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 18:54 ` RB @ 2009-04-02 19:06 ` Alex Efros 0 siblings, 0 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 19:06 UTC (permalink / raw To: gentoo-hardened Hi! On Thu, Apr 02, 2009 at 12:54:45PM -0600, RB wrote: > PaX. The memory management changes it provides in combination with > the memory management changes introduced in 2.6.28 could well > exacerbate existing issues in a RAM module that weren't being > triggered previously. Yeah, that's true. But it's a production server, and it's hard to switch it off for ~6 hours while memtest86 will check RAM. Also, nature of this bug make it ease to debug it, because it's happens every time. I'd prefer to find a way to trace PaX code to find out what exactly goes wrong, why it kill process N1. If PaX team provide a patch which add some debugging output for PaX, or something else - to make this investigation possible - I'll be happy to try it. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 15:29 ` Alex Efros 2009-04-02 15:37 ` RB @ 2009-04-02 21:17 ` pageexec 2009-04-02 22:22 ` Alex Efros 1 sibling, 1 reply; 26+ messages in thread From: pageexec @ 2009-04-02 21:17 UTC (permalink / raw To: gentoo-hardened On 2 Apr 2009 at 18:29, Alex Efros wrote: > Hi! > > switching off CONFIG_PAX_MPROTECT solve this issue > > Now I'll try to paxctl -m for /bin/bash and /sbin/runit-init (with > switched on CONFIG_PAX_MPROTECT, of course)... yeah, that solves this > issue too. can you strace bash/etc to see what happens? probably we'll see what runs against the MPROTECT restricions. my guess is either textrels or gnu_stack (compare scanelf -lpqRte on your systems). btw, why are you using SEGMEXEC on your core2? ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 21:17 ` pageexec @ 2009-04-02 22:22 ` Alex Efros 2009-04-02 22:25 ` klondike 2009-04-02 22:43 ` pageexec 0 siblings, 2 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 22:22 UTC (permalink / raw To: gentoo-hardened Hi! On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@freemail.hu wrote: > can you strace bash/etc to see what happens? probably we'll see what runs how do I can strace process N1? PaX doesn't kill bash if it executed not as process N1. > against the MPROTECT restricions. my guess is either textrels or gnu_stack > (compare scanelf -lpqRte on your systems). it's same on all servers: # scanelf -lpqRte TEXTREL /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so RWX --- --- /usr/lib/paxtest/writetext RWX --- --- /usr/lib/paxtest/shlibbss RWX --- --- /usr/lib/paxtest/mprotanon RWX --- --- /usr/lib/paxtest/mprotdata RWX --- --- /usr/lib/paxtest/mprotheap RWX --- --- /usr/lib/paxtest/rettofunc1 RWX --- --- /usr/lib/paxtest/rettofunc2 RWX --- --- /usr/lib/paxtest/execbss RWX --- --- /usr/lib/paxtest/execstack RWX --- --- /usr/lib/paxtest/mprotshbss RWX --- --- /usr/lib/paxtest/mprotstack RWX --- --- /usr/lib/paxtest/mprotbss RWX --- --- /usr/lib/paxtest/anonmap RWX --- --- /usr/lib/paxtest/mprotshdata RWX --- --- /usr/lib/paxtest/execdata RWX --- --- /usr/lib/paxtest/execheap RWX --- --- /usr/lib/paxtest/rettofunc1x RWX --- --- /usr/lib/paxtest/rettofunc2x RWX --- --- /usr/lib/paxtest/shlibdata RWX --- --- /usr/inferno/Linux/386/bin/emu RWX --- --- /usr/inferno/Linux/386/bin/emu-g > btw, why are you using SEGMEXEC on your core2? Hmm. You think I should use PAGEEXEC instead? According to help in linux kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310... In help for PAGEEXEC it doesn't recommended for P4 and there is nothing about newest processors, so I suppose PAGEEXEC may not be a good choice. After your question I've re-read help, and notice "i386 with hardware non-executable bit support" item at end of list with less usual archs like avr32, sparc, etc. If that was said about Core/Xeon too, then there probably little usability issue with that help. ;-) -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 22:22 ` Alex Efros @ 2009-04-02 22:25 ` klondike 2009-04-02 22:43 ` pageexec 1 sibling, 0 replies; 26+ messages in thread From: klondike @ 2009-04-02 22:25 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 2184 bytes --] 2009/4/3 Alex Efros <powerman@powerman.asdfgroup.com> > Hi! > > On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@freemail.hu wrote: > > can you strace bash/etc to see what happens? probably we'll see what runs > > how do I can strace process N1? > PaX doesn't kill bash if it executed not as process N1. > > > against the MPROTECT restricions. my guess is either textrels or > gnu_stack > > (compare scanelf -lpqRte on your systems). > > it's same on all servers: > > # scanelf -lpqRte > TEXTREL /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so > RWX --- --- /usr/lib/paxtest/writetext > RWX --- --- /usr/lib/paxtest/shlibbss > RWX --- --- /usr/lib/paxtest/mprotanon > RWX --- --- /usr/lib/paxtest/mprotdata > RWX --- --- /usr/lib/paxtest/mprotheap > RWX --- --- /usr/lib/paxtest/rettofunc1 > RWX --- --- /usr/lib/paxtest/rettofunc2 > RWX --- --- /usr/lib/paxtest/execbss > RWX --- --- /usr/lib/paxtest/execstack > RWX --- --- /usr/lib/paxtest/mprotshbss > RWX --- --- /usr/lib/paxtest/mprotstack > RWX --- --- /usr/lib/paxtest/mprotbss > RWX --- --- /usr/lib/paxtest/anonmap > RWX --- --- /usr/lib/paxtest/mprotshdata > RWX --- --- /usr/lib/paxtest/execdata > RWX --- --- /usr/lib/paxtest/execheap > RWX --- --- /usr/lib/paxtest/rettofunc1x > RWX --- --- /usr/lib/paxtest/rettofunc2x > RWX --- --- /usr/lib/paxtest/shlibdata > RWX --- --- /usr/inferno/Linux/386/bin/emu > RWX --- --- /usr/inferno/Linux/386/bin/emu-g > > > btw, why are you using SEGMEXEC on your core2? > > Hmm. You think I should use PAGEEXEC instead? According to help in linux > kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310... > > In help for PAGEEXEC it doesn't recommended for P4 and there is nothing > about newest processors, so I suppose PAGEEXEC may not be a good choice. > > After your question I've re-read help, and notice "i386 with hardware > non-executable bit support" item at end of list with less usual archs like > avr32, sparc, etc. If that was said about Core/Xeon too, then there > probably little usability issue with that help. ;-) > Just check if the cpu has the NX flag, if it does, you should use pageexec. [-- Attachment #2: Type: text/html, Size: 2750 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 22:22 ` Alex Efros 2009-04-02 22:25 ` klondike @ 2009-04-02 22:43 ` pageexec 2009-04-02 23:04 ` Alex Efros 1 sibling, 1 reply; 26+ messages in thread From: pageexec @ 2009-04-02 22:43 UTC (permalink / raw To: gentoo-hardened On 3 Apr 2009 at 1:22, Alex Efros wrote: > On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@freemail.hu wrote: > > can you strace bash/etc to see what happens? probably we'll see what runs > > how do I can strace process N1? you can enable and boot into softmode then turn it off and see what you can reproduce then. that won't let you strace pid=1 but let's you play with the rest while running an MPROTECT kernel. > PaX doesn't kill bash if it executed not as process N1. hmm, i don't get it. are you saying that with MPROTECT enabled in the kernel, bash fails to start when run as init, but works otherwise? > > against the MPROTECT restricions. my guess is either textrels or gnu_stack > > (compare scanelf -lpqRte on your systems). > > it's same on all servers: hmm, so nothing stands out, and only pid=1 is ever affected? i've never seen such a failure mode ;). > > btw, why are you using SEGMEXEC on your core2? > > Hmm. You think I should use PAGEEXEC instead? According to help in linux > kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310... > > In help for PAGEEXEC it doesn't recommended for P4 and there is nothing > about newest processors, so I suppose PAGEEXEC may not be a good choice. the help talks about exactly what is problematic, the P4 core. the core2 is different, and it also has hw non-exec support. > After your question I've re-read help, and notice "i386 with hardware > non-executable bit support" item at end of list with less usual archs like > avr32, sparc, etc. If that was said about Core/Xeon too, then there > probably little usability issue with that help. ;-) i can't possibly list every cpuid that has NX support, up to you to determine it ;). besides, you can always enable both non-exec features and the kernel will choose the better one at runtime. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 22:43 ` pageexec @ 2009-04-02 23:04 ` Alex Efros 2009-04-03 6:50 ` pageexec 2010-10-23 12:21 ` Alex Efros 0 siblings, 2 replies; 26+ messages in thread From: Alex Efros @ 2009-04-02 23:04 UTC (permalink / raw To: gentoo-hardened Hi! On Fri, Apr 03, 2009 at 12:43:26AM +0200, pageexec@freemail.hu wrote: > hmm, i don't get it. are you saying that with MPROTECT enabled in the > kernel, bash fails to start when run as init, but works otherwise? > > hmm, so nothing stands out, and only pid=1 is ever affected? i've never seen > such a failure mode ;). Yep. Me too. I can try other application, but if both bash and runit-init affected I think there little sense in trying other. So, yeah, the question is, how to debug PaX while kernel starting process N1? Or how to prove process N1 has nothing with this bug? To resume, what we've now: Fact 1: previous kernel (2.6.27-hardened-r8) doesn't hangs Fact 2: kernel hang after "Freeing unused kernel memory:" * so I suppose it failed to start process N1 Fact 3: kernel compiled without MPROTECT doesn't hangs * so I suppose it's something related to PaX ... * or some very unique hardware issue Fact 4: kernel loaded with init=/bin/bash hangs in same way * so it's unlikely issue with runit-init Fact 5: paxctl -m for init command (/sbin/runit-init or /bin/bash) fix issue * so there workaround exists which doesn't lower overall server security Fact 6: /bin/bash works just fine without paxctl -m after boot * so it has nothing with usual PaX work Fact 7: this issue happens on one of several similar (if no equal) servers * buggy hardware or some conflict (there IRQ differences between servers)? I think best way to find out what happens - add debug prints into PaX code which executes while starting process N1. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 23:04 ` Alex Efros @ 2009-04-03 6:50 ` pageexec 2009-04-03 13:27 ` Alex Efros 2010-10-23 12:21 ` Alex Efros 1 sibling, 1 reply; 26+ messages in thread From: pageexec @ 2009-04-03 6:50 UTC (permalink / raw To: gentoo-hardened On 3 Apr 2009 at 2:04, Alex Efros wrote: > I think best way to find out what happens - add debug prints into PaX code > which executes while starting process N1. ok, can you add a printk into mm/mmap.c:mmap_region and print out all the arguments? that will show us at least what the kernel intended to mmap during execve. something like: printk("f:%p a:%0lx l:%0lx f:%0lx v:%0lx p:%0lx\n", file, addr, len, flags, vm_flags, pgoff); also to simplify matters, can you just run with the PaX test patch alone? ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-03 6:50 ` pageexec @ 2009-04-03 13:27 ` Alex Efros 0 siblings, 0 replies; 26+ messages in thread From: Alex Efros @ 2009-04-03 13:27 UTC (permalink / raw To: gentoo-hardened Hi! On Fri, Apr 03, 2009 at 08:50:37AM +0200, pageexec@freemail.hu wrote: > ok, can you add a printk into mm/mmap.c:mmap_region and print out all the > arguments? that will show us at least what the kernel intended to mmap > during execve. something like: > > printk("f:%p a:%0lx l:%0lx f:%0lx v:%0lx p:%0lx\n", file, addr, len, flags, vm_flags, pgoff); Booting init=/bin/bash (PaX flags: -------x-e--) Freeing unused kernel memory: 2024k freed f:f6ce0c80 a:12b4d000 l:cb000 f:1812 v:1855 p:0 f:f6ce0c80 a:12c18000 l:7000 f:1812 v:1833 p:cb f:f756b980 a:54720000 l:1c000 f:802 v:855 p:0 f:f756b980 a:5473a000 l:2000 f:812 v:833 p:1a (hang) ... once again: Freeing unused kernel memory: 2024k freed f:f7655b00 a:1454e000 l:cb000 f:1812 v:1855 p:0 f:f7655b00 a:14619000 l:7000 f:1812 v:1833 p:cb f:f76558c0 a:4de0a000 l:1c000 f:802 v:855 p:0 f:f76558c0 a:4de24000 l:2000 f:812 v:833 p:1a (hang) Booting init=/bin/bash-m (PaX flags: -----m-x-e--) Freeing unused kernel memory: 2024k freed f:f74f52c0 a:126a3000 l:cb000 f:1812 v:1875 p:0 f:f74f52c0 a:1276e000 l:7000 f:1812 v:1873 p:cb f:f749a6c0 a:524ad000 l:1c000 f:802 v:875 p:0 f:f749a6c0 a:524c7000 l:2000 f:812 v:873 p:1a f:f7577800 a:524a6000 l:6000 f:2 v:71 p:0 f:00000000 a:524a5000 l:1000 f:22 v:73 p:524a5 f:f749a600 a:5245a000 l:4b000 f:2 v:75 p:0 f:f749a600 a:5249c000 l:9000 f:12 v:73 p:42 f:f74f5440 a:52456000 l:4000 f:2 v:75 p:0 f:f74f5440 a:52458000 l:2000 f:12 v:73 p:1 f:f752ebc0 a:5231b000 l:13b000 f:2 v:75 p:0 f:f752ebc0 a:52450000 l:3000 f:12 v:73 p:135 f:00000000 a:52453000 l:3000 f:32 v:73 p:52453 f:00000000 a:5231a000 l:1000 f:22 v:73 p:5231a f:00000000 a:524ab000 l:1000 f:22 v:73 p:524ab f:f749a540 a:524a6000 l:6000 f:2 v:71 p:0 f:f752eb00 a:52311000 l:9000 f:2 v:75 p:0 f:f752eb00 a:52318000 l:2000 f:12 v:73 p:6 f:f7577800 a:522fa000 l:17000 f:2 v:75 p:0 f:f7577800 a:5230d000 l:2000 f:12 v:73 p:12 f:00000000 a:5230f000 l:2000 f:32 v:73 p:5230f f:f752ea40 a:524a6000 l:6000 f:2 v:71 p:0 f:f752e980 a:522f0000 l:a000 f:2 v:75 p:0 f:f752e980 a:522f8000 l:2000 f:12 v:73 p:7 f:f75778c0 a:522e5000 l:b000 f:2 v:75 p:0 f:f75778c0 a:522ee000 l:2000 f:12 v:73 p:8 f:f749a540 a:524aa000 l:2000 f:1 v:d1 p:0 f:00000000 a:524ab000 l:1000 f:22 v:73 p:524ab f:f74f5380 a:1519d000 l:9000 f:1812 v:1855 p:0 f:f74f5380 a:151a6000 l:2000 f:1812 v:1833 p:8 f:f752e8c0 a:55575000 l:1c000 f:802 v:855 p:0 f:f752e8c0 a:5558f000 l:2000 f:812 v:833 p:1a f:f752ea40 a:5556e000 l:6000 f:2 v:31 p:0 f:00000000 a:5556d000 l:1000 f:22 v:33 p:5556d f:f7577980 a:55432000 l:13b000 f:2 v:55 p:0 f:f7577980 a:55567000 l:3000 f:12 v:33 p:135 f:00000000 a:5556a000 l:3000 f:32 v:33 p:5556a f:00000000 a:55431000 l:1000 f:22 v:33 p:55431 f:00000000 a:55573000 l:1000 f:22 v:33 p:55573 f:00000000 a:55573000 l:1000 f:22 v:33 p:55573 f:00000000 a:524aa000 l:1000 f:22 v:73 p:524aa (none) / # > also to simplify matters, can you just run with the PaX test patch alone? which exactly version of kernel and PaX patch I should test? -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2009-04-02 23:04 ` Alex Efros 2009-04-03 6:50 ` pageexec @ 2010-10-23 12:21 ` Alex Efros 2010-10-23 15:31 ` Alex Efros 2010-10-23 17:15 ` pageexec 1 sibling, 2 replies; 26+ messages in thread From: Alex Efros @ 2010-10-23 12:21 UTC (permalink / raw To: gentoo-hardened Hi! On Fri, Apr 03, 2009 at 02:04:31AM +0300, Alex Efros wrote: > To resume, what we've now: > > Fact 1: previous kernel (2.6.27-hardened-r8) doesn't hangs > Fact 2: kernel hang after "Freeing unused kernel memory:" > * so I suppose it failed to start process N1 > Fact 3: kernel compiled without MPROTECT doesn't hangs > * so I suppose it's something related to PaX ... > * or some very unique hardware issue > Fact 4: kernel loaded with init=/bin/bash hangs in same way > * so it's unlikely issue with runit-init > Fact 5: paxctl -m for init command (/sbin/runit-init or /bin/bash) fix issue > * so there workaround exists which doesn't lower overall server security > Fact 6: /bin/bash works just fine without paxctl -m after boot > * so it has nothing with usual PaX work > Fact 7: this issue happens on one of several similar (if no equal) servers > * buggy hardware or some conflict (there IRQ differences between servers)? This just happens again: after upgrade from 2.6.32-hardened-r9 to 2.6.32-hardened-r22 kernel hangs after "Freeing unused kernel memory:". With init=/bin/bash it boots ok (bash flags: -------x-e--). With init=/sbin/runit-init it hangs (with flags: -------x-e--). paxctl -m /sbin/runit-init fixed this issue. Strange thing is: I've 4 HP servers with same hardware and same software, but this issue happens only on one of servers - three other boot new kernel without issues while their /sbin/runit-init has flags -------x-e--. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2010-10-23 12:21 ` Alex Efros @ 2010-10-23 15:31 ` Alex Efros 2010-10-23 17:15 ` pageexec 1 sibling, 0 replies; 26+ messages in thread From: Alex Efros @ 2010-10-23 15:31 UTC (permalink / raw To: gentoo-hardened Hi! On Sat, Oct 23, 2010 at 03:21:45PM +0300, Alex Efros wrote: > This just happens again: after upgrade from 2.6.32-hardened-r9 to > 2.6.32-hardened-r22 kernel hangs after "Freeing unused kernel memory:". > With init=/bin/bash it boots ok (bash flags: -------x-e--). > With init=/sbin/runit-init it hangs (with flags: -------x-e--). > paxctl -m /sbin/runit-init fixed this issue. > > Strange thing is: I've 4 HP servers with same hardware and same software, > but this issue happens only on one of servers - three other boot new > kernel without issues while their /sbin/runit-init has flags -------x-e--. I've copied kernel from another server (both kernels should be same, because their .config are same and build environment also was same). This kernel boot /sbin/runit-init even without paxctl -m... BUT only in about 50% cases - in other 50% it just hangs like original kernel. Original kernel looks "stable" - it always boot with paxctl -m and always hangs without paxctl -m. As for me, this somehow looks like possible hardware issue... but everything else works ok (including old kernel and all software on this server with new kernel). Only hardware sensor warning detected on this server by HP LO100i is: 3V CMOS Sense: Lower Non-critical: 2.74 Volts -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2010-10-23 12:21 ` Alex Efros 2010-10-23 15:31 ` Alex Efros @ 2010-10-23 17:15 ` pageexec 2010-10-23 21:44 ` Alex Efros 2010-10-23 22:07 ` [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX Alex Efros 1 sibling, 2 replies; 26+ messages in thread From: pageexec @ 2010-10-23 17:15 UTC (permalink / raw To: gentoo-hardened On 23 Oct 2010 at 15:21, Alex Efros wrote: > This just happens again: after upgrade from 2.6.32-hardened-r9 to > 2.6.32-hardened-r22 kernel hangs after "Freeing unused kernel memory:". > With init=/bin/bash it boots ok (bash flags: -------x-e--). > With init=/sbin/runit-init it hangs (with flags: -------x-e--). > paxctl -m /sbin/runit-init fixed this issue. can you boot the machine then paxctl -zex /sbin/runit-init (or a copy of it) then strace it and post the logs? also what's the kernel .config on these machines like (PAE and PaX at least)? ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init 2010-10-23 17:15 ` pageexec @ 2010-10-23 21:44 ` Alex Efros 2010-10-23 22:07 ` [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX Alex Efros 1 sibling, 0 replies; 26+ messages in thread From: Alex Efros @ 2010-10-23 21:44 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1599 bytes --] Hi! On Sat, Oct 23, 2010 at 07:15:19PM +0200, pageexec@freemail.hu wrote: > can you boot the machine then paxctl -zex /sbin/runit-init (or a copy > of it) then strace it and post the logs? also what's the kernel .config > on these machines like (PAE and PaX at least)? No, I don't think so. /sbin/runit-init behave differently in case it executed as process N1 (do process N1 work) and in other cases (execute reboot or halt procedure). To make sure: I've just did paxctl -m /sbin/runit-init, boot kernel compiled on this server (which boot ONLY with paxctl -m), then run: # paxctl -zxe /sbin/runit-init # /sbin/runit-init usage: /sbin/runit-init 0|6 No segfault here, and strace won't help. Here is extract from that's kernel .config: # gzip -dc /proc/config.gz | egrep -i 'pax|pae' CONFIG_X86_PAE=y # PaX CONFIG_PAX_ENABLE_PAE=y CONFIG_PAX=y # PaX Control # CONFIG_PAX_SOFTMODE is not set CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y CONFIG_PAX_NO_ACL_FLAGS=y # CONFIG_PAX_HAVE_ACL_FLAGS is not set # CONFIG_PAX_HOOK_ACL_FLAGS is not set CONFIG_PAX_NOEXEC=y # CONFIG_PAX_PAGEEXEC is not set CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_EMUTRAMP is not set CONFIG_PAX_MPROTECT=y CONFIG_PAX_ELFRELOCS=y # CONFIG_PAX_KERNEXEC is not set CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y # CONFIG_PAX_MEMORY_SANITIZE is not set CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y CONFIG_PAX_USERCOPY=y Full .config in attach. -- WBR, Alex. [-- Attachment #2: config --] [-- Type: text/plain, Size: 40347 bytes --] # # Automatically generated make config: don't edit # Linux kernel version: 2.6.32-hardened-r22 # Sat Oct 23 01:35:19 2010 # # CONFIG_64BIT is not set CONFIG_X86_32=y # CONFIG_X86_64 is not set CONFIG_X86=y CONFIG_OUTPUT_FORMAT="elf32-i386" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig" CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CMOS_UPDATE=y CONFIG_CLOCKSOURCE_WATCHDOG=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_HAVE_LATENCYTOP_SUPPORT=y CONFIG_MMU=y CONFIG_ZONE_DMA=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y CONFIG_GENERIC_CALIBRATE_DELAY=y # CONFIG_GENERIC_TIME_VSYSCALL is not set CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_DEFAULT_IDLE=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y # CONFIG_HAVE_CPUMASK_OF_CPU_MAP is not set CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y # CONFIG_ZONE_DMA32 is not set CONFIG_ARCH_POPULATES_NODE_MAP=y # CONFIG_AUDIT_ARCH is not set CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_GENERIC_HARDIRQS=y CONFIG_GENERIC_HARDIRQS_NO__DO_IRQ=y CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_PENDING_IRQ=y CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_X86_32_SMP=y CONFIG_X86_HT=y CONFIG_X86_TRAMPOLINE=y CONFIG_KTIME_SCALAR=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_CONSTRUCTORS=y # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_LOCK_KERNEL=y CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y CONFIG_HAVE_KERNEL_LZMA=y CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_BZIP2 is not set # CONFIG_KERNEL_LZMA is not set CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y # CONFIG_POSIX_MQUEUE is not set # CONFIG_BSD_PROCESS_ACCT is not set CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_TREE_RCU=y # CONFIG_TREE_PREEMPT_RCU is not set # CONFIG_RCU_TRACE is not set CONFIG_RCU_FANOUT=32 # CONFIG_RCU_FANOUT_EXACT is not set # CONFIG_TREE_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_GROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y # CONFIG_RT_GROUP_SCHED is not set CONFIG_USER_SCHED=y # CONFIG_CGROUP_SCHED is not set # CONFIG_CGROUPS is not set # CONFIG_SYSFS_DEPRECATED_V2 is not set # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_EXTRA_PASS is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_PCSPKR_PLATFORM=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_HAVE_PERF_EVENTS=y # # Kernel Performance Events And Counters # CONFIG_PERF_EVENTS=y # CONFIG_PERF_COUNTERS is not set CONFIG_VM_EVENT_COUNTERS=y CONFIG_PCI_QUIRKS=y # CONFIG_COMPAT_BRK is not set CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set CONFIG_HAVE_OPROFILE=y CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_HAVE_IOREMAP_PROT=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y CONFIG_HAVE_DMA_API_DEBUG=y # # GCOV-based kernel profiling # # CONFIG_SLOW_WORK is not set CONFIG_HAVE_GENERIC_DMA_COHERENT=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y CONFIG_LBDAF=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y # CONFIG_DEFAULT_AS is not set CONFIG_DEFAULT_DEADLINE=y # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="deadline" # CONFIG_FREEZER is not set # # Processor type and features # CONFIG_TICK_ONESHOT=y # CONFIG_NO_HZ is not set CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_SMP=y # CONFIG_SPARSE_IRQ is not set CONFIG_X86_MPPARSE=y # CONFIG_X86_BIGSMP is not set # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y CONFIG_SCHED_OMIT_FRAME_POINTER=y # CONFIG_PARAVIRT_GUEST is not set # CONFIG_MEMTEST is not set # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set CONFIG_MCORE2=y # CONFIG_MATOM is not set # CONFIG_GENERIC_CPU is not set # CONFIG_X86_GENERIC is not set CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=5 CONFIG_X86_DEBUGCTLMSR=y CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y # CONFIG_X86_DS is not set CONFIG_HPET_TIMER=y CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y # CONFIG_IOMMU_HELPER is not set # CONFIG_IOMMU_API is not set CONFIG_NR_CPUS=4 # CONFIG_SCHED_SMT is not set CONFIG_SCHED_MC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set CONFIG_X86_MCE=y CONFIG_X86_MCE_INTEL=y CONFIG_X86_MCE_AMD=y # CONFIG_X86_ANCIENT_MCE is not set CONFIG_X86_MCE_THRESHOLD=y # CONFIG_X86_MCE_INJECT is not set CONFIG_X86_THERMAL_VECTOR=y CONFIG_VM86=y # CONFIG_TOSHIBA is not set # CONFIG_I8K is not set # CONFIG_X86_REBOOTFIXUPS is not set # CONFIG_MICROCODE is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set # CONFIG_NOHIGHMEM is not set # CONFIG_HIGHMEM4G is not set CONFIG_HIGHMEM64G=y CONFIG_PAGE_OFFSET=0xC0000000 CONFIG_HIGHMEM=y CONFIG_X86_PAE=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_FLATMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_ILLEGAL_POINTER_VALUE=0 CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_SPARSEMEM_STATIC=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=1 CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y # CONFIG_MEMORY_FAILURE is not set # CONFIG_HIGHPTE is not set # CONFIG_X86_CHECK_BIOS_CORRUPTION is not set CONFIG_X86_RESERVE_LOW_64K=y # CONFIG_MATH_EMULATION is not set CONFIG_MTRR=y # CONFIG_MTRR_SANITIZER is not set CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y # CONFIG_EFI is not set CONFIG_SECCOMP=y CONFIG_CC_STACKPROTECTOR=y CONFIG_HZ_100=y # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set # CONFIG_HZ_1000 is not set CONFIG_HZ=100 CONFIG_SCHED_HRTICK=y # CONFIG_KEXEC is not set # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x100000 # CONFIG_HOTPLUG_CPU is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # # Power management and ACPI options # CONFIG_PM=y # CONFIG_PM_DEBUG is not set # CONFIG_SUSPEND is not set # CONFIG_HIBERNATION is not set # CONFIG_PM_RUNTIME is not set CONFIG_ACPI=y # CONFIG_ACPI_PROCFS is not set CONFIG_ACPI_PROCFS_POWER=y # CONFIG_ACPI_POWER_METER is not set CONFIG_ACPI_SYSFS_POWER=y CONFIG_ACPI_PROC_EVENT=y # CONFIG_ACPI_AC is not set # CONFIG_ACPI_BATTERY is not set CONFIG_ACPI_BUTTON=y CONFIG_ACPI_FAN=y CONFIG_ACPI_DOCK=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_PROCESSOR_AGGREGATOR=y CONFIG_ACPI_THERMAL=y # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set # CONFIG_ACPI_PCI_SLOT is not set CONFIG_X86_PM_TIMER=y # CONFIG_ACPI_CONTAINER is not set # CONFIG_ACPI_SBS is not set # CONFIG_SFI is not set # # CPU Frequency scaling # # CONFIG_CPU_FREQ is not set CONFIG_CPU_IDLE=y CONFIG_CPU_IDLE_GOV_LADDER=y # # Bus options (PCI etc.) # CONFIG_PCI=y # CONFIG_PCI_GOBIOS is not set # CONFIG_PCI_GOMMCONFIG is not set # CONFIG_PCI_GODIRECT is not set # CONFIG_PCI_GOOLPC is not set CONFIG_PCI_GOANY=y CONFIG_PCI_BIOS=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_DOMAINS=y CONFIG_PCIEPORTBUS=y CONFIG_PCIEAER=y # CONFIG_PCIE_ECRC is not set # CONFIG_PCIEAER_INJECT is not set # CONFIG_PCIEASPM is not set CONFIG_ARCH_SUPPORTS_MSI=y # CONFIG_PCI_MSI is not set CONFIG_PCI_LEGACY=y # CONFIG_PCI_STUB is not set CONFIG_HT_IRQ=y # CONFIG_PCI_IOV is not set CONFIG_ISA_DMA_API=y # CONFIG_ISA is not set # CONFIG_MCA is not set # CONFIG_SCx200 is not set # CONFIG_OLPC is not set CONFIG_K8_NB=y # CONFIG_PCCARD is not set # CONFIG_HOTPLUG_PCI is not set # # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_MISC is not set CONFIG_HAVE_ATOMIC_IOMAP=y CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y # CONFIG_NET_KEY is not set CONFIG_INET=y # CONFIG_IP_MULTICAST is not set CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set # CONFIG_ARPD is not set CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # CONFIG_INET_XFRM_TUNNEL is not set # CONFIG_INET_TUNNEL is not set # CONFIG_INET_XFRM_MODE_TRANSPORT is not set # CONFIG_INET_XFRM_MODE_TUNNEL is not set # CONFIG_INET_XFRM_MODE_BEET is not set # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IPV6 is not set # CONFIG_NETLABEL is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y # # Core Netfilter Configuration # # CONFIG_NETFILTER_NETLINK_QUEUE is not set # CONFIG_NETFILTER_NETLINK_LOG is not set CONFIG_NF_CONNTRACK=y # CONFIG_NF_CT_ACCT is not set # CONFIG_NF_CONNTRACK_MARK is not set # CONFIG_NF_CONNTRACK_EVENTS is not set # CONFIG_NF_CT_PROTO_DCCP is not set CONFIG_NF_CT_PROTO_GRE=y # CONFIG_NF_CT_PROTO_SCTP is not set # CONFIG_NF_CT_PROTO_UDPLITE is not set # CONFIG_NF_CONNTRACK_AMANDA is not set CONFIG_NF_CONNTRACK_FTP=y # CONFIG_NF_CONNTRACK_H323 is not set CONFIG_NF_CONNTRACK_IRC=y # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set CONFIG_NF_CONNTRACK_PPTP=y # CONFIG_NF_CONNTRACK_SANE is not set # CONFIG_NF_CONNTRACK_SIP is not set # CONFIG_NF_CONNTRACK_TFTP is not set # CONFIG_NF_CT_NETLINK is not set # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set # CONFIG_NETFILTER_XT_TARGET_HL is not set CONFIG_NETFILTER_XT_TARGET_MARK=y # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y # CONFIG_NETFILTER_XT_MATCH_DCCP is not set CONFIG_NETFILTER_XT_MATCH_DSCP=y # CONFIG_NETFILTER_XT_MATCH_ESP is not set CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y # CONFIG_NETFILTER_XT_MATCH_HL is not set CONFIG_NETFILTER_XT_MATCH_IPRANGE=y # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set # CONFIG_NETFILTER_XT_MATCH_REALM is not set # CONFIG_NETFILTER_XT_MATCH_RECENT is not set # CONFIG_NETFILTER_XT_MATCH_SCTP is not set CONFIG_NETFILTER_XT_MATCH_STATE=y # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set CONFIG_NETFILTER_XT_MATCH_TCPMSS=y # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y # CONFIG_IP_NF_QUEUE is not set CONFIG_IP_NF_IPTABLES=y # CONFIG_IP_NF_MATCH_ADDRTYPE is not set # CONFIG_IP_NF_MATCH_AH is not set # CONFIG_IP_NF_MATCH_ECN is not set # CONFIG_IP_NF_MATCH_TTL is not set CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y # CONFIG_IP_NF_TARGET_ULOG is not set CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y # CONFIG_IP_NF_TARGET_NETMAP is not set CONFIG_IP_NF_TARGET_REDIRECT=y # CONFIG_NF_NAT_SNMP_BASIC is not set CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y # CONFIG_NF_NAT_TFTP is not set # CONFIG_NF_NAT_AMANDA is not set CONFIG_NF_NAT_PPTP=y # CONFIG_NF_NAT_H323 is not set # CONFIG_NF_NAT_SIP is not set CONFIG_IP_NF_MANGLE=y # CONFIG_IP_NF_TARGET_CLUSTERIP is not set # CONFIG_IP_NF_TARGET_ECN is not set # CONFIG_IP_NF_TARGET_TTL is not set # CONFIG_IP_NF_RAW is not set # CONFIG_IP_NF_SECURITY is not set # CONFIG_IP_NF_ARPTABLES is not set # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_BRIDGE is not set # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set # CONFIG_NET_SCHED is not set # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set # # Device Drivers # # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" # CONFIG_DEVTMPFS is not set CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set # CONFIG_CONNECTOR is not set # CONFIG_MTD is not set # CONFIG_PARPORT is not set CONFIG_PNP=y CONFIG_PNP_DEBUG_MESSAGES=y # # Protocols # CONFIG_PNPACPI=y CONFIG_BLK_DEV=y # CONFIG_BLK_DEV_FD is not set # CONFIG_BLK_CPQ_DA is not set # CONFIG_BLK_CPQ_CISS_DA is not set # CONFIG_BLK_DEV_DAC960 is not set # CONFIG_BLK_DEV_UMEM is not set # CONFIG_BLK_DEV_COW_COMMON is not set CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SX8 is not set # CONFIG_BLK_DEV_RAM is not set # CONFIG_CDROM_PKTCDVD is not set # CONFIG_ATA_OVER_ETH is not set # CONFIG_BLK_DEV_HD is not set # CONFIG_MISC_DEVICES is not set CONFIG_HAVE_IDE=y # CONFIG_IDE is not set # # SCSI device support # # CONFIG_RAID_ATTRS is not set CONFIG_SCSI=y CONFIG_SCSI_DMA=y # CONFIG_SCSI_TGT is not set # CONFIG_SCSI_NETLINK is not set CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set # CONFIG_BLK_DEV_SR is not set CONFIG_CHR_DEV_SG=y # CONFIG_CHR_DEV_SCH is not set # CONFIG_SCSI_MULTI_LUN is not set # CONFIG_SCSI_CONSTANTS is not set # CONFIG_SCSI_LOGGING is not set # CONFIG_SCSI_SCAN_ASYNC is not set # # SCSI Transports # # CONFIG_SCSI_SPI_ATTRS is not set # CONFIG_SCSI_FC_ATTRS is not set # CONFIG_SCSI_ISCSI_ATTRS is not set # CONFIG_SCSI_SAS_LIBSAS is not set # CONFIG_SCSI_SRP_ATTRS is not set # CONFIG_SCSI_LOWLEVEL is not set # CONFIG_SCSI_DH is not set # CONFIG_SCSI_OSD_INITIATOR is not set CONFIG_ATA=y # CONFIG_ATA_NONSTANDARD is not set CONFIG_ATA_VERBOSE_ERROR=y CONFIG_ATA_ACPI=y CONFIG_SATA_PMP=y CONFIG_SATA_AHCI=y # CONFIG_SATA_SIL24 is not set CONFIG_ATA_SFF=y # CONFIG_SATA_SVW is not set CONFIG_ATA_PIIX=y # CONFIG_SATA_MV is not set # CONFIG_SATA_NV is not set # CONFIG_PDC_ADMA is not set # CONFIG_SATA_QSTOR is not set # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_SX4 is not set # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_ULI is not set # CONFIG_SATA_VIA is not set # CONFIG_SATA_VITESSE is not set # CONFIG_SATA_INIC162X is not set # CONFIG_PATA_ACPI is not set # CONFIG_PATA_ALI is not set # CONFIG_PATA_AMD is not set # CONFIG_PATA_ARTOP is not set # CONFIG_PATA_ATP867X is not set # CONFIG_PATA_ATIIXP is not set # CONFIG_PATA_CMD640_PCI is not set # CONFIG_PATA_CMD64X is not set # CONFIG_PATA_CS5520 is not set # CONFIG_PATA_CS5530 is not set # CONFIG_PATA_CS5535 is not set # CONFIG_PATA_CS5536 is not set # CONFIG_PATA_CYPRESS is not set # CONFIG_PATA_EFAR is not set CONFIG_ATA_GENERIC=y # CONFIG_PATA_HPT366 is not set # CONFIG_PATA_HPT37X is not set # CONFIG_PATA_HPT3X2N is not set # CONFIG_PATA_HPT3X3 is not set # CONFIG_PATA_IT821X is not set # CONFIG_PATA_IT8213 is not set # CONFIG_PATA_JMICRON is not set # CONFIG_PATA_TRIFLEX is not set # CONFIG_PATA_MARVELL is not set # CONFIG_PATA_MPIIX is not set # CONFIG_PATA_OLDPIIX is not set # CONFIG_PATA_NETCELL is not set # CONFIG_PATA_NINJA32 is not set # CONFIG_PATA_NS87410 is not set # CONFIG_PATA_NS87415 is not set # CONFIG_PATA_OPTI is not set # CONFIG_PATA_OPTIDMA is not set # CONFIG_PATA_PDC_OLD is not set # CONFIG_PATA_RADISYS is not set # CONFIG_PATA_RDC is not set # CONFIG_PATA_RZ1000 is not set # CONFIG_PATA_SC1200 is not set # CONFIG_PATA_SERVERWORKS is not set # CONFIG_PATA_PDC2027X is not set # CONFIG_PATA_SIL680 is not set # CONFIG_PATA_SIS is not set # CONFIG_PATA_VIA is not set # CONFIG_PATA_WINBOND is not set # CONFIG_PATA_SCH is not set # CONFIG_MD is not set # CONFIG_FUSION is not set # # IEEE 1394 (FireWire) support # # # You can enable one or both FireWire driver stacks. # # # See the help texts for more information. # # CONFIG_FIREWIRE is not set # CONFIG_IEEE1394 is not set # CONFIG_I2O is not set # CONFIG_MACINTOSH_DRIVERS is not set CONFIG_NETDEVICES=y CONFIG_DUMMY=y # CONFIG_BONDING is not set # CONFIG_MACVLAN is not set # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # CONFIG_NET_SB1000 is not set # CONFIG_ARCNET is not set CONFIG_PHYLIB=y # # MII PHY device drivers # # CONFIG_MARVELL_PHY is not set # CONFIG_DAVICOM_PHY is not set # CONFIG_QSEMI_PHY is not set # CONFIG_LXT_PHY is not set # CONFIG_CICADA_PHY is not set # CONFIG_VITESSE_PHY is not set # CONFIG_SMSC_PHY is not set # CONFIG_BROADCOM_PHY is not set # CONFIG_ICPLUS_PHY is not set # CONFIG_REALTEK_PHY is not set # CONFIG_NATIONAL_PHY is not set # CONFIG_STE10XP is not set # CONFIG_LSI_ET1011C_PHY is not set # CONFIG_FIXED_PHY is not set # CONFIG_MDIO_BITBANG is not set # CONFIG_NET_ETHERNET is not set CONFIG_NETDEV_1000=y # CONFIG_ACENIC is not set # CONFIG_DL2K is not set # CONFIG_E1000 is not set # CONFIG_E1000E is not set # CONFIG_IP1000 is not set # CONFIG_IGB is not set # CONFIG_IGBVF is not set # CONFIG_NS83820 is not set # CONFIG_HAMACHI is not set # CONFIG_YELLOWFIN is not set # CONFIG_R8169 is not set # CONFIG_SIS190 is not set # CONFIG_SKGE is not set # CONFIG_SKY2 is not set # CONFIG_VIA_VELOCITY is not set CONFIG_TIGON3=y # CONFIG_BNX2 is not set # CONFIG_CNIC is not set # CONFIG_QLA3XXX is not set # CONFIG_ATL1 is not set # CONFIG_ATL1E is not set # CONFIG_ATL1C is not set # CONFIG_JME is not set # CONFIG_NETDEV_10000 is not set # CONFIG_TR is not set # CONFIG_WLAN is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set # CONFIG_FDDI is not set # CONFIG_HIPPI is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set CONFIG_PPP_FILTER=y CONFIG_PPP_ASYNC=y # CONFIG_PPP_SYNC_TTY is not set CONFIG_PPP_DEFLATE=y CONFIG_PPP_BSDCOMP=y # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set # CONFIG_SLIP is not set CONFIG_SLHC=y # CONFIG_NET_FC is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_VMXNET3 is not set # CONFIG_ISDN is not set # CONFIG_PHONE is not set # # Input device support # CONFIG_INPUT=y # CONFIG_INPUT_FF_MEMLESS is not set # CONFIG_INPUT_POLLDEV is not set # # Userland interfaces # CONFIG_INPUT_MOUSEDEV=y # CONFIG_INPUT_MOUSEDEV_PSAUX is not set CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 # CONFIG_INPUT_JOYDEV is not set # CONFIG_INPUT_EVDEV is not set # CONFIG_INPUT_EVBUG is not set # # Input Device Drivers # CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_LKKBD is not set # CONFIG_KEYBOARD_NEWTON is not set # CONFIG_KEYBOARD_OPENCORES is not set # CONFIG_KEYBOARD_STOWAWAY is not set # CONFIG_KEYBOARD_SUNKBD is not set # CONFIG_KEYBOARD_XTKBD is not set # CONFIG_INPUT_MOUSE is not set # CONFIG_INPUT_JOYSTICK is not set # CONFIG_INPUT_TABLET is not set # CONFIG_INPUT_TOUCHSCREEN is not set # CONFIG_INPUT_MISC is not set # # Hardware I/O ports # CONFIG_SERIO=y CONFIG_SERIO_I8042=y # CONFIG_SERIO_SERPORT is not set # CONFIG_SERIO_CT82C710 is not set # CONFIG_SERIO_PCIPS2 is not set CONFIG_SERIO_LIBPS2=y # CONFIG_SERIO_RAW is not set # CONFIG_GAMEPORT is not set # # Character devices # CONFIG_VT=y CONFIG_CONSOLE_TRANSLATIONS=y CONFIG_VT_CONSOLE=y CONFIG_HW_CONSOLE=y # CONFIG_VT_HW_CONSOLE_BINDING is not set # CONFIG_DEVKMEM is not set # CONFIG_SERIAL_NONSTANDARD is not set # CONFIG_NOZOMI is not set # # Serial drivers # CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_SERIAL_8250_PCI=y CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_NR_UARTS=4 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 # CONFIG_SERIAL_8250_EXTENDED is not set # # Non-8250 serial port support # CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_SERIAL_JSM is not set CONFIG_UNIX98_PTYS=y # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set # CONFIG_LEGACY_PTYS is not set CONFIG_IPMI_HANDLER=y CONFIG_IPMI_PANIC_EVENT=y CONFIG_IPMI_PANIC_STRING=y CONFIG_IPMI_DEVICE_INTERFACE=y CONFIG_IPMI_SI=y CONFIG_IPMI_WATCHDOG=y CONFIG_IPMI_POWEROFF=y CONFIG_HW_RANDOM=y # CONFIG_HW_RANDOM_TIMERIOMEM is not set CONFIG_HW_RANDOM_INTEL=y # CONFIG_HW_RANDOM_AMD is not set # CONFIG_HW_RANDOM_GEODE is not set # CONFIG_HW_RANDOM_VIA is not set # CONFIG_NVRAM is not set # CONFIG_R3964 is not set # CONFIG_APPLICOM is not set # CONFIG_SONYPI is not set # CONFIG_MWAVE is not set # CONFIG_PC8736x_GPIO is not set # CONFIG_NSC_GPIO is not set # CONFIG_CS5535_GPIO is not set # CONFIG_RAW_DRIVER is not set # CONFIG_HPET is not set # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set CONFIG_DEVPORT=y # CONFIG_I2C is not set # CONFIG_SPI is not set # # PPS support # # CONFIG_PPS is not set CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y # CONFIG_GPIOLIB is not set # CONFIG_W1 is not set CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set # CONFIG_PDA_POWER is not set # CONFIG_BATTERY_DS2760 is not set CONFIG_HWMON=y CONFIG_HWMON_VID=y # CONFIG_HWMON_DEBUG_CHIP is not set # # Native drivers # # CONFIG_SENSORS_ABITUGURU is not set # CONFIG_SENSORS_ABITUGURU3 is not set # CONFIG_SENSORS_K8TEMP is not set # CONFIG_SENSORS_I5K_AMB is not set # CONFIG_SENSORS_F71805F is not set # CONFIG_SENSORS_F71882FG is not set CONFIG_SENSORS_CORETEMP=y # CONFIG_SENSORS_IBMAEM is not set # CONFIG_SENSORS_IBMPEX is not set # CONFIG_SENSORS_IT87 is not set # CONFIG_SENSORS_PC87360 is not set # CONFIG_SENSORS_PC87427 is not set # CONFIG_SENSORS_SIS5595 is not set # CONFIG_SENSORS_SMSC47M1 is not set # CONFIG_SENSORS_SMSC47B397 is not set # CONFIG_SENSORS_VIA686A is not set # CONFIG_SENSORS_VT1211 is not set # CONFIG_SENSORS_VT8231 is not set # CONFIG_SENSORS_W83627HF is not set CONFIG_SENSORS_W83627EHF=y # CONFIG_SENSORS_HDAPS is not set # CONFIG_SENSORS_APPLESMC is not set # # ACPI drivers # # CONFIG_SENSORS_ATK0110 is not set # CONFIG_SENSORS_LIS3LV02D is not set CONFIG_THERMAL=y CONFIG_THERMAL_HWMON=y # CONFIG_WATCHDOG is not set CONFIG_SSB_POSSIBLE=y # # Sonics Silicon Backplane # # CONFIG_SSB is not set # # Multifunction device drivers # # CONFIG_MFD_CORE is not set # CONFIG_MFD_SM501 is not set # CONFIG_HTC_PASIC3 is not set # CONFIG_MFD_TMIO is not set # CONFIG_REGULATOR is not set # CONFIG_MEDIA_SUPPORT is not set # # Graphics support # # CONFIG_AGP is not set CONFIG_VGA_ARB=y # CONFIG_DRM is not set # CONFIG_VGASTATE is not set # CONFIG_VIDEO_OUTPUT_CONTROL is not set # CONFIG_FB is not set # CONFIG_BACKLIGHT_LCD_SUPPORT is not set # # Display device support # # CONFIG_DISPLAY_SUPPORT is not set # # Console display driver support # CONFIG_VGA_CONSOLE=y # CONFIG_VGACON_SOFT_SCROLLBACK is not set CONFIG_DUMMY_CONSOLE=y # CONFIG_SOUND is not set # CONFIG_HID_SUPPORT is not set # CONFIG_USB_SUPPORT is not set # CONFIG_UWB is not set # CONFIG_MMC is not set # CONFIG_MEMSTICK is not set # CONFIG_NEW_LEDS is not set # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set CONFIG_EDAC=y # # Reporting subsystems # # CONFIG_EDAC_DEBUG is not set CONFIG_EDAC_DECODE_MCE=y CONFIG_EDAC_MM_EDAC=y # CONFIG_EDAC_AMD76X is not set # CONFIG_EDAC_E7XXX is not set # CONFIG_EDAC_E752X is not set # CONFIG_EDAC_I82875P is not set # CONFIG_EDAC_I82975X is not set # CONFIG_EDAC_I3000 is not set # CONFIG_EDAC_I3200 is not set # CONFIG_EDAC_X38 is not set # CONFIG_EDAC_I5400 is not set # CONFIG_EDAC_I82860 is not set # CONFIG_EDAC_R82600 is not set # CONFIG_EDAC_I5000 is not set # CONFIG_EDAC_I5100 is not set CONFIG_RTC_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set # # RTC interfaces # CONFIG_RTC_INTF_SYSFS=y CONFIG_RTC_INTF_PROC=y CONFIG_RTC_INTF_DEV=y CONFIG_RTC_INTF_DEV_UIE_EMUL=y # CONFIG_RTC_DRV_TEST is not set # # SPI RTC drivers # # # Platform RTC drivers # CONFIG_RTC_DRV_CMOS=y # CONFIG_RTC_DRV_DS1286 is not set # CONFIG_RTC_DRV_DS1511 is not set # CONFIG_RTC_DRV_DS1553 is not set # CONFIG_RTC_DRV_DS1742 is not set # CONFIG_RTC_DRV_STK17TA8 is not set # CONFIG_RTC_DRV_M48T86 is not set # CONFIG_RTC_DRV_M48T35 is not set # CONFIG_RTC_DRV_M48T59 is not set # CONFIG_RTC_DRV_BQ4802 is not set # CONFIG_RTC_DRV_V3020 is not set # # on-CPU RTC drivers # CONFIG_DMADEVICES=y # # DMA Devices # # CONFIG_INTEL_IOATDMA is not set # CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # # TI VLYNQ # # CONFIG_STAGING is not set CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_ACERHDF is not set # CONFIG_ASUS_LAPTOP is not set # CONFIG_TC1100_WMI is not set # CONFIG_THINKPAD_ACPI is not set # CONFIG_INTEL_MENLOW is not set # CONFIG_ACPI_WMI is not set # CONFIG_ACPI_ASUS is not set # CONFIG_TOPSTAR_LAPTOP is not set # CONFIG_ACPI_TOSHIBA is not set # # Firmware Drivers # # CONFIG_EDD is not set CONFIG_FIRMWARE_MEMMAP=y # CONFIG_DELL_RBU is not set # CONFIG_DCDBAS is not set # CONFIG_DMIID is not set # CONFIG_ISCSI_IBFT_FIND is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y # CONFIG_EXT2_FS_POSIX_ACL is not set # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_DEFAULTS_TO_ORDERED=y CONFIG_EXT3_FS_XATTR=y # CONFIG_EXT3_FS_POSIX_ACL is not set # CONFIG_EXT3_FS_SECURITY is not set # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=y # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set # CONFIG_REISERFS_FS_XATTR is not set # CONFIG_JFS_FS is not set # CONFIG_FS_POSIX_ACL is not set # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y # CONFIG_QUOTA is not set # CONFIG_AUTOFS_FS is not set # CONFIG_AUTOFS4_FS is not set # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=y CONFIG_JOLIET=y CONFIG_ZISOFS=y CONFIG_UDF_FS=y CONFIG_UDF_NLS=y # # DOS/FAT/NT Filesystems # CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="utf8" CONFIG_NTFS_FS=y # CONFIG_NTFS_DEBUG is not set # CONFIG_NTFS_RW is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLBFS is not set # CONFIG_HUGETLB_PAGE is not set CONFIG_CONFIGFS_FS=y CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y # CONFIG_NFS_FS is not set # CONFIG_NFSD is not set # CONFIG_SMB_FS is not set # CONFIG_CIFS is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # # CONFIG_PARTITION_ADVANCED is not set CONFIG_MSDOS_PARTITION=y CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set CONFIG_NLS_UTF8=y # CONFIG_DLM is not set # # Kernel hacking # CONFIG_TRACE_IRQFLAGS_SUPPORT=y # CONFIG_PRINTK_TIME is not set CONFIG_ENABLE_WARN_DEPRECATED=y # CONFIG_ENABLE_MUST_CHECK is not set CONFIG_FRAME_WARN=1024 # CONFIG_MAGIC_SYSRQ is not set CONFIG_STRIP_ASM_SYMS=y # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_HEADERS_CHECK is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_HAVE_FUNCTION_TRACER=y CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y CONFIG_HAVE_ARCH_KMEMCHECK=y CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set # CONFIG_4KSTACKS is not set CONFIG_DOUBLEFAULT=y # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y CONFIG_IO_DELAY_TYPE_0X80=0 CONFIG_IO_DELAY_TYPE_0XED=1 CONFIG_IO_DELAY_TYPE_UDELAY=2 CONFIG_IO_DELAY_TYPE_NONE=3 CONFIG_IO_DELAY_0X80=y # CONFIG_IO_DELAY_0XED is not set # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IO_DELAY_NONE is not set CONFIG_DEFAULT_IO_DELAY_TYPE=0 # CONFIG_OPTIMIZE_INLINING is not set # # Security options # # # Grsecurity # CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set # CONFIG_GRKERNSEC_HIGH is not set # CONFIG_GRKERNSEC_HARDENED_SERVER is not set # CONFIG_GRKERNSEC_HARDENED_SERVER_NO_RBAC is not set # CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set # CONFIG_GRKERNSEC_HARDENED_WORKSTATION_NO_RBAC is not set CONFIG_GRKERNSEC_CUSTOM=y # # Address Space Protection # CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_VM86=y CONFIG_GRKERNSEC_IO=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_HIDESYM=y # # Role Based Access Control Options # CONFIG_GRKERNSEC_NO_RBAC=y CONFIG_GRKERNSEC_ACL_HIDEKERN=y CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y # CONFIG_GRKERNSEC_ROFS is not set CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y CONFIG_GRKERNSEC_CHROOT_CHMOD=y CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y # # Kernel Auditing # # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set CONFIG_GRKERNSEC_RESLOG=y # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set CONFIG_GRKERNSEC_AUDIT_PTRACE=y # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y # CONFIG_GRKERNSEC_TIME is not set CONFIG_GRKERNSEC_PROC_IPADDR=y # CONFIG_GRKERNSEC_RWXMAP_LOG is not set # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set # # Executable Protections # CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_DMESG=y # CONFIG_GRKERNSEC_HARDEN_PTRACE is not set # CONFIG_GRKERNSEC_TPE is not set # # Network Protections # CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_BLACKHOLE=y # CONFIG_GRKERNSEC_SOCKET is not set # # Sysctl support # CONFIG_GRKERNSEC_SYSCTL=y # CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set CONFIG_GRKERNSEC_SYSCTL_ON=y # # Logging Options # CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=4 # # PaX # CONFIG_PAX_ENABLE_PAE=y CONFIG_PAX=y # # PaX Control # # CONFIG_PAX_SOFTMODE is not set CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y CONFIG_PAX_NO_ACL_FLAGS=y # CONFIG_PAX_HAVE_ACL_FLAGS is not set # CONFIG_PAX_HOOK_ACL_FLAGS is not set # # Non-executable pages # CONFIG_PAX_NOEXEC=y # CONFIG_PAX_PAGEEXEC is not set CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_EMUTRAMP is not set CONFIG_PAX_MPROTECT=y CONFIG_PAX_ELFRELOCS=y # CONFIG_PAX_KERNEXEC is not set # # Address Space Layout Randomization # CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y # # Miscellaneous hardening features # # CONFIG_PAX_MEMORY_SANITIZE is not set CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y CONFIG_PAX_USERCOPY=y # CONFIG_KEYS is not set CONFIG_SECURITY=y # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set # CONFIG_SECURITY_TOMOYO is not set # CONFIG_IMA is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set # CONFIG_CRYPTO_AUTHENC is not set # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # # CONFIG_CRYPTO_HMAC is not set # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_VMAC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_CRC32C_INTEL is not set # CONFIG_CRYPTO_GHASH is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_DES is not set # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # # CONFIG_CRYPTO_DEFLATE is not set # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set # CONFIG_CRYPTO_HW is not set CONFIG_HAVE_KVM=y # CONFIG_VIRTUALIZATION is not set # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set CONFIG_CRC_ITU_T=y CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y ^ permalink raw reply [flat|nested] 26+ messages in thread
* [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-23 17:15 ` pageexec 2010-10-23 21:44 ` Alex Efros @ 2010-10-23 22:07 ` Alex Efros 2010-10-23 23:24 ` klondike 1 sibling, 1 reply; 26+ messages in thread From: Alex Efros @ 2010-10-23 22:07 UTC (permalink / raw To: gentoo-hardened Hi! Here is one more issue related to this kernel upgrade. This issue happens not only on these 4 servers, but even on my home workstation. This command: $ python2.6 -c 'from twisted.web import static' works ok on kernel 2.6.32-hardened-r9 and segfault on 2.6.32-hardened-r22 (you may need to `emerge dev-python/twisted-web` first). Also, command `emerge dev-python/twisted` works ok on -r9 and got this error while install stage on -r22 (there segfault for python2.6 recorded in kernel log while executing emerge): ERROR: postinst ERROR: dev-python/twisted-9.0.0-r1 failed: failed with CPython 2.6 in update_plugin_cache() function Call stack: ebuild.sh, line 54: Called pkg_postinst environment, line 3369: Called python_execute_function '-q' 'update_plugin_cache' environment, line 3817: Called die Doing `paxctl -m /usr/bin/python2.6` works around this issue. Here is full `diff` between .config for -r9 and -r22 on my home workstation: --- /usr/src/linux-2.6.32-hardened-r9/.config 2010-08-02 21:16:47.000000000 +0300 +++ /usr/src/linux-2.6.32-hardened-r22/.config 2010-10-23 01:35:31.000000000 +0300 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.32-hardened-r9 -# Mon Aug 2 21:16:47 2010 +# Linux kernel version: 2.6.32-hardened-r22 +# Sat Oct 23 01:35:31 2010 # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -416,7 +416,6 @@ CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y -CONFIG_BINFMT_AOUT=y # CONFIG_BINFMT_MISC is not set CONFIG_HAVE_ATOMIC_IOMAP=y CONFIG_NET=y @@ -2071,6 +2070,7 @@ CONFIG_GRKERNSEC_FORKFAIL=y # CONFIG_GRKERNSEC_TIME is not set CONFIG_GRKERNSEC_PROC_IPADDR=y +# CONFIG_GRKERNSEC_RWXMAP_LOG is not set # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set # @@ -2103,6 +2103,7 @@ # # PaX # +CONFIG_PAX_ENABLE_PAE=y CONFIG_PAX=y # @@ -2123,7 +2124,7 @@ CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_EMUTRAMP is not set CONFIG_PAX_MPROTECT=y -# CONFIG_PAX_NOELFRELOCS is not set +CONFIG_PAX_ELFRELOCS=y # CONFIG_PAX_KERNEXEC is not set # -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-23 22:07 ` [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX Alex Efros @ 2010-10-23 23:24 ` klondike 2010-10-24 10:02 ` Anthony G. Basile 2010-10-24 10:18 ` "Tóth Attila" 0 siblings, 2 replies; 26+ messages in thread From: klondike @ 2010-10-23 23:24 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1101 bytes --] El 24/10/10 00:07, Alex Efros escribió: > Hi! > > Here is one more issue related to this kernel upgrade. This issue happens > not only on these 4 servers, but even on my home workstation. This command: > > $ python2.6 -c 'from twisted.web import static' > > works ok on kernel 2.6.32-hardened-r9 and segfault on 2.6.32-hardened-r22 > (you may need to `emerge dev-python/twisted-web` first). > > Also, command `emerge dev-python/twisted` works ok on -r9 and got this > error while install stage on -r22 (there segfault for python2.6 recorded > in kernel log while executing emerge): > > ERROR: postinst > ERROR: dev-python/twisted-9.0.0-r1 failed: > failed with CPython 2.6 in update_plugin_cache() function > > Call stack: > ebuild.sh, line 54: Called pkg_postinst > environment, line 3369: Called python_execute_function '-q' 'update_plugin_cache' > environment, line 3817: Called die > > Doing `paxctl -m /usr/bin/python2.6` works around this issue. > Yeah, python 2.6 uses a lot of ugly rwx mappings causing these kind of bug. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-23 23:24 ` klondike @ 2010-10-24 10:02 ` Anthony G. Basile 2010-10-25 2:14 ` Pavel Labushev 2010-10-24 10:18 ` "Tóth Attila" 1 sibling, 1 reply; 26+ messages in thread From: Anthony G. Basile @ 2010-10-24 10:02 UTC (permalink / raw To: gentoo-hardened -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/23/2010 07:24 PM, klondike wrote: > El 24/10/10 00:07, Alex Efros escribió: >> Hi! >> >> Here is one more issue related to this kernel upgrade. This issue happens >> not only on these 4 servers, but even on my home workstation. This command: >> >> $ python2.6 -c 'from twisted.web import static' >> >> works ok on kernel 2.6.32-hardened-r9 and segfault on 2.6.32-hardened-r22 >> (you may need to `emerge dev-python/twisted-web` first). >> >> Also, command `emerge dev-python/twisted` works ok on -r9 and got this >> error while install stage on -r22 (there segfault for python2.6 recorded >> in kernel log while executing emerge): >> >> ERROR: postinst >> ERROR: dev-python/twisted-9.0.0-r1 failed: >> failed with CPython 2.6 in update_plugin_cache() function >> >> Call stack: >> ebuild.sh, line 54: Called pkg_postinst >> environment, line 3369: Called python_execute_function '-q' 'update_plugin_cache' >> environment, line 3817: Called die >> >> Doing `paxctl -m /usr/bin/python2.6` works around this issue. >> > Yeah, python 2.6 uses a lot of ugly rwx mappings causing these kind of bug. > Upgrading to python-2.6.6-r1 should fix this. You'll also need to upgrade portage to 2.1.9.x. See http://bugs.gentoo.org/show_bug.cgi?id=329499 - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzEBC0ACgkQl5yvQNBFVTUkGQCdEOijpWt2YGN4K8dE41UrSprw ZGYAoJwg8YzGnIdWOcDMDhNtWqEtsfIA =Gqdg -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-24 10:02 ` Anthony G. Basile @ 2010-10-25 2:14 ` Pavel Labushev 2010-10-26 9:37 ` Alex Efros 0 siblings, 1 reply; 26+ messages in thread From: Pavel Labushev @ 2010-10-25 2:14 UTC (permalink / raw To: gentoo-hardened > Upgrading to python-2.6.6-r1 should fix this. You'll also need to > upgrade portage to 2.1.9.x. > > See http://bugs.gentoo.org/show_bug.cgi?id=329499 No, 2.6.6-r1 breaks things another way, see my last comments on that bug. While the fix for 2.6.5 is simple: --- Python-2.6.5/Modules/_ctypes/malloc_closure.c.orig +++ Python-2.6.5/Modules/_ctypes/malloc_closure.c @@ -70,7 +70,7 @@ #else item = (ITEM *)mmap(NULL, count * sizeof(ITEM), - PROT_READ | PROT_WRITE | PROT_EXEC, + PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-25 2:14 ` Pavel Labushev @ 2010-10-26 9:37 ` Alex Efros 2010-10-26 22:30 ` Pavel Labushev 0 siblings, 1 reply; 26+ messages in thread From: Alex Efros @ 2010-10-26 9:37 UTC (permalink / raw To: gentoo-hardened Hi! On Mon, Oct 25, 2010 at 10:14:01AM +0800, Pavel Labushev wrote: > > Upgrading to python-2.6.6-r1 should fix this. You'll also need to > > upgrade portage to 2.1.9.x. > > > > See http://bugs.gentoo.org/show_bug.cgi?id=329499 > > No, 2.6.6-r1 breaks things another way, see my last comments on that > bug. While the fix for 2.6.5 is simple: Any chance for this patch to be included in portage? BTW, why not add this patch to bug 329499? It looks much simpler than patch currently attached to that bug. -- WBR, Alex. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-26 9:37 ` Alex Efros @ 2010-10-26 22:30 ` Pavel Labushev 0 siblings, 0 replies; 26+ messages in thread From: Pavel Labushev @ 2010-10-26 22:30 UTC (permalink / raw To: gentoo-hardened > Any chance for this patch to be included in portage? > BTW, why not add this patch to bug 329499? It looks much simpler than > patch currently attached to that bug. It's all up to python upstream and gentoo maintainers. :\ I'm not sure they would reply here. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX 2010-10-23 23:24 ` klondike 2010-10-24 10:02 ` Anthony G. Basile @ 2010-10-24 10:18 ` "Tóth Attila" 1 sibling, 0 replies; 26+ messages in thread From: "Tóth Attila" @ 2010-10-24 10:18 UTC (permalink / raw To: gentoo-hardened 2010.Október 24.(V) 01:24 időpontban klondike ezt írta: > El 24/10/10 00:07, Alex Efros escribió: >> Hi! >> >> Here is one more issue related to this kernel upgrade. This issue >> happens >> not only on these 4 servers, but even on my home workstation. This >> command: >> >> $ python2.6 -c 'from twisted.web import static' >> >> works ok on kernel 2.6.32-hardened-r9 and segfault on >> 2.6.32-hardened-r22 >> (you may need to `emerge dev-python/twisted-web` first). >> >> Also, command `emerge dev-python/twisted` works ok on -r9 and got this >> error while install stage on -r22 (there segfault for python2.6 recorded >> in kernel log while executing emerge): >> >> ERROR: postinst >> ERROR: dev-python/twisted-9.0.0-r1 failed: >> failed with CPython 2.6 in update_plugin_cache() function >> >> Call stack: >> ebuild.sh, line 54: Called pkg_postinst >> environment, line 3369: Called python_execute_function '-q' >> 'update_plugin_cache' >> environment, line 3817: Called die >> >> Doing `paxctl -m /usr/bin/python2.6` works around this issue. >> > Yeah, python 2.6 uses a lot of ugly rwx mappings causing these kind of > bug. > > For exmaple python-UNO bridge works only after `paxctl -m`ing python... All runtime interpreters do ugly rwx things... http://www.youtube.com/watch?v=XHosLhPEN3k Regards: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962 ^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2010-10-26 22:33 UTC | newest] Thread overview: 26+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-04-02 14:05 [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init Alex Efros 2009-04-02 15:29 ` Alex Efros 2009-04-02 15:37 ` RB 2009-04-02 16:09 ` Alex Efros 2009-04-02 16:36 ` Alex Efros 2009-04-02 16:45 ` Alex Efros 2009-04-02 18:54 ` RB 2009-04-02 19:06 ` Alex Efros 2009-04-02 21:17 ` pageexec 2009-04-02 22:22 ` Alex Efros 2009-04-02 22:25 ` klondike 2009-04-02 22:43 ` pageexec 2009-04-02 23:04 ` Alex Efros 2009-04-03 6:50 ` pageexec 2009-04-03 13:27 ` Alex Efros 2010-10-23 12:21 ` Alex Efros 2010-10-23 15:31 ` Alex Efros 2010-10-23 17:15 ` pageexec 2010-10-23 21:44 ` Alex Efros 2010-10-23 22:07 ` [gentoo-hardened] 2.6.32-hardened-r9 to -r22 upgrade issue with PaX Alex Efros 2010-10-23 23:24 ` klondike 2010-10-24 10:02 ` Anthony G. Basile 2010-10-25 2:14 ` Pavel Labushev 2010-10-26 9:37 ` Alex Efros 2010-10-26 22:30 ` Pavel Labushev 2010-10-24 10:18 ` "Tóth Attila"
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox