* [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2
@ 2012-01-27 13:37 Anthony G. Basile
2012-01-27 16:02 ` "Tóth Attila"
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: Anthony G. Basile @ 2012-01-27 13:37 UTC (permalink / raw
To: gentoo-hardened
Hi everyone,
I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They
address CVE-2012-0056. I've tested and they do indeed resist the
exploit. I will be stabilizing them within 24 hours. However, I feel
very uncomfortable doing so because I don't want to trade one set of
problems with another. If anyone has time to test, let me know if you
encounter any issues.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-01-27 13:37 [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 Anthony G. Basile @ 2012-01-27 16:02 ` "Tóth Attila" 2012-01-27 16:06 ` "Tóth Attila" 2012-01-27 18:18 ` [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and 3.2.2 7v5w7go9ub0o 2012-02-02 20:42 ` [gentoo-hardened] " Tom Hendrikx 2 siblings, 1 reply; 18+ messages in thread From: "Tóth Attila" @ 2012-01-27 16:02 UTC (permalink / raw To: gentoo-hardened I've just had this one while booting hardened-3.2.1: Jan 27 16:40:29 atoth kernel: vmalloc: allocation failure: 0 bytes Jan 27 16:40:29 atoth kernel: modprobe: page allocation failure: order:0, mode:0x80d2 Jan 27 16:40:29 atoth kernel: Pid: 7460, comm: modprobe Not tainted 3.2.1-hardened #1 Jan 27 16:40:29 atoth kernel: Call Trace: Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000a0e1f>] ? warn_alloc_failed+0xbf/0x100 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000c3cc3>] ? __vmalloc_node_range+0x1a3/0x240 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<00637cb5>] ? __mutex_lock_slowpath+0x1a5/0x240 Jan 27 16:40:29 atoth kernel: [<00020b8e>] ? module_alloc+0x7e/0x90 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000728a3>] ? module_alloc_update_bounds_rw+0x13/0x60 Jan 27 16:40:29 atoth kernel: [<000728a3>] ? module_alloc_update_bounds_rw+0x13/0x60 Jan 27 16:40:29 atoth kernel: [<00073196>] ? load_module+0x886/0x1b70 Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 Jan 27 16:40:29 atoth kernel: [<000744ca>] ? sys_init_module+0x4a/0x1d0 Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 Jan 27 16:40:29 atoth kernel: [<00638d71>] ? syscall_call+0x7/0xb Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 It's there for every module loading. Even though modules seems to work. Strange. The kernel also didn't logged the first page of dmesg in kernel.log. I don't experience this using hardened-3.1.8. I don't know if it's a known problem. I'll try hardened-3.2.2 later. Thanks: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2012.Január 27.(P) 14:37 időpontban Anthony G. Basile ezt írta: > Hi everyone, > > I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They > address CVE-2012-0056. I've tested and they do indeed resist the > exploit. I will be stabilizing them within 24 hours. However, I feel > very uncomfortable doing so because I don't want to trade one set of > problems with another. If anyone has time to test, let me know if you > encounter any issues. > > -- > Anthony G. Basile, Ph. D. > Chair of Information Technology > D'Youville College > Buffalo, NY 14201 > (716) 829-8197 > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-01-27 16:02 ` "Tóth Attila" @ 2012-01-27 16:06 ` "Tóth Attila" 2012-01-27 17:38 ` [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 radegand 0 siblings, 1 reply; 18+ messages in thread From: "Tóth Attila" @ 2012-01-27 16:06 UTC (permalink / raw To: gentoo-hardened And this one is from my laptop: vmalloc: allocation failure: 0 bytes modprobe: page allocation failure: order:0, mode:0x80d2 Pid: 3157, comm: modprobe Tainted: G O 3.2.1-hardened #1 Call Trace: [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<0008922b>] ? warn_alloc_failed+0xbb/0x100 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<000a8a11>] ? __vmalloc_node_range+0x1c1/0x260 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<0001ac3e>] ? module_alloc+0x7e/0x90 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<00060053>] ? module_alloc_update_bounds_rw+0x13/0x60 [<00060053>] ? module_alloc_update_bounds_rw+0x13/0x60 [<00060ac1>] ? sys_init_module+0xa01/0x1af0 [<000051f4>] ? smp_x86_platform_ipi+0x44/0x60 [<0000297c>] ? prepare_to_copy+0xc/0xb0 [<0000299c>] ? prepare_to_copy+0x2c/0xb0 [<0061396c>] ? syscall_call+0x7/0xb [<000051f4>] ? smp_x86_platform_ipi+0x44/0x60 [<0001f7e0>] ? vmalloc_sync_all+0xf0/0xf0 [<0061398c>] ? restore_all_pax+0xc/0xc [<0061007b>] ? snd_intel8x0m_probe+0x36e/0x635 [<00010202>] ? x86_schedule_events+0x122/0x2c0 [<00010202>] ? x86_schedule_events+0x122/0x2c0 Mem-Info: DMA per-cpu: CPU 0: hi: 0, btch: 1 usd: 0 Normal per-cpu: CPU 0: hi: 186, btch: 31 usd: 126 HighMem per-cpu: CPU 0: hi: 186, btch: 31 usd: 31 active_anon:523 inactive_anon:72 isolated_anon:0 active_file:2369 inactive_file:2790 isolated_file:0 unevictable:0 dirty:11 writeback:0 unstable:0 free:502375 slab_reclaimable:625 slab_unreclaimable:1183 mapped:570 shmem:89 pagetables:59 bounce:0 DMA free:15928kB min:64kB low:80kB high:96kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15804kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 865 2015 2015 Normal free:826824kB min:3728kB low:4660kB high:5592kB active_anon:0kB inactive_anon:0kB active_file:1716kB inactive_file:1444kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:885944kB mlocked:0kB dirty:44kB writeback:0kB mapped:4kB shmem:0kB slab_reclaimable:2500kB slab_unreclaimable:4732kB kernel_stack:488kB pagetables:236kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 9202 9202 HighMem free:1166748kB min:512kB low:1748kB high:2988kB active_anon:2092kB inactive_anon:288kB active_file:7760kB inactive_file:9716kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:1177932kB mlocked:0kB dirty:0kB writeback:0kB mapped:2276kB shmem:356kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 1*8kB 1*16kB 1*32kB 2*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15928kB Normal: 116*4kB 67*8kB 46*16kB 10*32kB 5*64kB 3*128kB 3*256kB 0*512kB 2*1024kB 3*2048kB 199*4096kB = 826824kB HighMem: 1*4kB 69*8kB 85*16kB 33*32kB 16*64kB 2*128kB 3*256kB 3*512kB 1*1024kB 2*2048kB 282*4096kB = 1166748kB 5258 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524112 pages RAM 296802 pages HighMem 12058 pages reserved 3473 pages shared 7713 pages non-shared But modules are still get loaded somehow and working. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2012.Január 27.(P) 17:02 időpontban "Tóth Attila" ezt írta: > I've just had this one while booting hardened-3.2.1: > Jan 27 16:40:29 atoth kernel: vmalloc: allocation failure: 0 bytes > Jan 27 16:40:29 atoth kernel: modprobe: page allocation failure: order:0, > mode:0x80d2 > Jan 27 16:40:29 atoth kernel: Pid: 7460, comm: modprobe Not tainted > 3.2.1-hardened #1 > Jan 27 16:40:29 atoth kernel: Call Trace: > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000a0e1f>] ? warn_alloc_failed+0xbf/0x100 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000c3cc3>] ? > __vmalloc_node_range+0x1a3/0x240 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<00637cb5>] ? > __mutex_lock_slowpath+0x1a5/0x240 > Jan 27 16:40:29 atoth kernel: [<00020b8e>] ? module_alloc+0x7e/0x90 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000728a3>] ? > module_alloc_update_bounds_rw+0x13/0x60 > Jan 27 16:40:29 atoth kernel: [<000728a3>] ? > module_alloc_update_bounds_rw+0x13/0x60 > Jan 27 16:40:29 atoth kernel: [<00073196>] ? load_module+0x886/0x1b70 > Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 > Jan 27 16:40:29 atoth kernel: [<000744ca>] ? sys_init_module+0x4a/0x1d0 > Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 > Jan 27 16:40:29 atoth kernel: [<00638d71>] ? syscall_call+0x7/0xb > Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 > Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 > > It's there for every module loading. Even though modules seems to work. > Strange. The kernel also didn't logged the first page of dmesg in > kernel.log. > > I don't experience this using hardened-3.1.8. > I don't know if it's a known problem. I'll try hardened-3.2.2 later. > > Thanks: > Dw. > -- > dr Tóth Attila, Radiológus, 06-20-825-8057 > Attila Toth MD, Radiologist, +36-20-825-8057 > > 2012.Január 27.(P) 14:37 időpontban Anthony G. Basile ezt írta: >> Hi everyone, >> >> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >> address CVE-2012-0056. I've tested and they do indeed resist the >> exploit. I will be stabilizing them within 24 hours. However, I feel >> very uncomfortable doing so because I don't want to trade one set of >> problems with another. If anyone has time to test, let me know if you >> encounter any issues. >> >> -- >> Anthony G. Basile, Ph. D. >> Chair of Information Technology >> D'Youville College >> Buffalo, NY 14201 >> (716) 829-8197 >> > > > > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-27 16:06 ` "Tóth Attila" @ 2012-01-27 17:38 ` radegand 2012-01-28 5:41 ` Anthony G. Basile 0 siblings, 1 reply; 18+ messages in thread From: radegand @ 2012-01-27 17:38 UTC (permalink / raw To: gentoo-hardened, Tóth Attila [-- Attachment #1: Type: text/plain, Size: 740 bytes --] Dnia 27 stycznia 2012 17:06 "Tóth Attila" <atoth@atoth.sote.hu> napisał(a): > And this one is from my laptop: > vmalloc: allocation failure: 0 bytes > modprobe: page allocation failure: order:0, mode:0x80d2 > Pid: 3157, comm: modprobe Tainted: G O 3.2.1-hardened #1 > Call Trace: > > But modules are still get loaded somehow and working. > Hi, I'm getting similar errors on 3.2.2-hardened, amd64, core2duo, system seems to be working fine, but the errors look rather ugly, please see the attached snippet from the logs. uname -a: Linux hypercube3 3.2.2-hardened #1 SMP PREEMPT Fri Jan 27 17:03:59 GMT 2012 x86_64 Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz GenuineIntel GNU/Linux Cheers, Radek Madej [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 3.2.2-hardened_kern.log --] [-- Type: text/x-log; name="3.2.2-hardened_kern.log", Size: 4777 bytes --] Jan 27 16:56:59 hypercube3 kernel: udev[5255]: starting version 164 Jan 27 16:56:59 hypercube3 kernel: warn_alloc_failed: 43 callbacks suppressed Jan 27 16:56:59 hypercube3 kernel: vmalloc: allocation failure: 0 bytes Jan 27 16:56:59 hypercube3 kernel: modprobe: page allocation failure: order:0, mode:0x80d2 Jan 27 16:56:59 hypercube3 kernel: Pid: 5322, comm: modprobe Not tainted 3.2.2-hardened #1 Jan 27 16:56:59 hypercube3 kernel: Call Trace: Jan 27 16:56:59 hypercube3 kernel: [<ffffffff810a335c>] ? 0xffffffff810a335c Jan 27 16:56:59 hypercube3 kernel: [<ffffffff810c9dc8>] ? 0xffffffff810c9dc8 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff8107f7b9>] ? 0xffffffff8107f7b9 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff81028609>] ? 0xffffffff81028609 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff8107f7b9>] ? 0xffffffff8107f7b9 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff8107f7b9>] ? 0xffffffff8107f7b9 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff81080424>] ? 0xffffffff81080424 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff81080df2>] ? 0xffffffff81080df2 Jan 27 16:56:59 hypercube3 kernel: [<ffffffff815857bd>] ? 0xffffffff815857bd Jan 27 16:56:59 hypercube3 kernel: Mem-Info: Jan 27 16:56:59 hypercube3 kernel: DMA per-cpu: Jan 27 16:56:59 hypercube3 kernel: CPU 0: hi: 0, btch: 1 usd: 0 Jan 27 16:56:59 hypercube3 kernel: CPU 1: hi: 0, btch: 1 usd: 0 Jan 27 16:56:59 hypercube3 kernel: DMA32 per-cpu: Jan 27 16:56:59 hypercube3 kernel: CPU 0: hi: 186, btch: 31 usd: 198 Jan 27 16:56:59 hypercube3 kernel: CPU 1: hi: 186, btch: 31 usd: 12 Jan 27 16:56:59 hypercube3 kernel: Normal per-cpu: Jan 27 16:56:59 hypercube3 kernel: CPU 0: hi: 186, btch: 31 usd: 122 Jan 27 16:56:59 hypercube3 kernel: CPU 1: hi: 186, btch: 31 usd: 31 Jan 27 16:56:59 hypercube3 kernel: active_anon:4880 inactive_anon:1944 isolated_anon:0 Jan 27 16:56:59 hypercube3 kernel: active_file:1062 inactive_file:5692 isolated_file:0 Jan 27 16:56:59 hypercube3 kernel: unevictable:0 dirty:0 writeback:0 unstable:0 Jan 27 16:56:59 hypercube3 kernel: free:1485613 slab_reclaimable:1279 slab_unreclaimable:2785 Jan 27 16:56:59 hypercube3 kernel: mapped:609 shmem:1956 pagetables:1405 bounce:0 Jan 27 16:56:59 hypercube3 kernel: DMA free:15924kB min:24kB low:28kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15700kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no Jan 27 16:56:59 hypercube3 kernel: lowmem_reserve[]: 0 2927 5957 5957 Jan 27 16:56:59 hypercube3 kernel: DMA32 free:2980700kB min:4848kB low:6060kB high:7272kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:2998144kB mlocked:0kB dirty:0kB writeback:0kB mapped:4kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no Jan 27 16:56:59 hypercube3 kernel: lowmem_reserve[]: 0 0 3030 3030 Jan 27 16:56:59 hypercube3 kernel: Normal free:2945828kB min:5016kB low:6268kB high:7524kB active_anon:19520kB inactive_anon:7776kB active_file:4248kB inactive_file:22768kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3102720kB mlocked:0kB dirty:0kB writeback:0kB mapped:2432kB shmem:7824kB slab_reclaimable:5116kB slab_unreclaimable:11140kB kernel_stack:1904kB pagetables:5620kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no Jan 27 16:56:59 hypercube3 kernel: lowmem_reserve[]: 0 0 0 0 Jan 27 16:56:59 hypercube3 kernel: DMA: 1*4kB 0*8kB 1*16kB 1*32kB 2*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15924kB Jan 27 16:56:59 hypercube3 kernel: DMA32: 7*4kB 8*8kB 4*16kB 4*32kB 3*64kB 5*128kB 5*256kB 7*512kB 7*1024kB 5*2048kB 722*4096kB = 2980700kB Jan 27 16:56:59 hypercube3 kernel: Normal: 1*4kB 21*8kB 16*16kB 3*32kB 1*64kB 0*128kB 1*256kB 0*512kB 2*1024kB 1*2048kB 718*4096kB = 2945868kB Jan 27 16:56:59 hypercube3 kernel: 8768 total pagecache pages Jan 27 16:56:59 hypercube3 kernel: 0 pages in swap cache Jan 27 16:56:59 hypercube3 kernel: Swap cache stats: add 0, delete 0, find 0/0 Jan 27 16:56:59 hypercube3 kernel: Free swap = 0kB Jan 27 16:56:59 hypercube3 kernel: Total swap = 0kB Jan 27 16:56:59 hypercube3 kernel: vmalloc: allocation failure: 0 bytes Jan 27 16:56:59 hypercube3 kernel: modprobe: page allocation failure: order:0, mode:0x80d2 Jan 27 16:56:59 hypercube3 kernel: Pid: 5299, comm: modprobe Not tainted 3.2.2-hardened #1 Jan 27 16:56:59 hypercube3 kernel: Call Trace: ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-27 17:38 ` [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 radegand @ 2012-01-28 5:41 ` Anthony G. Basile 2012-01-28 19:21 ` [gentoo-hardened] " 7v5w7go9ub0o 2012-01-28 20:41 ` [gentoo-hardened] " Radek Madej 0 siblings, 2 replies; 18+ messages in thread From: Anthony G. Basile @ 2012-01-28 5:41 UTC (permalink / raw To: gentoo-hardened On 01/27/2012 12:38 PM, radegand wrote: > Dnia 27 stycznia 2012 17:06 "Tóth Attila"<atoth@atoth.sote.hu> napisał(a): > >> And this one is from my laptop: >> vmalloc: allocation failure: 0 bytes >> modprobe: page allocation failure: order:0, mode:0x80d2 >> Pid: 3157, comm: modprobe Tainted: G O 3.2.1-hardened #1 >> Call Trace: >> I believe pipacs has fixed this. Please everyone, retest hardened-sources-2.6.32-r89.ebuild hardened-sources-3.2.2-r1.ebuild I just added them to the tree. I'll rapid stabilize these in about 24 hours if no one has any issues. -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 ^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 5:41 ` Anthony G. Basile @ 2012-01-28 19:21 ` 7v5w7go9ub0o 2012-01-28 18:26 ` pageexec 2012-01-28 20:41 ` [gentoo-hardened] " Radek Madej 1 sibling, 1 reply; 18+ messages in thread From: 7v5w7go9ub0o @ 2012-01-28 19:21 UTC (permalink / raw To: for hard list On 01/28/12 00:41, Anthony G. Basile wrote: > > I believe pipacs has fixed this. Please everyone, retest > > hardened-sources-2.6.32-r89.ebuild > hardened-sources-3.2.2-r1.ebuild > > I just added them to the tree. I'll rapid stabilize these in about 24 > hours if no one has any issues. > No joy. hardened-sources-3.2.2-r1.ebuild still fails for me. I'll install gentoo-sources-3.2.1-r2 to confirm that it's not a 3.2 "thing" ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 19:21 ` [gentoo-hardened] " 7v5w7go9ub0o @ 2012-01-28 18:26 ` pageexec 2012-01-28 20:16 ` 7v5w7go9ub0o 0 siblings, 1 reply; 18+ messages in thread From: pageexec @ 2012-01-28 18:26 UTC (permalink / raw To: gentoo-hardened On 28 Jan 2012 at 20:24, 7v5w7go9ub0o wrote: > No joy. hardened-sources-3.2.2-r1.ebuild still fails for me. what's dmesg say? and what's 'readelf -eW'' say on the module that was loaded at the time? ^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 18:26 ` pageexec @ 2012-01-28 20:16 ` 7v5w7go9ub0o 2012-01-28 20:46 ` 7v5w7go9ub0o 2012-01-29 10:38 ` Alex Efros 0 siblings, 2 replies; 18+ messages in thread From: 7v5w7go9ub0o @ 2012-01-28 20:16 UTC (permalink / raw To: for hard list On 01/28/12 13:26, pageexec-Y8qEzhMunLyT9ig0jae3mg@public.gmane.org wrote: > On 28 Jan 2012 at 20:24, 7v5w7go9ub0o wrote: > >> No joy. hardened-sources-3.2.2-r1.ebuild still fails for me. > > what's dmesg say? and what's 'readelf -eW'' say on the module that > was loaded at the time? Dang! I have a different issue here - same problem with gentoo-sources-3.2.1-r2. Also ... (BLUSH) .... I should have mentioned I have just started using gcc x86_64-pc-linux-gnu-4.5.3-vanilla. Up to now had been using an earlier gcc. (I'm using vanilla because I'm also using nvidia drivers, which apparently need to be both compiled with a vanilla compiler, and need to match the kernel). So I'm recompiling with [5] x86_64-pc-linux-gnu-4.4.6-vanilla * and will see if that helps. At any rate, I withdraw my earlier posts - sorry about the static! ^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 20:16 ` 7v5w7go9ub0o @ 2012-01-28 20:46 ` 7v5w7go9ub0o 2012-01-29 10:38 ` Alex Efros 1 sibling, 0 replies; 18+ messages in thread From: 7v5w7go9ub0o @ 2012-01-28 20:46 UTC (permalink / raw To: for hard list On 01/28/12 15:16, 7v5w7go9ub0o wrote: > So I'm recompiling with [5] x86_64-pc-linux-gnu-4.4.6-vanilla * and > will see if that helps. Well, that didn't help - at this point I'm guessing I screwed up a Loop-AES setting or component; time to dig in. Thanks for your quick replies! ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 20:16 ` 7v5w7go9ub0o 2012-01-28 20:46 ` 7v5w7go9ub0o @ 2012-01-29 10:38 ` Alex Efros 2012-01-29 17:33 ` 7v5w7go9ub0o 1 sibling, 1 reply; 18+ messages in thread From: Alex Efros @ 2012-01-29 10:38 UTC (permalink / raw To: gentoo-hardened Hi! On Sat, Jan 28, 2012 at 03:16:28PM -0500, 7v5w7go9ub0o wrote: > gcc. (I'm using vanilla because I'm also using nvidia drivers, which > apparently need to be both compiled with a vanilla compiler, and need to Actually I'm compiling nvidia-drivers with hardened gcc all of time. But you'll need two extra patches attached to these bug reports: https://bugs.gentoo.org/show_bug.cgi?id=378059 https://bugs.gentoo.org/show_bug.cgi?id=385837 -- WBR, Alex. ^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-29 10:38 ` Alex Efros @ 2012-01-29 17:33 ` 7v5w7go9ub0o 0 siblings, 0 replies; 18+ messages in thread From: 7v5w7go9ub0o @ 2012-01-29 17:33 UTC (permalink / raw To: for hard list On 01/29/12 05:38, Alex Efros wrote: > Hi! > > On Sat, Jan 28, 2012 at 03:16:28PM -0500, 7v5w7go9ub0o wrote: >> gcc. (I'm using vanilla because I'm also using nvidia drivers, which >> apparently need to be both compiled with a vanilla compiler, and need to > > Actually I'm compiling nvidia-drivers with hardened gcc all of time. > But you'll need two extra patches attached to these bug reports: > https://bugs.gentoo.org/show_bug.cgi?id=378059 > https://bugs.gentoo.org/show_bug.cgi?id=385837 > DANG! :-) Good threads; thanks for researching and sharing this!!! ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 2012-01-28 5:41 ` Anthony G. Basile 2012-01-28 19:21 ` [gentoo-hardened] " 7v5w7go9ub0o @ 2012-01-28 20:41 ` Radek Madej 1 sibling, 0 replies; 18+ messages in thread From: Radek Madej @ 2012-01-28 20:41 UTC (permalink / raw To: gentoo-hardened On Saturday 28 January 2012 00:41:08 Anthony G. Basile wrote: > On 01/27/2012 12:38 PM, radegand wrote: > > Dnia 27 stycznia 2012 17:06 "Tóth Attila"<atoth@atoth.sote.hu> napisał(a): > >> And this one is from my laptop: > >> vmalloc: allocation failure: 0 bytes > >> modprobe: page allocation failure: order:0, mode:0x80d2 > >> Pid: 3157, comm: modprobe Tainted: G O 3.2.1-hardened #1 > > >> Call Trace: > I believe pipacs has fixed this. Please everyone, retest > > hardened-sources-2.6.32-r89.ebuild > hardened-sources-3.2.2-r1.ebuild > > I just added them to the tree. I'll rapid stabilize these in about 24 > hours if no one has any issues. Hi, I've tested the hardened-sources-3.2.2-r1.ebuild on three different machines, works like a charm - thanks! :) Cheers, Radek ^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-01-27 13:37 [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 Anthony G. Basile 2012-01-27 16:02 ` "Tóth Attila" @ 2012-01-27 18:18 ` 7v5w7go9ub0o 2012-02-02 20:42 ` [gentoo-hardened] " Tom Hendrikx 2 siblings, 0 replies; 18+ messages in thread From: 7v5w7go9ub0o @ 2012-01-27 18:18 UTC (permalink / raw To: for hard list On 01/27/12 08:37, Anthony G. Basile wrote: > Hi everyone, > > I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They > address CVE-2012-0056. I've tested and they do indeed resist the > exploit. I will be stabilizing them within 24 hours. However, I feel > very uncomfortable doing so because I don't want to trade one set of > problems with another. If anyone has time to test, let me know if > you encounter any issues. > With 3.2.1 and 3.2.2 I am unable to enter my Loop-AES passphrase after the bios. 3.1.5 (and all earlier - for years) works fine. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-01-27 13:37 [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 Anthony G. Basile 2012-01-27 16:02 ` "Tóth Attila" 2012-01-27 18:18 ` [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and 3.2.2 7v5w7go9ub0o @ 2012-02-02 20:42 ` Tom Hendrikx 2012-02-02 20:47 ` Francisco Blas Izquierdo Riera (klondike) 2012-02-03 2:50 ` Brian Kroth 2 siblings, 2 replies; 18+ messages in thread From: Tom Hendrikx @ 2012-02-02 20:42 UTC (permalink / raw To: gentoo-hardened On 27/01/12 14:37, Anthony G. Basile wrote: > Hi everyone, > > I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They > address CVE-2012-0056. I've tested and they do indeed resist the > exploit. I will be stabilizing them within 24 hours. However, I feel > very uncomfortable doing so because I don't want to trade one set of > problems with another. If anyone has time to test, let me know if you > encounter any issues. > I am still using 2.6.* sources here on one machine pending resolution of bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever happen :/ ). However, I adopted the last working kernel (2.6.39-r8). After reading the above, am I right to assume that there's no long-term support for the .39 tree? -- Tom ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-02-02 20:42 ` [gentoo-hardened] " Tom Hendrikx @ 2012-02-02 20:47 ` Francisco Blas Izquierdo Riera (klondike) 2012-02-03 2:50 ` Brian Kroth 1 sibling, 0 replies; 18+ messages in thread From: Francisco Blas Izquierdo Riera (klondike) @ 2012-02-02 20:47 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 214 bytes --] El 02/02/12 21:42, Tom Hendrikx escribió: > However, I adopted the last working kernel (2.6.39-r8). After reading > the above, am I right to assume that there's no long-term support for > the .39 tree? yup. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-02-02 20:42 ` [gentoo-hardened] " Tom Hendrikx 2012-02-02 20:47 ` Francisco Blas Izquierdo Riera (klondike) @ 2012-02-03 2:50 ` Brian Kroth 2012-02-03 12:37 ` Tom Hendrikx 1 sibling, 1 reply; 18+ messages in thread From: Brian Kroth @ 2012-02-03 2:50 UTC (permalink / raw To: Tom Hendrikx; +Cc: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 991 bytes --] Tom Hendrikx <tom@whyscream.net> 2012-02-02 21:42: > On 27/01/12 14:37, Anthony G. Basile wrote: >> Hi everyone, >> >> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >> address CVE-2012-0056. I've tested and they do indeed resist the >> exploit. I will be stabilizing them within 24 hours. However, I feel >> very uncomfortable doing so because I don't want to trade one set of >> problems with another. If anyone has time to test, let me know if you >> encounter any issues. >> > > I am still using 2.6.* sources here on one machine pending resolution of > bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever > happen :/ ). Are those open-vm kernel modules still necessary? It was my understanding that most/all of the guest modules for more efficient virtual hardware support were included in the mainline kernel now: <http://kernelnewbies.org/Linux_2_6_33#head-b1a0ddbc804d228802ce8aebd37d9fd6513ccb01> Thanks, Brian [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-02-03 2:50 ` Brian Kroth @ 2012-02-03 12:37 ` Tom Hendrikx 2012-02-03 14:11 ` Tom Hendrikx 0 siblings, 1 reply; 18+ messages in thread From: Tom Hendrikx @ 2012-02-03 12:37 UTC (permalink / raw To: gentoo-hardened On 03/02/12 03:50, Brian Kroth wrote: > Tom Hendrikx <tom@whyscream.net> 2012-02-02 21:42: >> On 27/01/12 14:37, Anthony G. Basile wrote: >>> Hi everyone, >>> >>> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >>> address CVE-2012-0056. I've tested and they do indeed resist the >>> exploit. I will be stabilizing them within 24 hours. However, I feel >>> very uncomfortable doing so because I don't want to trade one set of >>> problems with another. If anyone has time to test, let me know if you >>> encounter any issues. >>> >> >> I am still using 2.6.* sources here on one machine pending resolution of >> bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever >> happen :/ ). > > Are those open-vm kernel modules still necessary? It was my > understanding that most/all of the guest modules for more efficient > virtual hardware support were included in the mainline kernel now: > <http://kernelnewbies.org/Linux_2_6_33#head-b1a0ddbc804d228802ce8aebd37d9fd6513ccb01> I did some more investigation. None of the three in-tree open-vm-tools-kmod ebuilds compile against 2.6.32-r89, building a 3.2.2-r1 kernel now to test against that. I thought that I needed the -kmod package to run open-vm-tools in the guest, but after some more research this might only apply when you want drag-and-drop support (useless for (headless) server). The open-vm-tools ebuilds list the -kmod package as a hard RDEPEND though. I'll do some tests later today/during the weekend. Tom ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 2012-02-03 12:37 ` Tom Hendrikx @ 2012-02-03 14:11 ` Tom Hendrikx 0 siblings, 0 replies; 18+ messages in thread From: Tom Hendrikx @ 2012-02-03 14:11 UTC (permalink / raw To: gentoo-hardened On 03/02/12 13:37, Tom Hendrikx wrote: > On 03/02/12 03:50, Brian Kroth wrote: >> Tom Hendrikx <tom@whyscream.net> 2012-02-02 21:42: >>> On 27/01/12 14:37, Anthony G. Basile wrote: >>>> Hi everyone, >>>> >>>> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >>>> address CVE-2012-0056. I've tested and they do indeed resist the >>>> exploit. I will be stabilizing them within 24 hours. However, I feel >>>> very uncomfortable doing so because I don't want to trade one set of >>>> problems with another. If anyone has time to test, let me know if you >>>> encounter any issues. >>>> >>> >>> I am still using 2.6.* sources here on one machine pending resolution of >>> bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever >>> happen :/ ). >> >> Are those open-vm kernel modules still necessary? It was my >> understanding that most/all of the guest modules for more efficient >> virtual hardware support were included in the mainline kernel now: >> <http://kernelnewbies.org/Linux_2_6_33#head-b1a0ddbc804d228802ce8aebd37d9fd6513ccb01> >> > > I did some more investigation. None of the three in-tree > open-vm-tools-kmod ebuilds compile against 2.6.32-r89, building a > 3.2.2-r1 kernel now to test against that. The same goes for 3.2.2-r1: none of the -kmod packages build against it. this means that the state of the -kmod package is a security issue, since it cannot be used with a non-vulnerable -hardened kernel. I'll add this to the bug report. > > I thought that I needed the -kmod package to run open-vm-tools in the > guest, but after some more research this might only apply when you want > drag-and-drop support (useless for (headless) server). The open-vm-tools > ebuilds list the -kmod package as a hard RDEPEND though. I'll do some > tests later today/during the weekend. > Just booted a 3.2.2-r1-hardened kernel, and vmware-tools stuff seems to run fine with the in-kernel vmware support. Not sure about performance etc, but it boots, generates no errors and VSphere in the host reports no issues either. We might just need an updated open-vm-tools package that only depends on the in-kernel stuff, and no longer on the -kmod package. I'll try to followup with the vmware people, as this is getting OT here ;) -- Tom ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2012-02-03 14:11 UTC | newest] Thread overview: 18+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-01-27 13:37 [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 Anthony G. Basile 2012-01-27 16:02 ` "Tóth Attila" 2012-01-27 16:06 ` "Tóth Attila" 2012-01-27 17:38 ` [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and3.2.2 radegand 2012-01-28 5:41 ` Anthony G. Basile 2012-01-28 19:21 ` [gentoo-hardened] " 7v5w7go9ub0o 2012-01-28 18:26 ` pageexec 2012-01-28 20:16 ` 7v5w7go9ub0o 2012-01-28 20:46 ` 7v5w7go9ub0o 2012-01-29 10:38 ` Alex Efros 2012-01-29 17:33 ` 7v5w7go9ub0o 2012-01-28 20:41 ` [gentoo-hardened] " Radek Madej 2012-01-27 18:18 ` [gentoo-hardened] Re: Please test hardened-sources 2.6.32-r88 and 3.2.2 7v5w7go9ub0o 2012-02-02 20:42 ` [gentoo-hardened] " Tom Hendrikx 2012-02-02 20:47 ` Francisco Blas Izquierdo Riera (klondike) 2012-02-03 2:50 ` Brian Kroth 2012-02-03 12:37 ` Tom Hendrikx 2012-02-03 14:11 ` Tom Hendrikx
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox