[grsec] Issue with 2.6.24 as Xen domU
alessandro at grafica-web.it
Wed Feb 20 04:15:21 EST 2008
I'd like to report a bug with 2.6.24+grsec running as Xen domU.
As some of you may have noticed, 2.6.24 includes native support for
running as domU, and the lastest grsec patch is aware of it.
Though, i'm having a few issues with it..
Let me explain:
When I boot a vanilla 2.6.24 kernel, everything goes ok.
When I boot the very same kernel, with grsec patch (nothing of it is
enabled, just patch -p1 and make oldconfig with "N" at everything), the
hypervisor seems to have problems loading the kernel image, saying that
"Unhandled invalid opcode fault/trap [#6] on VCPU 0 [ec=0000]", with
(full crash dump at:
After some gdb, it seems like the kernel hangs in function
xen_start_kernel, declared in arch/x86/xen/enlighten.c, line:
| BUG_ON(memcmp(xen_start_info->magic, "xen-3", 5) != 0);
BUG_ON is throwing the ud2a instruction (always unvalid opcode) which
makes the hypervisor call the domain_crash_sync
Since the previous line ( if(!xen_start_info) return; ) tells us that
the struct xen_start_info is not empty, but the xen_start_info->magic is
(and to be honest, i don't know how to debug a live kernel to discover
what's in there), i think that something strange is going on.
Maybe there is some alignment or memory layout issue in some exported
symbols, because as i've seen from the Xen hypervisor code, the
structure should be filled correctly.
Does anyone have a clue about what's wrong with him?
Thanks in advance
More information about the grsecurity