When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
host kernel is ~hardened-sources-2.6.23, the virtual machine window
freezes and I find the following in dmesg :

------------[ cut here ]------------
kernel BUG at mm/mmap.c:1695!
invalid opcode: 0000 [#1]
PREEMPT SMP
Modules linked in: bttv video_buf firmware_class ir_common
compat_ioctl32 i2c_algo_bit btcx_risc tveeprom videodev v4l2_common
v4l1_compat ipv6 af_packet nf_conntrack_ipv4 xt_state nf_conntrack
nfnetlink xt_limit xt_tcpudp iptable_filter ip_tables x_tables
nls_iso8859_1 nls_cp850 vfat fat xfs usb_storage snd_hda_intel snd_pcm
snd_timer snd soundcore snd_page_alloc ohci1394 ieee1394 ohci_hcd
i2c_nforce2 forcedeth ehci_hcd amd74xx amd64_agp agpgart 8139too mii
cpufreq_conservative powernow_k8 freq_table processor vboxdrv usbhid
hid usbcore ff_memless ide_scsi
CPU: 0
EIP: 0060:[<00069322>] Not tainted VLI
EFLAGS: 00210206 (2.6.23-hardened-r2 #2)
eax: 00000000 ebx: 0001a000 ecx: d5cdb4d0 edx: d5cdb528
esi: 4bea5000 edi: 00084400 ebp: 00000000 esp: d5cf3ec4
ds: 0068 es: 0068 fs: 00d8 gs: 0033 ss: 0068
Process VirtualBox (pid: 5865, ti=d5cf2000 task=d5cf0000 task.ti=d5cf2000)
Stack: d5cdb4d0 d5cdb3c8 d5cdb4d0 0006a5c0 0000025a 083b9200 4be24000 d5c8ec00
00000000 d5cf3f40 00000000 4bea5000 4be24000 d5c8ec00 00000000 0006b2ea
4bea5000 00100073 00000000 00000000 0004be24 00000000 00081000 ac98bab0
Call Trace:
[<0006a5c0>] <0> [<0006b2ea>] <0> [<00100073>] <0> [<0004be24>] <0>
[<00081000>] <0> [<00081000>] <0> [<0006babe>] <0> [<00100073>] <0>
[<0004be24>] <0> [<0000acac>] <0> [<0004be24>] <0> [<00005532>] <0>
[<00081000>] <0> [<00200256>] <0> [<001385ff>] <0> [<00138600>] <0>
=======================
Code: 39 c3 75 2b 8b 41 44 3b 42 44 74 0c 0f 0b eb fe 0f 0b eb fe 0f
0b eb fe 8b 41 3c 3b 42 3c 75 ec 33 7a 14 81 e7 dd df ef df 74 9e <0f>
0b eb fe 0f 0b eb fe 0f 0b eb fe 66 90 83 ec 14 89 74 24 0c
EIP: [<00069322>] SS:ESP 0068:d5cf3ec4

I have no problem running Windows and Linux guests inside VirtualBox
on gentoo-sources. UDEREF is not enabled in my kernel config as I read
it does not work with virtualization. I also disabled MPROTECT on the
binary, otherwise PaX simply kills VirtualBox.

# paxctl -v /opt/VirtualBox/VirtualBox
PaX control v0.5
Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [/opt/VirtualBox/VirtualBox]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
--
gentoo-hardened@gentoo.org mailing list

On 01/12/07 16:17 -0500, Ren? Rh?aume wrote:
> When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
> host kernel is ~hardened-sources-2.6.23, the virtual machine window
> freezes and I find the following in dmesg :

Please file a bug for this ..

Regards,

Christian
--
gentoo-hardened@gentoo.org mailing list

On 1 Dec 2007 at 16:17, René Rhéaume wrote:

> I have no problem running Windows and Linux guests inside VirtualBox
> on gentoo-sources. UDEREF is not enabled in my kernel config as I read
> it does not work with virtualization. I also disabled MPROTECT on the
> binary, otherwise PaX simply kills VirtualBox.

UDEREF in the *guest* is unlikely to work, on the host it should be
fine (if it isn't then that points at some bug in other kernel code).

on the other hand KERNEXEC in the *host* will not work at all unless
the hypervisor code (in particular, the so-called 'world switch'
routine and some smaller stuff like host GDT manipulation) is properly
adapted to KERNEXEC.

now with that said, your BUG here doesn't look like one caused by any
particular hypervisor code, but something wrong detected in vma mirroring.
could you first of all try a newer hardened sources (such as -r2) or
even better, just test with the latest PaX test patch alone? i'd also
need CONFIG_KALLSYMS to be enabled (or the corresponding System.map
at least).

--
gentoo-hardened@gentoo.org mailing list

On Dec 2, 2007 7:36 AM, <pageexec@freemail.hu> wrote:
> On 1 Dec 2007 at 16:17, René Rhéaume wrote:
> now with that said, your BUG here doesn't look like one caused by any
> particular hypervisor code, but something wrong detected in vma mirroring.
> could you first of all try a newer hardened sources (such as -r2) or
> even better, just test with the latest PaX test patch alone? i'd also
> need CONFIG_KALLSYMS to be enabled (or the corresponding System.map
> at least).

I am currently running hardened-sources-2.6.23-r2. The ~ symbol in my
message title meant any revision of 2.6.23 (to form a valid portage
atom, I must add the category). Attached is the corresponding
System.map, bzip2-compressed.

On 2 Dec 2007 at 19:37, René Rhéaume wrote:

> I am currently running hardened-sources-2.6.23-r2. The ~ symbol in my
> message title meant any revision of 2.6.23 (to form a valid portage
> atom, I must add the category). Attached is the corresponding
> System.map, bzip2-compressed.

thanks, i'd also need your vmlinux and it'd be nice if you could run
VirtualBox thru strace -f and sent me the output (probably you shouldn't
bother the list with it though .

--
gentoo-hardened@gentoo.org mailing list

On 1 Dec 2007 at 16:17, René Rhéaume wrote:

> When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
> host kernel is ~hardened-sources-2.6.23, the virtual machine window
> freezes and I find the following in dmesg :

so i've dug into the code a bit more and found out something.
look at the following part of the register dump, in particular
edi:

> esi: 4bea5000 edi: 00084400 ebp: 00000000 esp: d5cf3ec4

00084400 = VM_IO | VM_RESERVED | VM_PFNMAP

which in turn looks familiar to anyone who's seen the remap_pfn_range()
function which sets these exact flags on the vma.

now what happens is that virtualbox developers have apparently their
own idea about how to do memory/vma allocation and population in the
linux kernel and screw it up quite badly. i guess someone was a bit
lazy and didn't want to implement a small filesystem to do it right
but instead he opted for some really bad hacks and the new vma
mirroring code in PaX detects it. while i could add a workaround
(heck, you can remove the BUGs in pax_find_mirror_vma if you really
want to), i won't do it as it's really a bug in virtualbox and
they'd better fix it properly.

on another note, i also tracked down why it failed here and it turns
out they also have their own kernel module loader for god knows what
reason, and that of course doesn't play well at all with KERNEXEC.

--
gentoo-hardened@gentoo.org mailing list

On Dec 2, 2007 5:10 AM, Christian Heim <phreak@gentoo.org> wrote:
> On 01/12/07 16:17 -0500, Ren? Rh?aume wrote:
> > When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
> > host kernel is ~hardened-sources-2.6.23, the virtual machine window
> > freezes and I find the following in dmesg :
>
> Please file a bug for this ..

I filed a bug upstream
http://www.virtualbox.org/ticket/941
--
gentoo-hardened@gentoo.org mailing list