On 12/19/15, Jacob Appelbaum <ja...@appelbaum.net> wrote: > On 12/19/15, Yves-Alexis Perez <cor...@debian.org> wrote: >> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote: >>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote: >>> > This is really a work in progress and this mail a request for comment. >>> > Especially missing is: >>> >>> So, did any of you have the chance to test it? I'm currently running the >>> 4.2.5 >>> kernel with grsecurity-3.1-4.2.5-201511021814 (just uploaded to my >>> repository >>> and to git.d.o) and it works just fine. >>> >>> I'm really interested by any feedback you would have on this. >>> >> With a lot of help from Ben I've made quite some progress in having the >> less possible differences with src:linux package. With 4.3.3 we still have >> few >> things differing, some of them which I think will be integrated in the >> upcoming src:linux releases. >> > > Great news - this looks fantastic! > >> I'm intending to upload the current version to NEW during the week-end, >> so >> if any of you want to test it, now would be a good time. >> > > I've installed it - I've also tuned a few things. It seems to work as > well as my previous kernel - audio works, etc. > >> You can find it on the git repository >> at https://anonscm.debian.org/cgit/colla >> b-maint/linux-grsec.git and the source and binary packages on my apt >> repository >> at https://perso.corsac.net/~corsac/debian/kernel-grsec/packages/ > > To boot Debian Jessie (with some testing pacakes too) to X - I had to set: > > kernel.grsecurity.disable_priv_io=0 > kernel.pax.softmode=1 > kernel.grsecirity.grsec_lock=0 >
With that stuff set - I also see the following: Dec 19 17:44:32 vula kernel: [ 4047.508272] WARNING: CPU: 5 PID: 2109 at /build/linux-grsec-4.3.3/debian/build/s ource_grsec/include/drm/drm_crtc.h:1577 drm_helper_choose_crtc_dpms+0x8e/0x90 [drm_kms_helper]() Dec 19 17:44:32 vula kernel: [ 4047.508272] Modules linked in: binfmt_misc cfg80211 bridge stp llc snd_hda_codec _hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec nouveau snd_hda_core intel_rapl io sf_mbi snd_hwdep ttm eeepc_wmi x86_pkg_temp_thermal asus_wmi drm_kms_helper sparse_keymap intel_powerclamp coret emp snd_pcm rfkill drm iTCO_wdt video iTCO_vendor_support i2c_algo_bit snd_timer kvm_intel fb_sys_fops mxm_wmi sb_edac syscopyarea psmouse pcspkr mei_me serio_raw edac_core kvm joydev lpc_ich sysfillrect mei snd mfd_core evdev sysimgblt soundcore i2c_i801 shpchp 8250_fintek wmi tpm_infineon tpm_tis processor tpm button loop fuse autofs4 ext4 crc16 mbcache jbd2 algif_skcipher af_alg uas usb_storage hid_generic hid_cherry usbhid hid dm_crypt dm_mod sg sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel jitterentropy_rng hmac drbg ahci libahci ansi_cprng aesni_intel aes_x86_64 xhci_pci lrw gf128mul glue_helper ablk_helper ehci_pci libata ehci_hcd xhci_hcd cryptd e1000e ptp scsi_mod usbcore usb_common pps_core Dec 19 17:44:32 vula kernel: [ 4047.508303] CPU: 5 PID: 2109 Comm: kworker/5:0 Tainted: G W 4.3.0-1-grsec-amd64 #1 Debian 4.3.3-1+grsec1 Dec 19 17:44:32 vula kernel: [ 4047.508304] Hardware name: System manufacturer System Product Name/P9X79, BIOS 4608 12/24/2013 Dec 19 17:44:32 vula kernel: [ 4047.508305] Workqueue: events ffffffffa0696b70 Dec 19 17:44:32 vula kernel: [ 4047.508305] 0000000000000000 729b2a82b7c3ba87 0000000000000000 ffffffffa04779a0 Dec 19 17:44:32 vula kernel: [ 4047.508307] ffffffff812f376f 0000000000000000 ffffffff810648e7 ffff880dfb95d000 Dec 19 17:44:32 vula kernel: [ 4047.508308] ffff880036954000 0000000000000000 0000000000000003 0000000000000000 Dec 19 17:44:32 vula kernel: [ 4047.508310] Call Trace: Dec 19 17:44:32 vula kernel: [ 4047.508314] [<ffffffffa04779a0>] ? sysrq_drm_fb_helper_restore_op+0x20/0x2db9 [drm_kms_helper] Dec 19 17:44:32 vula kernel: [ 4047.508315] [<ffffffff812f376f>] ? dump_stack+0x40/0x61 Dec 19 17:44:32 vula kernel: [ 4047.508317] [<ffffffff810648e7>] ? warn_slowpath_common+0x77/0xb0 Dec 19 17:44:32 vula kernel: [ 4047.508319] [<ffffffffa0467b1e>] ? drm_helper_choose_crtc_dpms+0x8e/0x90 [drm_kms_helper] Dec 19 17:44:32 vula kernel: [ 4047.508322] [<ffffffffa0467b80>] ? drm_helper_connector_dpms+0x60/0x100 [drm_kms_helper] Dec 19 17:44:32 vula kernel: [ 4047.508338] [<ffffffffa073a439>] ? nouveau_connector_hotplug+0x69/0xb0 [nouveau] Dec 19 17:44:32 vula kernel: [ 4047.508346] [<ffffffffa0696b9c>] ? nvif_notify_work+0x2c/0xc0 [nouveau] Dec 19 17:44:32 vula kernel: [ 4047.508355] [<ffffffffa069a028>] ? nvkm_notify_work+0x78/0x80 [nouveau] Dec 19 17:44:32 vula kernel: [ 4047.508356] [<ffffffff8108135d>] ? process_one_work+0x14d/0x390 Dec 19 17:44:32 vula kernel: [ 4047.508358] [<ffffffff81082423>] ? worker_thread+0x63/0x490 Dec 19 17:44:32 vula kernel: [ 4047.508359] [<ffffffff810823c0>] ? rescuer_thread+0x320/0x320 Dec 19 17:44:32 vula kernel: [ 4047.508360] [<ffffffff81087e5b>] ? kthread+0xeb/0x110 Dec 19 17:44:32 vula kernel: [ 4047.508362] [<ffffffff81087d70>] ? kthread_park+0x60/0x60 Dec 19 17:44:32 vula kernel: [ 4047.508363] [<ffffffff815e1c8e>] ? ret_from_fork+0x3e/0x70 Dec 19 17:44:32 vula kernel: [ 4047.508364] [<ffffffff81087d70>] ? kthread_park+0x60/0x60 Dec 19 17:44:32 vula kernel: [ 4047.508365] ---[ end trace c5e955d006e5124c ]--- Lots of things like that in my kernel log...