Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Hardened Gentoo panic on ifconfig eth0/eth1 with 2 8169 NICs
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
morgenstern
n00b
n00b


Joined: 26 Apr 2010
Posts: 3

PostPosted: Mon Apr 26, 2010 4:53 am    Post subject: Hardened Gentoo panic on ifconfig eth0/eth1 with 2 8169 NICs Reply with quote

I have a laptop with a built-in RTL8101/8102E (100BaseTX) and a Carbus connected RTL8169 (Netgear GA511) GigE NIC.

I just installed Gentoo with the latest portage + hardened Stage 3 (32 bit) as of 22 April 2010 via the latest release boot ISO CD.

lspci output: http://pastebin.com/8YXR9a0N
.config: http://pastebin.com/xmEnepHD

I have the "yenta_socket" modules built into the kernel and "r8169" built as a module, or statically compiled into the kernel. Either configuration results in a kernel panic as soon as I ifconfig it with a network cable plugged into the interface.

When I boot with the normal sources (not hardened-sources), I get linux-2.6.32-gentoo-r7 with the same config (for the most part, obviously excepting the grsecurity stuff), which works perfectly.

When I use "Interactive" service startup mode, if I skip net.eth0, I can boot the hardened kernel just fine.
Its dmesg output is here: http://pastebin.com/44DSSE8X

Windoze XP and 7 Ultimate work flawlessly with both NICs. This is not a "bad switch" or cable problem, guys.

I prefer to use the GigE card when I can for speed of course, but I share it with another laptop.

-------- GENERAL Gentoo Network Config Issue *NOT* Hardened Related --------

Configuring gentoo to deal with this "elegantly" seems a bit hard, since it insists upon assigning eth0 to the INTERNAL NIC. (I don't connect them both simultaneously, it's just an either/or proposition).

Changing /etc/conf.d/rc to:

RC_HOTPLUG="no"
RC_COLDPLUG="yes"
RC_PLUG_SERVICES="!*"

Does seem to help, but I still need to mess with net.eth[01]. It'd be nice to be able to setup something that tries to configure eth0 only if eth1 isn't uppable. I can probably jury rig it by grepping dmesg, but that seems ugly, ugly, ugly.

The kernel panic with the 8169 shocked the hell out of me, though. I use grsecurity-patched "vanilla" 2.6 kernels (on Slackware-derived) systems without any dramas, but those are SuperMicro servers in hosting facilities. Those use Intel NICs exclusively as well.
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK

PostPosted: Mon Apr 26, 2010 2:48 pm    Post subject: Reply with quote

Have you tried re-compiling the kernel without any hardened features activated?
Back to top
View user's profile Send private message
morgenstern
n00b
n00b


Joined: 26 Apr 2010
Posts: 3

PostPosted: Mon Apr 26, 2010 10:11 pm    Post subject: Reply with quote

richard.scott wrote:
Have you tried re-compiling the kernel without any hardened features activated?
You mean the 2.6.28, since the 2.6.32 kernel works fine?

OK, I suppose I can try that.

Why are the hardened-sources so lagged from the mainline 2.6/grsecurity releases, by the way? I used to manually integrate a large custom patchset when I used Slackware which incorporate some of Con Kolivas's LCK, along with grsecurity and a few other things without THAT much drama.
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK

PostPosted: Tue Apr 27, 2010 7:33 am    Post subject: Reply with quote

morgenstern wrote:
Why are the hardened-sources so lagged from the mainline 2.6/grsecurity releases, by the way?


I've no idea... I've taken to using the overlay to get my kernel releases... seems stable enough for me.

Rich.
Back to top
View user's profile Send private message
morgenstern
n00b
n00b


Joined: 26 Apr 2010
Posts: 3

PostPosted: Tue Apr 27, 2010 9:05 am    Post subject: Reply with quote

richard.scott wrote:
Have you tried re-compiling the kernel without any hardened features activated?
When I disable PaX + grsecurity, but leave everything else alone, I don't get kernel panics when I UP eth0 or eth1.

But that's hardly a solution, since I already have a working "non-hardened" kernel (and a newer one at that). I guess that rules out RTL 8169 bugs in that specific kernel revision (ones that aren't affected by PaX/grsecurity).

I'll try "pure" vanilla 2.6.33.3+grsecurity next. From what I can see from portage, the patches to the mainline kernel don't look very large or "important".

I'm not at all new to Linux, but I'm trying out gentoo given that I've historically preferred "lean" distros where I only install what I want/need onto a system. I used to use Slackware for that reason, but it was very slow with moving to x64, which is what the vast bulk of my systems are these days. The FreeBSD "ports" style "make world" rebuilding capability has strong appeal to me as well.

Update: Pure 2.6.33.2+grsecurity works perfectly. How odd.

I guess it's "routine" for hardened-gentoo users to go "vanilla", then?
Back to top
View user's profile Send private message
Rexilion
Veteran
Veteran


Joined: 17 Mar 2009
Posts: 1044

PostPosted: Thu Apr 29, 2010 9:22 am    Post subject: Reply with quote

Hardened-sources seems to lag since the gentoo dev's want to test them real good before stabling them. You can use the anarchy overlay for newer hardened-sources:

http://git.overlays.gentoo.org/gitweb/?p=dev/anarchy.git;a=tree;f=sys-kernel/hardened-sources;h=a4869ab71bcaf4ffff201aec1db930d1dd821e66;hb=HEAD

Code:
layman -a anarchy
???
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum