# Installing sun-jdk on hardened/grsec/pax gives KrnlBUG(Solv)

## wippie

When trying to install dev-java/sun-jdk on any of my gentoo hardened/grsec boxes, the ebuild freezes after the line:

```
# java -client -Xshare:dump
```

Cut from dmesg

 *Quote:*   

> ------------[ cut here ]------------
> 
> kernel BUG at mm/mmap.c:1725!
> 
> invalid opcode: 0000 [#2]
> ...

 

The freeze is quite hard, i can't even ctrl+c or ctrl+z out of it and the thing is that the process almost kills the whole box.

If i from another shell try to run 'ps aux' or anything that would list the java process after that line, that process will also freeze. I can't even run 'ls -la /proc/' without ls freeze!! With this zombie process in the background the system load increase with about 2.00 for each dead process and only way to kill it is a reboot. -scary-

I heard somewhere that java isn't really supported in the gentoo hardened toolchain, but in the other hand, it's not masked either. And now i ended up needing java on hardened..

Pax is turned off for the older sun-jdk install but the bug occurr both for the new sun-jdk-1.6.0.06 and trying to reemerge 1.6.0.05. Running 'java -client -Xshare:dump' on the installed sun-jdk-1.6.0.05 results in the same bug/freeze.

 *Quote:*   

> # java -client -Xshare:dump
> 
> Loading classes to share ... done.
> 
> Rewriting and unlinking classes ... done.
> ...

 

I'm really out of ideas what could be wrong and i really need java running..  :Crying or Very sad: 

Some other system info.

Pax flags:

 *Quote:*   

> ----[ chpax 0.7 : Current flags for /opt/sun-jdk-1.6.0.05/bin/java (pemRxs) ]----
> 
>  * Paging based PAGE_EXEC       : disabled
> 
>  * Trampolines                  : not emulated
> ...

 

.. same flags on all java binarys

 *Quote:*   

> #uname -a
> 
> Linux onyx 2.6.23-hardened-r12 #1 Fri May 23 07:43:33 CEST 2008 i686 VIA Esther processor 1000MHz CentaurHauls GNU/Linux
> 
> 

 

Since i got this bug repeatable: always on two machines with hardened and not on any non-hardened, i guess it's hardened specific.

Kernel config, cut to only grsec and pax config for more easy reading, just ask if you need more info;

 *Quote:*   

> grep -i grkern /usr/src/linuc/.config
> 
> CONFIG_GRKERNSEC=y
> 
> # CONFIG_GRKERNSEC_LOW is not set
> ...

 

 *Quote:*   

> grep -i pax /usr/src/linux/.config
> 
> # PaX
> 
> CONFIG_PAX=y
> ...

 Last edited by wippie on Tue Jun 03, 2008 10:05 pm; edited 1 time in total

----------

## wippie

I found more info about what seems to be the same bug at grsecuritys forum:

http://forums.grsecurity.net/viewtopic.php?f=3&t=1960

No solotion tho...

----------

## wyv3rn

Your best bet is to do what you have done and take it to the grsecurity.net forums.  However you should disable GRKERNSEC_HIDESYM and re-produce+re-report these BUGs as that output is mostly useless without symbol names or a copy of your System.map.

----------

## wippie

Recompiled without GRKERNSEC_HIDESYM, posted in the grsecurity forum. This thread continues there.

http://forums.grsecurity.net/viewtopic.php?f=3&t=1960

However, if there's some good news it will be posted here as well!

----------

## wippie

The bug should be solved in Grsecurity Test Patch posted June 01 2008. There's a patch for both 2.6.24.7 and 2.6.25.4.

Get them here

http://grsecurity.org/test.php

Direct link: 2.6.24.7 (pax only)

http://grsecurity.org/test/pax-linux-2.6.24.7-test52.patch

Direct link: 2.6.25.4 (full grsecurity)

http://grsecurity.org/test/grsecurity-2.1.12-2.6.25.4-200806012125.patch

I have verified the 2.6.25.4 patch with a vanilla kernel and everything seems to work as it should.

Perhaps included in the next hardened-sources-2.6.25?  :Wink: 

----------

## wyv3rn

Thanks for following through, nice job reporting and testing the new patches.  As for the fix, can't say I'm surprised.  PaX/grsec upstream are always extremely supportive and quick to fix any bugs.  :Smile: 

 *wippie wrote:*   

> Perhaps included in the next hardened-sources-2.6.25? 

 

Yep, and will be fixed in the next hardened-sources-2.6.24-r3 as well.  :Wink: 

----------

