Endpoint Protection

 View Only

  • 1.  autoprotect at Xen-domU for Linux

    Posted Dec 12, 2011 07:29 AM

    Hallo all,

     

    I want run autoprotect at our servers. All Server are virtual machines at Xen with debian squeeze. The Kernel is the the version 2.6.32-5-xen-amd64.

    I know, that this kernel is not supportet. I have compilet the modules from source (ap-kernelmodule-1.0.12-8) with debug option. If I want start autoprotect, it crash with the errormessage:

    Starting AP: ./autoprotect: Zeile 290:  5377 Speicherzugriffsfehler  /sbin/insmod $moduledir/$mod
     In the kernel log I found the following message:

    Dec 12 12:47:30 lts1 kernel: : [ 2384.883649] Pid: 5377, comm: insmod Not tainted 2.6.32-5-xen-amd64 #1
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883653] RIP: e030:[<ffffffff8100e0f7>]  [<ffffffff8100e0f7>] xen_release_ptpage+0x1b/0x5a
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883660] RSP: e02b:ffff8801b90bfeb8  EFLAGS: 00010296
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883663] RAX: ffe5c000e59cea00 RBX: ffff88000419a8c0 RCX: 0000000000000001
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883667] RDX: ffffea0000000000 RSI: 0000000000000001 RDI: ffff88000419a8c0
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883671] RBP: ffe5aa00e59cea00 R08: 8010000000000027 R09: 00003ffffffff000
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883675] R10: ffff880000000000 R11: 00000000000186a0 R12: 0000000000000000
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883679] R13: 0000000000000001 R14: ffff8801b90bfee4 R15: ffffc00000000fff
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883686] FS:  00007fc967c9f700(0000) GS:ffff88000ba1f000(0000) knlGS:0000000000000000
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883690] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883694] CR2: 00007fc96765900f CR3: 00000001c88f5000 CR4: 0000000000002660
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883701] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883705] Process insmod (pid: 5377, threadinfo ffff8801b90be000, task ffff8801faaa8000)
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883709] Stack:
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883711]  ffff8801b90bfee4 ffff88000419a8c0 ffffffff81318000 ffffffffa0249a21
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883716] <0> 0000000000000282 00000001b90bfef8 000001d8a0250334 ffffffffa0252360
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883725] <0> ffffffffa024a5fb 0000000000000000 000000000011683c 0000000000200000
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883732] Call Trace:
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883739]  [<ffffffffa0249a21>] ? fix_sct_prot+0xc4/0xfd [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883747]  [<ffffffffa024a5fb>] ? init_module+0x0/0x11a [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883755]  [<ffffffffa0249fbb>] ? symev_hook_syscalls+0x13/0x653 [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883764]  [<ffffffffa024a69c>] ? init_module+0xa1/0x11a [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883769]  [<ffffffff8100a065>] ? do_one_initcall+0x64/0x174
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883773]  [<ffffffff8107babc>] ? sys_init_module+0xc5/0x21a
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883777]  [<ffffffff81011b42>] ? system_call_fastpath+0x16/0x1b
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883780] Code: f0 b0 ff ff 85 c0 74 04 0f 0b eb fe 58 5a 5b c3 48 6b c7 38 55 48 ba 00 00 00 00 00 ea ff ff 53 48 89 fb 48 8d 2c 10 48 83 ec 08 <48> 8b 45 00 f6 c4 01 74 32 83 fe 03 75 0d 48 89 fe bf 04 00 00
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883825] RIP  [<ffffffff8100e0f7>] xen_release_ptpage+0x1b/0x5a
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883830]  RSP <ffff8801b90bfeb8>
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883843] ---[ end trace 27edcfab9ec67d52 ]---
    Dec 12 12:47:30 lts1 kernel: : [ 2384.883847] note: insmod[5377] exited with preempt_count 1
    Dec 12 12:47:30 lts1 kernel: : [ 2384.884068] BUG: scheduling while atomic: insmod/5377/0x10000001
    Dec 12 12:47:30 lts1 kernel: : [ 2384.884072] Modules linked in: symev_custom_2.6.32_5_xen_amd64_x86_64(+) sco bridge parport_pc stp ppdev bnep lp rfcomm parport l2cap bluetooth rfkill acpi_cpufreq processor thermal_sys acpi_processor cpufreq_conservative autofs4 cpufreq_stats cpufreq_userspace cpufreq_powersave binfmt_misc fuse nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc evdev pcspkr ext4 mbcache jbd2 crc16 dm_mod xen_blkfront xen_netfront
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122] Pid: 5377, comm: insmod Tainted: G      D    2.6.32-5-xen-amd64 #1
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122] Call Trace:
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8104928f>] ? __schedule_bug+0x40/0x54
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8130bba8>] ? schedule+0xc5/0x7b4
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8100922a>] ? hypercall_page+0x22a/0x1001
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8100e635>] ? xen_force_evtchn_callback+0x9/0xa
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8104ba3c>] ? __cond_resched+0x1d/0x26
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8130c49b>] ? _cond_resched+0x24/0x2f
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8106930b>] ? switch_task_namespaces+0xf/0x43
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff81052668>] ? do_exit+0x549/0x6c6
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8130e54d>] ? oops_end+0xaf/0xb4
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8101336a>] ? do_stack_segment+0x74/0x98
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8130d9c5>] ? xen_stack_segment+0x25/0x30
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8100e0f7>] ? xen_release_ptpage+0x1b/0x5a
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffffa0249a21>] ? fix_sct_prot+0xc4/0xfd [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffffa024a5fb>] ? init_module+0x0/0x11a [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffffa0249fbb>] ? symev_hook_syscalls+0x13/0x653 [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffffa024a69c>] ? init_module+0xa1/0x11a [symev_custom_2.6.32_5_xen_amd64_x86_64]
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8100a065>] ? do_one_initcall+0x64/0x174
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff8107babc>] ? sys_init_module+0xc5/0x21a
    Dec 12 12:47:30 lts1 kernel: : [ 2384.889122]  [<ffffffff81011b42>] ? system_call_fastpath+0x16/0x1b

    I have the same source copiled and installed without problems at a notebook with Ubuntu and kernel 2.6.32-36-generic.

    Is something special for SAV at virtual linux-maschines?

    thanks and regards Monika



  • 2.  RE: autoprotect at Xen-domU for Linux

    Posted Dec 21, 2011 08:53 PM

    What version of SAV are you running? SAV is old an old product, I doubt it is supported in a virtual environment.