lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 22 May 2011 14:56:40 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Parag Warudkar <parag.lkml@...il.com>,
	Fenghua Yu <fenghua.yu@...el.com>,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	Ingo Molnar <mingo@...e.hu>, Dmitry Torokhov <dtor@...l.ru>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Resume Issues :Exec of NX page, Synaptics Botchup

On Sun, May 22, 2011 at 2:36 PM, Parag Warudkar <parag.lkml@...il.com> wrote:
>
> So on an otherwise working system, with today's git resume from suspend
> goes awry. Distro kernel 2.6.38-8 has no issues and
> CONFIG_DEBUG_SET_MODULE_RONX=y is set for both kernels.
>
> 1) setup_disablecpuid seems to result in executing a NX page -
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> [ 2762.672126] BUG: unable to handle kernel paging request at
> ffffffff81aaf74d
> [ 2762.672131] IP: [<ffffffff81aaf74d>] setup_disablecpuid+0x40/0x40

Hmm. The "Code: " line is just full of complete garbage, so I think
the real issue is that you really are trying to execute data.

And that in turn seems to be because "setup_disablecpuid()" has
actually been free'd, because it is marked as __init.

Which is fine at the initial bootup, but not so fine at resume time,
since it was free'd long long ago by then.

And it definitely shouldn' t be called at resume time. There's
something wrong there. That call trace is odd:

  Call Trace:
   [<ffffffff8148a119>] ? identify_cpu+0xd8/0x2d8
   [<ffffffff8148a32d>] identify_secondary_cpu+0x14/0x1b
   [<ffffffff8148bf0f>] smp_store_cpu_info+0x3c/0x3e
   [<ffffffff8148c2ef>] start_secondary+0xf7/0x1d2

because none of those should be calling "setup_disablecpuid()" at all.

Hmm. In fact, RIP is "setup_disablecpuid+0x40/0x40", ie it is one past
the _end_ of setup_disablecpuid.

I suspect that is actually "setup_smep()" that got called, an dthat
there was some garbage data in there that caused it to jump back a
bit.

Does the attached patch fix it?

> 2) Synaptics touchpad which work fine with two fingure gestures etc before
> resume - goes into ps2 mode after resume -
> [ 2783.323947] Synaptics claims to have extended capabilities, but I'm not able to read them.
> [ 2783.774740] Synaptics hardware appears to be different: id(149271-149271), model(114865-114865), caps(d04733-d04733), ext(a40000-0).
> [ 2788.880575] Unable to query Synaptics hardware.

Hmm. I have no idea about this one. Dmitry?

                       Linus

View attachment "patch.diff" of type "text/x-patch" (572 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ