| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Jun 2013 06:24:14 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: fengguang.wu@...el.com, Ingo Molnar <mingo@...e.hu>,
linux-kernel@...r.kernel.org
Subject: [i386/load_elf_binary] BUG: unable to handle kernel paging request
at c16561d0
Greetings,
I got the below dmesg and the first bad commit is
commit bf400180b35912be07e8e22ddcb1e2b266b81067
Author: Ingo Molnar <mingo@...e.hu>
Date: Wed Jul 14 00:50:02 2010 -0700
i386: NX emulation
This is old code with some cruft, all originally by Ingo Molnar with
much later rebasing by Fedora folks and at least one arcane fix by
Roland McGrath a few years ago. No longer uses exec-shield sysctl,
merged with disable_nx. Kees Cook fixed boottime NX reporting for various
corner cases.
Signed-off-by: Kees Cook <kees.cook@...onical.com>
Parent commit not clean. Look out for wrong bisect!
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28398-20130610034933-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28446-20130610032719-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28446-20130610034919-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28494-20130610034912-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610032701-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610033845-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610034930-3.10.0-rc4-00157-g29eb778-31
[ 442.715828] Write protecting the kernel text: 3872k
[ 442.724722] Write protecting the kernel read-only data: 1948k
[ 443.053460] BUG: unable to handle kernel paging request at c16561d0
[ 443.053460] IP: [<c1105fb1>] load_elf_binary+0x2e1/0xdb0
[ 443.053460] *pde = 01b9b067 *pte = 01656062
[ 443.053460] Oops: 0000 [#1] DEBUG_PAGEALLOC
[ 443.053460] Modules linked in:
[ 443.053460] CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc5-01256-g03a188b #1
[ 443.053460] task: cb868000 ti: cb862000 task.ti: cb862000
[ 443.053460] EIP: 0060:[<c1105fb1>] EFLAGS: 00000246 CPU: 0
[ 443.053460] EIP is at load_elf_binary+0x2e1/0xdb0
[ 443.053460] EAX: 00000000 EBX: c47aae40 ECX: 00000000 EDX: c471f510
[ 443.053460] ESI: c471f544 EDI: 00000000 EBP: cb863f14 ESP: cb863e98
[ 443.053460] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 443.053460] CR0: 8005003b CR2: c16561d0 CR3: 047ab000 CR4: 00000690
[ 443.053460] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 443.053460] DR6: 00000000 DR7: 00000000
[ 443.053460] Stack:
[ 443.053460] c471f510 00000080 c15cadb0 cb863ec4 00000002 c1003955 0000007b cb868000
[ 443.053460] 00000000 00000001 00000000 00000000 000002e9 00000000 cb868000 c15ca6b8
[ 443.053460] 00000001 cb863f08 00000246 c47199c0 00000246 cb9df780 c11058c0 c10d2a7a
[ 443.053460] Call Trace:
[ 443.053460] [<c1003955>] ? do_IRQ+0x75/0x90
[ 443.053460] [<c11058c0>] ? bm_status_write+0xe0/0xe0
[ 443.053460] [<c10d2a7a>] ? search_binary_handler+0x32a/0x380
[ 443.053460] [<c1105cd0>] ? load_elf_library+0x1d0/0x1d0
[ 443.053460] [<c10d2a87>] search_binary_handler+0x337/0x380
[ 443.053460] [<c10d2778>] ? search_binary_handler+0x28/0x380
[ 443.053460] [<c10d3adf>] do_execve+0x4af/0x660
[ 443.053460] [<c10d3708>] ? do_execve+0xd8/0x660
[ 443.053460] [<c10000f7>] run_init_process+0x17/0x20
[ 443.053460] [<c13ba1b7>] kernel_init+0x37/0xf0
[ 443.053460] [<c13c6b1b>] ret_from_kernel_thread+0x1b/0x30
[ 443.053460] [<c13ba180>] ? rest_init+0x130/0x130
[ 443.053460] Code: 00 00 eb 15 c7 45 d0 00 00 00 00 c7 45 d8 00 00 00 00 c7 45 e4 00 00 00 00 8b 45 f0 e8 59 cd fc ff 89 c7 85 c0 0f 85 a1 09 00 00 <83> 3d d0 61 65 c1 00 75 0f 83 7d e4 01 0f 85 1a 0a 00 00 e9 d7
[ 443.053460] EIP: [<c1105fb1>] load_elf_binary+0x2e1/0xdb0 SS:ESP 0068:cb863e98
[ 443.053460] CR2: 00000000c16561d0
[ 443.053460] ---[ end trace 25e1f5808e99ed0b ]---
git bisect start 03a188b29c8d5f332292e972a1d7eb1cd26d8109 317ddd256b9c24b0d78fa8018f80f1e495481a10 --
git bisect good 78f304d06c47d600ec1a4b0995f1f4c5667a677e # 123 2013-06-09 23:49:17 iio:trigger:interrupt fix formatting of rsize variable in name
git bisect good 3fb09d4ffa0622bfacaf82f24779e3250ce3abd2 # 123 2013-06-10 00:18:42 Merge remote-tracking branch 'iwlwifi-fixes/for-john' into devel-roam-i386-201306090958
git bisect good f0562289c37ff287a0267c95b81d8c86ace11551 # 123 2013-06-10 00:41:45 Merge remote-tracking branch 'iwlwifi-next/for-john' into devel-roam-i386-201306090958
git bisect bad 2d8e8d692a41906e559ca310fcd1db617c26859e # 0 2013-06-10 00:44:24 Merge remote-tracking branch 'linuxtv-media/fixes' into devel-roam-i386-201306090958
git bisect good 6d0745447f0535bad8a4e1e4cd0689e7979c8bff # 123 2013-06-10 01:12:38 btrfs: set readdir f_pos only after filldir
git bisect good 3cf138a6393d4ae2aeabce4c4b776d7d15cce69b # 123 2013-06-10 01:37:17 [media] exynos4-is: Prevent NULL pointer dereference when firmware isn't loaded
git bisect good 7952870342ce33d4d0b633c83d2a9f15d916281a # 123 2013-06-10 02:00:31 Merge remote-tracking branch 'kbuild/for-next' into devel-roam-i386-201306090958
git bisect good 560dde24adfdc9dbcd141c75faecc5e0402fe531 # 123 2013-06-10 02:35:20 [media] v4l2-ioctl: don't print the clips list
git bisect good af44ad5edd1eb6ca92ed5be48e0004e1f04bf219 # 123 2013-06-10 02:54:51 [media] soc_camera: error dev remove and v4l2 call
git bisect bad e6cb273732d7ff79b8bf2be02556d26b6d3b928d # 0 2013-06-10 02:58:30 i386: mmap randomization for executable mappings
git bisect bad bf400180b35912be07e8e22ddcb1e2b266b81067 # 0 2013-06-10 03:04:33 i386: NX emulation
git bisect good 29eb77825cc7da8d45b642de2de3d423dc8a363f # 369 2013-06-10 03:55:00 arch, mm: Remove tlb_fast_mode()
git bisect bad 03a188b29c8d5f332292e972a1d7eb1cd26d8109 # 0 2013-06-10 03:55:03 Merge remote-tracking branch 'linuxtv-media/master' into devel-roam-i386-201306090958
git bisect good e0d76190b217582321a602041318b3b88c195193 # 372 2013-06-10 04:50:38 Revert "i386: NX emulation"
git bisect good 317ddd256b9c24b0d78fa8018f80f1e495481a10 # 369 2013-06-10 05:23:19 Linux 3.10-rc5
git bisect good c04efed734409f5a44715b54a6ca1b54b0ccf215 # 369 2013-06-10 05:59:16 Add linux-next specific files for 20130607
Thanks,
Fengguang
View attachment "dmesg-kvm-ant-25539-20130609144605-3.10.0-rc5-01256-g03a188b-1" of type "text/plain" (36996 bytes)
View attachment "bisect-03a188b29c8d5f332292e972a1d7eb1cd26d8109-i386-randconfig-r05-0609-BUG:-unable-to-handle-kernel-paging-request-at-41404.log" of type "text/plain" (29034 bytes)
View attachment ".config-bisect" of type "text/plain" (63917 bytes)
Powered by blists - more mailing lists