| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Aug 2016 13:44:22 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: lkp@...org, linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Valdis Kletnieks <valdis.kletnieks@...edu>
Subject: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!
FYI, we noticed the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 5b710f34e194c6b7710f69fdb5d798fdf35b98c1 ("x86/uaccess: Enable hardened usercopy")
in testcase: boot
on test machine: 1 threads qemu-system-i386 -enable-kvm with 360M memory
caused below changes:
+------------------------------------------+------------+------------+
| | f5509cc18d | 5b710f34e1 |
+------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 19 |
| kernel_BUG_at_mm/usercopy.c | 0 | 19 |
| EIP_is_at__check_object_size | 0 | 19 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 19 |
+------------------------------------------+------------+------------+
[ 177.875629] usercopy: kernel memory overwrite attempt detected to 80028f40 (<spans multiple pages>) (512 bytes)
[ 177.965655] ------------[ cut here ]------------
[ 177.965655] ------------[ cut here ]------------
[ 177.976995] kernel BUG at mm/usercopy.c:75!
[ 177.976995] kernel BUG at mm/usercopy.c:75!
[ 177.991519] invalid opcode: 0000 [#1]
[ 177.991519] invalid opcode: 0000 [#1]
[ 178.000490] CPU: 0 PID: 1 Comm: init Not tainted 4.7.0-00004-g5b710f3 #2
[ 178.000490] CPU: 0 PID: 1 Comm: init Not tainted 4.7.0-00004-g5b710f3 #2
[ 178.016498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 178.016498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 178.037761] task: 80028000 ti: 8002a000 task.ti: 8002a000
[ 178.037761] task: 80028000 ti: 8002a000 task.ti: 8002a000
[ 178.050690] EIP: 0060:[<8110a056>] EFLAGS: 00010246 CPU: 0
[ 178.050690] EIP: 0060:[<8110a056>] EFLAGS: 00010246 CPU: 0
[ 178.064166] EIP is at __check_object_size+0x202/0x258
[ 178.064166] EIP is at __check_object_size+0x202/0x258
[ 178.076286] EAX: 00000063 EBX: 80028f40 ECX: 810945ac EDX: 80028000
[ 178.076286] EAX: 00000063 EBX: 80028f40 ECX: 810945ac EDX: 80028000
[ 178.091360] ESI: 817c7dfa EDI: 94b3a5a0 EBP: 8002beac ESP: 8002be7c
[ 178.091360] ESI: 817c7dfa EDI: 94b3a5a0 EBP: 8002beac ESP: 8002be7c
[ 178.116671] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[ 178.116671] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[ 178.129596] CR0: 80050033 CR2: 775e1460 CR3: 0dfbc000 CR4: 00000690
[ 178.129596] CR0: 80050033 CR2: 775e1460 CR3: 0dfbc000 CR4: 00000690
[ 178.154127] Stack:
[ 178.154127] Stack:
[ 178.170232] 817c7e39
[ 178.170232] 817c7e39 817c7e03 817c7e03 8184213b 8184213b 80028f40 80028f40 817c7dcc 817c7dcc 00000200 00000200 94b3a000 94b3a000 00028000 00028000
[ 178.205104] 00000200
[ 178.205104] 00000200 7ffcbc40 7ffcbc40 80028000 80028000 00000200 00000200 8002bf44 8002bf44 81047847 81047847 80028f40 80028f40 80028f00 80028f00
[ 178.246126] 00000000
[ 178.246126] 00000000 00000000 00000000 00000000 00000000 7ffcbbd0 7ffcbbd0 81045015 81045015 80028000 80028000 8002bef8 8002bef8 81081804 81081804
[ 178.290075] Call Trace:
[ 178.290075] Call Trace:
[ 178.303259] [<81047847>] __fpu__restore_sig+0x14f/0x439
[ 178.303259] [<81047847>] __fpu__restore_sig+0x14f/0x439
[ 178.328374] [<81045015>] ? sched_clock+0x9/0xd
[ 178.328374] [<81045015>] ? sched_clock+0x9/0xd
[ 178.350312] [<81081804>] ? sched_clock_cpu+0x19/0xc8
FYI, raw QEMU command line is:
qemu-system-i386 -enable-kvm -kernel /pkg/linux/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/vmlinuz-4.7.0-00004-g5b710f3 -append 'ip=::::vm-lkp-wsx03-quantal-i386-6::dhcp root=/dev/ram0 user=lkp job=/lkp/scheduled/vm-lkp-wsx03-quantal-i386-6/boot-1-quantal-core-i386.cgz-5b710f34e194c6b7710f69fdb5d798fdf35b98c1-20160817-52554-1cf9h0a-0.yaml ARCH=i386 kconfig=i386-randconfig-w0-08170631 branch=linus/master commit=5b710f34e194c6b7710f69fdb5d798fdf35b98c1 BOOT_IMAGE=/pkg/linux/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/vmlinuz-4.7.0-00004-g5b710f3 max_uptime=600 RESULT_ROOT=/result/boot/1/vm-lkp-wsx03-quantal-i386/quantal-core-i386.cgz/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/0 LKP_SERVER=inn debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 systemd.log_level=err ignore_loglevel earlyprintk=ttyS0,115200 console=ttyS0,115200 console=tty0 vga=normal rw drbd.minor_count=8' -initrd /fs/sdc1/initrd-vm-lkp-wsx03-quantal-i386-6 -m 360 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -watchdog-action debug -rtc base=localtime -pidfile /dev/shm/kboot/pid-vm-lkp-wsx03-quantal-i386-6 -serial file:/dev/shm/kboot/serial-vm-lkp-wsx03-quantal-i386-6 -daemonize -display none -monitor null
Thanks,
Kernel Test Robot
View attachment "config-4.7.0-00004-g5b710f3" of type "text/plain" (82654 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (11328 bytes)
Powered by blists - more mailing lists