| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Apr 2017 17:21:42 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-ima-devel@...ts.sourceforge.net,
linux-ima-user@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, LKP <lkp@...org>
Subject: [ima] 05d1a717ec [ 85.122020] BUG: unable to handle kernel NULL
pointer dereference at (null)
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 05d1a717ec0430c916a749b94eb90ab74bbfa356
Author: Mimi Zohar <zohar@...ux.vnet.ibm.com>
AuthorDate: Mon Feb 29 19:52:05 2016 -0500
Commit: Mimi Zohar <zohar@...ux.vnet.ibm.com>
CommitDate: Sun May 1 09:23:52 2016 -0400
ima: add support for creating files using the mknodat syscall
Commit 3034a14 "ima: pass 'opened' flag to identify newly created files"
stopped identifying empty files as new files. However new empty files
can be created using the mknodat syscall. On systems with IMA-appraisal
enabled, these empty files are not labeled with security.ima extended
attributes properly, preventing them from subsequently being opened in
order to write the file data contents. This patch defines a new hook
named ima_post_path_mknod() to mark these empty files, created using
mknodat, as new in order to allow the file data contents to be written.
In addition, files with security.ima xattrs containing a file signature
are considered "immutable" and can not be modified. The file contents
need to be written, before signing the file. This patch relaxes this
requirement for new files, allowing the file signature to be written
before the file contents.
Changelog:
- defer identifying files with signatures stored as security.ima
(based on Dmitry Rozhkov's comments)
- removing tests (eg. dentry, dentry->d_inode, inode->i_size == 0)
(based on Al's review)
Signed-off-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: Al Viro <<viro@...iv.linux.org.uk>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@...ux.intel.com>
42a4c60319 ima: fix ima_inode_post_setattr
05d1a717ec ima: add support for creating files using the mknodat syscall
78d91a75b4 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
5efce14289 Add linux-next specific files for 20170407
+--------------------------------------------------------------------------------------------------------+------------+------------+------------+---------------+
| | 42a4c60319 | 05d1a717ec | 78d91a75b4 | next-20170407 |
+--------------------------------------------------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 909 | 304 | 301 | 47 |
| boot_failures | 1 | 6 | 10 | 1 |
| calltrace:SyS_open | 1 | 6 | | |
| BUG:unable_to_handle_kernel | 0 | 6 | 10 | 1 |
| Oops:#[##] | 0 | 6 | 10 | 1 |
| RIP:ima_match_policy | 0 | 6 | | |
| calltrace:SyS_mknod | 0 | 6 | | |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | 10 | 1 |
| BUG:unable_to_hand[main]Setsockopt(##f#b000#d)on_fd#[#:#:#]le_kernel_NULL_pointer_dereference_at(null) | 0 | 0 | 0 | 1 |
+--------------------------------------------------------------------------------------------------------+------------+------------+------------+---------------+
[ 85.122020] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 85.122020] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 85.126863] IP: ima_match_policy+0xb9/0x6c0
[ 85.126863] IP: ima_match_policy+0xb9/0x6c0
[ 85.129310] PGD 178e0067
[ 85.129310] PGD 178e0067
[ 85.129313] P4D 178e0067
[ 85.129313] P4D 178e0067
[ 85.130743] PUD 1675c067
[ 85.130743] PUD 1675c067
[ 85.132217] PMD 0
[ 85.132217] PMD 0
[ 85.133700]
[ 85.133700]
[ 85.135604] Oops: 00[0main] Added 211 filenames from /dev
0 [#1] SMP
[ 85.135604] Oops: 0000 [#1] SMP
[ 85.146102] Modules linked in:
[ 85.146102] Modules linked in:
[ 85.148533] CPU: 1 PID: 1598 Comm: trinity-c1 Not tainted 4.11.0-rc5-next-20170407 #1
[ 85.148533] CPU: 1 PID: 1598 Comm: trinity-c1 Not tainted 4.11.0-rc5-next-20170407 #1
[ 85.155053] task: ffff880017d4e2c0 task.stack: ffffc90001d10000
[ 85.155053] task: ffff880017d4e2c0 task.stack: ffffc90001d10000
[ 85.159757] RIP: 0010:ima_match_policy+0xb9/0x6c0
[ 85.159757] RIP: 0010:ima_match_policy+0xb9/0x6c0
[ 85.163993] RSP: 0018:ffffc90001d13e68 EFLAGS: 00010202
[ 85.163993] RSP: 0018:ffffc90001d13e68 EFLAGS: 00010202
[ 85.168390] RAX: 0000000000000000 RBX: ffff880016b3c748 RCX: 0000000000000002
[ 85.168390] RAX: 0000000000000000 RBX: ffff880016b3c748 RCX: 0000000000000002
[ 85.173272] RDX: ffffffff81359e80 RSI: ffff880017d4ee10 RDI: 0000000000000202
[ 85.173272] RDX: ffffffff81359e80 RSI: ffff880017d4ee10 RDI: 0000000000000202
[ 85.179569] RBP: ffffc90001d13ed0 R08: ffff880017d4ede8 R09: 0000000003065126
[ 85.179569] RBP: ffffc90001d13ed0 R08: ffff880017d4ede8 R09: 0000000003065126
[ 85.185753] R10: 000000000307fda9 R11: ffff880017d4ee10 R12: 0000000000000001
[ 85.185753] R10: 000000000307fda9 R11: ffff880017d4ee10 R12: 0000000000000001
[ 85.206314] R13: 0000000000c08670 R14: ffff880016b3c748 R15: 000000000000000c
[ 85.206314] R13: 0000000000c08670 R14: ffff880016b3c748 R15: 000000000000000c
[ 85.219686] FS: 00007f3b9c3b5700(0000) GS:ffff88001e700000(0000) knlGS:0000000000000000
[ 85.219686] FS: 00007f3b9c3b5700(0000) GS:ffff88001e700000(0000) knlGS:0000000000000000
[ 85.235885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.235885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.245305] CR2: 0000000000000000 CR3: 00000000178d6000 CR4: 00000000000006e0
[ 85.245305] CR2: 0000000000000000 CR3: 00000000178d6000 CR4: 00000000000006e0
[ 85.256719] DR0: 000000000068e000 DR1: 00007f3b9acdc000 DR2: 0000000000000000
[ 85.256719] DR0: 000000000068e000 DR1: 00007f3b9acdc000 DR2: 0000000000000000
[ 85.266482] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 85.266482] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 85.275274] Call Trace:
[ 85.275274] Call Trace:
[ 85.276975] ima_must_appraise+0x32/0x40
[ 85.276975] ima_must_appraise+0x32/0x40
[ 85.280500] ima_post_path_mknod+0x23/0x70
[ 85.280500] ima_post_path_mknod+0x23/0x70
[ 85.283558] SyS_mknod+0x299/0x2d0
[ 85.283558] SyS_mknod+0x299/0x2d0
[ 85.286145] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 85.286145] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 85.290033] RIP: 0033:0x7f3b9beca6d9
[ 85.290033] RIP: 0033:0x7f3b9beca6d9
[ 85.293064] RSP: 002b:00007ffc8737f5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 85.293064] RSP: 002b:00007ffc8737f5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 85.300089] RAX: ffffffffffffffda RBX: 00007f3b9c192720 RCX: 00007f3b9beca6d9
[ 85.300089] RAX: ffffffffffffffda RBX: 00007f3b9c192720 RCX: 00007f3b9beca6d9
[ 85.305185] RDX: 00000000006dd5e7 RSI: 0000000000000207 RDI: 0000000000c08670
[ 85.305185] RDX: 00000000006dd5e7 RSI: 0000000000000207 RDI: 0000000000c08670
[ 85.311144] RBP: 0000000000001010 R08: fffffffffffffffe R09: 0000000096a0a788
[ 85.311144] RBP: 0000000000001010 R08: fffffffffffffffe R09: 0000000096a0a788
[ 85.316371] R10: ffffff7fb54b508d R11: 0000000000000246 R12: 00007f3b9c192778
[ 85.316371] R10: ffffff7fb54b508d R11: 0000000000000246 R12: 00007f3b9c192778
[ 85.322649] R13: 0000000000001000 R14: 0000000000c08660 R15: 0000000000002a80
[ 85.322649] R13: 0000000000001000 R14: 0000000000c08660 R15: 0000000000002a80
[ 85.329101] Code: 48 83 05 0a b7 05 02 01 80 3d 69 8b ef 00 00 0f 84 0c 04 00 00 48 8b 05 7e c2 05 02 48 83 05 56 bd 05 02 01 c7 45 c8 00 00 00 00 <48> 8b 18 48 39 d8 0f 84 33 03 00 00 65 4c 8b 2c 25 80 c4 00 00
[ 85.329101] Code: 48 83 05 0a b7 05 02 01 80 3d 69 8b ef 00 00 0f 84 0c 04 00 00 48 8b 05 7e c2 05 02 48 83 05 56 bd 05 02 01 c7 45 c8 00 00 00 00 <48> 8b 18 48 39 d8 0f 84 33 03 00 00 65 4c 8b 2c 25 80 c4 00 00
[ 85.343891] RIP: ima_match_policy+0xb9/0x6c0 RSP: ffffc90001d13e68
[ 85.343891] RIP: ima_match_policy+0xb9/0x6c0 RSP: ffffc90001d13e68
[ 85.348655] CR2: 0000000000000000
[ 85.348655] CR2: 0000000000000000
[ 85.351165] ---[ end trace 99e982ab4c7da40e ]---
[ 85.351165] ---[ end trace 99e982ab4c7da40e ]---
[ 85.354522] Kernel panic - not syncing: Fatal exception
[ 85.354522] Kernel panic - not syncing: Fatal exception
[ 85.358889] Kernel Offset: disabled
[ 85.358889] Kernel Offset: disabled
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.7 v4.6 --
git bisect bad 4340fa55298d17049e71c7a34e04647379c269f3 # 03:17 B 66 1 0 0 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
git bisect bad 0eff4589c36edd03d50b835d0768b2c2ef3f20bd # 04:13 B 121 1 75 75 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
git bisect good 8908c94d6cd7513ba4512295abc945a6ff7f979c # 05:57 G 300 0 236 236 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
git bisect bad 7beaa24ba49717419e24d1f6321e8b3c265a719c # 06:54 B 258 1 188 188 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
git bisect good 9797f6b0504122e4ad9ff047a3d0521ad6706386 # 08:10 G 304 0 241 241 Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
git bisect good 676d9735cd010fc439566e2b6e9b6adc3e1179ef # 09:19 G 303 0 220 220 Merge tag 'rpmsg-v4.7' of git://github.com/andersson/remoteproc
git bisect good 2600a46ee0ed57c0e0a382c2a37ebac64d374d20 # 10:30 G 301 0 237 237 Merge tag 'trace-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
git bisect bad 0efacbbaee1e94e9942da0912f5b46ffd45a74bd # 11:09 B 167 1 126 126 Merge tag 'arc-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
git bisect bad f4f27d0028aabce57e44c16c2fdefccd6310d2f3 # 11:27 B 12 1 8 8 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
git bisect good d55201ce08bfae40ae0062be126f49471a55bcad # 13:11 G 302 0 1 1 Merge branch 'keys-trust' into keys-next
git bisect bad 0250abcd726b4eba8a6175f09656fe544ed6491a # 13:25 B 56 1 0 0 Merge tag 'keys-next-20160505' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
git bisect good 9b091556a073a9f5f93e2ad23d118f45c4796a84 # 14:24 G 304 0 0 0 LSM: LoadPin for kernel file loading restrictions
git bisect good 42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b # 15:44 G 303 0 0 0 ima: fix ima_inode_post_setattr
git bisect bad 470bf1f27a1472264d18c84b324389509f0e30b3 # 16:20 B 113 1 0 0 seccomp: Fix comment typo
git bisect bad 05d1a717ec0430c916a749b94eb90ab74bbfa356 # 16:35 B 5 2 0 0 ima: add support for creating files using the mknodat syscall
# first bad commit: [05d1a717ec0430c916a749b94eb90ab74bbfa356] ima: add support for creating files using the mknodat syscall
git bisect good 42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b # 18:07 G 910 0 1 1 ima: fix ima_inode_post_setattr
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 05d1a717ec0430c916a749b94eb90ab74bbfa356 # 18:24 B 12 1 0 0 ima: add support for creating files using the mknodat syscall
# extra tests on HEAD of linux-devel/devel-spot-201704081709
git bisect bad bf59453f0e6af799ffc4fa8e2b6cc83205028f63 # 18:24 B 32 2 0 2 0day head guard for 'devel-spot-201704081709'
# extra tests on tree/branch linus/master
git bisect bad 78d91a75b40fcf6a08506d308abf2413a29b7e30 # 18:44 B 13 1 0 0 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
# extra tests with first bad commit reverted
git bisect good 105c8fe0d9bdcea4b3335040b7532ef25f5a07b3 # 22:03 G 310 0 0 0 Revert "ima: add support for creating files using the mknodat syscall"
# extra tests on tree/branch linux-next/master
git bisect bad 5efce1428912454a377d8336ea47c51700641b38 # 22:28 B 47 1 0 0 Add linux-next specific files for 20170407
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-intel12-45:20170409163440:x86_64-randconfig-it0-04082007:4.6.0-rc2-00011-g05d1a71:1.gz" of type "application/gzip" (28665 bytes)
View attachment "reproduce-quantal-intel12-45:20170409163440:x86_64-randconfig-it0-04082007:4.6.0-rc2-00011-g05d1a71:1" of type "text/plain" (888 bytes)
View attachment "config-4.6.0-rc2-00011-g05d1a71" of type "text/plain" (95861 bytes)
Powered by blists - more mailing lists