| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 May 2017 11:22:12 +0200
From: Borislav Petkov <bp@...en8.de>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: [PATCH] x86/kernel/process_32: Convert a smp_processor_id() call
Hi,
this is on 32-bit with tip/master.
I *think* the solution is as straight-forward but pls double-check me on
that.
Thanks.
---
From: Borislav Petkov <bp@...e.de>
Date: Sun, 28 May 2017 11:03:42 +0200
Subject: [PATCH] x86/kernel/process_32: Convert a smp_processor_id() call
... to raw_smp_processor_id() to not trip the
BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1
check. The reasoning behind it is that __warn() already uses the raw_
variants but the show_regs() path on 32-bit doesn't.
Otherwise, you get splat in a splat:
Write protecting the kernel read-only data: 2980k
NX-protecting the kernel data: 4744k
x86/mm: Found insecure W+X mapping at address c00a0000/0xc00a0000
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at .../arch/x86/mm/dump_pagetables.c:236 note_page+0x6ca/0x8e0
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #1
Hardware name: LENOVO 30515QG/30515QG, BIOS 8RET30WW (1.12 ) 09/15/2011
task: f4120000 task.stack: f411a000
EIP: note_page+0x6ca/0x8e0
BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1
caller is debug_smp_processor_id
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #1
Hardware name: LENOVO 30515QG/30515QG, BIOS 8RET30WW (1.12 ) 09/15/2011
Call Trace:
dump_stack
check_preemption_disabled
debug_smp_processor_id
__show_regs
? note_page
? printk
? show_regs_print_info
? note_page
show_regs
? vprintk_func
? note_page
__warn
? note_page
? note_page
report_bug
do_trap
? do_error_trap
? __this_cpu_preempt_check
? trace_hardirqs_on_caller
do_error_trap
? note_page
? wake_up_klogd
? console_unlock
? common_exception
? do_overflow
? __this_cpu_preempt_check
? trace_hardirqs_off_caller
? do_overflow
do_invalid_op
common_exception
EIP: note_page+0x6ca/0x8e0
EFLAGS: 00210286 CPU: 0
EAX: 00000041 EBX: f411bf40 ECX: 00000000 EDX: c10bd629
ESI: 80000000 EDI: 00000000 EBP: f411bf0c ESP: f411bed4
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
? wake_up_klogd
? do_overflow
? change_page_attr_set_clr
ptdump_walk_pgd_level_core
ptdump_walk_pgd_level_checkwx
mark_rodata_ro
? rest_init
kernel_init
? schedule_tail_wrapper
ret_from_fork
EFLAGS: 00210286 CPU: 0
EAX: 00000041 EBX: f411bf40 ECX: 00000000 EDX: c10bd629
ESI: 80000000 EDI: 00000000 EBP: f411bf0c ESP: f411bed4
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 80050033 CR2: ffbff000 CR3: 01bbe000 CR4: 000006f0
Call Trace:
? change_page_attr_set_clr
ptdump_walk_pgd_level_core
ptdump_walk_pgd_level_checkwx
mark_rodata_ro
? rest_init
kernel_init
? schedule_tail_wrapper
ret_from_fork
---[ end trace e1a49e2b8e42d056 ]---
x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.
Signed-off-by: Borislav Petkov <bp@...e.de>
---
arch/x86/kernel/process_32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index ff40e74c9181..ffeae818aa7a 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -78,7 +78,7 @@ void __show_regs(struct pt_regs *regs, int all)
printk(KERN_DEFAULT "EIP: %pS\n", (void *)regs->ip);
printk(KERN_DEFAULT "EFLAGS: %08lx CPU: %d\n", regs->flags,
- smp_processor_id());
+ raw_smp_processor_id());
printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
regs->ax, regs->bx, regs->cx, regs->dx);
--
2.11.0
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists