| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2017 10:20:13 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Ingo Molnar <mingo@...nel.org>, Eric Biggers <ebiggers@...gle.com>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
Rik van Riel <riel@...hat.com>,
Kees Cook <keescook@...omium.org>, wfg@...ux.intel.com
Subject: 9f4835fb96 ("x86/fpu: Tighten validation of user-supplied .."):
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Hi Ingo,
On your request I'm resending the report here, with attached dmesg,
kconfig and reproduce script.
I'll go on to test your split up commits, too.
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86/fpu
commit 9f4835fb965d8eea7e608d0cb62c246c804dec90
Author: Eric Biggers <ebiggers@...gle.com>
AuthorDate: Fri Sep 22 10:41:55 2017 -0700
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Sat Sep 23 11:02:00 2017 +0200
x86/fpu: Tighten validation of user-supplied xstate_header
Move validation of user-supplied xstate_headers into a helper function
and call it from both the ptrace and sigreturn syscall paths. The new
function also considers it to be an error if *any* reserved bits are
set, whereas before we were just clearing most of them.
This should reduce the chance of bugs that fail to correctly validate
user-supplied XSAVE areas. It also will expose any broken userspace
programs that set the other reserved bits; this is desirable because
such programs will lose compatibility with future CPUs and kernels if
those bits are ever used for anything. (There shouldn't be any such
programs, and in fact in the case where the compacted format is in use
we were already validating xfeatures. But you never know...)
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Reviewed-by: Kees Cook <keescook@...omium.org>
Reviewed-by: Rik van Riel <riel@...hat.com>
Acked-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Fenghua Yu <fenghua.yu@...el.com>
Cc: Kevin Hao <haokexin@...il.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Michael Halcrow <mhalcrow@...gle.com>
Cc: Oleg Nesterov <oleg@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Wanpeng Li <wanpeng.li@...mail.com>
Cc: Yu-cheng Yu <yu-cheng.yu@...el.com>
Cc: kernel-hardening@...ts.openwall.com
Link: http://lkml.kernel.org/r/20170922174156.16780-3-ebiggers3@gmail.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
29ed270cd3 x86/fpu: Don't let userspace set bogus xcomp_bv
9f4835fb96 x86/fpu: Tighten validation of user-supplied xstate_header
8d3e268d89 x86/fpu: Rename fpu__activate_fpstate_read/write() to fpu__read/write()
e7c6e36753 Merge branch 'x86/urgent'
+-----------------------------------------------------------+------------+------------+------------+------------+
| | 29ed270cd3 | 9f4835fb96 | 8d3e268d89 | e7c6e36753 |
+-----------------------------------------------------------+------------+------------+------------+------------+
| boot_successes | 35 | 2 | 6 | 0 |
| boot_failures | 0 | 13 | 13 | 11 |
| Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0 | 13 | 13 | 11 |
+-----------------------------------------------------------+------------+------------+------------+------------+
procd: Console is alive
procd: - preinit -
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[ 23.975862] init[1] bad frame in sigreturn frame:7fad9e6c ip:77f3bbc6 sp:7fada3fc orax:ffffffff in libuClibc-0.9.33.2.so[77f31000+4f000]
[ 23.977287] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 23.977287]
[ 23.978120] CPU: 0 PID: 1 Comm: init Not tainted 4.14.0-rc1-00218-g9f4835f #1
[ 23.978770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 23.979681] Call Trace:
[ 23.980087] dump_stack+0x40/0x5e
[ 23.980558] panic+0x1c5/0x58c
[ 23.980963] forget_original_parent+0x1ee/0x843
[ 23.981363] do_exit+0x1087/0x17c6
[ 23.981668] do_group_exit+0x1d1/0x1d1
[ 23.982017] get_signal+0x1294/0x12ca
[ 23.982345] do_signal+0x2c/0x55b
[ 23.982643] ? force_sig_info+0x1bd/0x1d5
[ 23.983079] ? force_sig+0x22/0x32
[ 23.983563] ? signal_fault+0x14b/0x161
[ 23.984168] ? exit_to_usermode_loop+0x2f/0x2ae
[ 23.984748] ? trace_hardirqs_on_caller+0x2d/0x384
[ 23.985170] exit_to_usermode_loop+0xf7/0x2ae
[ 23.985554] do_int80_syscall_32+0x4e8/0x4fe
[ 23.985937] entry_INT80_32+0x2f/0x2f
[ 23.986264] EIP: 0x77f3bbc6
[ 23.986515] EFLAGS: 00000246 CPU: 0
[ 23.986851] EAX: 00000000 EBX: 00000003 ECX: 77fb9554 EDX: 0000000a
[ 23.987385] ESI: ffffffff EDI: 7fada55c EBP: 7fada468 ESP: 7fada3fc
[ 23.987925] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b
[ 23.988462] Kernel Offset: disabled
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start f8fce8fa419bb00ed5a5d6e91abe6dbed75f5842 2bd6bf03f4c1c59381d62c61d03f6cc3fe71f66e --
git bisect good 330ac28434f18e4dfc62985e9d2ed5119c224781 # 23:44 G 11 0 0 0 Merge 'rdma/k.o/net-next-base' into devel-spot-201709232001
git bisect good 2cf018879b36a0d3681086cfc1c08c6cc9bef52a # 00:58 G 11 0 0 0 Merge 'linux-review/Thiebaud-Weksteen/Call-GetEventLog-before-ExitBootServices/20170923-004848' into devel-spot-201709232001
git bisect good 422c87daea34f0298708f6afdf4591e5a0f9b9ea # 01:13 G 10 0 0 0 Merge 'linux-review/Colin-King/video-fbdev-radeon-make-const-array-post_divs-static-reduces-object-code-size/20170922-203140' into devel-spot-201709232001
git bisect good 3303d4863ae6dd72e2481abfd247e127933a5631 # 01:31 G 11 0 0 0 Merge 'ceph-client/testing' into devel-spot-201709232001
git bisect bad 5310cfb68118cd2970a7e8b6d4693c23c2535564 # 01:50 B 0 3 15 0 Merge 'anholt/bcm2835-soc-next-v2' into devel-spot-201709232001
git bisect bad c346b48b4f79509e371f96aafb72f40f60810571 # 02:13 B 0 3 15 0 Merge 'tip/WIP.x86/fpu' into devel-spot-201709232001
git bisect good 1a4a586e67792afc4b3a070ce64e0aa7b1cd5bc0 # 02:40 G 11 0 0 0 x86/fpu: Remove 'kbuf' parameter from the copy_user_to_xstate() API
git bisect good 9e7deb522d8fa604f687b61dcd4c13358df9c753 # 03:34 G 11 0 0 0 x86/fpu: Decouple fpregs_activate()/fpregs_deactivate() from fpu->fpregs_active
git bisect good e9758265c677494bb8c532520cb950b14cf8709a # 03:55 G 11 0 0 0 x86/fpu: Fix boolreturn.cocci warnings
git bisect good 29ed270cd32335003f65dae9a6981c7819f3467c # 04:11 G 11 0 0 0 x86/fpu: Don't let userspace set bogus xcomp_bv
git bisect bad 9f4835fb965d8eea7e608d0cb62c246c804dec90 # 04:27 B 0 11 23 0 x86/fpu: Tighten validation of user-supplied xstate_header
# first bad commit: [9f4835fb965d8eea7e608d0cb62c246c804dec90] x86/fpu: Tighten validation of user-supplied xstate_header
git bisect good 29ed270cd32335003f65dae9a6981c7819f3467c # 04:34 G 31 0 0 0 x86/fpu: Don't let userspace set bogus xcomp_bv
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 9f4835fb965d8eea7e608d0cb62c246c804dec90 # 04:51 B 0 11 23 0 x86/fpu: Tighten validation of user-supplied xstate_header
# extra tests on HEAD of linux-devel/devel-spot-201709232001
git bisect bad f8fce8fa419bb00ed5a5d6e91abe6dbed75f5842 # 04:51 B 0 31 51 4 0day head guard for 'devel-spot-201709232001'
# extra tests on tree/branch tip/WIP.x86/fpu
git bisect bad 8d3e268d89523abba613763da67c7eb47a744ad7 # 05:41 B 0 10 22 0 x86/fpu: Rename fpu__activate_fpstate_read/write() to fpu__read/write()
# extra tests with first bad commit reverted
git bisect good ab2a8bbacf8d609fb05ea05464eb6a00747a9459 # 06:05 G 11 0 0 0 Revert "x86/fpu: Tighten validation of user-supplied xstate_header"
# extra tests on tree/branch tip/master
git bisect bad e7c6e36753316c8dee2a7fe939db0c3046c5f357 # 06:36 B 0 11 23 0 Merge branch 'x86/urgent'
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-openwrt-lkp-nhm-dp2-10:20170924042638:i386-randconfig-b0-09232213:4.14.0-rc1-00218-g9f4835f:1.gz" of type "application/gzip" (24886 bytes)
View attachment "reproduce-openwrt-lkp-nhm-dp2-10:20170924042638:i386-randconfig-b0-09232213:4.14.0-rc1-00218-g9f4835f:1" of type "text/plain" (877 bytes)
View attachment "config-4.14.0-rc1-00218-g9f4835f" of type "text/plain" (102338 bytes)
Powered by blists - more mailing lists