| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Oct 2012 23:26:29 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: James Morris <jmorris@...ei.org>
Cc: linux-security-module@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>
Subject: (ima_inode_post_setattr related) BUG: unable to handle kernel paging
request
Hi James,
FYI, I got the attached oops in linux-next and it's bisected down to:
commit 88265322c14cce39f7afbc416726ef4fac413298
Merge: 65b99c7 bf53083
Author: Linus Torvalds <torvalds@...ux-foundation.org>
AuthorDate: Tue Oct 2 21:38:48 2012 -0700
Commit: Linus Torvalds <torvalds@...ux-foundation.org>
CommitDate: Tue Oct 2 21:38:48 2012 -0700
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- Integrity: add local fs integrity verification to detect offline
attacks
- Integrity: add digital signature verification
- Simple stacking of Yama with other LSMs (per LSS discussions)
- IBM vTPM support on ppc64
- Add new driver for Infineon I2C TIS TPM
- Smack: add rule revocation for subject labels"
Fixed conflicts with the user namespace support in kernel/auditsc.c and
security/integrity/ima/ima_policy.c.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)
[ 8.887933] Write protecting the kernel read-only data: 3212k
[ 8.924449] =============================================================================
[ 8.925786] BUG dentry (Not tainted): Invalid object pointer 0xcd48f9a8
[ 8.926749] -----------------------------------------------------------------------------
[ 8.926749]
[ 8.928011] Disabling lock debugging due to kernel taint
[ 8.928011] INFO: Slab 0xcdee81e0 objects=23 used=23 fp=0x (null) flags=0x40000081
[ 8.928011] Pid: 1, comm: init Tainted: G B 3.7.0-rc1-bisect-00005-gdd8e8c4 #2
[ 8.928011] Call Trace:
[ 8.928011] [<c10bc7fd>] slab_err+0x38/0x40
[ 8.928011] [<c10bd09d>] ? slab_pad_check.part.50+0x5e/0xd2
[ 8.928011] [<c1683420>] free_debug_processing+0x19b/0x1a0
[ 8.928011] [<c1683460>] __slab_free+0x3b/0x26a
[ 8.928011] [<c10dc46b>] ? __simple_xattr_set+0xe8/0xf8
[ 8.928011] [<c10be6c5>] kfree+0xaa/0xb3
[ 8.928011] [<c10be6c5>] ? kfree+0xaa/0xb3
[ 8.928011] [<c10dc46b>] ? __simple_xattr_set+0xe8/0xf8
[ 8.928011] [<c10aa6da>] ? unmap_mapping_range+0x11f/0x127
[ 8.928011] [<c16a4a0e>] ? mutex_lock+0x18/0x31
[ 8.928011] [<c10dc46b>] ? __simple_xattr_set+0xe8/0xf8
[ 8.928011] [<c10dc46b>] __simple_xattr_set+0xe8/0xf8
[ 8.928011] [<c10dc516>] simple_xattr_remove+0xe/0x10
[ 8.928011] [<c109f136>] shmem_removexattr+0x42/0x47
[ 8.928011] [<c11c3e75>] ima_inode_post_setattr+0x76/0x7b
[ 8.928011] [<c10d6a60>] notify_change+0x268/0x284
[ 8.928011] [<c10c2c52>] do_truncate+0x60/0x77
[ 8.928011] [<c11c3583>] ? ima_get_action+0x1f/0x24
[ 8.928011] [<c10cac23>] handle_truncate+0x73/0x84
[ 8.928011] [<c10cd614>] do_last.isra.27+0x445/0x502
[ 8.928011] [<c10cd764>] path_openat.isra.28+0x93/0x340
[ 8.928011] [<c1683974>] ? __slab_alloc.constprop.66+0x258/0x27d
[ 8.928011] [<c10cda32>] do_filp_open+0x21/0x5d
[ 8.928011] [<c10d7445>] ? __alloc_fd+0x36/0xdc
[ 8.928011] [<c10c3979>] do_sys_open+0xfa/0x173
[ 8.928011] [<c10c3a13>] sys_open+0x21/0x29
[ 8.928011] [<c16a6c4a>] sysenter_do_call+0x12/0x2c
[ 8.961197] FIX dentry: Object at 0xcd48f9a8 not freed
[ 8.962022] BUG: unable to handle kernel paging request at 6b6b6be3
[ 8.963103] IP: [<c16a4a2a>] mutex_unlock+0x3/0x16
[ 8.963939] *pde = 00000000
[ 8.964551] Oops: 0002 [#1] SMP
[ 8.965122] Pid: 1, comm: init Tainted: G B 3.7.0-rc1-bisect-00005-gdd8e8c4 #2 Bochs Bochs
[ 8.965122] EIP: 0060:[<c16a4a2a>] EFLAGS: 00010212 CPU: 0
[ 8.965122] EIP is at mutex_unlock+0x3/0x16
[ 8.965122] EAX: 6b6b6bd3 EBX: cd765790 ECX: cd89b998 EDX: 0000a068
[ 8.965122] ESI: 00000000 EDI: cf925c00 EBP: cd84fe04 ESP: cd84fe04
[ 8.965122] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 8.965122] CR0: 80050033 CR2: 6b6b6be3 CR3: 0f8a9000 CR4: 00000690
[ 8.965122] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 8.965122] DR6: ffff0ff0 DR7: 00000400
[ 8.965122] Process init (pid: 1, ti=cd84e000 task=cd850000 task.ti=cd84e000)
[ 8.965122] Stack:
[ 8.965122] cd84fe4c c10c2c5f 0000a068 cd84fecc cd84fe24 c11c3583 00000000 00000000
[ 8.965122] 507d1295 37049458 507d1295 37049458 507d1295 37049458 cf925c00 cd89b9a4
[ 8.965122] cd765790 cf925c00 cd84fe68 c10cac23 00008060 cf925c00 cd84ff00 00000000
[ 8.965122] Call Trace:
[ 8.965122] [<c10c2c5f>] do_truncate+0x6d/0x77
[ 8.965122] [<c11c3583>] ? ima_get_action+0x1f/0x24
[ 8.965122] [<c10cac23>] handle_truncate+0x73/0x84
[ 8.965122] [<c10cd614>] do_last.isra.27+0x445/0x502
[ 8.965122] [<c10cd764>] path_openat.isra.28+0x93/0x340
[ 8.965122] [<c1683974>] ? __slab_alloc.constprop.66+0x258/0x27d
[ 8.965122] [<c10cda32>] do_filp_open+0x21/0x5d
[ 8.965122] [<c10d7445>] ? __alloc_fd+0x36/0xdc
[ 8.965122] [<c10c3979>] do_sys_open+0xfa/0x173
[ 8.965122] [<c10c3a13>] sys_open+0x21/0x29
[ 8.965122] [<c16a6c4a>] sysenter_do_call+0x12/0x2c
[ 8.965122] Code: b8 c0 91 8c c1 ba 55 00 00 00 e8 d5 9f 9c ff 89 d8 f0 ff 08 79 05 e8 ce 00 00 00 64 a1 88 17 af c1 89 43 10 59 5b 5d c
3 55 89 e5 <c7> 40 10 00 00 00 00 f0 ff 00 7f 05 e8 02 00 00 00 5d c3 55 89
[ 8.965122] EIP: [<c16a4a2a>] mutex_unlock+0x3/0x16 SS:ESP 0068:cd84fe04
[ 8.965122] CR2: 000000006b6b6be3
[ 8.998377] ---[ end trace c748b36104e4e97e ]---
Thanks,
Fengguang
View attachment "dmesg-kvm_bisect-inn-20853-2012-10-16-23-11-09-3.7.0-rc1-bisect-next-20121016-24" of type "text/plain" (50603 bytes)
View attachment ".config-bisect" of type "text/plain" (75993 bytes)
View attachment "dmesg-kvm_bisect-inn-9509-2012-10-16-22-52-22-3.7.0-rc1-bisect-next-20121016-24" of type "text/plain" (52767 bytes)
Powered by blists - more mailing lists