lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <38590271.RTeeX2bDYV@hiromu-macbook>
Date:	Thu, 18 Oct 2012 16:19:46 +0900
From:	Hiromu Yakura <hiromu1996@...il.com>
To:	linux-security-module@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org,
	James Morris <james.l.morris@...cle.com>,
	John Johansen <john.johansen@...onical.com>
Subject: [PATCH] AppArmor: Modify Makefile to avoid Oops

In my environment, AppArmor cause Oops every time when cupsd launch.

This is the log of Oops:
[  114.876511] general protection fault: 0000 [#1] SMP 
[  114.876540] Modules linked in: usbhid bnep rfcomm parport_pc ppdev parport 
dm_crypt binfmt_misc arc4 b43 mac80211 uvcvideo videobuf2_core cfg80211 
videodev kvm_intel snd_hda_codec_hdmi kvm snd_hda_codec_cirrus snd_hda_intel 
snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event 
ssb media snd_seq snd_timer videobuf2_vmalloc snd_seq_device videobuf2_memops 
bcm5974 snd bcma soundcore snd_page_alloc mei joydev hid_generic apple_bl 
btusb bluetooth coretemp applesmc input_polldev hid_apple i915 firewire_ohci 
tg3 firewire_core crc_itu_t drm_kms_helper sdhci_pci drm sdhci hid i2c_algo_bit 
video [last unloaded: usbhid]
[  114.876751] CPU 2 
[  114.876759] Pid: 1099, comm: cupsd Not tainted 3.7.0-rc1+ #20 Apple Inc. 
MacBookPro8,1/Mac-94245B3640C91C81
[  114.876789] RIP: 0010:[<ffffffff81318f82>]  [<ffffffff81318f82>] strlen+0x2/0x20
[  114.876814] RSP: 0018:ffff8801652c3cd0  EFLAGS: 00010246
[  114.876830] RAX: 0000000000000000 RBX: ffff880169beba00 RCX: 000000000000001e
[  114.876851] RDX: 0000000000002a04 RSI: 64656c62616e652e RDI: 
64656c62616e652e
[  114.876871] RBP: ffff8801652c3ce8 R08: 000000000000000a R09: 0000000000000000
[  114.876891] R10: 000000000000039d R11: 000000000000039c R12: 
64656c62616e652e
[  114.876911] R13: ffffffff812cfc30 R14: ffff880165089950 R15: 00000000507fa2d4
[  114.876932] FS:  00007fe581691740(0000) GS:ffff88016fa80000(0000) 
knlGS:0000000000000000
[  114.876955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  114.876971] CR2: 00007fc429480000 CR3: 0000000163bf6000 CR4: 
00000000000407e0
[  114.876992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  114.877012] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  114.877033] Process cupsd (pid: 1099, threadinfo ffff8801652c2000, task 
ffff880165089950)
[  114.877056] Stack:
[  114.877062]  ffffffff810ba4e3 ffff880169beba00 ffff8801652c3e08 ffff8801652c3d08
[  114.877085]  ffffffff812cfc81 ffff880169beba00 ffff8801652c3e08 ffff8801652c3d68
[  114.878058]  ffffffff812c079d 0000000000000000 0000000000000000 ffff8801652c3da0
[  114.879032] Call Trace:
[  114.879989]  [<ffffffff810ba4e3>] ? audit_log_untrustedstring+0x23/0x40
[  114.880910]  [<ffffffff812cfc81>] audit_cb+0x51/0x60
[  114.881837]  [<ffffffff812c079d>] common_lsm_audit+0xad/0x720
[  114.882716]  [<ffffffff812cf882>] aa_audit_msg+0x22/0x30
[  114.883675]  [<ffffffff812cf8f5>] aa_audit+0x65/0x180
[  114.884528]  [<ffffffff812cfb44>] audit_caps+0x134/0x220
[  114.885354]  [<ffffffff812cfce5>] aa_capable+0x55/0x70
[  114.886177]  [<ffffffff812d60ee>] apparmor_capable+0x7e/0xa0
[  114.887018]  [<ffffffff8129cac8>] security_capable+0x18/0x20
[  114.887833]  [<ffffffff8104dc90>] ns_capable+0x30/0x60
[  114.888644]  [<ffffffff8104dcd7>] capable+0x17/0x20
[  114.889453]  [<ffffffff811b8e8a>] sys_epoll_ctl+0xfa/0x950
[  114.890278]  [<ffffffff811860b5>] ? poll_select_set_timeout+0x85/0xa0
[  114.891130]  [<ffffffff815d4c5d>] system_call_fastpath+0x1a/0x1f
[  114.892039] Code: 48 89 e5 f6 82 a0 63 64 81 20 74 15 0f 1f 44 00 00 48 83 
c0 01 0f b6 10 f6 82 a0 63 64 81 20 75 f0 5d c3 66 0f 1f 44 00 00 31 c0 <80> 
3f 00 55 48 89 e5 74 11 48 89 f8 66 90 48 83 c0 01 80 38 00 
[  114.893969] RIP  [<ffffffff81318f82>] strlen+0x2/0x20
[  114.894873]  RSP <ffff8801652c3cd0>
[  114.906772] ---[ end trace 7a1af0265870215b ]---

It seems that bad address was passed for the second argument of 
audit_log_untrustedstring() at audit_cb() in capability.c:
 52     audit_log_untrustedstring(ab, capability_names[sa->u.cap]);

The array "capability_names" is defined in capability_names.h but the content 
of this is generated by Makefile from include/linux/capability.h
However, capability.h was moved to include/uapi/linux/capability.h and because 
of this, the array is empty.
That's why, sa->u.cap become out of range this and segmentation fault caused.

Let's fix it.

Cc: James Morris <james.l.morris@...cle.com>
Cc: John Johansen <john.johansen@...onical.com>

Signed-off-by: Hiromu Yakura <hiromu1996@...il.com>
---
 security/apparmor/Makefile |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 7b3021c..5706b74 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -57,7 +57,7 @@ cmd_make-rlim = echo "static const char *const 
rlim_names[RLIM_NLIMITS] = {" \
 
 $(obj)/capability.o : $(obj)/capability_names.h
 $(obj)/resource.o : $(obj)/rlim_names.h
-$(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
+$(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
 			    $(src)/Makefile
 	$(call cmd,make-caps)
 $(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \
-- 
1.7.9.5


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ