lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20130609222414.GA11410@localhost>
Date:	Mon, 10 Jun 2013 06:24:14 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	fengguang.wu@...el.com, Ingo Molnar <mingo@...e.hu>,
	linux-kernel@...r.kernel.org
Subject: [i386/load_elf_binary] BUG: unable to handle kernel paging request
 at c16561d0

Greetings,

I got the below dmesg and the first bad commit is

commit bf400180b35912be07e8e22ddcb1e2b266b81067
Author: Ingo Molnar <mingo@...e.hu>
Date:   Wed Jul 14 00:50:02 2010 -0700

    i386: NX emulation
    
    This is old code with some cruft, all originally by Ingo Molnar with
    much later rebasing by Fedora folks and at least one arcane fix by
    Roland McGrath a few years ago. No longer uses exec-shield sysctl,
    merged with disable_nx. Kees Cook fixed boottime NX reporting for various
    corner cases.
    
    Signed-off-by: Kees Cook <kees.cook@...onical.com>


Parent commit not clean. Look out for wrong bisect!

/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28398-20130610034933-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28446-20130610032719-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28446-20130610034919-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28494-20130610034912-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610032701-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610033845-3.10.0-rc4-00157-g29eb778-31
/kernel/i386-randconfig-r05-0609/29eb77825cc7da8d45b642de2de3d423dc8a363f/dmesg-kvm-bay-28541-20130610034930-3.10.0-rc4-00157-g29eb778-31

[  442.715828] Write protecting the kernel text: 3872k
[  442.724722] Write protecting the kernel read-only data: 1948k
[  443.053460] BUG: unable to handle kernel paging request at c16561d0
[  443.053460] IP: [<c1105fb1>] load_elf_binary+0x2e1/0xdb0
[  443.053460] *pde = 01b9b067 *pte = 01656062 
[  443.053460] Oops: 0000 [#1] DEBUG_PAGEALLOC
[  443.053460] Modules linked in:
[  443.053460] CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc5-01256-g03a188b #1
[  443.053460] task: cb868000 ti: cb862000 task.ti: cb862000
[  443.053460] EIP: 0060:[<c1105fb1>] EFLAGS: 00000246 CPU: 0
[  443.053460] EIP is at load_elf_binary+0x2e1/0xdb0
[  443.053460] EAX: 00000000 EBX: c47aae40 ECX: 00000000 EDX: c471f510
[  443.053460] ESI: c471f544 EDI: 00000000 EBP: cb863f14 ESP: cb863e98
[  443.053460]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[  443.053460] CR0: 8005003b CR2: c16561d0 CR3: 047ab000 CR4: 00000690
[  443.053460] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  443.053460] DR6: 00000000 DR7: 00000000
[  443.053460] Stack:
[  443.053460]  c471f510 00000080 c15cadb0 cb863ec4 00000002 c1003955 0000007b cb868000
[  443.053460]  00000000 00000001 00000000 00000000 000002e9 00000000 cb868000 c15ca6b8
[  443.053460]  00000001 cb863f08 00000246 c47199c0 00000246 cb9df780 c11058c0 c10d2a7a
[  443.053460] Call Trace:
[  443.053460]  [<c1003955>] ? do_IRQ+0x75/0x90
[  443.053460]  [<c11058c0>] ? bm_status_write+0xe0/0xe0
[  443.053460]  [<c10d2a7a>] ? search_binary_handler+0x32a/0x380
[  443.053460]  [<c1105cd0>] ? load_elf_library+0x1d0/0x1d0
[  443.053460]  [<c10d2a87>] search_binary_handler+0x337/0x380
[  443.053460]  [<c10d2778>] ? search_binary_handler+0x28/0x380
[  443.053460]  [<c10d3adf>] do_execve+0x4af/0x660
[  443.053460]  [<c10d3708>] ? do_execve+0xd8/0x660
[  443.053460]  [<c10000f7>] run_init_process+0x17/0x20
[  443.053460]  [<c13ba1b7>] kernel_init+0x37/0xf0
[  443.053460]  [<c13c6b1b>] ret_from_kernel_thread+0x1b/0x30
[  443.053460]  [<c13ba180>] ? rest_init+0x130/0x130
[  443.053460] Code: 00 00 eb 15 c7 45 d0 00 00 00 00 c7 45 d8 00 00 00 00 c7 45 e4 00 00 00 00 8b 45 f0 e8 59 cd fc ff 89 c7 85 c0 0f 85 a1 09 00 00 <83> 3d d0 61 65 c1 00 75 0f 83 7d e4 01 0f 85 1a 0a 00 00 e9 d7
[  443.053460] EIP: [<c1105fb1>] load_elf_binary+0x2e1/0xdb0 SS:ESP 0068:cb863e98
[  443.053460] CR2: 00000000c16561d0
[  443.053460] ---[ end trace 25e1f5808e99ed0b ]---

git bisect start 03a188b29c8d5f332292e972a1d7eb1cd26d8109 317ddd256b9c24b0d78fa8018f80f1e495481a10 --
git bisect good 78f304d06c47d600ec1a4b0995f1f4c5667a677e  #   123  2013-06-09 23:49:17  iio:trigger:interrupt fix formatting of rsize variable in name
git bisect good 3fb09d4ffa0622bfacaf82f24779e3250ce3abd2  #   123  2013-06-10 00:18:42  Merge remote-tracking branch 'iwlwifi-fixes/for-john' into devel-roam-i386-201306090958
git bisect good f0562289c37ff287a0267c95b81d8c86ace11551  #   123  2013-06-10 00:41:45  Merge remote-tracking branch 'iwlwifi-next/for-john' into devel-roam-i386-201306090958
git bisect  bad 2d8e8d692a41906e559ca310fcd1db617c26859e  #     0  2013-06-10 00:44:24  Merge remote-tracking branch 'linuxtv-media/fixes' into devel-roam-i386-201306090958
git bisect good 6d0745447f0535bad8a4e1e4cd0689e7979c8bff  #   123  2013-06-10 01:12:38  btrfs: set readdir f_pos only after filldir
git bisect good 3cf138a6393d4ae2aeabce4c4b776d7d15cce69b  #   123  2013-06-10 01:37:17  [media] exynos4-is: Prevent NULL pointer dereference when firmware isn't loaded
git bisect good 7952870342ce33d4d0b633c83d2a9f15d916281a  #   123  2013-06-10 02:00:31  Merge remote-tracking branch 'kbuild/for-next' into devel-roam-i386-201306090958
git bisect good 560dde24adfdc9dbcd141c75faecc5e0402fe531  #   123  2013-06-10 02:35:20  [media] v4l2-ioctl: don't print the clips list
git bisect good af44ad5edd1eb6ca92ed5be48e0004e1f04bf219  #   123  2013-06-10 02:54:51  [media] soc_camera: error dev remove and v4l2 call
git bisect  bad e6cb273732d7ff79b8bf2be02556d26b6d3b928d  #     0  2013-06-10 02:58:30  i386: mmap randomization for executable mappings
git bisect  bad bf400180b35912be07e8e22ddcb1e2b266b81067  #     0  2013-06-10 03:04:33  i386: NX emulation
git bisect good 29eb77825cc7da8d45b642de2de3d423dc8a363f  #   369  2013-06-10 03:55:00  arch, mm: Remove tlb_fast_mode()
git bisect  bad 03a188b29c8d5f332292e972a1d7eb1cd26d8109  #     0  2013-06-10 03:55:03  Merge remote-tracking branch 'linuxtv-media/master' into devel-roam-i386-201306090958
git bisect good e0d76190b217582321a602041318b3b88c195193  #   372  2013-06-10 04:50:38  Revert "i386: NX emulation"
git bisect good 317ddd256b9c24b0d78fa8018f80f1e495481a10  #   369  2013-06-10 05:23:19  Linux 3.10-rc5
git bisect good c04efed734409f5a44715b54a6ca1b54b0ccf215  #   369  2013-06-10 05:59:16  Add linux-next specific files for 20130607

Thanks,
Fengguang

View attachment "dmesg-kvm-ant-25539-20130609144605-3.10.0-rc5-01256-g03a188b-1" of type "text/plain" (36996 bytes)

View attachment "bisect-03a188b29c8d5f332292e972a1d7eb1cd26d8109-i386-randconfig-r05-0609-BUG:-unable-to-handle-kernel-paging-request-at-41404.log" of type "text/plain" (29034 bytes)

View attachment ".config-bisect" of type "text/plain" (63917 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ