lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20130623230449.GB12259@localhost>
Date:	Mon, 24 Jun 2013 07:04:49 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	fengguang.wu@...el.com, Kees Cook <keescook@...omium.org>
Cc:	linux-kernel@...r.kernel.org
Subject: [x86/kaslr] BUG: unable to handle kernel paging request at
 ffff88000e8d6000

Greetings,

I got the below dmesg and the first bad commit is

commit 57fa4af0635d30b2061377aab87094762fbc3373
Author: Kees Cook <keescook@...omium.org>
Date:   Tue Apr 23 17:18:38 2013 -0700

    x86: kaslr: select random base offset
    
    Select a random location when CONFIG_RANDOMIZE_BASE is used, bounded
    by CONFIG_RANDOMIZE_BASE_MAX_OFFSET. Sources of randomness currently
    include RDRAND, RDTSC, or the i8254.
    
    Signed-off-by: Kees Cook <keescook@...omium.org>
    ---
    v3:
     - fall back to reading the i8254 when no TSC, suggested by HPA.
    v2:
     - use rdtscl from msr.h, thanks to Mathias Krause.

[    1.402214] Initramfs unpacking failed: junk in compressed archive
[    1.405745] Freeing initrd memory: 23656k freed
[    1.407846] BUG: unable to handle kernel paging request at ffff88000e8d6000
[    1.410031] IP: [<ffffffff8e031bf7>] free_init_pages+0xf1/0x14d
[    1.410031] PGD f550067 PUD f551067 PMD c1c6063 PTE 800000000e8d6161
[    1.410031] Oops: 0003 [#1] 
[    1.410031] Modules linked in:
[    1.410031] CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc7-00012-g728c681 #3
[    1.410031] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[    1.410031] task: ffff88000d0b8000 ti: ffff88000d0b2000 task.ti: ffff88000d0b2000
[    1.410031] RIP: 0010:[<ffffffff8e031bf7>]  [<ffffffff8e031bf7>] free_init_pages+0xf1/0x14d
[    1.410031] RSP: 0000:ffff88000d0b3e78  EFLAGS: 00010202
[    1.410031] RAX: 00000000cccccccc RBX: ffff88000e8d6000 RCX: 0000000000000400
[    1.410031] RDX: ffff88000d0b3fd8 RSI: 0000000000000006 RDI: ffff88000e8d6000
[    1.410031] RBP: ffff88000d0b3ea8 R08: 0000000000000000 R09: ffffffff8e8bd7b0
[    1.410031] R10: ffffffff8e8bd7b0 R11: ffffffff8e8bd7b0 R12: ffff88000fff0000
[    1.410031] R13: ffffea0000000000 R14: ffffffff8eba3398 R15: 000000000000171a
[    1.410031] FS:  0000000000000000(0000) GS:ffffffff8ee28000(0000) knlGS:0000000000000000
[    1.410031] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[    1.410031] CR2: ffff88000e8d6000 CR3: 000000000ee10000 CR4: 00000000000006f0
[    1.410031] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.410031] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    1.410031] Stack:
[    1.410031]  0000000000000000 ffffffff8f0e4dde ffffffff8f1b57c0 0000000000000000
[    1.410031]  0000000000000000 0000000000000000 ffff88000d0b3eb8 ffffffff8f0fa870
[    1.410031]  ffff88000d0b3ec8 ffffffff8f0e4eab ffff88000d0b3ef8 ffffffff8e0002c3
[    1.410031] Call Trace:
[    1.410031]  [<ffffffff8f0e4dde>] ? unpack_to_rootfs+0x33b/0x33b
[    1.410031]  [<ffffffff8f0fa870>] free_initrd_mem+0x28/0x31
[    1.410031]  [<ffffffff8f0e4eab>] populate_rootfs+0xcd/0x101
[    1.410031]  [<ffffffff8e0002c3>] do_one_initcall+0xe8/0x1c5
[    1.410031]  [<ffffffff8f0e341a>] kernel_init_freeable+0x1a5/0x2ac
[    1.410031]  [<ffffffff8f0e2862>] ? loglevel+0x46/0x46
[    1.410031]  [<ffffffff8e6c2380>] ? rest_init+0xd4/0xd4
[    1.410031]  [<ffffffff8e6c2395>] kernel_init+0x15/0x176
[    1.410031]  [<ffffffff8e6d8bfa>] ret_from_fork+0x7a/0xb0
[    1.410031]  [<ffffffff8e6c2380>] ? rest_init+0xd4/0xd4
[    1.410031] Code: c0 e8 e0 c6 69 00 48 ff 05 2f aa 1e 01 49 bd 00 00 00 00 00 ea ff ff 48 ff 05 3e aa 1e 01 b9 00 04 00 00 b8 cc cc cc cc 48 89 df <f3> ab 48 89 df e8 c6 66 00 00 48 ff 05 08 aa 1e 01 48 c1 e8 0c 
[    1.410031] RIP  [<ffffffff8e031bf7>] free_init_pages+0xf1/0x14d
[    1.410031]  RSP <ffff88000d0b3e78>
[    1.410031] CR2: ffff88000e8d6000
[    1.410031] ---[ end trace 960e7beaae8e44f3 ]---

git bisect start 728c681783a8e0b8a0dc5df440503c51bbaa9789 9e895ace5d82df8929b16f58e9f515f6d54ab82d --
git bisect  bad 76bf0e2ad9dacf346f861d13764ef4e3ed10e310  # 13:56     27-  x86: kaslr: report kernel offset on panic
git bisect good a6c21a0b3185bcc54996819157735398140a674f  # 14:23    160+  x86: kaslr: return location from decompress_kernel
git bisect  bad c1babe7ec300af293cf2716f037a935e6bb81a94  # 14:29     48-  x86: kaslr: select memory region from e820 maps
git bisect  bad 57fa4af0635d30b2061377aab87094762fbc3373  # 14:33     11-  x86: kaslr: select random base offset
git bisect good a6c21a0b3185bcc54996819157735398140a674f  # 14:49    480+  x86: kaslr: return location from decompress_kernel
git bisect  bad 728c681783a8e0b8a0dc5df440503c51bbaa9789  # 14:49      0-  Merge remote-tracking branch 'kees/strncpy-strlen' into devel-hive-x86_64-201306231236
git bisect good 9e895ace5d82df8929b16f58e9f515f6d54ab82d  # 15:23    480+  Linux 3.10-rc7
git bisect good e1a86578747376f08985627c84df088a5d0d1e92  # 16:13    480+  Add linux-next specific files for 20130621

Thanks,
Fengguang

View attachment "dmesg-kvm-roam-19428-20130623125605-3.10.0-rc7-00012-g728c681-3" of type "text/plain" (30807 bytes)

Download attachment "bisect-728c681783a8e0b8a0dc5df440503c51bbaa9789-x86_64-randconfig-h004-0623-BUG:-unable-to-handle-kernel-55670.log" of type "application/octet-stream" (7225 bytes)

View attachment ".config-bisect" of type "text/plain" (78631 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ