| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <537D6A6B.4090700@intel.com>
Date: Thu, 22 May 2014 11:09:31 +0800
From: Jet Chen <jet.chen@...el.com>
To: Kees Cook <keescook@...omium.org>
CC: Fengguang Wu <fengguang.wu@...el.com>,
LKML <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org
Subject: [LSM] Kernel panic - not syncing: Could not register MntRestrict
security module
Hi Kees,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm-mnt-restrict
commit 80422c7155946739f424e0e5278ae2d0698dd593
Author: Kees Cook <keescook@...omium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit: Kees Cook <keescook@...omium.org>
CommitDate: Mon May 19 11:57:50 2014 -0700
LSM: MntRestrict blocks mounts on symlink targets
On systems where certain filesystem contents cannot be entirely trusted,
it is beneficial to block mounts on symlinks. This makes sure that
malicious filesystem contents cannot trigger the over-mounting of trusted
filesystems. (For example, a bind-mounted subdirectory of /var cannot be
redirected to mount on /etc via a symlink: a daemon cannot elevate privs
to uid-0.)
Signed-off-by: Kees Cook <keescook@...omium.org>
+-------------------------------------------------------------------------+------------+------------+
| | 14186fea0c | 80422c7155 |
+-------------------------------------------------------------------------+------------+------------+
| boot_successes | 60 | 0 |
| boot_failures | 0 | 20 |
| Kernel_panic-not_syncing:Could_not_register_MntRestrict_security_module | 0 | 20 |
| backtrace:panic | 0 | 20 |
| backtrace:mntrestrict_init | 0 | 20 |
| backtrace:security_init | 0 | 20 |
+-------------------------------------------------------------------------+------------+------------+
[ 0.020000] ACPI: All ACPI Tables successfully acquired
[ 0.020000] Security Framework initialized
[ 0.020000] AppArmor: AppArmor initialized
[ 0.020000] Kernel panic - not syncing: Could not register MntRestrict security module
[ 0.020000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.15.0-rc5-00075-g80422c7 #1
[ 0.020000] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 0.020000] 0000000000000002 ffffffff82a01ea0 ffffffff81de4adb ffffffff826fcc80
[ 0.020000] ffffffff82a01f18 ffffffff81dd364c ffffffff00000008 ffffffff82a01f28
[ 0.020000] ffffffff82a01ec8 ffffffff82af6980 0000000000000000 0000000000000001
[ 0.020000] Call Trace:
[ 0.020000] [<ffffffff81de4adb>] dump_stack+0x7b/0xa8
[ 0.020000] [<ffffffff81dd364c>] panic+0x114/0x29f
[ 0.020000] [<ffffffff833f750c>] mntrestrict_init+0x3c/0x4f
[ 0.020000] [<ffffffff833f1176>] security_init+0x3c/0x47
[ 0.020000] [<ffffffff833ad261>] start_kernel+0x4c8/0x513
[ 0.020000] [<ffffffff833aca6c>] ? repair_env_string+0x99/0x99
[ 0.020000] [<ffffffff833ac120>] ? early_idt_handlers+0x120/0x120
[ 0.020000] [<ffffffff833ac63b>] x86_64_start_reservations+0x41/0x43
[ 0.020000] [<ffffffff833ac785>] x86_64_start_kernel+0x148/0x157
Elapsed time: 5
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=10 softlockup_panic=1 nmi_watchdog=panic prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-s1-05211604/linux-devel:devel-hourly-2014052115:80422c7155946739f424e0e5278ae2d0698dd593:bisect-linux9/.vmlinuz-80422c7155946739f424e0e5278ae2d0698dd593-20140521204717-8-f2 branch=linux-devel/devel-hourly-2014052115 BOOT_IMAGE=/kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-x86_64.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc
base=localtime -pidfile /dev/shm/kboot/pid-quantal-f2-51 -serial file:/dev/shm/kboot/serial-quantal-f2-51 -daemonize -display none -monitor null
git bisect start 842390939e8dc18fe8a87e257e7e8088548bd8d7 d6d211db37e75de2ddc3a4f979038c40df7cc79c --
git bisect bad 6e8a2e89a46e99e7750d8511b94c6e964fa62041 # 18:39 0- 20 Merge 'arm-soc/keystone/dt' into devel-hourly-2014052115
git bisect bad 732aed36300f1426c6da40602fbaf23dd79d8391 # 18:58 0- 20 Merge 'tip/irq/core' into devel-hourly-2014052115
git bisect good fd69bb2faebc552b4da42966ee51e1dea9ba77e6 # 19:34 20+ 0 Merge 'block/for-3.16/drivers' into devel-hourly-2014052115
git bisect bad 917a4d3aed6301097ff8a2b2bb74be34be5c9b23 # 19:53 0- 20 Merge 'net/master' into devel-hourly-2014052115
git bisect good 6c8b235f29b6b756379d7d5d86371a9f399afa52 # 20:16 20+ 0 Merge 'hwmon/hwmon-next' into devel-hourly-2014052115
git bisect bad 70c0859af3e380a0508883120adac883b456b056 # 20:36 0- 20 Merge 'kees/lsm-mnt-restrict' into devel-hourly-2014052115
git bisect bad 80422c7155946739f424e0e5278ae2d0698dd593 # 20:48 0- 20 LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [80422c7155946739f424e0e5278ae2d0698dd593] LSM: MntRestrict blocks mounts on symlink targets
git bisect good 14186fea0cb06bc43181ce239efe0df6f1af260a # 20:59 60+ 0 Merge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux
git bisect bad 842390939e8dc18fe8a87e257e7e8088548bd8d7 # 20:59 0- 13 0day head guard for 'devel-hourly-2014052115'
git bisect good fba69f042ad99f68c0268ef1c012f3199f898fac # 21:10 60+ 0 Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
git bisect good 18e072998c67e985aaa643ca1af3e6a0dc133b71 # 22:14 60+ 0 Add linux-next specific files for 20140521
This script may reproduce the error.
-----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
kvm=(
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel $kernel
-smp 2
-m 256M
-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
-net user,vlan=0
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-serial stdio
-display none
-monitor null
)
append=(
debug
sched_debug
apic=debug
ignore_loglevel
sysrq_always_enabled
panic=10
prompt_ramdisk=0
earlyprintk=ttyS0,115200
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
)
"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------
Thanks,
Jet
View attachment "dmesg-quantal-f2-51:20140521204638:x86_64-randconfig-s1-05211604:3.15.0-rc5-00075-g80422c7:1" of type "text/plain" (13175 bytes)
Download attachment "x86_64-randconfig-s1-05211604-842390939e8dc18fe8a87e257e7e8088548bd8d7-Kernel-panic---not-syncing:-Could-not-register-MntRestrict-security-module-35941.log" of type "application/octet-stream" (49117 bytes)
View attachment "config-3.15.0-rc5-00075-g80422c7" of type "text/plain" (96650 bytes)
View attachment "Attached Message Part" of type "text/plain" (87 bytes)
Powered by blists - more mailing lists