lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 22 May 2014 11:09:31 +0800
From:	Jet Chen <jet.chen@...el.com>
To:	Kees Cook <keescook@...omium.org>
CC:	Fengguang Wu <fengguang.wu@...el.com>,
	LKML <linux-kernel@...r.kernel.org>,
	linux-security-module@...r.kernel.org
Subject: [LSM] Kernel panic - not syncing: Could not register MntRestrict
 security module

Hi Kees,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm-mnt-restrict
commit 80422c7155946739f424e0e5278ae2d0698dd593
Author:     Kees Cook <keescook@...omium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Mon May 19 11:57:50 2014 -0700

      LSM: MntRestrict blocks mounts on symlink targets
          On systems where certain filesystem contents cannot be entirely trusted,
      it is beneficial to block mounts on symlinks. This makes sure that
      malicious filesystem contents cannot trigger the over-mounting of trusted
      filesystems. (For example, a bind-mounted subdirectory of /var cannot be
      redirected to mount on /etc via a symlink: a daemon cannot elevate privs
      to uid-0.)
          Signed-off-by: Kees Cook <keescook@...omium.org>

+-------------------------------------------------------------------------+------------+------------+
|                                                                         | 14186fea0c | 80422c7155 |
+-------------------------------------------------------------------------+------------+------------+
| boot_successes                                                          | 60         | 0          |
| boot_failures                                                           | 0          | 20         |
| Kernel_panic-not_syncing:Could_not_register_MntRestrict_security_module | 0          | 20         |
| backtrace:panic                                                         | 0          | 20         |
| backtrace:mntrestrict_init                                              | 0          | 20         |
| backtrace:security_init                                                 | 0          | 20         |
+-------------------------------------------------------------------------+------------+------------+


[    0.020000] ACPI: All ACPI Tables successfully acquired
[    0.020000] Security Framework initialized
[    0.020000] AppArmor: AppArmor initialized
[    0.020000] Kernel panic - not syncing: Could not register MntRestrict security module
[    0.020000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.15.0-rc5-00075-g80422c7 #1
[    0.020000] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[    0.020000]  0000000000000002 ffffffff82a01ea0 ffffffff81de4adb ffffffff826fcc80
[    0.020000]  ffffffff82a01f18 ffffffff81dd364c ffffffff00000008 ffffffff82a01f28
[    0.020000]  ffffffff82a01ec8 ffffffff82af6980 0000000000000000 0000000000000001
[    0.020000] Call Trace:
[    0.020000]  [<ffffffff81de4adb>] dump_stack+0x7b/0xa8
[    0.020000]  [<ffffffff81dd364c>] panic+0x114/0x29f
[    0.020000]  [<ffffffff833f750c>] mntrestrict_init+0x3c/0x4f
[    0.020000]  [<ffffffff833f1176>] security_init+0x3c/0x47
[    0.020000]  [<ffffffff833ad261>] start_kernel+0x4c8/0x513
[    0.020000]  [<ffffffff833aca6c>] ? repair_env_string+0x99/0x99
[    0.020000]  [<ffffffff833ac120>] ? early_idt_handlers+0x120/0x120
[    0.020000]  [<ffffffff833ac63b>] x86_64_start_reservations+0x41/0x43
[    0.020000]  [<ffffffff833ac785>] x86_64_start_kernel+0x148/0x157

Elapsed time: 5
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=10 softlockup_panic=1 nmi_watchdog=panic  prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal  root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-s1-05211604/linux-devel:devel-hourly-2014052115:80422c7155946739f424e0e5278ae2d0698dd593:bisect-linux9/.vmlinuz-80422c7155946739f424e0e5278ae2d0698dd593-20140521204717-8-f2 branch=linux-devel/devel-hourly-2014052115 BOOT_IMAGE=/kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 drbd.minor_count=8'  -initrd /kernel-tests/initrd/quantal-core-x86_64.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc 
base=localtime -pidfile /dev/shm/kboot/pid-quantal-f2-51 -serial file:/dev/shm/kboot/serial-quantal-f2-51 -daemonize -display none -monitor null
git bisect start 842390939e8dc18fe8a87e257e7e8088548bd8d7 d6d211db37e75de2ddc3a4f979038c40df7cc79c --
git bisect  bad 6e8a2e89a46e99e7750d8511b94c6e964fa62041  # 18:39      0-     20  Merge 'arm-soc/keystone/dt' into devel-hourly-2014052115
git bisect  bad 732aed36300f1426c6da40602fbaf23dd79d8391  # 18:58      0-     20  Merge 'tip/irq/core' into devel-hourly-2014052115
git bisect good fd69bb2faebc552b4da42966ee51e1dea9ba77e6  # 19:34     20+      0  Merge 'block/for-3.16/drivers' into devel-hourly-2014052115
git bisect  bad 917a4d3aed6301097ff8a2b2bb74be34be5c9b23  # 19:53      0-     20  Merge 'net/master' into devel-hourly-2014052115
git bisect good 6c8b235f29b6b756379d7d5d86371a9f399afa52  # 20:16     20+      0  Merge 'hwmon/hwmon-next' into devel-hourly-2014052115
git bisect  bad 70c0859af3e380a0508883120adac883b456b056  # 20:36      0-     20  Merge 'kees/lsm-mnt-restrict' into devel-hourly-2014052115
git bisect  bad 80422c7155946739f424e0e5278ae2d0698dd593  # 20:48      0-     20  LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [80422c7155946739f424e0e5278ae2d0698dd593] LSM: MntRestrict blocks mounts on symlink targets
git bisect good 14186fea0cb06bc43181ce239efe0df6f1af260a  # 20:59     60+      0  Merge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux
git bisect  bad 842390939e8dc18fe8a87e257e7e8088548bd8d7  # 20:59      0-     13  0day head guard for 'devel-hourly-2014052115'
git bisect good fba69f042ad99f68c0268ef1c012f3199f898fac  # 21:10     60+      0  Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
git bisect good 18e072998c67e985aaa643ca1af3e6a0dc133b71  # 22:14     60+      0  Add linux-next specific files for 20140521


This script may reproduce the error.

-----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
	qemu-system-x86_64 -cpu kvm64 -enable-kvm 	-kernel $kernel
	-smp 2
	-m 256M
	-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
	-net user,vlan=0
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-serial stdio
	-display none
	-monitor null
)

append=(
	debug
	sched_debug
	apic=debug
	ignore_loglevel
	sysrq_always_enabled
	panic=10
	prompt_ramdisk=0
	earlyprintk=ttyS0,115200
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
)

"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------

Thanks,
Jet


View attachment "dmesg-quantal-f2-51:20140521204638:x86_64-randconfig-s1-05211604:3.15.0-rc5-00075-g80422c7:1" of type "text/plain" (13175 bytes)

Download attachment "x86_64-randconfig-s1-05211604-842390939e8dc18fe8a87e257e7e8088548bd8d7-Kernel-panic---not-syncing:-Could-not-register-MntRestrict-security-module-35941.log" of type "application/octet-stream" (49117 bytes)

View attachment "config-3.15.0-rc5-00075-g80422c7" of type "text/plain" (96650 bytes)

View attachment "Attached Message Part" of type "text/plain" (87 bytes)

Powered by blists - more mailing lists