lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 28 Jul 2014 10:49:13 -0400
From:	Sasha Levin <sasha.levin@...cle.com>
To:	David Howells <dhowells@...hat.com>,
	Andrey Ryabinin <a.ryabinin@...sung.com>
CC:	James Morris <james.l.morris@...cle.com>, serge@...lyn.com,
	keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: security: oops on boot in __key_link_begin

On 07/28/2014 07:32 AM, David Howells wrote:
> Sasha Levin <sasha.levin@...cle.com> wrote:
> 
>>   23:	49 89 9f f0 00 00 00 	mov    %rbx,0xf0(%r15)
>>   2a:	55                   	push   %rbp
>>   2b:*	c1 b8 42 ff 49 8b 5f 	sarl   $0x5f,-0x74b600be(%rax)		<-- trapping instruction
>>   32:	10 49 8d             	adc    %cl,-0x73(%rcx)
> 
> I can't make any sense of this.  It doesn't look anything like what I
> get when I disassemble assoc_array_insert().  There are no SARL or ADC
> instructions.
> 
> Can you load your vmlinux into gdb and disassemble the function that holds the
> faulting instruction:
> 
> 	gdb vmlinux
> 	(gdb) disassemble <RIP-value>
> 
> Unfortunately, I'm not sure what the RIP value actually is because it's been
> replaced in the dump by source file + line number.  It's not this:
> 
> 	[   31.330473] CR2: ffffffff8b49ff42
> 
> though.  That's RAX (ie. 0) plus the offset in the following instruction:
> 
> 	sarl   $0x5f,-0x74b600be(%rax)		<-- trapping instruction

Hrm, the code on disk and in memory doesn't look anything like the one in the BUG...

I've tried keys-next and linux-next for today and it didn't reproduce, but it did
show up again when I applied the KASAN patchset (Cc Andrey).

Sorry for pointing a finger to the wrong place, it reproduced so reliably with the
same call trace that I didn't even suspect anything else.


Thanks,
Sasha

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists