| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141103070018.GA1189@wfg-t540p.sh.intel.com>
Date: Mon, 3 Nov 2014 15:00:18 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: Kees Cook <keescook@...omium.org>, LKP <lkp@...org>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov
Subject: [LSM] Kernel panic - not syncing: No working init found.
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/stacking
commit 70bba377802ad16dda270ec02098289c16abdc3c
Author: Casey Schaufler <casey@...aufler-ca.com>
AuthorDate: Thu Oct 16 17:48:26 2014 -0700
Commit: Kees Cook <keescook@...omium.org>
CommitDate: Fri Oct 31 09:26:42 2014 -0700
LSM: Refactor existing LSM stacking
The existing code stacks up to three security modules.
If there is only one module it is the capability module.
If a module is specified the capability code is explicitly
called within the specified module. If Yama stacking is
configured the yama hooks are called and then the specified
module. The capability check is made twice in the yama
stacking case.
This patch adds a list for each of the LSM hooks. The capability
hooks that are non-trivial are put on the list first. If Yama
stacking is configured the yama hooks are added to the list.
If a module is configured it gets added next. Each entry in the
list is called in order:
(capability[ yama][ {selinux|smack|tomoyo|apparmor}])
Exit is on first failure (bail on fail) which matches the
existing behavior. The explict calls to the capability module
are removed where they would duplicate the stacked call.
The comment on the vm_enough_memory hook reflects the revised behavior.
The return value of selinux_bprm_secureexec is corrected.
The selinux_inode_getsecurity hook check capabilities as it should.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
This reflects comments made by Stephen Smalley on patch v17 2/4 in the set.
Fixes Yama rc=0 bug.
+------------------------------------------------+------------+------------+------------+
| | a89172c815 | 70bba37780 | 43742f5901 |
+------------------------------------------------+------------+------------+------------+
| boot_successes | 60 | 0 | 0 |
| boot_failures | 0 | 20 | 60 |
| Kernel_panic-not_syncing:No_working_init_found | 0 | 20 | 60 |
| backtrace:panic | 0 | 20 | 60 |
+------------------------------------------------+------------+------------+------------+
[ 3.405174] Starting init: /sbin/init exists but couldn't execute it (error -12)
[ 3.406262] Starting init: /etc/init exists but couldn't execute it (error -13)
[ 3.407381] Starting init: /bin/sh exists but couldn't execute it (error -12)
[ 3.408446] Kernel panic - not syncing: No working init found. Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.
[ 3.412429] CPU: 0 PID: 1 Comm: swapper Not tainted 3.18.0-rc2-00135-g70bba37 #22
[ 3.412429] 0000000000000000 ffff88000005feb8 ffffffff8150f6b7 ffff88000005ff38
[ 3.412429] ffffffff8150e5dc ffffffffffffffdc ffffffff00000008 ffff88000005ff48
[ 3.412429] ffff88000005fee8 0000000000000000 0000000000000001 0000000000000041
[ 3.412429] Call Trace:
[ 3.412429] [<ffffffff8150f6b7>] dump_stack+0x19/0x1b
[ 3.412429] [<ffffffff8150e5dc>] panic+0xbc/0x1de
[ 3.412429] [<ffffffff8150ce5f>] ? rest_init+0xbf/0xbf
[ 3.412429] [<ffffffff8150cf36>] kernel_init+0xd7/0xe1
[ 3.412429] [<ffffffff8151767a>] ret_from_fork+0x7a/0xb0
[ 3.412429] [<ffffffff8150ce5f>] ? rest_init+0xbf/0xbf
[ 3.412429] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
Elapsed time: 10
git bisect start 43742f590173cda0d6cdc943ccc03b82a74faa6b v3.13 --
git bisect good 64b2d1fbbfda07765dae3f601862796a61b2c451 # 21:33 20+ 0 Merge tag 'for-f2fs-3.16' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
git bisect good 90c80969145d006eb6294a3aa501d0e156f5e244 # 21:43 20+ 0 Merge branch 'rng-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio
git bisect good f9220c239f24e4d85a6a4f7eb9a8d9f251bd27ab # 21:50 20+ 0 Merge branch 'numa-migration-fixes' (fixes from Mel Gorman)
git bisect good df133e8fa8e1d4afa57c84953bf80eaed2b145e0 # 21:54 20+ 0 Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good d590c6cdd96c8a254e7935ad12f65e4058c95a1b # 22:00 20+ 0 Merge tag 'sound-fix-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
git bisect good cdc63a059508b96cad1de793437ad2296d80ffe6 # 22:03 20+ 0 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
git bisect good 3ca28a8d14c9725686fb4e6bccf5790dd7aa3c94 # 22:18 20+ 0 Merge 'kees/lockdown' into devel-lkp-hsx01-x86_64-201411010059
git bisect bad bbec1732352d0441fc88c9d650e83dc27c43c7bc # 22:23 0- 20 Merge 'kees/nak/tcp-simult' into devel-lkp-hsx01-x86_64-201411010059
git bisect bad 18f478317d9a07c6e407558878072e19c4bcd752 # 22:26 0- 20 Merge 'kees/nak/dcache-oob-read' into devel-lkp-hsx01-x86_64-201411010059
git bisect good d7c51918a758705507b6a9755b71a214d77f2036 # 22:28 20+ 0 Merge 'kees/lsm/mnt-restrict' into devel-lkp-hsx01-x86_64-201411010059
git bisect bad be4fd19ad6ac95a5972b6ea1eea5417b1a650336 # 22:31 0- 3 Merge 'kees/lsm/stacking' into devel-lkp-hsx01-x86_64-201411010059
git bisect bad 70bba377802ad16dda270ec02098289c16abdc3c # 22:34 0- 20 LSM: Refactor existing LSM stacking
git bisect good a89172c8150ab73b7a6916e52445ec1e1e081b79 # 22:44 20+ 0 LSM: Macroize security hooks
# first bad commit: [70bba377802ad16dda270ec02098289c16abdc3c] LSM: Refactor existing LSM stacking
git bisect good a89172c8150ab73b7a6916e52445ec1e1e081b79 # 22:46 60+ 0 LSM: Macroize security hooks
git bisect bad 43742f590173cda0d6cdc943ccc03b82a74faa6b # 22:48 0- 60 0day head guard for 'devel-lkp-hsx01-x86_64-201411010059'
git bisect good 12d7aacab56e9ef185c3a5512e867bfd3a9504e4 # 22:53 60+ 0 Merge tag 'staging-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
git bisect good 4fbe40970dc154aaeeda0584aab8913fc073127b # 22:59 60+ 0 Add linux-next specific files for 20141031
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-initrd $initrd
-m 320
-smp 1
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-ivb42-22:20141102223424:x86_64-randconfig-ha1-1101:3.18.0-rc2-00135-g70bba37:22" of type "text/plain" (65838 bytes)
View attachment "config-3.18.0-rc2-00135-g70bba37" of type "text/plain" (67104 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists