lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1432642765.19400.2.camel@redhat.com>
Date:	Tue, 26 May 2015 14:19:25 +0200
From:	Alexander Larsson <alexl@...hat.com>
To:	containers@...ts.linux-foundation.org
Cc:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	linux-kernel@...r.kernel.org
Subject: Re: Kernel panic with user namespaces

On mån, 2015-05-18 at 16:39 +0200, Alexander Larsson wrote:

Didn't get any replies to the below kernel panic (testcase attached),
which seems rather important to fix. Reposting to a wider audience.

> If I build and run the attached break-kernel.c as a user i get this
> kernel panic on the fedora 4.0.3 kernel:
> 
> maj 18 16:33:36 nano kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
> maj 18 16:33:36 nano kernel: IP: [<ffffffff81250288>] pin_remove+0x58/0xc0
> maj 18 16:33:36 nano kernel: PGD 1cc973067 PUD 1d727b067 PMD 0 
> maj 18 16:33:36 nano kernel: Oops: 0002 [#1] SMP 
> maj 18 16:33:36 nano kernel: Modules linked in: rfcomm fuse ccm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep arc4 intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm iwlmvm snd_hda_codec_realtek mac80211 snd_hda_codec_hdmi snd_hda_codec_generic vfat fat iTCO_wdt iTCO_vendor_support snd_hda_intel snd_hda_controller snd_hda_codec crct10dif_pclmul snd_hwdep crc32_pclmul snd_seq iwlwifi crc32c_intel
> maj 18 16:33:36 nano kernel:  snd_seq_device uvcvideo ghash_clmulni_intel videobuf2_vmalloc snd_pcm videobuf2_core cfg80211 videobuf2_memops v4l2_common videodev thinkpad_acpi snd_timer serio_raw btusb media hid_multitouch bluetooth snd lpc_ich mfd_core i2c_i801 mei_me cdc_acm tpm_tis shpchp mei tpm soundcore wmi rfkill i2c_designware_platform i2c_designware_core nfsd auth_rpcgss nfs_acl lockd grace sunrpc cdc_mbim cdc_wdm cdc_ncm usbnet mii i915 i2c_algo_bit drm_kms_helper e1000e drm ptp pps_core video
> maj 18 16:33:36 nano kernel: CPU: 2 PID: 2662 Comm: break-kernel Not tainted 4.0.3-201.fc21.x86_64 #1
> maj 18 16:33:36 nano kernel: Hardware name: LENOVO 20A7005RUK/20A7005RUK, BIOS GRET42WW (1.19 ) 11/20/2014
> maj 18 16:33:36 nano kernel: task: ffff8800a1a893e0 ti: ffff8801cafb4000 task.ti: ffff8801cafb4000
> maj 18 16:33:36 nano kernel: RIP: 0010:[<ffffffff81250288>]  [<ffffffff81250288>] pin_remove+0x58/0xc0
> maj 18 16:33:36 nano kernel: RSP: 0018:ffff8801cafb7e08  EFLAGS: 00010246
> maj 18 16:33:36 nano kernel: RAX: 0000000000000000 RBX: ffff880212b09f20 RCX: 000000000000011a
> maj 18 16:33:36 nano kernel: RDX: 0000000000000000 RSI: 0000000000000005 RDI: ffffffff82004a70
> maj 18 16:33:36 nano kernel: RBP: ffff8801cafb7e18 R08: ffffffff81d25540 R09: ffff8800a6f73a28
> maj 18 16:33:36 nano kernel: R10: 0000000000000000 R11: 0000000000000206 R12: ffff8801cafb7e70
> maj 18 16:33:36 nano kernel: R13: ffff8800a1a893e0 R14: ffff8800a1a893e0 R15: 0000000000000000
> maj 18 16:33:36 nano kernel: FS:  00007fab3d3fa700(0000) GS:ffff88021e280000(0000) knlGS:0000000000000000
> maj 18 16:33:36 nano kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> maj 18 16:33:36 nano kernel: CR2: 0000000000000000 CR3: 00000001d70b6000 CR4: 00000000001407e0
> maj 18 16:33:36 nano kernel: Stack:
> maj 18 16:33:36 nano kernel:  ffff8800a1a893e0 ffff880212b09f20 ffff8801cafb7e38 ffffffff8123d7c2
> maj 18 16:33:36 nano kernel:  ffff8801cafb7e20 ffff880212b09f20 ffff8801cafb7ea8 ffffffff81250414
> maj 18 16:33:36 nano kernel:  ffff880212b08da0 ffff88003f41b000 ffff880100000000 ffff8800a1a893e0
> maj 18 16:33:36 nano kernel: Call Trace:
> maj 18 16:33:36 nano kernel:  [<ffffffff8123d7c2>] drop_mountpoint+0x22/0x40
> maj 18 16:33:36 nano kernel:  [<ffffffff81250414>] pin_kill+0x74/0x100
> maj 18 16:33:36 nano kernel:  [<ffffffff810dfbb0>] ? wait_woken+0x90/0x90
> maj 18 16:33:36 nano kernel:  [<ffffffff812504c9>] mnt_pin_kill+0x29/0x40
> maj 18 16:33:36 nano kernel:  [<ffffffff8123cbe0>] cleanup_mnt+0x90/0xa0
> maj 18 16:33:36 nano kernel:  [<ffffffff8123cc42>] __cleanup_mnt+0x12/0x20
> maj 18 16:33:36 nano kernel:  [<ffffffff810ba607>] task_work_run+0xb7/0xf0
> maj 18 16:33:36 nano kernel:  [<ffffffff81014cdd>] do_notify_resume+0x8d/0xa0
> maj 18 16:33:36 nano kernel:  [<ffffffff817835e3>] int_signal+0x12/0x17
> maj 18 16:33:36 nano kernel: Code: 48 89 50 08 48 b8 00 01 10 00 00 00 ad de 48 8b 53 28 48 89 43 30 48 b8 00 02 20 00 00 00 ad de 48 89 43 38 48 8b 43 20 48 85 c0 <48> 89 02 74 04 48 89 50 08 48 b8 00 01 10 00 00 00 ad de 48 89 
> maj 18 16:33:36 nano kernel: RIP  [<ffffffff81250288>] pin_remove+0x58/0xc0
> maj 18 16:33:36 nano kernel:  RSP <ffff8801cafb7e08>
> maj 18 16:33:36 nano kernel: CR2: 0000000000000000
> maj 18 16:33:36 nano kernel: ---[ end trace e025319273fa36f8 ]---
> 
> I get no such crash with the previous (3.19.7) kernel.
> 
> _______________________________________________
> Containers mailing list
> Containers@...ts.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl@...hat.com            alexander.larsson@...il.com 
He's a hate-fuelled arachnophobic jungle king possessed of the uncanny 
powers of an insect. She's a mentally unstable snooty vampire from the 
wrong side of the tracks. They fight crime! 

View attachment "break-kernel.c" of type "text/x-csrc" (12955 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ