lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150619140622.GF17826@pd.tnic>
Date:	Fri, 19 Jun 2015 16:06:22 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Ingo Molnar <mingo@...nel.org>
Cc:	Andrey Ryabinin <a.ryabinin@...sung.com>,
	Alexander Popov <alpopov@...ecurity.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Andrey Konovalov <adech.fo@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andy Lutomirski <luto@...nel.org>,
	Alexander Kuleshov <kuleshovmail@...il.com>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Kees Cook <keescook@...omium.org>, x86@...nel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables

On Fri, Jun 19, 2015 at 04:00:51PM +0200, Ingo Molnar wrote:
> It should also printk a one line message at bootup, so that people can
> be sure they are running a KASan-enabled kernel.

Yeah, especially if it slows down teh kernel by orders of magnitude.

In any case, here's what it says in the guest:

[  117.061393] kasan test: kmalloc_oob_right out-of-bounds to right
[  117.067973] ==================================================================
[  117.071656] BUG: KASan: out of bounds access in kmalloc_oob_right+0x65/0x75 [test_kasan] at addr ffff88006816915b
[  117.071656] Write of size 1 by task insmod/3942
[  117.071656] =============================================================================
[  117.071656] BUG kmalloc-128 (Not tainted): kasan: bad access detected
[  117.071656] -----------------------------------------------------------------------------
[  117.071656] 
[  117.071656] Disabling lock debugging due to kernel taint
[  117.071656] INFO: Allocated in kmalloc_oob_right+0x3d/0x75 [test_kasan] age=5 cpu=1 pid=3942
[  117.071656] 	__slab_alloc.isra.60.constprop.62+0x4c4/0x5e0
[  117.071656] 	kmem_cache_alloc_trace+0x167/0x330
[  117.071656] 	kmalloc_oob_right+0x3d/0x75 [test_kasan]
[  117.071656] 	kmalloc_tests_init+0x9/0x51 [test_kasan]
[  117.071656] 	do_one_initcall+0xb1/0x220
[  117.071656] 	do_init_module+0xf7/0x2f8
[  117.071656] 	load_module+0x2fe7/0x3e00
[  117.071656] 	SyS_init_module+0x10d/0x120
[  117.071656] 	system_call_fastpath+0x16/0x73
[  117.071656] INFO: Freed in rcu_process_callbacks+0x3d3/0xd90 age=1511 cpu=6 pid=0
[  117.071656] 	__slab_free+0x433/0x610
[  117.071656] 	kfree+0x279/0x380
[  117.071656] 	rcu_process_callbacks+0x3d3/0xd90
[  117.071656] 	__do_softirq+0x154/0x7b0
[  117.071656] 	irq_exit+0xba/0xe0
[  117.071656] 	smp_apic_timer_interrupt+0x6a/0x80
[  117.071656] 	apic_timer_interrupt+0x6d/0x80
[  117.071656] 	arch_cpu_idle+0xf/0x20
[  117.071656] 	cpu_startup_entry+0x5f1/0x7a0
[  117.071656] 	start_secondary+0x21d/0x230
[  117.071656] INFO: Slab 0xffffea0001a05a00 objects=37 used=31 fp=0xffff880068169290 flags=0x4000000000004080
[  117.071656] INFO: Object 0xffff8800681690e0 @offset=4320 fp=0xffff88006816a880
[  117.071656] 
[  117.071656] Bytes b4 ffff8800681690d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  117.071656] Object ffff8800681690e0: 80 a8 16 68 00 88 ff ff ff ff ff ff 00 00 00 00  ...h............
[  117.071656] Object ffff8800681690f0: ff ff ff ff ff ff ff ff c0 f2 01 83 ff ff ff ff  ................
[  117.071656] Object ffff880068169100: 60 91 87 82 ff ff ff ff 00 00 00 00 00 00 00 00  `...............
[  117.071656] Object ffff880068169110: 05 0a c4 81 ff ff ff ff 06 00 00 00 1c 00 1b 00  ................
[  117.071656] Object ffff880068169120: 74 d6 0d 81 ff ff ff ff 28 91 16 68 00 88 ff ff  t.......(..h....
[  117.071656] Object ffff880068169130: 28 91 16 68 00 88 ff ff 00 00 00 00 00 00 00 00  (..h............
[  117.071656] Object ffff880068169140: 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00  ........`.......
[  117.071656] Object ffff880068169150: 00 00 00 00 40 00 38 00 07 00 40 00 18 00 17 00  ....@.....@.....
[  117.071656] CPU: 1 PID: 3942 Comm: insmod Tainted: G    B           4.1.0-rc8+ #3
[  117.071656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[  117.071656]  0000000000000001 ffff880061c77a28 ffffffff819af359 00000000000001b0
[  117.071656]  ffff88006ac07800 ffff880061c77a58 ffffffff8121280d ffff88006ac07800
[  117.071656]  ffffea0001a05a00 ffff8800681690e0 ffffffffa0008765 ffff880061c77a88
[  117.071656] Call Trace:
[  117.071656]  [<ffffffff819af359>] dump_stack+0x4f/0x7b
[  117.071656]  [<ffffffff8121280d>] print_trailer+0xfd/0x160
[  117.071656]  [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[  117.071656]  [<ffffffff81218501>] object_err+0x41/0x50
[  117.071656]  [<ffffffff8121a4b8>] kasan_report_error+0x1e8/0x410
[  117.071656]  [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[  117.071656]  [<ffffffff8121ab90>] kasan_report+0x40/0x50
[  117.071656]  [<ffffffffa0008111>] ? kmalloc_oob_right+0x65/0x75 [test_kasan]
[  117.071656]  [<ffffffff81219c54>] __asan_store1+0x54/0x80
[  117.071656]  [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[  117.071656]  [<ffffffffa0008111>] kmalloc_oob_right+0x65/0x75 [test_kasan]
[  117.071656]  [<ffffffffa000876e>] kmalloc_tests_init+0x9/0x51 [test_kasan]
[  117.071656]  [<ffffffff81000301>] do_one_initcall+0xb1/0x220
[  117.071656]  [<ffffffff81219d19>] ? kasan_kmalloc+0x49/0x50
[  117.071656]  [<ffffffff812170f6>] ? kmem_cache_alloc_trace+0x106/0x330
[  117.071656]  [<ffffffff819ae865>] ? do_init_module+0x3b/0x2f8
[  117.071656]  [<ffffffff819ae921>] do_init_module+0xf7/0x2f8
[  117.071656]  [<ffffffff8114aa37>] load_module+0x2fe7/0x3e00
[  117.071656]  [<ffffffff811454d0>] ? store_uevent+0x50/0x50
[  117.071656]  [<ffffffff8114b95d>] SyS_init_module+0x10d/0x120
[  117.071656]  [<ffffffff819ba31b>] system_call_fastpath+0x16/0x73
[  117.071656] Memory state around the buggy address:
[  117.071656]  ffff880068169000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.071656]  ffff880068169080: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[  117.071656] >ffff880068169100: 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc fc
[  117.071656]                                                     ^
[  117.071656]  ffff880068169180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.071656]  ffff880068169200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.071656] ==================================================================
...

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ