lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <57b455f0.PBbMwoqYXi+gB2ZE%xiaolong.ye@intel.com>
Date:	Wed, 17 Aug 2016 20:17:52 +0800
From:	kernel test robot <xiaolong.ye@...el.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	lkp@...org, linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Valdis Kletnieks <valdis.kletnieks@...edu>
Subject: [x86/uaccess]  5b710f34e1: kernel BUG at mm/usercopy.c:75!


FYI, we noticed the following commit:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 5b710f34e194c6b7710f69fdb5d798fdf35b98c1 ("x86/uaccess: Enable hardened usercopy")

in testcase: boot

on test machine: 1 threads qemu-system-i386 -enable-kvm with 360M memory

caused below changes:


+------------------------------------------+------------+------------+
|                                          | f5509cc18d | 5b710f34e1 |
+------------------------------------------+------------+------------+
| boot_successes                           | 12         | 0          |
| boot_failures                            | 0          | 19         |
| kernel_BUG_at_mm/usercopy.c              | 0          | 19         |
| EIP_is_at__check_object_size             | 0          | 19         |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 19         |
+------------------------------------------+------------+------------+



[  177.875629] usercopy: kernel memory overwrite attempt detected to 80028f40 (<spans multiple pages>) (512 bytes)
[  177.965655] ------------[ cut here ]------------
[  177.965655] ------------[ cut here ]------------
[  177.976995] kernel BUG at mm/usercopy.c:75!
[  177.976995] kernel BUG at mm/usercopy.c:75!
[  177.991519] invalid opcode: 0000 [#1]
[  177.991519] invalid opcode: 0000 [#1]
[  178.000490] CPU: 0 PID: 1 Comm: init Not tainted 4.7.0-00004-g5b710f3 #2
[  178.000490] CPU: 0 PID: 1 Comm: init Not tainted 4.7.0-00004-g5b710f3 #2
[  178.016498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[  178.016498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[  178.037761] task: 80028000 ti: 8002a000 task.ti: 8002a000
[  178.037761] task: 80028000 ti: 8002a000 task.ti: 8002a000
[  178.050690] EIP: 0060:[<8110a056>] EFLAGS: 00010246 CPU: 0
[  178.050690] EIP: 0060:[<8110a056>] EFLAGS: 00010246 CPU: 0
[  178.064166] EIP is at __check_object_size+0x202/0x258
[  178.064166] EIP is at __check_object_size+0x202/0x258
[  178.076286] EAX: 00000063 EBX: 80028f40 ECX: 810945ac EDX: 80028000
[  178.076286] EAX: 00000063 EBX: 80028f40 ECX: 810945ac EDX: 80028000
[  178.091360] ESI: 817c7dfa EDI: 94b3a5a0 EBP: 8002beac ESP: 8002be7c
[  178.091360] ESI: 817c7dfa EDI: 94b3a5a0 EBP: 8002beac ESP: 8002be7c
[  178.116671]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  178.116671]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  178.129596] CR0: 80050033 CR2: 775e1460 CR3: 0dfbc000 CR4: 00000690
[  178.129596] CR0: 80050033 CR2: 775e1460 CR3: 0dfbc000 CR4: 00000690
[  178.154127] Stack:
[  178.154127] Stack:
[  178.170232]  817c7e39
[  178.170232]  817c7e39 817c7e03 817c7e03 8184213b 8184213b 80028f40 80028f40 817c7dcc 817c7dcc 00000200 00000200 94b3a000 94b3a000 00028000 00028000

[  178.205104]  00000200
[  178.205104]  00000200 7ffcbc40 7ffcbc40 80028000 80028000 00000200 00000200 8002bf44 8002bf44 81047847 81047847 80028f40 80028f40 80028f00 80028f00

[  178.246126]  00000000
[  178.246126]  00000000 00000000 00000000 00000000 00000000 7ffcbbd0 7ffcbbd0 81045015 81045015 80028000 80028000 8002bef8 8002bef8 81081804 81081804

[  178.290075] Call Trace:
[  178.290075] Call Trace:
[  178.303259]  [<81047847>] __fpu__restore_sig+0x14f/0x439
[  178.303259]  [<81047847>] __fpu__restore_sig+0x14f/0x439
[  178.328374]  [<81045015>] ? sched_clock+0x9/0xd
[  178.328374]  [<81045015>] ? sched_clock+0x9/0xd
[  178.350312]  [<81081804>] ? sched_clock_cpu+0x19/0xc8


FYI, raw QEMU command line is:

	qemu-system-i386 -enable-kvm -kernel /pkg/linux/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/vmlinuz-4.7.0-00004-g5b710f3 -append 'ip=::::vm-lkp-wsx03-quantal-i386-6::dhcp root=/dev/ram0 user=lkp job=/lkp/scheduled/vm-lkp-wsx03-quantal-i386-6/boot-1-quantal-core-i386.cgz-5b710f34e194c6b7710f69fdb5d798fdf35b98c1-20160817-52554-1cf9h0a-0.yaml ARCH=i386 kconfig=i386-randconfig-w0-08170631 branch=linus/master commit=5b710f34e194c6b7710f69fdb5d798fdf35b98c1 BOOT_IMAGE=/pkg/linux/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/vmlinuz-4.7.0-00004-g5b710f3 max_uptime=600 RESULT_ROOT=/result/boot/1/vm-lkp-wsx03-quantal-i386/quantal-core-i386.cgz/i386-randconfig-w0-08170631/gcc-6/5b710f34e194c6b7710f69fdb5d798fdf35b98c1/0 LKP_SERVER=inn debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 systemd.log_level=err ignore_loglevel earlyprintk=ttyS0,115200 console=ttyS0,115200 console=tty0 vga=normal rw drbd.minor_count=8'  -initrd /fs/sdc1/initrd-vm-lkp-wsx03-quantal-i386-6 -m 360 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -watchdog-action debug -rtc base=localtime -pidfile /dev/shm/kboot/pid-vm-lkp-wsx03-quantal-i386-6 -serial file:/dev/shm/kboot/serial-vm-lkp-wsx03-quantal-i386-6 -daemonize -display none -monitor null 





Thanks,
Kernel Test Robot

View attachment "config-4.7.0-00004-g5b710f3" of type "text/plain" (82654 bytes)

Download attachment "dmesg.xz" of type "application/octet-stream" (11328 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ