lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170528092212.fiod7kygpjm23m3o@pd.tnic>
Date:   Sun, 28 May 2017 11:22:12 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: [PATCH] x86/kernel/process_32: Convert a smp_processor_id() call

Hi,

this is on 32-bit with tip/master.

I *think* the solution is as straight-forward but pls double-check me on
that.

Thanks.

---
From: Borislav Petkov <bp@...e.de>
Date: Sun, 28 May 2017 11:03:42 +0200
Subject: [PATCH] x86/kernel/process_32: Convert a smp_processor_id() call

... to raw_smp_processor_id() to not trip the

  BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1

check. The reasoning behind it is that __warn() already uses the raw_
variants but the show_regs() path on 32-bit doesn't.

Otherwise, you get splat in a splat:

 Write protecting the kernel read-only data: 2980k
 NX-protecting the kernel data: 4744k
 x86/mm: Found insecure W+X mapping at address c00a0000/0xc00a0000
 ------------[ cut here ]------------
 WARNING: CPU: 0 PID: 1 at .../arch/x86/mm/dump_pagetables.c:236 note_page+0x6ca/0x8e0
 Modules linked in:
 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #1
 Hardware name: LENOVO 30515QG/30515QG, BIOS 8RET30WW (1.12 ) 09/15/2011
 task: f4120000 task.stack: f411a000
 EIP: note_page+0x6ca/0x8e0
 BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1
 caller is debug_smp_processor_id
 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #1
 Hardware name: LENOVO 30515QG/30515QG, BIOS 8RET30WW (1.12 ) 09/15/2011
 Call Trace:
  dump_stack
  check_preemption_disabled
  debug_smp_processor_id
  __show_regs
  ? note_page
  ? printk
  ? show_regs_print_info
  ? note_page
  show_regs
  ? vprintk_func
  ? note_page
  __warn
  ? note_page
  ? note_page
  report_bug
  do_trap
  ? do_error_trap
  ? __this_cpu_preempt_check
  ? trace_hardirqs_on_caller
  do_error_trap
  ? note_page
  ? wake_up_klogd
  ? console_unlock
  ? common_exception
  ? do_overflow
  ? __this_cpu_preempt_check
  ? trace_hardirqs_off_caller
  ? do_overflow
  do_invalid_op
  common_exception
 EIP: note_page+0x6ca/0x8e0
 EFLAGS: 00210286 CPU: 0
 EAX: 00000041 EBX: f411bf40 ECX: 00000000 EDX: c10bd629
 ESI: 80000000 EDI: 00000000 EBP: f411bf0c ESP: f411bed4
  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
  ? wake_up_klogd
  ? do_overflow
  ? change_page_attr_set_clr
  ptdump_walk_pgd_level_core
  ptdump_walk_pgd_level_checkwx
  mark_rodata_ro
  ? rest_init
  kernel_init
  ? schedule_tail_wrapper
  ret_from_fork
 EFLAGS: 00210286 CPU: 0
 EAX: 00000041 EBX: f411bf40 ECX: 00000000 EDX: c10bd629
 ESI: 80000000 EDI: 00000000 EBP: f411bf0c ESP: f411bed4
  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
 CR0: 80050033 CR2: ffbff000 CR3: 01bbe000 CR4: 000006f0
 Call Trace:
  ? change_page_attr_set_clr
  ptdump_walk_pgd_level_core
  ptdump_walk_pgd_level_checkwx
  mark_rodata_ro
  ? rest_init
  kernel_init
  ? schedule_tail_wrapper
  ret_from_fork
 ---[ end trace e1a49e2b8e42d056 ]---
 x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

Signed-off-by: Borislav Petkov <bp@...e.de>
---
 arch/x86/kernel/process_32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index ff40e74c9181..ffeae818aa7a 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -78,7 +78,7 @@ void __show_regs(struct pt_regs *regs, int all)
 
 	printk(KERN_DEFAULT "EIP: %pS\n", (void *)regs->ip);
 	printk(KERN_DEFAULT "EFLAGS: %08lx CPU: %d\n", regs->flags,
-		smp_processor_id());
+		raw_smp_processor_id());
 
 	printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
 		regs->ax, regs->bx, regs->cx, regs->dx);
-- 
2.11.0


-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ