| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1504069332.8352.3.camel@gmx.de>
Date: Wed, 30 Aug 2017 07:02:12 +0200
From: Mike Galbraith <efault@....de>
To: Kees Cook <keescook@...omium.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>,
"Reshetova, Elena" <elena.reshetova@...el.com>
Subject: Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm:
Implement fast refcount overflow protection
On Tue, 2017-08-29 at 11:41 -0700, Kees Cook wrote:
> Can you also test with 14afee4b6092 ("net: convert sock.sk_wmem_alloc
> from atomic_t to refcount_t") reverted (instead of ARCH_HAS_REFCOUNT
> disabled)?
Nogo.
...
[.[0;32m OK .[0m] Mounted /abuild.
[.[0;32m OK .[0m] Mounted /homer.
[.[0;32m OK .[0m] Mounted /home/git.
[.[0;32m OK .[0m] Mounted /usr/local/src.
[.[0;32m OK .[0m] Mounted /usr/local/gcc.
[.[0;32m OK .[0m] Mounted /usr/local/lib/albumcovers.
[.[0;32m OK .[0m] Mounted /usr/local/lib/mp3.
[.[0;32m OK .[0m] Mounted /usr/local/ltp.
[.[0;32m OK .[0m] Started SuSEfirewall2 phase 2.
Starting Locale Service...
[ 44.901304] ------------[ cut here ]------------
[ 44.901930] WARNING: CPU: 5 PID: 0 at net/netlink/af_netlink.c:374 netlink_sock_destruct+0x82/0xa0
[ 44.902679] Modules linked in: nf_log_ipv6(E) xt_comment(E) nf_log_ipv4(E) rpcsec_gss_krb5(E) nfsv4(E) nf_log_common(E) xt_LOG(E) xt_limit(E) dns_resolver(E) nfs(E) fscache(E) af_packet(E) iscsi_ibft(E) iscsi_boot_sysfs(E) ip6t_REJECT(E) nf_conntrack_ipv6(E) nf_defrag_ipv6(E) ipt_REJECT(E) xt_pkttype(E) xt_tcpudp(E) iptable_filter(E) ip6table_mangle(E) nf_conntrack_netbios_ns(E) nf_conntrack_broadcast(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) ip_tables(E) xt_conntrack(E) nf_conntrack(E) libcrc32c(E) ip6table_filter(E) ip6_tables(E) x_tables(E) snd_hda_codec_generic(E) snd_hda_intel(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) joydev(E) snd(E) ppdev(E) soundcore(E) parport_pc(E) crct10dif_pclmul(E) 8139too(E) crc32_pclmul(E) ghash_clmulni_intel(E) 8139cp(E) pcbc(E) aesni_intel(E)
[ 44.908297] i2c_piix4(E) mii(E) parport(E) aes_x86_64(E) crypto_simd(E) glue_helper(E) pcspkr(E) cryptd(E) button(E) qemu_fw_cfg(E) nfsd(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) ext4(E) crc16(E) mbcache(E) jbd2(E) ata_generic(E) hid_generic(E) usbhid(E) ata_piix(E) virtio_balloon(E) virtio_rng(E) virtio_blk(E) virtio_console(E) qxl(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) ahci(E) fb_sys_fops(E) ttm(E) libahci(E) uhci_hcd(E) ehci_pci(E) crc32c_intel(E) ehci_hcd(E) libata(E) serio_raw(E) virtio_pci(E) virtio_ring(E) drm(E) usbcore(E) virtio(E) floppy(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) autofs4(E)
[ 44.913190] CPU: 5 PID: 0 Comm: swapper/5 Tainted: G W E 4.13.0.g94a2d62-tip-default #45
[ 44.915217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
[ 44.916073] task: ffff88018ee78400 task.stack: ffffc90000cc8000
[ 44.916742] RIP: 0010:netlink_sock_destruct+0x82/0xa0
[ 44.917291] RSP: 0018:ffff880246143eb0 EFLAGS: 00010206
[ 44.917818] RAX: 0000000000000300 RBX: ffff8802370a6800 RCX: 000077ff80000000
[ 44.918497] RDX: 0000000000000001 RSI: 0000000000000246 RDI: 0000000000000246
[ 44.919093] RBP: ffff8802370a6800 R08: 0000000000000001 R09: 0000000000011000
[ 44.919826] R10: 0000000000001104 R11: 0000000000011bf8 R12: 0000000000000202
[ 44.920486] R13: ffffffff81cf1440 R14: ffff88018ee78400 R15: ffffffff815e0f30
[ 44.921138] FS: 0000000000000000(0000) GS:ffff880246140000(0000) knlGS:0000000000000000
[ 44.921861] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.922419] CR2: 0000563972a82768 CR3: 000000011d25a005 CR4: 00000000001606e0
[ 44.923079] Call Trace:
[ 44.923503] <IRQ>
[ 44.923786] __sk_destruct+0x21/0x190
[ 44.924160] rcu_process_callbacks+0x23e/0x880
[ 44.924583] ? rebalance_domains+0xf4/0x2b0
[ 44.925147] __do_softirq+0xc8/0x287
[ 44.925620] irq_exit+0xd5/0xe0
[ 44.926072] smp_apic_timer_interrupt+0x64/0x140
[ 44.926602] apic_timer_interrupt+0x96/0xa0
[ 44.927138] </IRQ>
[ 44.927512] RIP: 0010:native_safe_halt+0x2/0x10
[ 44.928104] RSP: 0018:ffffc90000ccbed8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
[ 44.928897] RAX: ffffffff816d46e0 RBX: ffff88018ee78400 RCX: 0000000000000000
[ 44.931217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 44.932064] RBP: 0000000000000005 R08: 000000008e8d32c4 R09: 0000000000000000
[ 44.932757] R10: 0000000000000006 R11: 0000000000000005 R12: ffff88018ee78400
[ 44.933423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 44.934187] ? __sched_text_end+0x5/0x5
[ 44.934609] default_idle+0x18/0x110
[ 44.935041] do_idle+0x15e/0x1f0
[ 44.935455] cpu_startup_entry+0x5f/0x70
[ 44.935934] start_secondary+0x14c/0x180
[ 44.936445] secondary_startup_64+0xa5/0xa5
[ 44.936933] Code: 00 00 85 c0 75 25 8b 83 44 01 00 00 85 c0 75 10 48 83 bb e0 02 00 00 00 75 02 5b c3 0f ff 5b c3 0f ff 0f 1f 80 00 00 00 00 eb e5 <0f> ff eb d7 48 89 de 48 c7 c7 d8 e6 ab 81 31 c0 5b e9 d5 ca af
[ 44.938829] ---[ end trace bcf2d20b852804b6 ]---
[.[0;32m OK .[0m] Started Locale Service.
[.[0;32m OK .[0m] Started Postfix Mail Transport Agent.
[.[0;32m OK .[0m] Started Command Scheduler.
[.[0;32m OK .[0m] Started X Display Manager.
[.[0;32m OK .[0m] Started Virtualization daemon.
[.[0;32m OK .[0m] Reached target Multi-User System.
[.[0;32m OK .[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[.[0;32m OK .[0m] Started Update UTMP about System Runlevel Changes.
...zzzzzz
Powered by blists - more mailing lists