| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171025063714.mnwn24uwwq4w7gt2@wfg-t540p.sh.intel.com>
Date: Wed, 25 Oct 2017 08:37:14 +0200
From: Fengguang Wu <fengguang.wu@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: wfg@...ux.intel.com,
"Steven Rostedt (VMware)" <rostedt@...dmis.org>,
linux-kernel@...r.kernel.org, LKP <lkp@...org>
Subject: 6ee98ffeea ("x86/ftrace: Make sure that ftrace trampolines are not
RWX"): BUG: kernel reboot-without-warning in test stage
Hi Thomas,
FYI this commit turns a warning into kernel crash:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 6ee98ffeea0bc9e072e419497d78697d8afcdd6d
Author: Thomas Gleixner <tglx@...utronix.de>
AuthorDate: Thu May 25 10:57:51 2017 +0200
Commit: Steven Rostedt (VMware) <rostedt@...dmis.org>
CommitDate: Fri May 26 22:37:02 2017 -0400
x86/ftrace: Make sure that ftrace trampolines are not RWX
ftrace use module_alloc() to allocate trampoline pages. The mapping of
module_alloc() is RWX, which makes sense as the memory is written to right
after allocation. But nothing makes these pages RO after writing to them.
Add proper set_memory_rw/ro() calls to protect the trampolines after
modification.
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1705251056410.1862@nanos
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Signed-off-by: Steven Rostedt (VMware) <rostedt@...dmis.org>
a53276e282 x86/mm/ftrace: Do not bug in early boot on irqs_disabled in cpu_flush_range()
6ee98ffeea x86/ftrace: Make sure that ftrace trampolines are not RWX
6cff0a118f Merge tag 'platform-drivers-x86-v4.14-3' of git://git.infradead.org/linux-platform-drivers-x86
36ef71cae3 Add linux-next specific files for 20171018
+-----------------------------------------------------+------------+------------+------------+---------------+
| | a53276e282 | 6ee98ffeea | 6cff0a118f | next-20171018 |
+-----------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 7 | 600 | 609 | 596 |
| boot_failures | 1626 | 25 | 24 | 29 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 1626 | | | |
| BUG:unable_to_handle_kernel | 1 | | | |
| Oops:#[##] | 1 | | | |
| BUG:kernel_reboot-without-warning_in_test_stage | 0 | 25 | 24 | 29 |
+-----------------------------------------------------+------------+------------+------------+---------------+
[main] Setsockopt(1 20 2456000 4) on fd 378 [1:5:1]
[main] Setsockopt(1 22 2456000 4) on fd 379 [1:2:1]
[main] 375 sockets created based on info from socket cachefile.
<KERNEL REBOOT HERE>
The parent commit has this warning:
[ 13.180002] Freeing unused kernel memory: 372K
[ 13.180635] x86/mm: Found insecure W+X mapping at address ffffffffa0000000/0xffffffffa0000000
[ 13.181499] ------------[ cut here ]------------
[ 13.181946] WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:236 note_page+0x191/0x446
[ 13.182928] Modules linked in:
[ 13.183231] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2-00004-ga53276e #1
[ 13.183984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 13.184782] task: ffff8800002b0000 task.stack: ffffc90000008000
[ 13.185428] RIP: 0010:note_page+0x191/0x446
[ 13.185848] RSP: 0000:ffffc9000000be10 EFLAGS: 00010282
[ 13.186374] RAX: 0000000000000051 RBX: ffffc9000000be90 RCX: 0000000000000000
[ 13.187053] RDX: ffffffff81a3f078 RSI: 0000000000000001 RDI: 0000000000000286
[ 13.187742] RBP: ffffc9000000be40 R08: 0000000000000001 R09: 0000000000000001
[ 13.188455] R10: 0000000000000001 R11: 0000000000000030 R12: 0000000000000000
[ 13.189224] R13: 0000000000000004 R14: 0000000000000000 R15: ffffffff81a0f001
[ 13.189919] FS: 0000000000000000(0000) GS:ffff88001e700000(0000) knlGS:0000000000000000
[ 13.190681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 13.191377] CR2: ffffc90000094000 CR3: 0000000001a0f000 CR4: 00000000000006a0
[ 13.192374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 13.193309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 13.194296] Call Trace:
[ 13.194637] ptdump_walk_pgd_level_core+0x3d1/0x50a
[ 13.195200] ? 0xffffffff81000000
[ 13.195695] ptdump_walk_pgd_level_checkwx+0x17/0x19
[ 13.196730] mark_rodata_ro+0xec/0xf3
[ 13.197234] ? rest_init+0x15c/0x15c
[ 13.197874] kernel_init+0x35/0x16a
[ 13.198316] ret_from_fork+0x31/0x40
[ 13.198799] Code: c7 00 73 ab 81 c6 05 43 48 9d 00 01 e8 af 4d 14 00 48 8b 73 10 48 c7 c7 93 7a 90 81 48 ff 05 e3 3f b0 00 48 89 f2 e8 82 b
1 18 00 <0f> ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 d0 72 ab 81
[ 13.201397] ---[ end trace 8b1d34932c92c906 ]---
[ 13.202109] x86/mm: Checked W+X mappings: FAILED, 1 W+X pages found.
[ 13.202924] rodata_test: all tests were successful
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.12 v4.11 --
git bisect good f3926e4c2a4b53c25a998de168d4eef6d0360369 # 02:53 G 621 0 619 619 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad 21c9eb7ca32be43a1c6fcb8194cf2d1aea771772 # 03:18 B 17 2 0 0 Merge tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
git bisect bad 46356945fc2bc932dd224af60c12ece2672479be # 03:48 B 20 2 0 0 Merge tag 'drm-dp-quirk-for-v4.12-rc4' of git://people.freedesktop.org/~airlied/linux
git bisect bad d024baa58a4a7e5eb6058017771d15b9e47b56db # 04:20 B 72 1 0 0 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good be941bf2e6a32605935865972df7abf74087944f # 07:38 G 625 0 624 624 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
git bisect good 6ce47829113772b1d6b9046f5eaf00e154f0f9de # 08:41 G 625 0 624 624 Merge tag 'pci-v4.12-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
git bisect good 6741d51699ac9ef21f1fac14c63ecd31d3a7c278 # 11:26 G 620 0 619 619 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
git bisect good c86daad2c25bfd4a33d48b7691afaa96d9c5ab46 # 16:55 G 625 0 624 624 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
git bisect bad 77d64656950b299f5e7c70f1e3a0bdc991b51497 # 17:17 B 24 3 0 0 Merge tag 'trace-v4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
git bisect good bdd7e3d68492bfb7ade574f8c64b87bea499ca2e # 18:06 G 625 0 620 620 selftests/ftrace: Add a testcase for many kprobe events
git bisect bad 6ee98ffeea0bc9e072e419497d78697d8afcdd6d # 18:36 B 6 1 0 0 x86/ftrace: Make sure that ftrace trampolines are not RWX
git bisect good a53276e2826010338478ed94310874001a8097fa # 19:27 G 625 0 623 623 x86/mm/ftrace: Do not bug in early boot on irqs_disabled in cpu_flush_range()
# first bad commit: [6ee98ffeea0bc9e072e419497d78697d8afcdd6d] x86/ftrace: Make sure that ftrace trampolines are not RWX
git bisect good a53276e2826010338478ed94310874001a8097fa # 21:57 G 1004 0 997 1620 x86/mm/ftrace: Do not bug in early boot on irqs_disabled in cpu_flush_range()
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 6ee98ffeea0bc9e072e419497d78697d8afcdd6d # 22:21 B 5 1 0 0 x86/ftrace: Make sure that ftrace trampolines are not RWX
# extra tests on HEAD of linux-devel/devel-catchup-201710230614
git bisect bad b502be92f0c656835ef30a34897d2178699a7aaa # 22:22 B 11 2 0 0 0day head guard for 'devel-catchup-201710230614'
# extra tests on tree/branch linus/master
git bisect bad 6cff0a118f23b98c604a3604ea9de11338e24fbe # 01:04 B 601 24 0 0 Merge tag 'platform-drivers-x86-v4.14-3' of git://git.infradead.org/linux-platform-drivers-x86
# extra tests with first bad commit reverted
git bisect good 602c4c756d28c7744f946fe6d3422835f3f3fbdb # 06:14 G 625 0 621 621 Revert "x86/ftrace: Make sure that ftrace trampolines are not RWX"
# extra tests on tree/branch linux-next/master
git bisect bad 36ef71cae353f88fd6e095e2aaa3e5953af1685d # 11:22 B 596 29 0 0 Add linux-next specific files for 20171018
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-lkp-hsw01-11:20171024183016:x86_64-randconfig-s0-10221200:4.12.0-rc2-00005-g6ee98ff:1.gz" of type "application/gzip" (14686 bytes)
Download attachment "dmesg-quantal-lkp-hsw01-10:20171024184751:x86_64-randconfig-s0-10221200:4.12.0-rc2-00004-ga53276e:1.gz" of type "application/gzip" (17619 bytes)
View attachment "reproduce-quantal-lkp-hsw01-11:20171024183016:x86_64-randconfig-s0-10221200:4.12.0-rc2-00005-g6ee98ff:1" of type "text/plain" (888 bytes)
View attachment "config-4.12.0-rc2-00005-g6ee98ff" of type "text/plain" (85268 bytes)
Powered by blists - more mailing lists