| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Sep 2019 14:40:19 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: LKML <linux-kernel@...r.kernel.org>,
Al Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>, X86 ML <x86@...nel.org>,
Oleg Nesterov <oleg@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: problem starting /sbin/init (32-bit 5.3-rc8)
This is 32-bit kernel, just happens to be running on a 64-bit laptop.
I added the debug printk in __phys_addr() just before "[cut here]".
CONFIG_HARDENED_USERCOPY=y
The BUG is this line in arch/x86/mm/physaddr.c:
VIRTUAL_BUG_ON((phys_addr >> PAGE_SHIFT) > max_low_pfn);
It's line 83 in my source file only due to adding <linux/printk.h> and
a conditional pr_crit() call.
[ 19.730409][ T1] debug: unmapping init [mem 0xdc7bc000-0xdca30fff]
[ 19.734289][ T1] Write protecting kernel text and read-only data: 13888k
[ 19.737675][ T1] rodata_test: all tests were successful
[ 19.740757][ T1] Run /sbin/init as init process
[ 19.792877][ T1] __phys_addr: max_low_pfn=0x36ffe, x=0xff001ff1, phys_addr=0x3f001ff1
[ 19.796561][ T1] ------------[ cut here ]------------
[ 19.797501][ T1] kernel BUG at ../arch/x86/mm/physaddr.c:83!
[ 19.802799][ T1] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 19.803782][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.3.0-rc8 #6
[ 19.803782][ T1] Hardware name: Dell Inc. Inspiron 1318 /0C236D, BIOS A04 01/15/2009
[ 19.803782][ T1] EIP: __phys_addr+0xaf/0x100
[ 19.803782][ T1] Code: 85 c0 74 67 89 f7 c1 ef 0c 39 f8 73 2e 56 53 50 68 90 9f 1f dc 68 00 eb 45 dc e8 ec b3 09 00 83 c4 14 3b 3d 30 55 cf dc 76 11 <0f> 0b b8 7c 3b 5c dc e8 45 53 4c 00 90 8d 74 26 00 89 d8 e8 39 cd
[ 19.803782][ T1] EAX: 00000044 EBX: ff001ff1 ECX: 00000000 EDX: db90a471
[ 19.803782][ T1] ESI: 3f001ff1 EDI: 0003f001 EBP: f41ddea0 ESP: f41dde90
[ 19.803782][ T1] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010216
[ 19.803782][ T1] CR0: 80050033 CR2: dc218544 CR3: 1ca39000 CR4: 000406d0
[ 19.803782][ T1] Call Trace:
[ 19.803782][ T1] __check_object_size+0xaf/0x3c0
[ 19.803782][ T1] ? __might_sleep+0x80/0xa0
[ 19.803782][ T1] copy_strings+0x1c2/0x370
[ 19.803782][ T1] copy_strings_kernel+0x2b/0x40
[ 19.803782][ T1] __do_execve_file+0x4ca/0x810
[ 19.803782][ T1] ? kmem_cache_alloc+0x1c7/0x370
[ 19.803782][ T1] do_execve+0x1b/0x20
[ 19.803782][ T1] run_init_process+0x31/0x40
[ 19.803782][ T1] try_to_run_init_process+0x11/0x40
[ 19.803782][ T1] kernel_init+0xda/0x120
[ 19.803782][ T1] ? rest_init+0x130/0x130
[ 19.803782][ T1] ret_from_fork+0x2e/0x38
[ 19.803782][ T1] Modules linked in:
[ 19.876679][ T1] ---[ end trace 2b8071cbe5f1eece ]---
[ 19.879467][ T1] EIP: __phys_addr+0xaf/0x100
[ 19.882125][ T1] Code: 85 c0 74 67 89 f7 c1 ef 0c 39 f8 73 2e 56 53 50 68 90 9f 1f dc 68 00 eb 45 dc e8 ec b3 09 00 83 c4 14 3b 3d 30 55 cf dc 76 11 <0f> 0b b8 7c 3b 5c dc e8 45 53 4c 00 90 8d 74 26 00 89 d8 e8 39 cd
[ 19.889474][ T1] EAX: 00000044 EBX: ff001ff1 ECX: 00000000 EDX: db90a471
[ 19.892635][ T1] ESI: 3f001ff1 EDI: 0003f001 EBP: f41ddea0 ESP: f41dde90
[ 19.895806][ T1] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010216
[ 19.899106][ T1] CR0: 80050033 CR2: dc218544 CR3: 1ca39000 CR4: 000406d0
[ 19.902276][ T1] Kernel panic - not syncing: Fatal exception
[ 19.903268][ T1] Kernel Offset: 0x1a800000 from 0xc1000000 (relocation range: 0xc0000000-0xf77fdfff)
[ 19.903268][ T1] ---[ end Kernel panic - not syncing: Fatal exception ]---
Full boot log or kernel .config file are available if wanted.
--
~Randy
Powered by blists - more mailing lists