lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191216094556.GA32241@zn.tnic>
Date:   Mon, 16 Dec 2019 10:45:56 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Dominik Brodowski <linux@...inikbrodowski.net>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Rafael J . Wysocki" <rafael@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/5] init: use do_mount() instead of ksys_mount()

On Thu, Dec 12, 2019 at 07:14:20PM +0100, Dominik Brodowski wrote:
> diff --git a/init/do_mounts.c b/init/do_mounts.c
> index 43f6d098c880..f55cbd9cb818 100644
> --- a/init/do_mounts.c
> +++ b/init/do_mounts.c
> @@ -387,12 +387,25 @@ static void __init get_fs_names(char *page)
>  	*s = '\0';
>  }
>  
> -static int __init do_mount_root(char *name, char *fs, int flags, void *data)
> +static int __init do_mount_root(const char *name, const char *fs,
> +				 const int flags, const void *data)
>  {
>  	struct super_block *s;
> -	int err = ksys_mount(name, "/root", fs, flags, data);
> -	if (err)
> -		return err;
> +	char *data_page;
> +	struct page *p;
> +	int ret;
> +
> +	/* do_mount() requires a full page as fifth argument */
> +	p = alloc_page(GFP_KERNEL);
> +	if (!p)
> +		return -ENOMEM;
> +
> +	data_page = page_address(p);
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^

That doesn't work in my guest as it gives a funny address:

[    3.155314] mount_block_root: entry
[    3.155868] mount_block_root: fs_name: [ext3]
[    3.156512] do_mount_root: will copy data page: 0x00000000adf0ddb8

leading to the splat below.

Reverting the patch fixes the boot.

Thx.

[    3.575074] BUG: kernel NULL pointer dereference, address: 0000000000000000
[    3.576858] #PF: supervisor read access in kernel mode
[    3.578274] #PF: error_code(0x0000) - not-present page
[    3.579003] PGD 0 P4D 0 
[    3.579003] Oops: 0000 [#1] PREEMPT SMP
[    3.579003] CPU: 8 PID: 1 Comm: swapper/0 Not tainted 5.5.0-rc1+ #17
[    3.579003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014
[    3.579003] RIP: 0010:strncpy+0xf/0x30
[    3.579003] Code: 0f b6 0c 16 88 0c 10 48 ff c2 84 c9 75 f2 f3 c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 d2 48 89 f8 74 1b 4c 8d 04 17 48 89 fa <0f> b6 0e 80 f9 01 88 0a 48 83 de ff 48 ff c2 4c 39 c2 75 ec f3 c3
[    3.579003] RSP: 0018:ffffc90000013eb8 EFLAGS: 00010206
[    3.579003] RAX: ffff88807b780000 RBX: 0000000000008001 RCX: 0000000000000000
[    3.579003] RDX: ffff88807b780000 RSI: 0000000000000000 RDI: ffff88807b780000
[    3.579003] RBP: ffff88807b781000 R08: ffff88807b780fff R09: 00000000000770f4
[    3.579003] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807b781000
[    3.579003] R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0001ede000
[    3.579003] FS:  0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
[    3.579003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    3.579003] CR2: 0000000000000000 CR3: 0000000002009000 CR4: 00000000003406e0
[    3.579003] Call Trace:
[    3.579003]  mount_block_root+0x14f/0x312
[    3.579003]  prepare_namespace+0x136/0x165
[    3.579003]  ? rest_init+0xb9/0xb9
[    3.579003]  kernel_init+0xa/0xf7
[    3.579003]  ret_from_fork+0x22/0x40
[    3.579003] Modules linked in:
[    3.579003] CR2: 0000000000000000
[    3.579003] ---[ end trace 2884b7e501f1daa6 ]---
[    3.579003] RIP: 0010:strncpy+0xf/0x30
[    3.579003] Code: 0f b6 0c 16 88 0c 10 48 ff c2 84 c9 75 f2 f3 c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 d2 48 89 f8 74 1b 4c 8d 04 17 48 89 fa <0f> b6 0e 80 f9 01 88 0a 48 83 de ff 48 ff c2 4c 39 c2 75 ec f3 c3
[    3.579003] RSP: 0018:ffffc90000013eb8 EFLAGS: 00010206
[    3.579003] RAX: ffff88807b780000 RBX: 0000000000008001 RCX: 0000000000000000
[    3.579003] RDX: ffff88807b780000 RSI: 0000000000000000 RDI: ffff88807b780000
[    3.579003] RBP: ffff88807b781000 R08: ffff88807b780fff R09: 00000000000770f4
[    3.579003] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807b781000
[    3.579003] R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0001ede000
[    3.579003] FS:  0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
[    3.579003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    3.579003] CR2: 0000000000000000 CR3: 0000000002009000 CR4: 00000000003406e0
[    3.611795] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    3.612923] Kernel Offset: disabled
[    3.613505] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]---

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ