| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Jul 2020 15:50:42 +0800
From: kernel test robot <lkp@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, LKP <lkp@...ts.01.org>
Subject: ed66f991bb ("module: Refactor section attr into bin attribute"): [
37.829284] kernel BUG at mm/usercopy.c:99!
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit ed66f991bb19d94cae5d38f77de81f96aac7813f
Author: Kees Cook <keescook@...omium.org>
AuthorDate: Thu Jul 2 13:47:20 2020 -0700
Commit: Kees Cook <keescook@...omium.org>
CommitDate: Wed Jul 8 16:00:17 2020 -0700
module: Refactor section attr into bin attribute
In order to gain access to the open file's f_cred for kallsym visibility
permission checks, refactor the module section attributes to use the
bin_attribute instead of attribute interface. Additionally removes the
redundant "name" struct member.
Cc: stable@...r.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Tested-by: Jessica Yu <jeyu@...nel.org>
Acked-by: Jessica Yu <jeyu@...nel.org>
Signed-off-by: Kees Cook <keescook@...omium.org>
160251842c kallsyms: Refactor kallsyms_show_value() to take cred
ed66f991bb module: Refactor section attr into bin attribute
f37e99aca0 Merge tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux into master
+----------------------------------------------------------------+------------+------------+------------+
| | 160251842c | ed66f991bb | f37e99aca0 |
+----------------------------------------------------------------+------------+------------+------------+
| boot_successes | 895 | 299 | 66 |
| boot_failures | 25 | 17 | 2 |
| WARNING:at_kernel/tracepoint.c:#tracepoint_probe_register_prio | 18 | 7 | |
| EIP:tracepoint_probe_register_prio | 18 | 7 | |
| Mem-Info | 3 | 0 | 1 |
| BUG:kernel_hang_in_boot_stage | 3 | | |
| BUG:kernel_hang_in_test_stage | 1 | | |
| invoked_oom-killer:gfp_mask=0x | 1 | 0 | 1 |
| kernel_BUG_at_mm/usercopy.c | 0 | 10 | 1 |
| invalid_opcode:#[##] | 0 | 10 | 1 |
| EIP:usercopy_abort | 0 | 10 | 1 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 | 1 |
+----------------------------------------------------------------+------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[child1:1413] connect (362) returned ENOSYS, marking as inactive.
[child1:1413] newfstat (108) returned ENOSYS, marking as inactive.
[child3:1415] fcntl (55) returned ENOSYS, marking as inactive.
[ 37.827565] usercopy: Kernel memory exposure attempt detected from SLUB object 'kmalloc-8' (offset 0, size 11)!
[ 37.829283] ------------[ cut here ]------------
[ 37.829284] kernel BUG at mm/usercopy.c:99!
[ 37.830689] invalid opcode: 0000 [#1]
[ 37.831348] CPU: 0 PID: 1413 Comm: trinity-c1 Not tainted 5.8.0-rc2-00002-ged66f991bb19d #1
[ 37.832774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 37.834105] EIP: usercopy_abort+0x5d/0x5f
[ 37.834890] Code: ab ce c1 b9 3d 09 ce c1 eb 0a bf 5c 2d d0 c1 b9 9e 51 cd c1 ff 75 0c ff 75 08 56 52 53 50 57 51 68 be 09 ce c1 e8 50 6a f2 ff <0f> 0b 3e 8d 74 26 00 55 89 e5 8b 00 2b 02 5d c3 3e 8d 74 26 00 55
[ 37.838004] EAX: 00000063 EBX: c1ce0930 ECX: 00000001 EDX: ffffffff
[ 37.839098] ESI: c1ce0931 EDI: c1ceab30 EBP: f6b4dc74 ESP: f6b4dc44
[ 37.840164] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010246
[ 37.841354] CR0: 80050033 CR2: 00000001 CR3: 36823000 CR4: 00000690
[ 37.842402] Call Trace:
[ 37.845304] __check_heap_object+0xbd/0xc5
[ 37.845982] __check_object_size+0xcc/0x271
[ 37.846656] kernfs_fop_read+0xfe/0x143
[ 37.847362] ? kernfs_create_link+0x77/0x77
[ 37.848116] do_loop_readv_writev+0x53/0x91
[ 37.848878] do_iter_read+0x6c/0x8e
[ 37.849504] vfs_readv+0x3f/0x54
[ 37.850044] ? iov_iter_get_pages_alloc+0xd1/0x2ea
[ 37.850967] ? sched_clock_cpu+0x17/0x100
[ 37.851672] default_file_splice_read+0x192/0x20f
[ 37.852604] ? lockdep_init_map_waits+0xb3/0x19d
[ 37.853356] ? debug_mutex_init+0x2a/0x37
[ 37.854019] do_splice_to+0x64/0x74
[ 37.854639] splice_direct_to_actor+0xde/0x1aa
[ 37.855489] ? do_splice_from+0x4f/0x4f
[ 37.856174] do_splice_direct+0x7f/0x9d
[ 37.856866] do_sendfile+0x183/0x216
[ 37.857495] __ia32_sys_sendfile+0x5f/0xa3
[ 37.858216] do_syscall_32_irqs_on+0xf7/0x106
[ 37.859048] do_int80_syscall_32+0x20/0x48
[ 37.859766] entry_INT80_32+0x109/0x109
[ 37.860447] EIP: 0x809b132
[ 37.860942] Code: Bad RIP value.
[ 37.861510] EAX: ffffffda EBX: 00000131 ECX: 000000d0 EDX: b6d01000
[ 37.862592] ESI: 00000004 EDI: 00007c6e EBP: 00000200 ESP: bfdee7b8
[ 37.863742] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292
[ 37.864910] Modules linked in: bochs_drm drm_vram_helper drm_ttm_helper ttm drm_kms_helper drm rtc_cmos drm_panel_orientation_quirks intel_agp intel_gtt agpgart evdev
[ 37.867558] ---[ end trace 17d071bed5108050 ]---
[ 37.868377] EIP: usercopy_abort+0x5d/0x5f
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 7a4462a96777b64b22412f782de226c90290bf75 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68 --
git bisect good a761b8b00c6cde8f20cdcafdfba685118f2832e3 # 13:33 G 303 0 7 7 misc: mic: cosm: cosm_debugfs: Demote function headers from kerneldoc
git bisect good a9f91cebbeb8ea1355e852cce6d40efbcddbfe2b # 14:28 G 307 0 8 8 misc: vmw_vmci_defs: Mark 'struct vmci_handle VMCI_ANON_SRC_HANDLE' as __maybe_unused
git bisect bad 8f3ce74c20f21e09644d2a584238f1453a00eb8d # 14:47 B 60 1 1 1 coresight: replicator: Reset replicator if context is lost
git bisect good f31a03b123b1f849bc0f60493edb95342f2c8e9a # 15:43 G 300 0 10 10 Documentation/driver-api: xillybus: drop doubled word
git bisect bad c4d41d00552754cc8cdd66a52da9b7c203884d49 # 16:01 B 6 1 1 1 Merge v5.8-rc6 into char-misc-next
git bisect good 3a12c2b5f38227a7104ce9f2be682059c7c93100 # 17:53 G 300 0 6 6 cxl: Change PCIBIOS_SUCCESSFUL to 0
git bisect good fadbfc38dde26d31e901c3c85cf01332cb6a2224 # 18:37 G 302 0 7 8 hpilo: Replace one-element array with flexible-array member
git bisect bad 9321f1aaf63e74ec3884347490e4ebb039f01b6e # 19:14 B 141 1 3 3 mips: Remove compiler check in unroll macro
git bisect good f23dbe18930ba992f5c8c7b31e80f40dd6716081 # 20:03 G 308 0 8 8 Merge tag 'irq-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 2a89b99f580371b86ae9bafd6cbeccd3bfab524a # 20:12 B 4 1 0 0 Merge tag 'for-5.8/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
git bisect good aa27b32b76d0b1b242d43977da0e5358da1c825f # 21:56 G 301 0 10 10 Merge tag 'for-5.8-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
git bisect good 6ec4476ac82512f09c94aff5972654b70f3772b2 # 23:40 G 303 0 10 10 Raise gcc version requirement to 4.9
git bisect good b6a1e78b96a5d7f312f08b3a470eb911ab5feec0 # 01:22 G 300 0 300 306 ALSA: usb-audio: Add implicit feedback quirk for RTX6001
git bisect bad ce69fb3b392fbfd6c255aeb0ee371652478c716f # 02:08 B 56 1 2 2 Merge tag 'kallsyms_show_value-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect bad 63960260457a02af2a6cb35d75e6bdb17299c882 # 02:28 B 10 1 1 1 bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
git bisect bad ed66f991bb19d94cae5d38f77de81f96aac7813f # 02:43 B 2 1 0 0 module: Refactor section attr into bin attribute
git bisect good 160251842cd35a75edfb0a1d76afa3eb674ff40a # 03:54 G 300 0 8 8 kallsyms: Refactor kallsyms_show_value() to take cred
# first bad commit: [ed66f991bb19d94cae5d38f77de81f96aac7813f] module: Refactor section attr into bin attribute
git bisect good 160251842cd35a75edfb0a1d76afa3eb674ff40a # 05:04 G 901 0 23 31 kallsyms: Refactor kallsyms_show_value() to take cred
# extra tests with debug options
git bisect bad ed66f991bb19d94cae5d38f77de81f96aac7813f # 05:25 B 33 1 1 2 module: Refactor section attr into bin attribute
# extra tests on head commit of linus/master
git bisect bad f37e99aca03f63aa3f2bd13ceaf769455d12c4b0 # 06:06 B 55 1 0 2 Merge tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux into master
# bad: [f37e99aca03f63aa3f2bd13ceaf769455d12c4b0] Merge tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux into master
# extra tests on linus/master
# duplicated: [f37e99aca03f63aa3f2bd13ceaf769455d12c4b0] Merge tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux into master
# extra tests on linux-next/master
# 119: [26027945c94a1dfe67ea39f676f5a31276951159] Add linux-next specific files for 20200724
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/lkp@lists.01.org
Download attachment "dmesg-quantal-vm-quantal-31:20200725024247:i386-randconfig-a004-20200724:5.8.0-rc2-00002-ged66f991bb19d:1.gz" of type "application/gzip" (24328 bytes)
Download attachment "dmesg-quantal-vm-quantal-13:20200725050017:i386-randconfig-a004-20200724:5.8.0-rc2-00001-g160251842cd35:1.gz" of type "application/gzip" (27909 bytes)
View attachment "reproduce-quantal-vm-quantal-31:20200725024247:i386-randconfig-a004-20200724:5.8.0-rc2-00002-ged66f991bb19d:1" of type "text/plain" (930 bytes)
Download attachment "7a4462a96777b64b22412f782de226c90290bf75:gcc-9:i386-randconfig-a004-20200724:EIP:usercopy_abort.xz" of type "application/x-xz" (11552 bytes)
View attachment "config-5.8.0-rc2-00002-ged66f991bb19d" of type "text/plain" (141280 bytes)
Powered by blists - more mailing lists