lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+icZUU1R6vmmKussGBXGBzR8We2b5mAnfWT5BCcfvYY3vk+Zw@mail.gmail.com>
Date:   Sat, 20 Aug 2022 14:05:43 +0200
From:   Sedat Dilek <sedat.dilek@...il.com>
To:     Christophe Leroy <christophe.leroy@...roup.eu>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nicolas Schier <nicolas@...sle.eu>,
        Peter Zijlstra <peterz@...radead.org>,
        "linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
        "llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
        Ard Biesheuvel <ardb@...nel.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: Build/boot problem with 7b4537199a4a (Re: [PATCH v6 02/10]
 kbuild: link symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS)

On Sat, Aug 20, 2022 at 12:04 PM Christophe Leroy
<christophe.leroy@...roup.eu> wrote:
>
> Hi,
>
> Le 13/05/2022 à 13:39, Masahiro Yamada a écrit :
> > include/{linux,asm-generic}/export.h defines a weak symbol, __crc_*
> > as a placeholder.
> >
> > Genksyms writes the version CRCs into the linker script, which will be
> > used for filling the __crc_* symbols. The linker script format depends
> > on CONFIG_MODULE_REL_CRCS. If it is enabled, __crc_* holds the offset
> > to the reference of CRC.
> >
> > It is time to get rid of this complexity.
> >
> > Now that modpost parses text files (.*.cmd) to collect all the CRCs,
> > it can generate C code that will be linked to the vmlinux or modules.
> >
> > Generate a new C file, .vmlinux.export.c, which contains the CRCs of
> > symbols exported by vmlinux. It is compiled and linked to vmlinux in
> > scripts/link-vmlinux.sh.
> >
> > Put the CRCs of symbols exported by modules into the existing *.mod.c
> > files. No additional build step is needed for modules. As before,
> > *.mod.c are compiled and linked to *.ko in scripts/Makefile.modfinal.
> >
> > No linker magic is used here. The new C implementation works in the
> > same way, whether CONFIG_RELOCATABLE is enabled or not.
> > CONFIG_MODULE_REL_CRCS is no longer needed.
> >
> > Previously, Kbuild invoked additional $(LD) to update the CRCs in
> > objects, but this step is unneeded too.
> >
> > Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> > Tested-by: Nathan Chancellor <nathan@...nel.org>
> > Tested-by: Nicolas Schier <nicolas@...sle.eu>
> > Reviewed-by: Nicolas Schier <nicolas@...sle.eu>
>
> Problem with v6.0-rc1
> Problem with v5.19
> No problem with v5.18
>
> Bisected to 7b4537199a4a ("kbuild: link symbol CRCs at final link,
> removing CONFIG_MODULE_REL_CRCS")
>

What you are looking for is...

commit 7d13fd96df875a9d786ee6dcc8fec460d35d4b12
("modpost: fix module versioning when a symbol lacks valid CRC")

It's pending in kbuild.git#fixes.

-Sedat-

[1] https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit/?h=fixes&id=7d13fd96df875a9d786ee6dcc8fec460d35d4b12
[2] https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/log/?h=fixes

> The above patch leads to the following problem building
> mpc85xx_defconfig + CONFIG_RELOCATABLE
>
>    LD      vmlinux
>    SYSMAP  System.map
>    SORTTAB vmlinux
>    CHKREL  vmlinux
> WARNING: 451 bad relocations
> c0b0f26d R_PPC_UADDR32     .head.text-0x3ff9f2bc
> c0b0f271 R_PPC_UADDR32     .head.text-0x3ffac300
> c0b0f275 R_PPC_UADDR32     .head.text-0x3ffb0bdc
> c0b0f279 R_PPC_UADDR32     .head.text-0x3fe1e080
> c0b0f27d R_PPC_UADDR32     .head.text-0x3fe1df4c
> c0b0f281 R_PPC_UADDR32     .head.text-0x3fe21514
> c0b0f285 R_PPC_UADDR32     .head.text-0x3fe211c0
> c0b0f289 R_PPC_UADDR32     .head.text-0x3ffabda0
> c0b0f28d R_PPC_UADDR32     .head.text-0x3fe21258
> c0b0f291 R_PPC_UADDR32     .head.text-0x3fe074d0
> c0b0f295 R_PPC_UADDR32     .head.text-0x3fe07ad4
> c0b0f299 R_PPC_UADDR32     .head.text-0x3fe13470
> c0b0f29d R_PPC_UADDR32     .head.text-0x3fe22700
> c0b0f2a1 R_PPC_UADDR32     .head.text-0x3ff4b8e0
> c0b0f2a5 R_PPC_UADDR32     .head.text-0x3fe08320
> c0b0f2a9 R_PPC_UADDR32     .head.text-0x3fe220dc
> c0b0f2ad R_PPC_UADDR32     .head.text-0x3fe21da0
> c0b0f2b1 R_PPC_UADDR32     .head.text-0x3ff89dc0
> c0b0f2b5 R_PPC_UADDR32     .head.text-0x3fe16524
> c0b0f2b9 R_PPC_UADDR32     .head.text-0x3fe1ef74
> c0b0f2bd R_PPC_UADDR32     .head.text-0x3ff98b84
> c0b0f2c1 R_PPC_UADDR32     .head.text-0x3fdef9a0
> c0b0f2c5 R_PPC_UADDR32     .head.text-0x3fdf21ac
> c0b0f2c9 R_PPC_UADDR32     .head.text-0x3ff993c4
> ...
> c0b0f969 R_PPC_UADDR32     .head.text-0x3ff89dc0
> c0b0f96d R_PPC_UADDR32     .head.text-0x3fe9ad40
> c0b0f971 R_PPC_UADDR32     .head.text-0x3ff2eb00
> c0b0f975 R_PPC_UADDR32     .head.text-0x3ff89dc0
>
> And boot fails:
>
> Run /init as init process
> kernel tried to execute user page (0) - exploit attempt? (uid: 0)
> BUG: Unable to handle kernel instruction fetch (NULL pointer?)
> Faulting instruction address: 0x00000000
> Oops: Kernel access of bad area, sig: 11 [#1]
> BE PAGE_SIZE=4K MPC8544 DS
> Modules linked in:
> CPU: 0 PID: 1 Comm: init Not tainted 5.18.0-rc1-00054-g7b4537199a4a #1523
> NIP:  00000000 LR: c00150e4 CTR: 00000000
> REGS: c3091e10 TRAP: 0400   Not tainted  (5.18.0-rc1-00054-g7b4537199a4a)
> MSR:  00009000 <EE,ME>  CR: 88000422  XER: 20000000
>
> GPR00: 00004000 c3091f00 c30c8000 00000000 00000013 b7bb9f4c b7bd8f60
> bfee6650
> GPR08: 00000054 00000000 c0b0f26d 00000000 c13b0000 00000000 bfee6668
> 00000000
> GPR16: 84e08000 00000000 08000000 00000064 00000000 00102000 00000001
> 00000001
> GPR24: 00000001 00000001 b7b9c7d0 10000034 00000009 b7bd8f38 b7bd9854
> b7bd8688
> NIP [00000000] 0x0
> LR [c00150e4] ret_from_syscall+0x0/0x28
> Call Trace:
> [c3091f00] [c0000af0] InstructionStorage+0x150/0x160 (unreliable)
> --- interrupt: c00 at 0xb7bb28e8
> NIP:  b7bb28e8 LR: b7bb1384 CTR: b7bb1218
> REGS: c3091f10 TRAP: 0c00   Not tainted  (5.18.0-rc1-00054-g7b4537199a4a)
> MSR:  0002d000 <CE,EE,PR,ME>  CR: 28000422  XER: 20000000
>
> GPR00: 0000002d bfee61f0 00000000 00000000 00000013 b7bb9f4c b7bd8f60
> bfee6650
> GPR08: 00000054 00000020 bfee6648 00000000 00000001 00000000 bfee6668
> 00000000
> GPR16: 84e08000 00000000 08000000 00000064 00000000 00102000 00000001
> 00000001
> GPR24: 00000001 00000001 b7b9c7d0 10000034 00000009 b7bd8f38 b7bd9854
> b7bd8688
> NIP [b7bb28e8] 0xb7bb28e8
> LR [b7bb1384] 0xb7bb1384
> --- interrupt: c00
> Instruction dump:
> XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
> XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
> ---[ end trace 0000000000000000 ]---
>
> Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>
>
>
> Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ