| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhRnq81v=DYC3SC=oD2onittYTQbZqp5uoeU2MWuCh0-SA@mail.gmail.com> Date: Tue, 30 Jul 2024 11:02:47 -0400 From: Paul Moore <paul@...l-moore.com> To: KP Singh <kpsingh@...nel.org> Cc: linux-security-module@...r.kernel.org, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Narasimhan V <Narasimhan.V@....com>, lkml <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...en8.de> Subject: Re: static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init() On Tue, Jul 30, 2024 at 7:34 AM Borislav Petkov <bp@...en8.de> wrote: > > Hi, > > this is with today's linux-next: > > ... > > 09:44:13 [console-expect]#kexec -e > 09:44:13 kexec -e > 09:44:16 ^[[?2004l^M[ 0.000000] Linux version 6.11.0-rc1-next-20240730-1722324631886 (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #1 SMP PREEMPT_DYNAMIC Tue Jul 30 07:40:55 UTC 2024 > 09:44:16 [ 0.000000] ------------[ cut here ]------------ > 09:44:16 [ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/static_call_inline.c:153 __static_call_update+0x1c6/0x220 > 09:44:16 [ 0.000000] Modules linked in: > 09:44:16 [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730-1722324631886 #1 > 09:44:16 [ 0.000000] RIP: 0010:__static_call_update+0x1c6/0x220 > 09:44:16 [ 0.000000] Code: 87 5b eb d9 00 a8 01 0f 85 6c ff ff ff 4c 89 ee 48 c7 c7 e0 fb a2 8c c6 05 44 63 2b 02 01 e8 b1 00 d9 ff 0f 0b e9 4f ff ff ff <0f> 0b 48 c7 c7 40 fc 40 8d e8 dc 52 e1 00 e8 a7 23 d9 ff 48 8b 45 > 09:44:16 [ 0.000000] RSP: 0000:ffffffff8d203dd0 EFLAGS: 00010046 ORIG_RAX: 0000000000000000 > 09:44:16 [ 0.000000] RAX: 0000000000000000 RBX: ffffffff8b7e3250 RCX: 000000006690cbe9 > 09:44:16 [ 0.000000] RDX: 0000000000000000 RSI: ffffffff8dbae58c RDI: ffffffff8d2867a0 > 09:44:16 [ 0.000000] RBP: ffffffff8d203e38 R08: 00000000ff6690cb R09: 2035353a30343a37 > 09:44:16 [ 0.000000] R10: 3230322043545520 R11: 35353a30343a3730 R12: ffffffff8c17a180 > 09:44:16 [ 0.000000] R13: ffffffff8c48db10 R14: ffffffff8d4c7030 R15: 0000000000000000 > 09:44:16 [ 0.000000] FS: 0000000000000000(0000) GS:ffffffff8d69c000(0000) knlGS:0000000000000000 > 09:44:16 [ 0.000000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > 09:44:16 [ 0.000000] CR2: ff1100007047d000 CR3: 00000000745c2000 CR4: 00000000000010b0 > 09:44:16 [ 0.000000] Call Trace: > 09:44:16 [ 0.000000] <TASK> > 09:44:16 [ 0.000000] ? show_regs+0x6d/0x80 > 09:44:16 [ 0.000000] ? __warn+0x91/0x140 > 09:44:16 [ 0.000000] ? __static_call_update+0x1c6/0x220 > 09:44:16 [ 0.000000] ? report_bug+0x193/0x1a0 > 09:44:16 [ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10 > 09:44:16 [ 0.000000] ? early_fixup_exception+0xa6/0xd0 > 09:44:16 [ 0.000000] ? do_early_exception+0x27/0x70 > 09:44:16 [ 0.000000] ? __SCT__lsm_static_call_bpf_token_capable_11+0x8/0x8 > 09:44:17 [ 0.000000] ? early_idt_handler_common+0x2f/0x3a > 09:44:17 [ 0.000000] ? __SCT__lsm_static_call_bpf_token_capable_11+0x8/0x8 > 09:44:17 [ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10 > 09:44:17 [ 0.000000] ? __static_call_update+0x1c6/0x220 > 09:44:17 [ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10 > 09:44:17 [ 0.000000] ? vprintk_emit+0xb5/0x410 > 09:44:17 [ 0.000000] security_add_hooks+0xbd/0x150 > 09:44:17 [ 0.000000] lockdown_lsm_init+0x25/0x30 > 09:44:17 [ 0.000000] initialize_lsm+0x38/0x90 > 09:44:17 [ 0.000000] early_security_init+0x36/0x70 > 09:44:17 [ 0.000000] start_kernel+0x5f/0xb50 > 09:44:17 [ 0.000000] x86_64_start_reservations+0x1c/0x30 > 09:44:17 [ 0.000000] x86_64_start_kernel+0xbf/0x110 > 09:44:17 [ 0.000000] ? setup_ghcb+0x12/0x130 > 09:44:17 [ 0.000000] common_startup_64+0x13e/0x141 > 09:44:17 [ 0.000000] </TASK> > 09:44:17 [ 0.000000] ---[ end trace 0000000000000000 ]--- > 09:44:17 [ 0.000000] ------------[ cut here ]------------ > 09:44:17 [ 0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init() > 09:44:17 [ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0x99/0xb0 > 09:44:17 [ 0.000000] Modules linked in: > 09:44:17 [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G W 6.11.0-rc1-next-20240730-1722324631886 #1 > 09:44:17 [ 0.000000] Tainted: [W]=WARN > 09:44:17 [ 0.000000] RIP: 0010:static_key_enable_cpuslocked+0x99/0xb0 > 09:44:17 [ 0.000000] Code: ff ff ff ff 48 89 df e8 45 fd ff ff c7 03 01 00 00 00 eb d5 48 89 da 48 c7 c6 e0 0a 44 8c 48 c7 c7 b8 00 a3 8c e8 87 f6 d6 ff <0f> 0b eb 8e 0f 0b eb 9c 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 > 09:44:17 [ 0.000000] RSP: 0000:ffffffff8d203e10 EFLAGS: 00010086 ORIG_RAX: 0000000000000000 > 09:44:17 [ 0.000000] RAX: 0000000000000000 RBX: ffffffff8dd6aaf0 RCX: 0000000000000084 > 09:44:17 [ 0.000000] RDX: ffffffff8d349400 RSI: 00000000ffffe02c RDI: ffffffff8d203cb0 > 09:44:17 [ 0.000000] RBP: ffffffff8d203e20 R08: 000000000000007e R09: 6562616c5f706d75 > 09:44:17 [ 0.000000] R10: 6a206f74206c6c61 R11: 632065726f666562 R12: 0000000000000000 > 09:44:17 [ 0.000000] R13: ffffffff8c48db10 R14: ffffffff8cb0e2f8 R15: 0000000000000000 > 09:44:17 [ 0.000000] FS: 0000000000000000(0000) GS:ffffffff8d69c000(0000) knlGS:0000000000000000 > 09:44:17 [ 0.000000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > 09:44:17 [ 0.000000] CR2: ff1100007047d000 CR3: 00000000745c2000 CR4: 00000000000010b0 > 09:44:17 [ 0.000000] Call Trace: > 09:44:17 [ 0.000000] <TASK> > 09:44:17 [ 0.000000] ? show_regs+0x6d/0x80 > 09:44:17 [ 0.000000] ? __warn+0x91/0x140 > 09:44:17 [ 0.000000] ? static_key_enable_cpuslocked+0x99/0xb0 > 09:44:17 [ 0.000000] ? report_bug+0x193/0x1a0 > 09:44:17 [ 0.000000] ? fixup_exception+0x2b/0x340 > 09:44:17 [ 0.000000] ? early_fixup_exception+0xa6/0xd0 > 09:44:17 [ 0.000000] ? do_early_exception+0x27/0x70 > 09:44:17 [ 0.000000] ? early_idt_handler_common+0x2f/0x3a > 09:44:17 [ 0.000000] ? static_key_enable_cpuslocked+0x99/0xb0 > 09:44:17 [ 0.000000] static_key_enable+0x1f/0x30 > 09:44:17 [ 0.000000] security_add_hooks+0xce/0x150 > 09:44:17 [ 0.000000] lockdown_lsm_init+0x25/0x30 > 09:44:17 [ 0.000000] initialize_lsm+0x38/0x90 > 09:44:17 [ 0.000000] early_security_init+0x36/0x70 > 09:44:17 [ 0.000000] start_kernel+0x5f/0xb50 > 09:44:17 [ 0.000000] x86_64_start_reservations+0x1c/0x30 > 09:44:17 [ 0.000000] x86_64_start_kernel+0xbf/0x110 > 09:44:17 [ 0.000000] ? setup_ghcb+0x12/0x130 > 09:44:17 [ 0.000000] common_startup_64+0x13e/0x141 > 09:44:17 [ 0.000000] </TASK> > 09:44:17 [ 0.000000] ---[ end trace 0000000000000000 ]--- KP, please take a look at this as soon as you can (lore link below for those who aren't on the list). One obvious first thing to look at is simply moving the call to early_security_init(), but that requires some code audit to make sure it is safe and doesn't break something else. Of course, if we can do something with how we setup/use static calls that is even better. I'll take a look at it myself later today, but I'm busy with meetings for the next several hours. If we can't resolve this in the next day or two I'm going to bounce/revert the LSM static-call patchset from lsm/dev; not ideal, but we can't break linux-next. https://lore.kernel.org/linux-security-module/20240730113419.GBZqjPu6SdAt5qZKnh@fat_crate.local/ -- paul-moore.com
Powered by blists - more mailing lists