lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240801061441.GB2981775@thelio-3990X>
Date: Wed, 31 Jul 2024 23:14:41 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Paul Moore <paul@...l-moore.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Jason Baron <jbaron@...mai.com>, KP Singh <kpsingh@...nel.org>,
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
	bp@...en8.de, sfr@...b.auug.org.au
Subject: Re: [PATCH] init/main.c: Do jump_label_init before
 early_security_init

On Wed, Jul 31, 2024 at 10:48:06PM -0700, Nathan Chancellor wrote:
> On Wed, Jul 31, 2024 at 09:15:04PM -0400, Paul Moore wrote:
> > On Wed, Jul 31, 2024 at 5:34 PM KP Singh <kpsingh@...nel.org> wrote:
> > >
> > > LSM indirect calls being are now replaced by static calls, this requires
> > > a jumpt_table_init before early_security_init where LSM hooks and their
> > > static calls and keys are initialized.
> > >
> > > Fixes: 2732ad5ecd5b ("lsm: replace indirect LSM hook calls with static calls")
> > > Signed-off-by: KP Singh <kpsingh@...nel.org>
> > > ---
> > >  init/main.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > Does this look okay, static call folks?
> 
> For the record, I tested this patch since I noticed the warnings like
> Boris did and it appears to break booting for me with certain ARCH=arm
> configurations in QEMU.
> 
>   $ cat arch/arm/configs/repro.config
>   CONFIG_JUMP_LABEL=y
>   CONFIG_SECURITY=y
>   CONFIG_SECURITY_LOCKDOWN_LSM=y
>   CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
> 
>   $ make -skj"$(nproc)" ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- mrproper defconfig repro.config zImage
> 
>   $ qemu-system-arm \
>       -display none \
>       -nodefaults \
>       -no-reboot \
>       -machine virt \
>       -append 'console=ttyAMA0 earlycon' \
>       -kernel arch/arm/boot/zImage \
>       -initrd rootfs.cpio \
>       -m 512m \
>       -serial mon:stdio
>   <hangs with no output>
> 
> Without this patch, that same configuration works fine (with the warning
> from before):
> 
>   [    0.000000] Booting Linux on physical CPU 0x0
>   [    0.000000] Linux version 6.11.0-rc1-next-20240730 (nathan@...large-x86) (arm-linux-gnueabi-gcc (GCC) 14.1.0, GNU ld (GNU Binutils) 2.42) #1 SMP Thu Aug  1 05:44:11 UTC 2024
>   [    0.000000] ------------[ cut here ]------------
>   [    0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0xb8/0xf4
>   [    0.000000] static_key_enable_cpuslocked(): static key '0xc1fb4930' used before call to jump_label_init()
>   [    0.000000] Modules linked in:
>   [    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730 #1
>   [    0.000000] Call trace:
>   [    0.000000]  unwind_backtrace from show_stack+0x10/0x14
>   [    0.000000]  show_stack from dump_stack_lvl+0x54/0x68
>   [    0.000000]  dump_stack_lvl from __warn+0x80/0x114
>   [    0.000000]  __warn from warn_slowpath_fmt+0x124/0x18c
>   [    0.000000]  warn_slowpath_fmt from static_key_enable_cpuslocked+0xb8/0xf4
>   [    0.000000]  static_key_enable_cpuslocked from static_key_enable+0x14/0x1c
>   [    0.000000]  static_key_enable from security_add_hooks+0xc4/0xfc
>   [    0.000000]  security_add_hooks from lockdown_lsm_init+0x18/0x24
>   [    0.000000]  lockdown_lsm_init from initialize_lsm+0x44/0x7c
>   [    0.000000]  initialize_lsm from early_security_init+0x44/0x50
>   [    0.000000]  early_security_init from start_kernel+0x64/0x6bc
>   [    0.000000]  start_kernel from 0x0
>   [    0.000000] ---[ end trace 0000000000000000 ]---
> 
> I haven't tried to fire up GDB to figure out why it is exploding early
> since it is late for me but I figured I would get the report out first.
> The rootfs is available from [1] (arm-rootfs.cpio.zst, decompress it
> with zstd first); it just shuts down the machine on boot.
> 
> Cheers,
> Nathan
> 
> [1]: https://github.com/ClangBuiltLinux/boot-utils/releases/latest

Also, looking at my build logs, this patch does not appear to resolve
the static call warning I see with certain x86_64 distribution
configurations such as Fedora's (not sure if it was or not):

https://src.fedoraproject.org/rpms/kernel/raw/rawhide/f/kernel-x86_64-fedora.config

[    0.000000] Linux version 6.11.0-rc1-next-20240730-dirty (nathan@...large-x86) (x86_64-linux-gcc (GCC) 14.1.0, GNU ld (GNU Binutils) 2.42) #1 SMP PREEMPT_DYNAMIC Thu Aug  1 06:09:54 UTC 2024
[    0.000000] ------------[ cut here ]------------
[    0.000000] WARNING: CPU: 0 PID: 0 at kernel/static_call_inline.c:153 __static_call_update+0x18c/0x1f0
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730-dirty #1
[    0.000000] RIP: 0010:__static_call_update+0x18c/0x1f0
[    0.000000] Code: 80 3d b6 7b 49 02 00 0f 85 7b ff ff ff 4c 89 f6 48 c7 c7 90 3b bc 8b c6 05 9f 7b 49 02 01 e8 2b 5c da ff 0f 0b e9 5e ff ff ff <0f> 0b 48 c7 c7 40 f2 5f 8c e8 36 72 e4 00 48 8b 44 24 28 65 48 2b
[    0.000000] RSP: 0000:ffffffff8c403e28 EFLAGS: 00010046 ORIG_RAX: 0000000000000000
[    0.000000] RAX: 0000000000000000 RBX: ffffffff8b19cd60 RCX: 000000005e199be9
[    0.000000] RDX: 0000000000000000 RSI: ffffffff8d302a70 RDI: ffffffff8c472500
[    0.000000] RBP: ffffffff8c6a01a0 R08: 00000000ff5e199b R09: fffffffffffbf82b
[    0.000000] R10: 0000000000000000 R11: 0000000000013f90 R12: ffffffff8b4d0cb0
[    0.000000] R13: 0000000000000001 R14: ffffffff8a77e700 R15: 00000000000147d0
[    0.000000] FS:  0000000000000000(0000) GS:ffffffff8ce3e000(0000) knlGS:0000000000000000
[    0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.000000] CR2: ffff8880000147d0 CR3: 000000000af46000 CR4: 00000000000000b0
[    0.000000] Call Trace:
[    0.000000]  <TASK>
[    0.000000]  ? __static_call_update+0x18c/0x1f0
[    0.000000]  ? __warn.cold+0x93/0xed
[    0.000000]  ? __static_call_update+0x18c/0x1f0
[    0.000000]  ? report_bug+0xff/0x140
[    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
[    0.000000]  ? early_fixup_exception+0x5d/0xb0
[    0.000000]  ? __SCT__lsm_static_call_bpf_token_capable_7+0x8/0x8
[    0.000000]  ? early_idt_handler_common+0x2f/0x3a
[    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
[    0.000000]  ? __SCT__lsm_static_call_bpf_token_capable_7+0x8/0x8
[    0.000000]  ? __static_call_update+0x18c/0x1f0
[    0.000000]  ? __static_call_update+0x7e/0x1f0
[    0.000000]  ? sort_r+0x112/0x390
[    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
[    0.000000]  ? security_add_hooks+0xb8/0x120
[    0.000000]  ? lockdown_lsm_init+0x21/0x30
[    0.000000]  ? initialize_lsm+0x34/0x60
[    0.000000]  ? early_security_init+0x3d/0x50
[    0.000000]  ? start_kernel+0x6b/0xa00
[    0.000000]  ? x86_64_start_reservations+0x24/0x30
[    0.000000]  ? x86_64_start_kernel+0xed/0xf0
[    0.000000]  ? common_startup_64+0x13e/0x141
[    0.000000]  </TASK>
[    0.000000] ---[ end trace 0000000000000000 ]---

Seems like the same problem.

> > > diff --git a/init/main.c b/init/main.c
> > > index 206acdde51f5..5bd45af7a49e 100644
> > > --- a/init/main.c
> > > +++ b/init/main.c
> > > @@ -922,6 +922,8 @@ void start_kernel(void)
> > >         boot_cpu_init();
> > >         page_address_init();
> > >         pr_notice("%s", linux_banner);
> > > +       /* LSM and command line parameters use static keys */
> > > +       jump_label_init();
> > >         early_security_init();
> > >         setup_arch(&command_line);
> > >         setup_boot_config();
> > > @@ -933,8 +935,6 @@ void start_kernel(void)
> > >         boot_cpu_hotplug_init();
> > >
> > >         pr_notice("Kernel command line: %s\n", saved_command_line);
> > > -       /* parameters may set static keys */
> > > -       jump_label_init();
> > >         parse_early_param();
> > >         after_dashes = parse_args("Booting kernel",
> > >                                   static_command_line, __start___param,
> > > --
> > > 2.46.0.rc2.264.g509ed76dc8-goog
> > 
> > -- 
> > paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ