| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240801061441.GB2981775@thelio-3990X>
Date: Wed, 31 Jul 2024 23:14:41 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Paul Moore <paul@...l-moore.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Jason Baron <jbaron@...mai.com>, KP Singh <kpsingh@...nel.org>,
linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
bp@...en8.de, sfr@...b.auug.org.au
Subject: Re: [PATCH] init/main.c: Do jump_label_init before
early_security_init
On Wed, Jul 31, 2024 at 10:48:06PM -0700, Nathan Chancellor wrote:
> On Wed, Jul 31, 2024 at 09:15:04PM -0400, Paul Moore wrote:
> > On Wed, Jul 31, 2024 at 5:34 PM KP Singh <kpsingh@...nel.org> wrote:
> > >
> > > LSM indirect calls being are now replaced by static calls, this requires
> > > a jumpt_table_init before early_security_init where LSM hooks and their
> > > static calls and keys are initialized.
> > >
> > > Fixes: 2732ad5ecd5b ("lsm: replace indirect LSM hook calls with static calls")
> > > Signed-off-by: KP Singh <kpsingh@...nel.org>
> > > ---
> > > init/main.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > Does this look okay, static call folks?
>
> For the record, I tested this patch since I noticed the warnings like
> Boris did and it appears to break booting for me with certain ARCH=arm
> configurations in QEMU.
>
> $ cat arch/arm/configs/repro.config
> CONFIG_JUMP_LABEL=y
> CONFIG_SECURITY=y
> CONFIG_SECURITY_LOCKDOWN_LSM=y
> CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
>
> $ make -skj"$(nproc)" ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- mrproper defconfig repro.config zImage
>
> $ qemu-system-arm \
> -display none \
> -nodefaults \
> -no-reboot \
> -machine virt \
> -append 'console=ttyAMA0 earlycon' \
> -kernel arch/arm/boot/zImage \
> -initrd rootfs.cpio \
> -m 512m \
> -serial mon:stdio
> <hangs with no output>
>
> Without this patch, that same configuration works fine (with the warning
> from before):
>
> [ 0.000000] Booting Linux on physical CPU 0x0
> [ 0.000000] Linux version 6.11.0-rc1-next-20240730 (nathan@...large-x86) (arm-linux-gnueabi-gcc (GCC) 14.1.0, GNU ld (GNU Binutils) 2.42) #1 SMP Thu Aug 1 05:44:11 UTC 2024
> [ 0.000000] ------------[ cut here ]------------
> [ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0xb8/0xf4
> [ 0.000000] static_key_enable_cpuslocked(): static key '0xc1fb4930' used before call to jump_label_init()
> [ 0.000000] Modules linked in:
> [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730 #1
> [ 0.000000] Call trace:
> [ 0.000000] unwind_backtrace from show_stack+0x10/0x14
> [ 0.000000] show_stack from dump_stack_lvl+0x54/0x68
> [ 0.000000] dump_stack_lvl from __warn+0x80/0x114
> [ 0.000000] __warn from warn_slowpath_fmt+0x124/0x18c
> [ 0.000000] warn_slowpath_fmt from static_key_enable_cpuslocked+0xb8/0xf4
> [ 0.000000] static_key_enable_cpuslocked from static_key_enable+0x14/0x1c
> [ 0.000000] static_key_enable from security_add_hooks+0xc4/0xfc
> [ 0.000000] security_add_hooks from lockdown_lsm_init+0x18/0x24
> [ 0.000000] lockdown_lsm_init from initialize_lsm+0x44/0x7c
> [ 0.000000] initialize_lsm from early_security_init+0x44/0x50
> [ 0.000000] early_security_init from start_kernel+0x64/0x6bc
> [ 0.000000] start_kernel from 0x0
> [ 0.000000] ---[ end trace 0000000000000000 ]---
>
> I haven't tried to fire up GDB to figure out why it is exploding early
> since it is late for me but I figured I would get the report out first.
> The rootfs is available from [1] (arm-rootfs.cpio.zst, decompress it
> with zstd first); it just shuts down the machine on boot.
>
> Cheers,
> Nathan
>
> [1]: https://github.com/ClangBuiltLinux/boot-utils/releases/latest
Also, looking at my build logs, this patch does not appear to resolve
the static call warning I see with certain x86_64 distribution
configurations such as Fedora's (not sure if it was or not):
https://src.fedoraproject.org/rpms/kernel/raw/rawhide/f/kernel-x86_64-fedora.config
[ 0.000000] Linux version 6.11.0-rc1-next-20240730-dirty (nathan@...large-x86) (x86_64-linux-gcc (GCC) 14.1.0, GNU ld (GNU Binutils) 2.42) #1 SMP PREEMPT_DYNAMIC Thu Aug 1 06:09:54 UTC 2024
[ 0.000000] ------------[ cut here ]------------
[ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/static_call_inline.c:153 __static_call_update+0x18c/0x1f0
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730-dirty #1
[ 0.000000] RIP: 0010:__static_call_update+0x18c/0x1f0
[ 0.000000] Code: 80 3d b6 7b 49 02 00 0f 85 7b ff ff ff 4c 89 f6 48 c7 c7 90 3b bc 8b c6 05 9f 7b 49 02 01 e8 2b 5c da ff 0f 0b e9 5e ff ff ff <0f> 0b 48 c7 c7 40 f2 5f 8c e8 36 72 e4 00 48 8b 44 24 28 65 48 2b
[ 0.000000] RSP: 0000:ffffffff8c403e28 EFLAGS: 00010046 ORIG_RAX: 0000000000000000
[ 0.000000] RAX: 0000000000000000 RBX: ffffffff8b19cd60 RCX: 000000005e199be9
[ 0.000000] RDX: 0000000000000000 RSI: ffffffff8d302a70 RDI: ffffffff8c472500
[ 0.000000] RBP: ffffffff8c6a01a0 R08: 00000000ff5e199b R09: fffffffffffbf82b
[ 0.000000] R10: 0000000000000000 R11: 0000000000013f90 R12: ffffffff8b4d0cb0
[ 0.000000] R13: 0000000000000001 R14: ffffffff8a77e700 R15: 00000000000147d0
[ 0.000000] FS: 0000000000000000(0000) GS:ffffffff8ce3e000(0000) knlGS:0000000000000000
[ 0.000000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.000000] CR2: ffff8880000147d0 CR3: 000000000af46000 CR4: 00000000000000b0
[ 0.000000] Call Trace:
[ 0.000000] <TASK>
[ 0.000000] ? __static_call_update+0x18c/0x1f0
[ 0.000000] ? __warn.cold+0x93/0xed
[ 0.000000] ? __static_call_update+0x18c/0x1f0
[ 0.000000] ? report_bug+0xff/0x140
[ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10
[ 0.000000] ? early_fixup_exception+0x5d/0xb0
[ 0.000000] ? __SCT__lsm_static_call_bpf_token_capable_7+0x8/0x8
[ 0.000000] ? early_idt_handler_common+0x2f/0x3a
[ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10
[ 0.000000] ? __SCT__lsm_static_call_bpf_token_capable_7+0x8/0x8
[ 0.000000] ? __static_call_update+0x18c/0x1f0
[ 0.000000] ? __static_call_update+0x7e/0x1f0
[ 0.000000] ? sort_r+0x112/0x390
[ 0.000000] ? __pfx_lockdown_is_locked_down+0x10/0x10
[ 0.000000] ? security_add_hooks+0xb8/0x120
[ 0.000000] ? lockdown_lsm_init+0x21/0x30
[ 0.000000] ? initialize_lsm+0x34/0x60
[ 0.000000] ? early_security_init+0x3d/0x50
[ 0.000000] ? start_kernel+0x6b/0xa00
[ 0.000000] ? x86_64_start_reservations+0x24/0x30
[ 0.000000] ? x86_64_start_kernel+0xed/0xf0
[ 0.000000] ? common_startup_64+0x13e/0x141
[ 0.000000] </TASK>
[ 0.000000] ---[ end trace 0000000000000000 ]---
Seems like the same problem.
> > > diff --git a/init/main.c b/init/main.c
> > > index 206acdde51f5..5bd45af7a49e 100644
> > > --- a/init/main.c
> > > +++ b/init/main.c
> > > @@ -922,6 +922,8 @@ void start_kernel(void)
> > > boot_cpu_init();
> > > page_address_init();
> > > pr_notice("%s", linux_banner);
> > > + /* LSM and command line parameters use static keys */
> > > + jump_label_init();
> > > early_security_init();
> > > setup_arch(&command_line);
> > > setup_boot_config();
> > > @@ -933,8 +935,6 @@ void start_kernel(void)
> > > boot_cpu_hotplug_init();
> > >
> > > pr_notice("Kernel command line: %s\n", saved_command_line);
> > > - /* parameters may set static keys */
> > > - jump_label_init();
> > > parse_early_param();
> > > after_dashes = parse_args("Booting kernel",
> > > static_command_line, __start___param,
> > > --
> > > 2.46.0.rc2.264.g509ed76dc8-goog
> >
> > --
> > paul-moore.com
Powered by blists - more mailing lists