lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <779dfb7f-d690-432e-8461-b26935974ac6@roeck-us.net>
Date: Wed, 7 Aug 2024 19:13:02 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Paul Moore <paul@...l-moore.com>
Cc: KP Singh <kpsingh@...nel.org>, Nathan Chancellor <nathan@...nel.org>,
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
 bp@...en8.de, sfr@...b.auug.org.au, peterz@...radead.org
Subject: Re: [PATCH] init/main.c: Initialize early LSMs after arch code

On 8/7/24 18:18, Paul Moore wrote:
> On Wed, Aug 7, 2024 at 8:34 PM Guenter Roeck <linux@...ck-us.net> wrote:
>> On 8/7/24 16:43, Paul Moore wrote:
>>> On Wed, Aug 7, 2024 at 6:45 PM KP Singh <kpsingh@...nel.org> wrote:
>>>> On Wed, Aug 7, 2024 at 10:45 PM Paul Moore <paul@...l-moore.com> wrote:
>>>>> On Tue, Aug 6, 2024 at 5:41 PM Paul Moore <paul@...l-moore.com> wrote:
>>>>>> On Mon, Aug 5, 2024 at 10:20 PM Nathan Chancellor <nathan@...nel.org> wrote:
>>>>>
>>>>> ...
>>>>>
>>>>>>> For what it's worth, I have not noticed any issues in my -next testing
>>>>>>> with this patch applied but I only build architectures that build with
>>>>>>> LLVM due to the nature of my work. If exposure to more architectures is
>>>>>>> desirable, perhaps Guenter Roeck would not mind testing it with his
>>>>>>> matrix?
>>>>>>
>>>>>> Thanks Nathan.
>>>>>>
>>>>>> I think the additional testing would be great, KP can you please work
>>>>>> with Guenter to set this up?
>>>>>
>>>>
>>>> Adding Guenter directly to this thread.
>>>>
>>>>> Is that something you can do KP?  I'm asking because I'm looking at
>>>>> merging some other patches into lsm/dev and I need to make a decision
>>>>> about the static call patches (hold off on merging the other patches
>>>>> until the static call testing is complete, or yank the static call
>>>>> patches until testing is complete and then re-merge).  Understanding
>>>>> your ability to do the additional testing, and a rough idea of how
>>>>
>>>> I have done the best of the testing I could do here. I think we should
>>>> let this run its normal course and see if this breaks anything. I am
>>>> not sure how testing is done before patches are merged and what else
>>>> you expect me to do?
>>>
>>> That is why I was asking you to get in touch with Guenter to try and
>>> sort out what needs to be done to test this across different
>>> architectures.
>>>
>>> With all due respect, this patchset has a history of not being as
>>> tested as well as I would like; we had the compilation warning on gcc
>>> and then the linux-next breakage.  The gcc problem wasn't a major
>>> problem (although it was disappointing, especially considering the
>>> context around it), but I consider the linux-next breakage fairly
>>> serious and would like to have some assurance beyond your "it's okay,
>>> trust me" this time around.  If there really is no way to practically
>>> test this patchset across multiple arches prior to throwing it into
>>> linux-next, so be it, but I want to see at least some effort towards
>>> trying to make that happen.
>>>
>>
>> Happy to run whatever patchset there is through my testbed. Just send me
>> a pointer to it.
>>
>> Note that it should be based on mainline; linux-next is typically too broken
>> to provide any useful signals. I can handle a patchset either on top of v6.10
>> or v6.11-rc2 (meaning 6.10 passes through all my tests, and I can apply and
>> revert patches to/from 6.11-rc2 to get it to pass).
> 
> Thanks Guenter, it looks like KP already make up a branch for you to
> pull, but if you have any problems or need something different let us
> know.
> 
>> Question of course is if that really helps: I don't specifically test features
>> such as LSM or BPF.
> 
> In this particular case we are most interested in testing the LSM
> initializing code so I don't believe you need to worry much about
> LSM/BPF configuration, it's a matter of ensuring the different arches
> are able to boot without any panics/warnings/etc.
> 
> There is some Kconfig needed, KP provided a good snippet earlier in
> this thread, the relevant portion is copied below:
> 
> % cat .config | grep -i LOCKDOWN
> CONFIG_SECURITY_LOCKDOWN_LSM=y
> CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
> CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,bpf"
> 
> ... and here is the full message:
> 
> https://lore.kernel.org/linux-security-module/CACYkzJ6486mzW97LF+QrHhM9-pZt0QPWFH+oCrTmubGkJVvGhw@mail.gmail.com/
> 

I'll need to establish a baseline first to determine if the failures
are caused by newly enabled configuration options or by this patch set.
Below are just early test results.

[ Though if those are all upstream there seems to be be something seriously
   wrong with the lockdown lsm.
]

Guenter

----
arm:

[    0.000000] ------------[ cut here ]------------
[    0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0xb0/0xfc
[    0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x8' used before call to jump_label_init()
[    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
[    0.000000] Hardware name: Generic DT based system
[    0.000000] Call trace:
[    0.000000]  unwind_backtrace from show_stack+0x18/0x1c
[    0.000000]  show_stack from dump_stack_lvl+0x48/0x74
[    0.000000]  dump_stack_lvl from __warn+0x7c/0x134
[    0.000000]  __warn from warn_slowpath_fmt+0x9c/0xdc
[    0.000000]  warn_slowpath_fmt from static_key_enable_cpuslocked+0xb0/0xfc
[    0.000000]  static_key_enable_cpuslocked from security_add_hooks+0xa0/0x104
[    0.000000]  security_add_hooks from lockdown_lsm_init+0x1c/0x2c
[    0.000000]  lockdown_lsm_init from initialize_lsm+0x44/0x84
[    0.000000]  initialize_lsm from early_security_init+0x3c/0x58
[    0.000000]  early_security_init from start_kernel+0x78/0x748
[    0.000000]  start_kernel from 0x0
[    0.000000] irq event stamp: 0
[    0.000000] hardirqs last  enabled at (0): [<00000000>] 0x0
[    0.000000] hardirqs last disabled at (0): [<00000000>] 0x0
[    0.000000] softirqs last  enabled at (0): [<00000000>] 0x0
[    0.000000] softirqs last disabled at (0): [<00000000>] 0x0
[    0.000000] ---[ end trace 0000000000000000 ]---

m68k:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0xc4/0x12c
static_key_enable(): static key '0x6e5860' used before call to jump_label_init()
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-mac-00134-g679d51771510 #1
Stack from 0065df00:
         0065df00 005ff98d 005ff98d 00000000 00000009 00000009 004aa710 005ff98d
         0049f87a 005c9849 00000142 0063f5ec 004cbd3e 0049f8f8 005c9849 00000142
         0075ac3e 00000009 00000000 0065df60 00000000 00000040 00000000 00000000
         005c980c 0065df7c 0075ac3e 005c9849 00000142 00000009 005c980c 004c9f98
         006e5860 00000000 00782b50 00000000 00000000 0075b7ba 0063f5ec 00000001
         004cbd3e 0075a62e 00782b50 0075a79e 00782b50 00782b50 0049feb6 00749d4c
Call Trace: [<004aa710>] dump_stack+0xc/0x10
  [<0049f87a>] __warn+0x7e/0xb4
  [<0049f8f8>] warn_slowpath_fmt+0x48/0x66
  [<0075ac3e>] security_add_hooks+0xc4/0x12c
  [<0075ac3e>] security_add_hooks+0xc4/0x12c
  [<0075b7ba>] lockdown_lsm_init+0x16/0x1e
  [<0075a62e>] initialize_lsm+0x32/0x5c
  [<0075a79e>] early_security_init+0x30/0x38
  [<0049feb6>] _printk+0x0/0x18
  [<00749d4c>] start_kernel+0x60/0x600
  [<00748414>] _sinittext+0x414/0xae0
---[ end trace 0000000000000000 ]---

Microblaze:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0x124/0x21c
static_key_enable(): static key 'security_hook_active_locked_down_0+0x0/0x4' used before call to jump_label_init()
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
Kernel Stack:
(ptrval): c0999390 c0f4c9ec 00000000 00000000 ffffffff a589f3a9 c0984c20 00000000
(ptrval): c0c51ef8 00000009 c0984c30 00000000 00000000 c0c51ef8 00000000 c0c51ef8
(ptrval): 00000009 c0984cf8 c09bad94 00000000 00000000 c0a30c10 00000142 c0d19e10
(ptrval): c0a30bd0 c0a30c10 00000000 c0d19e10 c09bade4 00000142 00000009 c0a30bd0
(ptrval): c0a30ca0 c0f58820 c0a30bd0 c0c51f28 00000142 00000009 c0d19e10 c0a37340
(ptrval): c0c190c0 c0d1b1d0 00000000 00000000 00000000 c0a30bd0 c0a30ca0 c0f58820
(ptrval): c0d42b20 c0d35464 c0d42b38 00000000 00000000 00000000 00000000 00000000
(ptrval): 00100000 00000280 c0d196e8 c0d04ed0 00000000 c098465c 00000000 00000000
(ptrval): c0d19778 c0d19784 00000000 00000000 c0d0488c c09b8e40 c09b9b24 c0d42b20
(ptrval): c0d42b38 c0d00898 4883e4b3 00000000 c0d0088c 00000280 00000000 00000000
(ptrval): 00000000 00000000 00000000 c0984194 c09b7208 c0b125f8 c0f5d59c 00000000
(ptrval): 00000002 00000000 c00002e0 91a86e08 c0d33f7c 00000000 00000000 00000000
(ptrval): 00000000 00000000 00000000 00000000
Call Trace:
[<c0003168>] microblaze_unwind+0x64/0x80
[<c0984548>] show_stack+0x128/0x180
[<c0999330>] dump_stack_lvl+0x44/0x94
[<c099938c>] dump_stack+0xc/0x24
[<c0984c2c>] __warn+0xac/0xfc
[<c0984cf4>] warn_slowpath_fmt+0x78/0x98
[<c0d19e0c>] security_add_hooks+0x120/0x21c
[<c0d1b1cc>] lockdown_lsm_init+0x18/0x34
[<c0d196e4>] initialize_lsm+0x44/0x94
[<c0d19780>] early_security_init+0x4c/0x74
[<c0d00894>] start_kernel+0x90/0x8ac
[<c0984190>] machine_shutdown+0x1c/0x20
no locks held by swapper/0.
---[ end trace 0000000000000000 ]---

mips:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0xf8/0x1bc
static_key_enable(): static key 'security_hook_active_locked_down_0+0x0/0x4' used before call to jump_label_init()
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
Hardware name: mti,malta
Stack : 00000000 811eedd8 00000000 00000000 00000000 00000000 00000000 00000000
         00000000 00000000 00000000 00000000 00000000 00000001 81257cd8 00000000
         81257d70 00000000 00000000 00000000 00000038 80e549c4 00000000 ffffffff
         00000000 00000000 00000000 00040000 00000000 00000000 81174584 81280000
         00000000 00000142 00000000 00000000 00000000 00000000 0a0a0b0b bbe00cfc
         ...
Call Trace:
[<8010a0a8>] show_stack+0x60/0x154
[<80e731d8>] dump_stack_lvl+0xbc/0x138
[<8012f908>] __warn+0x9c/0x1f8
[<8012fc20>] warn_slowpath_fmt+0x1bc/0x1cc
[<8138a184>] security_add_hooks+0xf8/0x1bc
[<8138a5fc>] lockdown_lsm_init+0x20/0x30
[<813899e8>] initialize_lsm+0x44/0x80
[<81389be0>] early_security_init+0x50/0x6c
[<8136c82c>] start_kernel+0xa8/0x7dc
irq event stamp: 0
hardirqs last  enabled at (0): [<00000000>] 0x0
hardirqs last disabled at (0): [<00000000>] 0x0
softirqs last  enabled at (0): [<00000000>] 0x0
softirqs last disabled at (0): [<00000000>] 0x0
---[ end trace 0000000000000000 ]---

Loongarch (crash):

[    0.000000] ------------[ cut here ]------------
[    0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init()
[    0.000000] ------------[ cut here ]------------
[    0.000000] DEBUG_LOCKS_WARN_ON(early_boot_irqs_disabled)
[    0.000000] Caught reserved exception 12 on pid:0 [swapper] - should not happen
[    0.000000] do_reserved exception[#1]:
[    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2+ #1
[    0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
[    0.000000] pc 9000000004cf9334 ra 9000000004cf9334 tp 9000000006cc8000 sp 9000000006ccbc10
[    0.000000] a0 000000000000002d a1 9000000006df7830 a2 0000000000000000 a3 9000000006ccba28
[    0.000000] a4 0000000000000001 a5 0000000000000000 a6 9000000006175570 a7 0000000000000005
[    0.000000] t0 0000000000000000 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001
[    0.000000] t4 0000000000000004 t5 0000000000000094 t6 0000000000000023 t7 0000000000000030
[    0.000000] t8 ffffffff8dcb3998 u0 9000000006a45388 s9 000000000f5ea330 s0 9000000006230788
[    0.000000] s1 9000000006265c70 s2 0000000000000001 s3 0000000000000001 s4 9000000006cfaa80
[    0.000000] s5 000000000f75dad8 s6 000000000a5b0000 s7 000000000f75db30 s8 000000000eee5b18
[    0.000000]    ra: 9000000004cf9334 lockdep_hardirqs_on_prepare+0x200/0x208
[    0.000000]   ERA: 9000000004cf9334 lockdep_hardirqs_on_prepare+0x200/0x208
[    0.000000]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
[    0.000000]  PRMD: 00000000 (PPLV0 -PIE -PWE)
[    0.000000]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)
[    0.000000]  ECFG: 00070800 (LIE=11 VS=7)
[    0.000000] ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)
[    0.000000]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)
[    0.000000] Modules linked in:
[    0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))
[    0.000000] Stack : 0000000000000001 9000000006265c70 9000000006169c58 9000000004dd9ba8
[    0.000000]         9000000006ccbc70 0000000000000000 9000000006ccbc70 9000000006169c58
[    0.000000]         00000000000000b0 90000000074f08b8 9000000008616478 9000000007ad1924
[    0.000000]         0000000000000000 9000000004e95fa8 9000000006cc8000 9000000006ccbdb0
[    0.000000]         000000000000007e 9000000006df7830 0000000000000000 9000000006ccbbc8
[    0.000000]         0000000000000001 0000000000000001 90000000073f6e58 9000000006175570
[    0.000000]         0000000000000000 0000000000000000 0000000000000001 0000000000000001
[    0.000000]         0000000000000000 0000000000000092 0000000000000001 0000000000006000
[    0.000000]         ffffffff8dcb3998 9000000006a6bed8 000000000f5ea330 9000000008616478
[    0.000000]         90000000074f08b8 0000000000000001 0000000000000001 9000000006cfaa80
[    0.000000]         ...
[    0.000000] Call Trace:
[    0.000000] [<9000000004cf9334>] lockdep_hardirqs_on_prepare+0x200/0x208
[    0.000000] [<9000000004dd9ba4>] trace_hardirqs_on+0x54/0x70
[    0.000000] [<9000000006169c54>] do_reserved+0x1c/0xcc
[    0.000000] [<9000000004c52560>] handle_bp+0x120/0x1c0
[    0.000000] [<9000000004e95fa8>] static_key_enable_cpuslocked+0xdc/0xec
[    0.000000] [<9000000004e960b8>] static_key_enable+0x18/0x2c
[    0.000000] [<90000000061a9154>] security_add_hooks+0xbc/0x12c
[    0.000000] [<90000000061aa880>] lockdown_lsm_init+0x20/0x34
[    0.000000] [<90000000061a8a80>] initialize_lsm+0x3c/0x6c
[    0.000000] [<90000000061a8c34>] early_security_init+0x44/0x68
[    0.000000] [<9000000006180830>] start_kernel+0xa0/0x84c
[    0.000000] [<900000000616d0f0>] kernel_entry+0xf0/0xf8

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ