lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250901164203-efc4e1ca-d83c-4776-bc20-13e1088ac548@linutronix.de>
Date: Mon, 1 Sep 2025 16:59:53 +0200
From: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
To: Andreas Larsson <andreas@...sler.com>
Cc: Andy Lutomirski <luto@...nel.org>, 
	Thomas Gleixner <tglx@...utronix.de>, Vincenzo Frascino <vincenzo.frascino@....com>, 
	Arnd Bergmann <arnd@...db.de>, "David S. Miller" <davem@...emloft.net>, 
	Nagarathnam Muthusamy <nagarathnam.muthusamy@...cle.com>, Nick Alcock <nick.alcock@...cle.com>, 
	John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>, 
	John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>, linux-kernel@...r.kernel.org, sparclinux@...r.kernel.org
Subject: Re: [PATCH v2 08/13] sparc64: vdso: Switch to the generic vDSO
 library

Hi Andreas,

thanks!

On Mon, Sep 01, 2025 at 04:28:52PM +0200, Andreas Larsson wrote:
> On 2025-08-29 19:07, Thomas Weißschuh wrote:
> > What does this do?
> > 
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index e2c928de7d2c..6ae7afae948c 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -1299,6 +1299,11 @@ force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t,
> >         struct k_sigaction *action;
> >         int sig = info->si_signo;
> >  
> > +       if (unlikely(is_global_init(t)) && sig == SIGSEGV)
> > +               panic("killing init, sig=%d errno=%d code=%d addr=%d vdso=%px",
> > +                     info->si_signo, info->si_errno, info->si_code, info->si_addr,
> > +                     t->mm->context.vdso);
> > +
> >         spin_lock_irqsave(&t->sighand->siglock, flags);
> >         action = &t->sighand->action[sig-1];
> >         ignored = action->sa.sa_handler == SIG_IGN;
> 
> This (with addr=%px) results in:
> 
> [    2.073506] Run /init as init process
> [    2.076547] Kernel panic - not syncing: killing init, sig=11 errno=0 code=1 addr=0000000000000000 vdso=fff8000100384000
> [    2.076594] CPU: 7 UID: 0 PID: 1 Comm: init Not tainted 6.17.0-rc1-00010-gf63e40394cec #11 VOLUNTARY 
> [    2.076620] Call Trace:
> [    2.076632] [<0000000000436524>] dump_stack+0x8/0x18
> [    2.076660] [<00000000004291f4>] vpanic+0xdc/0x320
> [    2.076682] [<000000000042945c>] panic+0x24/0x30
> [    2.076700] [<0000000000493240>] force_sig_info_to_task+0x200/0x220
> [    2.076726] [<0000000000493720>] force_sig_fault+0x40/0x60
> [    2.076747] [<0000000000439e28>] sun4v_data_access_exception+0xa8/0x140
> [    2.076770] [<00000000004066d4>] sun4v_dacc+0x28/0x34
> [    2.077940] Press Stop-A (L1-A) from sun keyboard or send break
> [    2.077940] twice on console to return to the boot prom
> [    2.077981] ---[ end Kernel panic - not syncing: killing init, sig=11 errno=0 code=1 addr=0000000000000000 vdso=fff8000100384000 ]---

So a NULL-pointer deref. Please also try the following, to get the trapping code.

--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1299,6 +1299,14 @@ force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t,
        struct k_sigaction *action;
        int sig = info->si_signo;
 
+       if (unlikely(is_global_init(t)) && sig == SIGSEGV) {
+               struct pt_regs *regs = task_pt_regs(t);
+
+               panic("killing init, sig=%d errno=%d code=%d addr=%px vdso=%px pc=0x%lx vdsopc=0x%lx",
+                     info->si_signo, info->si_errno, info->si_code, info->si_addr,
+                     t->mm->context.vdso, regs->tpc, regs->tpc - (unsigned long)t->mm->context.vdso);
+       }
+
        spin_lock_irqsave(&t->sighand->siglock, flags);
        action = &t->sighand->action[sig-1];
        ignored = action->sa.sa_handler == SIG_IGN;


Please give me the disassembly for the address printed as "vdsopc" from
arch/sparc/vdso/vdso64.so.dbg starting from its function entrypoint.


Thomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ