| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250901164203-efc4e1ca-d83c-4776-bc20-13e1088ac548@linutronix.de>
Date: Mon, 1 Sep 2025 16:59:53 +0200
From: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
To: Andreas Larsson <andreas@...sler.com>
Cc: Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, Vincenzo Frascino <vincenzo.frascino@....com>,
Arnd Bergmann <arnd@...db.de>, "David S. Miller" <davem@...emloft.net>,
Nagarathnam Muthusamy <nagarathnam.muthusamy@...cle.com>, Nick Alcock <nick.alcock@...cle.com>,
John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>,
John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>, linux-kernel@...r.kernel.org, sparclinux@...r.kernel.org
Subject: Re: [PATCH v2 08/13] sparc64: vdso: Switch to the generic vDSO
library
Hi Andreas,
thanks!
On Mon, Sep 01, 2025 at 04:28:52PM +0200, Andreas Larsson wrote:
> On 2025-08-29 19:07, Thomas Weißschuh wrote:
> > What does this do?
> >
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index e2c928de7d2c..6ae7afae948c 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -1299,6 +1299,11 @@ force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t,
> > struct k_sigaction *action;
> > int sig = info->si_signo;
> >
> > + if (unlikely(is_global_init(t)) && sig == SIGSEGV)
> > + panic("killing init, sig=%d errno=%d code=%d addr=%d vdso=%px",
> > + info->si_signo, info->si_errno, info->si_code, info->si_addr,
> > + t->mm->context.vdso);
> > +
> > spin_lock_irqsave(&t->sighand->siglock, flags);
> > action = &t->sighand->action[sig-1];
> > ignored = action->sa.sa_handler == SIG_IGN;
>
> This (with addr=%px) results in:
>
> [ 2.073506] Run /init as init process
> [ 2.076547] Kernel panic - not syncing: killing init, sig=11 errno=0 code=1 addr=0000000000000000 vdso=fff8000100384000
> [ 2.076594] CPU: 7 UID: 0 PID: 1 Comm: init Not tainted 6.17.0-rc1-00010-gf63e40394cec #11 VOLUNTARY
> [ 2.076620] Call Trace:
> [ 2.076632] [<0000000000436524>] dump_stack+0x8/0x18
> [ 2.076660] [<00000000004291f4>] vpanic+0xdc/0x320
> [ 2.076682] [<000000000042945c>] panic+0x24/0x30
> [ 2.076700] [<0000000000493240>] force_sig_info_to_task+0x200/0x220
> [ 2.076726] [<0000000000493720>] force_sig_fault+0x40/0x60
> [ 2.076747] [<0000000000439e28>] sun4v_data_access_exception+0xa8/0x140
> [ 2.076770] [<00000000004066d4>] sun4v_dacc+0x28/0x34
> [ 2.077940] Press Stop-A (L1-A) from sun keyboard or send break
> [ 2.077940] twice on console to return to the boot prom
> [ 2.077981] ---[ end Kernel panic - not syncing: killing init, sig=11 errno=0 code=1 addr=0000000000000000 vdso=fff8000100384000 ]---
So a NULL-pointer deref. Please also try the following, to get the trapping code.
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1299,6 +1299,14 @@ force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t,
struct k_sigaction *action;
int sig = info->si_signo;
+ if (unlikely(is_global_init(t)) && sig == SIGSEGV) {
+ struct pt_regs *regs = task_pt_regs(t);
+
+ panic("killing init, sig=%d errno=%d code=%d addr=%px vdso=%px pc=0x%lx vdsopc=0x%lx",
+ info->si_signo, info->si_errno, info->si_code, info->si_addr,
+ t->mm->context.vdso, regs->tpc, regs->tpc - (unsigned long)t->mm->context.vdso);
+ }
+
spin_lock_irqsave(&t->sighand->siglock, flags);
action = &t->sighand->action[sig-1];
ignored = action->sa.sa_handler == SIG_IGN;
Please give me the disassembly for the address printed as "vdsopc" from
arch/sparc/vdso/vdso64.so.dbg starting from its function entrypoint.
Thomas
Powered by blists - more mailing lists