| 1 |
xD |
| 2 |
|
| 3 |
This is really impressive, Bug has repeated in kernel 3.10 . I don't |
| 4 |
know how many possibilities exists to replay the same kernel bug, hit |
| 5 |
while emerging xz package, with two different kernels, 3.4.1 ebuild |
| 6 |
from hardened gentoo and 3.10, the latest one. Hangs in the same |
| 7 |
place. with VirtualBox and with KVM |
| 8 |
|
| 9 |
|
| 10 |
2013/7/15, Javier Juan Martínez Cabezón <tazok.id0@×××××.com>: |
| 11 |
> Hi all |
| 12 |
> |
| 13 |
> I'm with this several months and I still without knowing if it was mistake |
| 14 |
> from me while patching PaX with rsbac at hand or is a kernel bug, or it's |
| 15 |
> from VirtualBox (the behaviour is horrible, sorry): |
| 16 |
> |
| 17 |
> After the bug hits system guest gets unusable, hard reset is required, |
| 18 |
> every command executed gets segfaulted from there. |
| 19 |
> |
| 20 |
> I can reproduce it easily, using backup_all (a shell script that makes the |
| 21 |
> sec policy backup (as in this case)) or with ./configure when compiling (as |
| 22 |
> emerge does something), so emerge usually does seg fault. The EIP is always |
| 23 |
> at the same, strnlen+0x6/0x18 |
| 24 |
> |
| 25 |
> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging request |
| 26 |
> at 00001033 |
| 27 |
> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
| 28 |
> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde = |
| 29 |
> 0000000000000000 |
| 30 |
> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1] |
| 31 |
> Jul 13 22:50:02 orion kernel: |
| 32 |
> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted 3.4.0-rsbac |
| 33 |
> #9 innotek GmbH VirtualBox |
| 34 |
> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: |
| 35 |
> 0 |
| 36 |
> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18 |
| 37 |
> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: 00001033 |
| 38 |
> EDX: 0000000e |
| 39 |
> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: ce9c07f5 |
| 40 |
> ESP: c66d3b38 |
| 41 |
> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068 |
| 42 |
> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: 01415000 |
| 43 |
> CR4: 000006f0 |
| 44 |
> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000 |
| 45 |
> DR3: 00000000 |
| 46 |
> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
| 47 |
> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c |
| 48 |
> task=e738ebd0 task.ti=e738ee3c) |
| 49 |
> Jul 13 22:50:02 orion kernel: Stack: |
| 50 |
> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 ce9c0069 |
| 51 |
> ce9c0069 001a916e 000fff00 |
| 52 |
> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b c1514bcb |
| 53 |
> 000007ea ff0a0004 000fffff |
| 54 |
> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc 0004dfc6 |
| 55 |
> c66d3ba8 e702a4c0 c66d3bdc |
| 56 |
> Jul 13 22:50:02 orion kernel: Call Trace: |
| 57 |
> Jul 13 22:50:02 orion kernel: [<001a884b>] ? string.isra.1+0x25/0x8c |
| 58 |
> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257 |
| 59 |
> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25 |
| 60 |
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
| 61 |
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
| 62 |
> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e |
| 63 |
> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ? |
| 64 |
> rsbac_adf_set_attr_cap+0x680/0x9a6 |
| 65 |
> Jul 13 22:50:02 orion kernel: [<00038a00>] ? |
| 66 |
> smp_apic_timer_interrupt+0x62/0x6a |
| 67 |
> Jul 13 22:50:02 orion kernel: [<00407f91>] ? resume_userspace_sig+0x1b/0x2a |
| 68 |
> Jul 13 22:50:02 orion kernel: [<0007148e>] ? |
| 69 |
> rsbac_adf_set_attr+0x45f/0x12b3 |
| 70 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 71 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 72 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
| 73 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 74 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 75 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 76 |
> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? free_thread_xstate+0x17/0x23 |
| 77 |
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf |
| 78 |
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf |
| 79 |
> Jul 13 22:50:02 orion kernel: [<00030502>] ? x86_pmu_event_init+0x23c/0x2d1 |
| 80 |
> Jul 13 22:50:02 orion kernel: [<000e2f53>] ? do_execve_common+0x363/0x45e |
| 81 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 82 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 83 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
| 84 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 85 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 86 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 87 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 88 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 89 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 90 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 91 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
| 92 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 93 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
| 94 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 95 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 96 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 97 |
> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf |
| 98 |
> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb |
| 99 |
> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50 |
| 100 |
> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20 |
| 101 |
> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb |
| 102 |
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
| 103 |
> Jul 13 22:50:02 orion kernel: [<000290d5>] ? math_state_restore+0x96/0x96 |
| 104 |
> Jul 13 22:50:02 orion kernel: [<00010206>] ? |
| 105 |
> kvm_arch_vcpu_ioctl_run+0x79a/0xbdc |
| 106 |
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1 |
| 107 |
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
| 108 |
> Jul 13 22:50:02 orion kernel: [<0040007b>] ? pcnet32_remove_one+0x22/0xe3 |
| 109 |
> Jul 13 22:50:02 orion kernel: [<0001007b>] ? |
| 110 |
> kvm_arch_vcpu_ioctl_run+0x60f/0xbdc |
| 111 |
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1 |
| 112 |
> Jul 13 22:50:02 orion kernel: [<00010287>] ? |
| 113 |
> kvm_arch_vcpu_ioctl_run+0x81b/0xbdc |
| 114 |
> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f eb 02 |
| 115 |
> 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 f8 5f c3 89 |
| 116 |
> c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57 |
| 117 |
> 83 c9 |
| 118 |
> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 SS:ESP |
| 119 |
> 0068:c66d3b38 |
| 120 |
> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033 |
| 121 |
> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]--- |
| 122 |
> |
| 123 |
> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging request |
| 124 |
> at 000010a1 |
| 125 |
> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
| 126 |
> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde = |
| 127 |
> 0000000000000000 |
| 128 |
> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2] |
| 129 |
> Jul 13 22:59:01 orion kernel: |
| 130 |
> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: G D |
| 131 |
> 3.4.0-rsbac #9 innotek GmbH VirtualBox |
| 132 |
> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: |
| 133 |
> 0 |
| 134 |
> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18 |
| 135 |
> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: 000010a1 |
| 136 |
> EDX: 0000000e |
| 137 |
> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: ce9c0ff5 |
| 138 |
> ESP: c66cfb48 |
| 139 |
> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068 |
| 140 |
> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: 01415000 |
| 141 |
> CR4: 000006f0 |
| 142 |
> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000 |
| 143 |
> DR3: 00000000 |
| 144 |
> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
| 145 |
> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c |
| 146 |
> task=e738ebd0 task.ti=e738ee3c) |
| 147 |
> |
Archives