Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] probably bug in rsbac_sources
Date: Mon, 15 Jul 2013 00:59:52
Message-Id: CAD98N_Eu1vAD8yhJ4=D+56cYNNGJ==Ew+timHbUY+J0hM9K4hQ@mail.gmail.com
1 Hi all
2
3 I'm with this several months and I still without knowing if it was mistake
4 from me while patching PaX with rsbac at hand or is a kernel bug, or it's
5 from VirtualBox (the behaviour is horrible, sorry):
6
7 After the bug hits system guest gets unusable, hard reset is required,
8 every command executed gets segfaulted from there.
9
10 I can reproduce it easily, using backup_all (a shell script that makes the
11 sec policy backup (as in this case)) or with ./configure when compiling (as
12 emerge does something), so emerge usually does seg fault. The EIP is always
13 at the same, strnlen+0x6/0x18
14
15 Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging request
16 at 00001033
17 Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
18 Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde =
19 0000000000000000
20 Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]
21 Jul 13 22:50:02 orion kernel:
22 Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted 3.4.0-rsbac
23 #9 innotek GmbH VirtualBox
24 Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: 0
25 Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18
26 Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: 00001033
27 EDX: 0000000e
28 Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: ce9c07f5
29 ESP: c66d3b38
30 Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
31 Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: 01415000
32 CR4: 000006f0
33 Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
34 DR3: 00000000
35 Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400
36 Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c
37 task=e738ebd0 task.ti=e738ee3c)
38 Jul 13 22:50:02 orion kernel: Stack:
39 Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 ce9c0069
40 ce9c0069 001a916e 000fff00
41 Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b c1514bcb
42 000007ea ff0a0004 000fffff
43 Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc 0004dfc6
44 c66d3ba8 e702a4c0 c66d3bdc
45 Jul 13 22:50:02 orion kernel: Call Trace:
46 Jul 13 22:50:02 orion kernel: [<001a884b>] ? string.isra.1+0x25/0x8c
47 Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257
48 Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25
49 Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
50 Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
51 Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e
52 Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?
53 rsbac_adf_set_attr_cap+0x680/0x9a6
54 Jul 13 22:50:02 orion kernel: [<00038a00>] ?
55 smp_apic_timer_interrupt+0x62/0x6a
56 Jul 13 22:50:02 orion kernel: [<00407f91>] ? resume_userspace_sig+0x1b/0x2a
57 Jul 13 22:50:02 orion kernel: [<0007148e>] ? rsbac_adf_set_attr+0x45f/0x12b3
58 Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
59 Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
60 Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
61 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
62 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
63 Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
64 Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? free_thread_xstate+0x17/0x23
65 Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
66 Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
67 Jul 13 22:50:02 orion kernel: [<00030502>] ? x86_pmu_event_init+0x23c/0x2d1
68 Jul 13 22:50:02 orion kernel: [<000e2f53>] ? do_execve_common+0x363/0x45e
69 Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
70 Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
71 Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
72 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
73 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
74 Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
75 Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
76 Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
77 Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
78 Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
79 Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
80 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
81 Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
82 Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
83 Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
84 Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
85 Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf
86 Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb
87 Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50
88 Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20
89 Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb
90 Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
91 Jul 13 22:50:02 orion kernel: [<000290d5>] ? math_state_restore+0x96/0x96
92 Jul 13 22:50:02 orion kernel: [<00010206>] ?
93 kvm_arch_vcpu_ioctl_run+0x79a/0xbdc
94 Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
95 Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
96 Jul 13 22:50:02 orion kernel: [<0040007b>] ? pcnet32_remove_one+0x22/0xe3
97 Jul 13 22:50:02 orion kernel: [<0001007b>] ?
98 kvm_arch_vcpu_ioctl_run+0x60f/0xbdc
99 Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
100 Jul 13 22:50:02 orion kernel: [<00010287>] ?
101 kvm_arch_vcpu_ioctl_run+0x81b/0xbdc
102 Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f eb 02
103 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 f8 5f c3 89
104 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57
105 83 c9
106 Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 SS:ESP
107 0068:c66d3b38
108 Jul 13 22:50:02 orion kernel: CR2: 0000000000001033
109 Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---
110
111 Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging request
112 at 000010a1
113 Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
114 Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde =
115 0000000000000000
116 Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]
117 Jul 13 22:59:01 orion kernel:
118 Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: G D
119 3.4.0-rsbac #9 innotek GmbH VirtualBox
120 Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: 0
121 Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18
122 Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: 000010a1
123 EDX: 0000000e
124 Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: ce9c0ff5
125 ESP: c66cfb48
126 Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
127 Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: 01415000
128 CR4: 000006f0
129 Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
130 DR3: 00000000
131 Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400
132 Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c
133 task=e738ebd0 task.ti=e738ee3c)

Replies

Subject Author
[gentoo-hardened] Re: probably bug in rsbac_sources "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
[gentoo-hardened] Re: probably bug in rsbac_sources "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
Report Message
Find on MARC Find on Google Groups