search

GrapheneOS / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.
https://grapheneos.org/
Other
390 stars 102 forks source link

invalid opcode. list_del_entry_valid #69

Closed alexminder closed 6 years ago

alexminder commented 6 years ago

Hi,

Host system and guest system (kvm) have kernel 4.14.13.a-hardened running. config-4.14.13.a-hardened.txt

Guest system hungs from some time after start (random). The issue with guest only. I can catch Call trace with netconsole only:

[ 1301.476778] invalid opcode: 0000 [#1] SMP PTI [ 1301.477713] Modules linked in: netconsole rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc binfmt_misc iTCO_wdt iTCO_vendor_support virtio_net virtio_balloon input_leds lpc_ich i2c_i801 ghash_clmulni_intel intel_agp shpchp btrfs xor zstd_compress raid6_pq zstd_decompress xxhash dm_crypt usbhid xhci_plat_hcd ohci_pci ohci_hcd uhci_hcd usb_storage ehci_pci ehci_hcd sg ata_generic sata_nv ata_piix sd_mod qxl drm_kms_helper syscopyarea virtio_scsi ahci sysfillrect sysimgblt libahci fb_sys_fops ttm libata xhci_pci drm xhci_hcd intel_gtt led_class usbcore virtio_pci virtio_ring scsi_mod usb_common virtio agpgart [ 1301.482344] CPU: 5 PID: 6359 Comm: cc1plus Not tainted 4.14.13.a-hardened #1 [ 1301.483277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1.fc27 04/01/2014 [ 1301.484217] task: ffff925b6dd85000 task.stack: ffff998a435f8000 [ 1301.485058] RIP: 0010:list_del_entry_valid+0x81/0x90 [ 1301.485856] RSP: 0000:ffff998a435fbbf8 EFLAGS: 00010082 [ 1301.486678] RAX: 0000000000000054 RBX: 0000000000000370 RCX: 0000000000000000 [ 1301.487479] RDX: 0000000000000000 RSI: ffff925caaf56538 RDI: ffff925caaf56538 [ 1301.488280] RBP: ffff925cab1ef000 R08: 0000000000000001 R09: 0000000000000275 [ 1301.489091] R10: 0000000000000000 R11: 0000000000000275 R12: 0000000000000010 [ 1301.489880] R13: ffffc6278121ffc0 R14: 000000000000000a R15: ffffc62781200020 [ 1301.490654] FS: 00006882752cec80(0000) GS:ffff925caaf40000(0000) knlGS:0000000000000000 [ 1301.491418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1301.492168] CR2: 000068826d590000 CR3: 000000006ea76003 CR4: 00000000001606e0 [ 1301.492920] Call Trace: [ 1301.493703] __rmqueue+0xbd/0x570 [ 1301.494410] get_page_from_freelist+0xabb/0xbd0 [ 1301.495151] alloc_pages_nodemask+0x103/0x260 [ 1301.495827] alloc_pages_vma+0x7c/0x1c0 [ 1301.496478] handle_mm_fault+0xc40/0x1000 [ 1301.497106] handle_mm_fault+0xe4/0x190 [ 1301.497735] do_page_fault+0x1b4/0x400 [ 1301.498333] ? async_page_fault+0x36/0x60 [ 1301.498958] async_page_fault+0x4c/0x60 [ 1301.499549] RIP: 0033:0xeb5f1a [ 1301.500124] RSP: 002b:00007d8bc25e07d0 EFLAGS: 00010202 [ 1301.500126] Code: f0 43 d8 87 e8 7c 01 c6 ff 0f 0b 48 89 fe 48 c7 c7 28 44 d8 87 e8 6b 01 c6 ff 0f 0b 48 89 fe 48 c7 c7 68 44 d8 87 e8 5a 01 c6 ff <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 d2 41 55 41 [ 1301.501886] RIP: __list_del_entry_valid+0x81/0x90 RSP: ffff998a435fbbf8 [ 1301.502498] ---[ end trace c922977208e3b2e0 ]---

thestinger commented 6 years ago

Try again with 4.14.14.a in case it's an upstream issue they fixed from 4.14.13 -> 4.14.14.

alexminder commented 6 years ago

Ok, thank you for info. I will try 4.14.14, but now I compiled kernel with CONFIG_PAGE_SANITIZE=n, CONFIG_SLAB_SANITIZE=n, CONFIG_GCC_PLUGIN_STRUCTLEAK=n, CONFIG_GCC_PLUGIN_RANDSTRUCT=n and got another error.

[ 3782.416957] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [ 3782.417035] IP: prepend_path+0xb6/0x2d0 [ 3782.417059] PGD 0 P4D 0 [ 3782.417081] Oops: 0000 [#1] SMP PTI
[ 3782.417102] Modules linked in: netconsole rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc binfmt_misc iTCO_wdt iTCO_vendor_support virtio_net virtio_balloon input_leds ghash_clmulni_intel intel_agp i2c_i801 shpchp lpc_ich btrfs xor zstd_compress raid6_pq zstd_decompress xxhash dm_crypt usbhid xhci_plat_hcd ohci_pci ohci_hcd uhci_hcd usb_storage ehci_pci ehci_hcd sg ata_generic sata_nv ata_piix qxl sd_mod drm_kms_helper syscopyarea sysfillrect sysimgblt ahci fb_sys_fops libahci xhci_pci virtio_scsi xhci_hcd ttm libata led_class virtio_pci virtio_ring drm usbcore virtio scsi_mod intel_gtt usb_common agpgart
[ 3782.417447] CPU: 0 PID: 29220 Comm: mconf Not tainted 4.14.13.a-hardened #1
[ 3782.417484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1.fc27 04/01/2014
[ 3782.417526] task: ffff8ae31ceb6000 task.stack: ffffb4650a564000
[ 3782.417558] RIP: 0010:prepend_path+0xb6/0x2d0
[ 3782.417572] RSP: 0000:ffffb4650a567b00 EFLAGS: 00010203
[ 3782.417618] RAX: ffff8ae3643efaf0 RBX: ffffb4650a567b80 RCX: ffff8ae331d93007
[ 3782.417637] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffb4650a567b28
[ 3782.417656] RBP: ffffb4650a567b78 R08: 0000000000000000 R09: ffff8ae1f14426e0
[ 3782.417675] R10: ffffe1740684cf80 R11: ffff8ae1f144208f R12: ffffb4650a567b74
[ 3782.417694] R13: 0000000000000000 R14: ffff8ae361d739e0 R15: ffff8ae361d739c0
[ 3782.417727] FS: 00006a815b07bb40(0000) GS:ffff8ae36ae00000(0000) knlGS:0000000000000000
[ 3782.417780] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3782.417813] CR2: 0000000000000018 CR3: 0000000182c42002 CR4: 00000000001606f0 [ 3782.417857] Call Trace: [ 3782.418112] ? d_path+0xde/0x130 [ 3782.418149] ? audit_log_d_path+0x55/0xc0 [ 3782.418161] ? audit_log_d_path_exe+0x32/0x50 [ 3782.418173] ? audit_log_task+0xd7/0x100 [ 3782.418184] ? audit_core_dumps+0x3b/0x60 [ 3782.418215] ? do_coredump+0x81/0xf80 [ 3782.418230] ? get_signal+0x27d/0x5e0 [ 3782.418243] ? do_signal+0x36/0x610 [ 3782.418254] ? force_sig_info+0xc7/0xe0 [ 3782.418267] ? force_sig_info_fault+0x92/0xf0 [ 3782.418283] ? bad_area_nosemaphore+0x160/0x1a0 [ 3782.418298] ? do_page_fault+0x353/0x400 [ 3782.418310] ? exit_to_usermode_loop+0x71/0xb0 [ 3782.418326] ? async_page_fault+0x36/0x60 [ 3782.418341] ? prepare_exit_to_usermode+0x50/0x60 [ 3782.418357] ? retint_user+0x8/0x8 [ 3782.418369] Code: 00 01 9d 89 0c 24 83 e1 01 0f 85 d9 00 00 00 8b 04 24 83 e0 01 89 44 24 04 48 8b 43 08 48 39 c2 74 40 49 3b 16 0f 84 cf 00 00 00 <4c> 8b 6a 18 4c 39 ea 0f 84 db 00 00 00 48 8d 74 24 24 48 83 c2 [ 3782.418451] RIP: prepend_path+0xb6/0x2d0 RSP: ffffb4650a567b00 [ 3782.418486] CR2: 0000000000000018 [ 3782.419078] ---[ end trace 352a1d4fe466190f ]--- [ 3782.420967] BUG: unable to handle kernel NULL pointer dereference at (null) [ 3782.421572] IP: __block_write_begin_int+0x2b9/0x5b0

alexminder commented 6 years ago

I had compile upstream 4.14.14 kernel without linux-hardened patch and got original bug:

[ 8204.339820] invalid opcode: 0000 [#1] SMP PTI [ 8204.341308] Modules linked in: netconsole rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc binfmt_misc virtio_balloon virtio_net iTCO_wdt iTCO_vendor_support shpchp i2c_i801 lpc_ich input_leds intel_agp ghash_clmulni_intel btrfs xor zstd_compress raid6_pq zstd_decompress xxhash dm_crypt usbhid xhci_plat_hcd ohci_pci ohci_hcd uhci_hcd usb_storage ehci_pci ehci_hcd sg ata_generic sata_nv ata_piix sd_mod ahci libahci virtio_scsi xhci_pci xhci_hcd qxl libata drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops intel_gtt led_class scsi_mod ttm usbcore virtio_pci drm usb_common virtio_ring virtio agpgart [ 8204.347292] CPU: 1 PID: 8022 Comm: cc1plus Not tainted 4.14.14-gentoo #1 [ 8204.348022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1.fc27 04/01/2014 [ 8204.348676] task: ffff8c39fa703000 task.stack: ffffa0d3c1860000 [ 8204.349536] RIP: 0010:__list_del_entry_valid+0x81/0x90 [ 8204.350551] RSP: 0000:ffffa0d3c1863bf8 EFLAGS: 00010082 [ 8204.351494] RAX: 0000000000000054 RBX: 0000000000000370 RCX: 0000000000000000 [ 8204.352628] RDX: 0000000000000000 RSI: ffff8c3a2ae56538 RDI: ffff8c3a2ae56538 [ 8204.353508] RBP: ffff8c3a2b1ef000 R08: 0000000000000001 R09: 000000000000027c [ 8204.354488] R10: 0000000000000000 R11: 000000000000027c R12: 0000000000000010 [ 8204.355496] R13: ffffc64600c1ffc0 R14: 000000000000000a R15: ffffc64600c00020 [ 8204.356861] FS: 00007f39fb626400(0000) GS:ffff8c3a2ae40000(0000) knlGS:0000000000000000 [ 8204.357862] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8204.358893] CR2: 00007f39f9120000 CR3: 0000000035f58001 CR4: 00000000001606e0 [ 8204.359869] Call Trace: [ 8204.360812] ? rmqueue+0xbd/0x570 [ 8204.361434] ? current_time+0x3b/0x70 [ 8204.362068] ? get_page_from_freelist+0xac9/0xbd0 [ 8204.362694] ? alloc_pages_nodemask+0x103/0x260 [ 8204.363302] ? alloc_pages_vma+0x7c/0x1c0 [ 8204.363908] ? handle_mm_fault+0xc46/0x1000 [ 8204.364534] ? handle_mm_fault+0xe7/0x190 [ 8204.365326] ? do_page_fault+0x1c0/0x410 [ 8204.366371] ? async_page_fault+0x36/0x60 [ 8204.367075] ? async_page_fault+0x4c/0x60 [ 8204.367773] Code: a8 47 d8 86 e8 0f 0f c5 ff 0f 0b 48 89 fe 48 c7 c7 e0 47 d8 86 e8 fe 0e c5 ff 0f 0b 48 89 fe 48 c7 c7 20 48 d8 86 e8 ed 0e c5 ff <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 d2 41 55 41 [ 8204.369059] RIP: __list_del_entry_valid+0x81/0x90 RSP: ffffa0d3c1863bf8 [ 8204.369715] ---[ end trace 72be4cd0d441c6bf ]---

thestinger commented 6 years ago

So that last traceback is without linux-hardened? You should report it upstream then, there's not much that I can do about it.