search

archlinuxhardened / selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux
146 stars 25 forks source link

System hang on reboot when a user is logged in #39

Closed tqre closed 4 years ago

tqre commented 4 years ago

It looks like we are affected by this: https://bugs.archlinux.org/task/67400 Patch is already on it's way in the kernel upstream: https://www.redhat.com/archives/linux-audit/2020-July/msg00144.html

Here are logs from my test VM:

[   42.042242] systemd-user-runtime-dir[598]: Successfully loaded SELinux database in 3.081ms, size on heap is 875K.
[   42.120384] BUG: kernel NULL pointer dereference, address: 0000000000000060
[   42.121387] #PF: supervisor read access in kernel mode
[   42.121387] #PF: error_code(0x0000) - not-present page
[   42.121388] PGD 0 P4D 0 
[   42.121390] Oops: 0000 [#1] PREEMPT SMP PTI
[   42.121391] CPU: 11 PID: 598 Comm: systemd-user-ru Not tainted 5.7.11.a-1-hardened #1
[   42.121394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS ?-20200516_175120-felixonmars2 04/01/2014
[   42.121397] RIP: 0010:d_path+0x52/0x180
[   42.121398] Code: 20 31 c0 48 63 44 24 04 49 8b 7c 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 89 c2 4c 01 e8 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3e 48 8b 40 48 48 85 c0 74 35 48 3b 7f 18
[   42.121399] RSP: 0018:ffffb42dc098fe10 EFLAGS: 00010282
[   42.121400] RAX: ffffa3fde88f100b RBX: ffffa3fdcb7a9860 RCX: 0000000000000000
[   42.121400] RDX: 000000000000100b RSI: ffffa3fde88f0000 RDI: 0000000000000000
[   42.121401] RBP: ffffb42dc098fe48 R08: 0000000000000002 R09: abcc77118461cefd
[   42.121401] R10: 0000000000000020 R11: 00000000fffffffe R12: ffffa3fdcb7a9ab0
[   42.121402] R13: ffffa3fde88f0000 R14: ffffa3fdcb7a9800 R15: 0000000000000000
[   42.121402] FS:  00006753dd4dd2c0(0000) GS:ffffa3fdfbcc0000(0000) knlGS:0000000000000000
[   42.121403] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.121403] CR2: 0000000000000060 CR3: 000000014b60c002 CR4: 0000000000360ee0
[   42.121405] Call Trace:
[   42.121413]  audit_log_d_path+0x7a/0xd0
[   42.121414]  audit_log_exit+0x649/0xd30
[   42.121416]  __audit_syscall_exit+0x241/0x2c0
[   42.121419]  syscall_slow_exit_work+0x134/0x160
[   42.140909]  do_syscall_64+0x8b/0x90
[   42.141384]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.142041] RIP: 0033:0x6753de4e57db
[   42.142507] Code: 73 01 c3 48 8b 0d b5 d6 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 d6 0c 00 f7 d8 64 89 01 48
[   42.145058] RSP: 002b:00007fcc9eafc948 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[   42.146135] RAX: 0000000000000000 RBX: 00006753dd4dd240 RCX: 00006753de4e57db
[   42.147160] RDX: 0000000000000000 RSI: 00000b1d3b3abf73 RDI: 0000000000000004
[   42.148144] RBP: 0000000000000004 R08: 00000b1d3b3abf60 R09: 00006753de5b3a40
[   42.149056] R10: 0000000000008060 R11: 0000000000000246 R12: 00000b1d3b3abf00
[   42.149966] R13: 0000000000000000 R14: 00000b1d3b3abf60 R15: 00000b1d3b3abf73
[   42.150944] Modules linked in: intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel qxl aesni_intel drm_ttm_helper crypto_simd ttm cryptd joydev glue_helper mousedev rapl iTCO_wdt drm_kms_helper hid_generic iTCO_vendor_support cec rc_core usbhid syscopyarea sysfillrect sysimgblt psmouse i2c_i801 input_leds pcspkr lpc_ich hid intel_agp fb_sys_fops evdev intel_gtt qemu_fw_cfg mac_hid drm agpgart ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 serio_raw virtio_balloon virtio_net atkbd virtio_rng virtio_blk net_failover virtio_console rng_core libps2 failover xhci_pci crc32c_intel xhci_hcd i8042 virtio_pci serio
[   42.158505] CR2: 0000000000000060
[   42.158943] ---[ end trace 13470698f6afd36c ]---
[   42.159548] RIP: 0010:d_path+0x52/0x180
[   42.160050] Code: 20 31 c0 48 63 44 24 04 49 8b 7c 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 89 c2 4c 01 e8 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3e 48 8b 40 48 48 85 c0 74 35 48 3b 7f 18
[   42.162455] RSP: 0018:ffffb42dc098fe10 EFLAGS: 00010282
[   42.163130] RAX: ffffa3fde88f100b RBX: ffffa3fdcb7a9860 RCX: 0000000000000000
[   42.164059] RDX: 000000000000100b RSI: ffffa3fde88f0000 RDI: 0000000000000000
[   42.164982] RBP: ffffb42dc098fe48 R08: 0000000000000002 R09: abcc77118461cefd
[   42.165901] R10: 0000000000000020 R11: 00000000fffffffe R12: ffffa3fdcb7a9ab0
[   42.166820] R13: ffffa3fde88f0000 R14: ffffa3fdcb7a9800 R15: 0000000000000000
[   42.167746] FS:  00006753dd4dd2c0(0000) GS:ffffa3fdfbcc0000(0000) knlGS:0000000000000000
[   42.168788] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.169532] CR2: 0000000000000060 CR3: 000000014b60c002 CR4: 0000000000360ee0
[   42.170456] Kernel panic - not syncing: Fatal exception
[   42.171276] Kernel Offset: 0x1c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   42.172665] ---[ end Kernel panic - not syncing: Fatal exception ]---
shammancer commented 4 years ago

@tqre: Which kernel version are you using? (NVM looks like you are using 5.7.11-hardened). I'm currently on 5.7.10 and I'm not having the issue. I also didn't have the issue on the lts kernel.

shammancer commented 4 years ago

I've upgraded to 5.7.11 non hardened and I haven't had any issues so far. Unfortunately, I haven't been able to make 5.7.11-hardened boot.

tqre commented 4 years ago

Sorry for the lack of details, I didn't go into details as this issue should go away soon(tm) anyway.

The issue occurs when a non-root user issues a reboot or shutdown command via sudo, or a non-root user is logged when a shutdown command is issued. I'm also using more recent version of pam-selinux and pambase on my own fork/develop branch: https://github.com/tqre/selinux/tree/develop

lts-kernel should not have this issue as it is a regression issue, can't say for sure though.

Just a side note: I managed to put together a minimal base-selinux package, which can be bootstrapped from ArchISO with pacstrap instead of base package. For now it needs a custom local pacman repo though. I'll try to publish a binary repo once I get some more testing done and the actual public space in a closeby Arch mirror to host it.

shammancer commented 4 years ago

Out of curiosity have you tried the default kernel package?

tqre commented 4 years ago

For me this happens with the default kernel too.

fishilico commented 4 years ago

For me, it happens with the default kernel, and result with an "OOPS" that kills the task but does not panic. I guess that sysctl kernel.panic_on_oops is the setting that triggers a panic when this issue occurs.

More precisely, here is my dmesg with linux 5.7.10-arch1-1 on the Vagrant virtual machine which is in _vagrant/, which looks very similar to the bug report https://bugs.archlinux.org/task/67400:

[   84.437406] BUG: kernel NULL pointer dereference, address: 0000000000000060
[   84.437431] #PF: supervisor read access in kernel mode
[   84.437459] #PF: error_code(0x0000) - not-present page
[   84.437473] PGD 0 P4D 0 
[   84.437483] Oops: 0000 [#1] PREEMPT SMP PTI
[   84.437494] CPU: 0 PID: 3470 Comm: systemd-user-ru Not tainted 5.7.10-arch1-1 #1
[   84.437508] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20200516_175120-felixonmars2 04/01/2014
[   84.437534] RIP: 0010:d_path+0x47/0x170
[   84.437544] Code: 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 01 f0 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3d 48 8b 40 48 48 85 c0 74 34 41 89 d0 48
[   84.437578] RSP: 0018:ffffb27240317e20 EFLAGS: 00010282
[   84.437589] RAX: ffff9ae3ee90100b RBX: ffff9ae3f55de860 RCX: 0000000000000000
[   84.437604] RDX: 000000000000100b RSI: ffff9ae3ee900000 RDI: 0000000000000000
[   84.437618] RBP: ffffb27240317e50 R08: ffff9ae3d29c1ec0 R09: ffff9ae3ee900000
[   84.437633] R10: ffffffffffffffff R11: ffff9ae3d29c1831 R12: ffff9ae3f55deab0
[   84.437648] R13: ffff9ae3fb815ca8 R14: ffff9ae3f55de800 R15: 0000000000000000
[   84.437663] FS:  00007fe6f6338140(0000) GS:ffff9ae3fdc00000(0000) knlGS:0000000000000000
[   84.437680] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.437692] CR2: 0000000000000060 CR3: 0000000073502000 CR4: 00000000000006f0
[   84.437710] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.437723] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.437736] Call Trace:
[   84.437761]  audit_log_d_path+0x75/0xd0
[   84.437776]  audit_log_exit+0x649/0xd30
[   84.437788]  __audit_syscall_exit+0x22c/0x2b0
[   84.437800]  syscall_slow_exit_work+0x134/0x160
[   84.437812]  do_syscall_64+0x86/0x90
[   84.437823]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   84.437842] RIP: 0033:0x7fe6f73407db
[   84.437855] Code: 73 01 c3 48 8b 0d b5 d6 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 d6 0c 00 f7 d8 64 89 01 48
[   84.437889] RSP: 002b:00007ffe78956998 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[   84.437907] RAX: 0000000000000000 RBX: 00007fe6f63380c0 RCX: 00007fe6f73407db
[   84.437922] RDX: 0000000000000000 RSI: 0000565314567c13 RDI: 0000000000000004
[   84.437935] RBP: 0000000000000004 R08: 0000565314567c00 R09: 00007fe6f740ea40
[   84.437948] R10: 0000000000000004 R11: 0000000000000246 R12: 0000565314567ba0
[   84.437968] R13: 0000000000000000 R14: 0000565314567c00 R15: 0000565314567c13
[   84.437984] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter bridge stp llc overlay cirrus drm_kms_helper joydev cec mousedev rc_core syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_piix4 psmouse intel_agp input_leds intel_gtt evdev mac_hid pcspkr qemu_fw_cfg drm agpgart ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 virtio_net virtio_blk net_failover virtio_balloon failover ata_generic pata_acpi serio_raw atkbd libps2 virtio_pci ata_piix uhci_hcd ehci_pci ehci_hcd floppy i8042 serio
[   84.438124] CR2: 0000000000000060
[   84.438134] ---[ end trace 7b036651f715e4c9 ]---
[   84.439294] RIP: 0010:d_path+0x47/0x170
[   84.440393] Code: 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 01 f0 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3d 48 8b 40 48 48 85 c0 74 34 41 89 d0 48
[   84.441537] RSP: 0018:ffffb27240317e20 EFLAGS: 00010282
[   84.442088] RAX: ffff9ae3ee90100b RBX: ffff9ae3f55de860 RCX: 0000000000000000
[   84.442629] RDX: 000000000000100b RSI: ffff9ae3ee900000 RDI: 0000000000000000
[   84.443174] RBP: ffffb27240317e50 R08: ffff9ae3d29c1ec0 R09: ffff9ae3ee900000
[   84.446616] R10: ffffffffffffffff R11: ffff9ae3d29c1831 R12: ffff9ae3f55deab0
[   84.447707] R13: ffff9ae3fb815ca8 R14: ffff9ae3f55de800 R15: 0000000000000000
[   84.448781] FS:  00007fe6f6338140(0000) GS:ffff9ae3fdc00000(0000) knlGS:0000000000000000
[   84.449358] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.453240] CR2: 00005623f5b3c6e8 CR3: 0000000073502000 CR4: 00000000000006f0
[   84.454446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.454971] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.456088] BUG: kernel NULL pointer dereference, address: 0000000000000060
[   84.456637] #PF: supervisor read access in kernel mode
[   84.457184] #PF: error_code(0x0000) - not-present page
[   84.457719] PGD 0 P4D 0 
[   84.458247] Oops: 0000 [#2] PREEMPT SMP PTI
[   84.458756] CPU: 0 PID: 3470 Comm: systemd-user-ru Tainted: G      D           5.7.10-arch1-1 #1
[   84.459273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20200516_175120-felixonmars2 04/01/2014
[   84.459795] RIP: 0010:d_path+0x47/0x170
[   84.460298] Code: 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 01 f0 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3d 48 8b 40 48 48 85 c0 74 34 41 89 d0 48
[   84.461418] RSP: 0000:ffffb27240317dd8 EFLAGS: 00010282
[   84.461933] RAX: ffff9ae3ee90300b RBX: ffff9ae3f55de860 RCX: 0000000000000000
[   84.462466] RDX: 000000000000100b RSI: ffff9ae3ee902000 RDI: 0000000000000000
[   84.463017] RBP: ffffb27240317e08 R08: ffff9ae3d29c0ec0 R09: ffff9ae3ee902000
[   84.463567] R10: ffffffffffffffff R11: ffff9ae3d29c0831 R12: ffff9ae3f55deab0
[   84.464146] R13: ffff9ae3fb815270 R14: ffff9ae3f55de800 R15: 0000000000000000
[   84.464677] FS:  00007fe6f6338140(0000) GS:ffff9ae3fdc00000(0000) knlGS:0000000000000000
[   84.465273] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.465872] CR2: 0000000000000060 CR3: 0000000073502000 CR4: 00000000000006f0
[   84.466435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.466986] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.467572] Call Trace:
[   84.468125]  audit_log_d_path+0x75/0xd0
[   84.468683]  audit_log_exit+0x649/0xd30
[   84.469336]  __audit_free+0x242/0x270
[   84.469882]  do_exit+0x8b2/0xab0
[   84.470410]  rewind_stack_do_exit+0x17/0x20
[   84.470959] RIP: 0033:0x7fe6f73407db
[   84.471467] Code: 73 01 c3 48 8b 0d b5 d6 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 d6 0c 00 f7 d8 64 89 01 48
[   84.472482] RSP: 002b:00007ffe78956998 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[   84.472989] RAX: 0000000000000000 RBX: 00007fe6f63380c0 RCX: 00007fe6f73407db
[   84.473496] RDX: 0000000000000000 RSI: 0000565314567c13 RDI: 0000000000000004
[   84.474004] RBP: 0000000000000004 R08: 0000565314567c00 R09: 00007fe6f740ea40
[   84.474545] R10: 0000000000000004 R11: 0000000000000246 R12: 0000565314567ba0
[   84.475055] R13: 0000000000000000 R14: 0000565314567c00 R15: 0000565314567c13
[   84.475529] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter bridge stp llc overlay cirrus drm_kms_helper joydev cec mousedev rc_core syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_piix4 psmouse intel_agp input_leds intel_gtt evdev mac_hid pcspkr qemu_fw_cfg drm agpgart ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 virtio_net virtio_blk net_failover virtio_balloon failover ata_generic pata_acpi serio_raw atkbd libps2 virtio_pci ata_piix uhci_hcd ehci_pci ehci_hcd floppy i8042 serio
[   84.478667] CR2: 0000000000000060
[   84.506589] ---[ end trace 7b036651f715e4ca ]---
[   84.507733] RIP: 0010:d_path+0x47/0x170
[   84.508834] Code: 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 c7 44 24 10 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 01 f0 48 89 44 24 08 <48> 8b 47 60 48 85 c0 74 3d 48 8b 40 48 48 85 c0 74 34 41 89 d0 48
[   84.510503] RSP: 0018:ffffb27240317e20 EFLAGS: 00010282
[   84.511613] RAX: ffff9ae3ee90100b RBX: ffff9ae3f55de860 RCX: 0000000000000000
[   84.512173] RDX: 000000000000100b RSI: ffff9ae3ee900000 RDI: 0000000000000000
[   84.512772] RBP: ffffb27240317e50 R08: ffff9ae3d29c1ec0 R09: ffff9ae3ee900000
[   84.514319] R10: ffffffffffffffff R11: ffff9ae3d29c1831 R12: ffff9ae3f55deab0
[   84.515936] R13: ffff9ae3fb815ca8 R14: ffff9ae3f55de800 R15: 0000000000000000
[   84.516539] FS:  00007fe6f6338140(0000) GS:ffff9ae3fdc00000(0000) knlGS:0000000000000000
[   84.517909] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.518477] CR2: 00007fe6258be024 CR3: 0000000073502000 CR4: 00000000000006f0
[   84.519033] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.519564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.524527] Fixing recursive fault but reboot is needed!
tqre commented 4 years ago

Along with kernel 5.8.1-arch1-1 this issue got fixed. My test machines reboot and shut down fine now.