search

lkrg-org / lkrg

Linux Kernel Runtime Guard
https://lkrg.org
Other
402 stars 72 forks source link

segfault with ibt enabled #272

Open Oipo opened 1 year ago

Oipo commented 1 year ago

Using the latest git lkrg on latest git kernel and enabling ibt on an intel 12700H:

[   45.141648] lkrg: loading out-of-tree module taints kernel.
[   45.141655] lkrg: module verification failed: signature and/or required key missing - tainting kernel
[   45.152140] traps: Missing ENDBR: kallsyms_lookup_name+0x4/0xd0
[   45.152178] ------------[ cut here ]------------
[   45.152179] kernel BUG at arch/x86/kernel/traps.c:255!
[   45.152182] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[   45.152185] CPU: 8 PID: 2004 Comm: insmod Tainted: G           OE      6.4.0-rc3+ #5
[   45.152187] Hardware name: Dell Inc. Precision 5570/0XY988, BIOS 1.12.0 03/15/2023
[   45.152188] RIP: 0010:exc_control_protection+0xc2/0xd0
[   45.152193] Code: 61 6d af ab b9 09 00 00 00 e8 7a 09 1b ff 44 89 e6 48 89 df 5b 5d 41 5c e9 4b 48 00 00 48 c7 43 50 00 00 00 00 e9 64 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
[   45.152194] RSP: 0018:ffffc291c1ffbc38 EFLAGS: 00010002
[   45.152196] RAX: 0000000000000033 RBX: ffffc291c1ffbc58 RCX: 0000000000000000
[   45.152198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   45.152199] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   45.152200] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   45.152200] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.152201] FS:  00007facb4b7f040(0000) GS:ffff9e41af400000(0000) knlGS:0000000000000000
[   45.152203] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.152204] CR2: 0000557586d31de8 CR3: 0000000111500000 CR4: 0000000000f50ee0
[   45.152205] PKRU: 55555554
[   45.152206] Call Trace:
[   45.152208]  <TASK>
[   45.152209]  asm_exc_control_protection+0x26/0x30
[   45.152213] RIP: 0010:kallsyms_lookup_name+0x4/0xd0
[   45.152216] Code: 7e 46 01 31 d2 31 ff c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <53> 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 80
[   45.152217] RSP: 0018:ffffc291c1ffbd08 EFLAGS: 00010246
[   45.152218] RAX: ffffffffaa615064 RBX: ffffc291c1ffbd10 RCX: 0000000000000000
[   45.152219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffc174ada6
[   45.152220] RBP: ffffc291c1ffbda8 R08: 0000000000000000 R09: 0000000000000000
[   45.152221] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc291c1ffbde8
[   45.152222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.152223]  ? kallsyms_lookup_name+0x4/0xd0
[   45.152229]  get_kallsyms_address+0x77/0xd0 [lkrg]
[   45.152243]  ? kallsyms_lookup_name+0x4/0xd0
[   45.152245]  ? __pfx_p_tmp_kprobe_handler+0x10/0x10 [lkrg]
[   45.152257]  ? 0xffffffffc1512000
[   45.152259]  ? __pfx_p_lkrg_register+0x10/0x10 [lkrg]
[   45.152269]  p_lkrg_register+0x2b/0xff0 [lkrg]
[   45.152279]  ? __pfx_p_lkrg_register+0x10/0x10 [lkrg]
[   45.152288]  do_one_initcall+0x83/0x210
[   45.152293]  do_init_module+0x5b/0x210
[   45.152296]  __do_sys_finit_module+0xb3/0x130
[   45.152299]  do_syscall_64+0x5c/0x90
[   45.152302]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   45.152305] RIP: 0033:0x7facb431589d
[   45.152307] Code: 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4b 05 0e 00 f7 d8 64 89 01 48
[   45.152308] RSP: 002b:00007ffc36b54788 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   45.152310] RAX: ffffffffffffffda RBX: 0000557586d2d720 RCX: 00007facb431589d
[   45.152311] RDX: 0000000000000000 RSI: 0000557586d2d2a0 RDI: 0000000000000003
[   45.152312] RBP: 0000557586d2d2a0 R08: 0000000000000000 R09: 0000557586d2fdb0
[   45.152313] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[   45.152313] R13: 0000557586d30de0 R14: 0000000000000000 R15: 0000557586d2d830
[   45.152315]  </TASK>
[   45.152316] Modules linked in: lkrg(OE+) rfcomm snd_seq_dummy snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg bnep binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi dell_rbtn snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda_mlink snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof iwlmvm snd_sof_utils snd_soc_hdac_hda snd_hda_ext_core snd_ctl_led snd_soc_acpi_intel_match snd_soc_acpi soundwire_bus snd_hda_codec_realtek dell_laptop mac80211 snd_hda_codec_generic mei_pxp mei_hdcp snd_soc_core libarc4 snd_compress intel_uncore_frequency intel_rapl_msr ac97_bus intel_uncore_frequency_common snd_pcm_dmaengine dell_wmi uvcvideo snd_hda_intel videobuf2_vmalloc snd_intel_dspcfg x86_pkg_temp_thermal uvc snd_intel_sdw_acpi videobuf2_memops btusb processor_thermal_device_pci snd_hda_codec intel_powerclamp hid_sensor_custom_intel_hinge videobuf2_v4l2 hid_sensor_als btrtl cmdlinepart
[   45.152349]  hid_sensor_trigger dell_smbios processor_thermal_device btbcm iwlwifi videodev snd_hda_core joydev spi_nor btintel industrialio_triggered_buffer dcdbas dell_wmi_sysman processor_thermal_rfim coretemp kfifo_buf btmtk rapl videobuf2_common hid_sensor_iio_common intel_cstate dell_wmi_ddv ledtrig_audio dell_wmi_descriptor firmware_attributes_class wmi_bmof bluetooth mc mtd industrialio processor_thermal_mbox snd_hwdep mei_me ucsi_acpi processor_thermal_rapl typec_ucsi mei cfg80211 intel_rapl_common typec igen6_edac snd_pcm dptf_power int3403_thermal int340x_thermal_zone intel_hid acpi_tad int3400_thermal sparse_keymap acpi_thermal_rel acpi_pad hid_multitouch input_leds serio_raw msr efi_pstore dmi_sysfs ip_tables x_tables autofs4 hid_sensor_custom hid_sensor_hub intel_ishtp_hid nvme nvme_core nvme_common hid_generic i915 crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic rtsx_pci_sdmmc ghash_clmulni_intel sha512_ssse3 aesni_intel psmouse crypto_simd cryptd thunderbolt intel_ish_ipc spi_intel_pci
[   45.152385]  rtsx_pci i2c_i801 intel_lpss_pci xhci_pci spi_intel intel_ishtp intel_lpss i2c_smbus drm_buddy xhci_pci_renesas idma64 vmd intel_gtt i2c_hid_acpi i2c_hid hid pinctrl_tigerlake
[   45.152394] ---[ end trace 0000000000000000 ]---
[   45.644454] RIP: 0010:exc_control_protection+0xc2/0xd0
[   45.644463] Code: 61 6d af ab b9 09 00 00 00 e8 7a 09 1b ff 44 89 e6 48 89 df 5b 5d 41 5c e9 4b 48 00 00 48 c7 43 50 00 00 00 00 e9 64 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
[   45.644464] RSP: 0018:ffffc291c1ffbc38 EFLAGS: 00010002
[   45.644467] RAX: 0000000000000033 RBX: ffffc291c1ffbc58 RCX: 0000000000000000
[   45.644468] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   45.644468] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   45.644469] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   45.644470] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.644470] FS:  00007facb4b7f040(0000) GS:ffff9e41af400000(0000) knlGS:0000000000000000
[   45.644472] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.644473] CR2: 0000557586d31de8 CR3: 0000000111500000 CR4: 0000000000f50ee0
[   45.644474] PKRU: 55555554
[   45.644475] note: insmod[2004] exited with irqs disabled

Disabling ibt with the kernel boot param ibt=off makes it work.

Adam-pi3 commented 1 year ago

Thanks for reporting the issue. It is similar to https://github.com/lkrg-org/lkrg/issues/183