[gentoo-hardened] Re: probably bug in rsbac_sources

[Javier Juan Martínez Cabezón]

xD

This is really impressive, Bug has repeated in kernel 3.10 . I don't
know how many possibilities exists to replay the same kernel bug, hit
while emerging xz package, with two different kernels, 3.4.1 ebuild
from hardened gentoo and 3.10, the latest one. Hangs in the same
place. with VirtualBox and with KVM


2013/7/15, Javier Juan Martínez Cabezón <tazok....@gmail.com>:
> Hi all
>
> I'm with this several months and I still without knowing if it was mistake
> from me while patching  PaX with rsbac at hand or is a kernel bug, or it's
> from VirtualBox (the behaviour is horrible, sorry):
>
> After the bug hits system guest gets unusable, hard reset is required,
> every command executed gets segfaulted from there.
>
> I can reproduce it easily, using backup_all (a shell script that makes the
> sec policy backup (as in this case)) or with ./configure when compiling (as
> emerge does something), so emerge usually does seg fault. The EIP is always
> at the same, strnlen+0x6/0x18
>
> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging request
> at 00001033
> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde =
> 0000000000000000
> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]
> Jul 13 22:50:02 orion kernel:
> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted 3.4.0-rsbac
> #9 innotek GmbH VirtualBox
> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU:
> 0
> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18
> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: 00001033
> EDX: 0000000e
> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: ce9c07f5
> ESP: c66d3b38
> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: 01415000
> CR4: 000006f0
> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
> DR3: 00000000
> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400
> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c
> task=e738ebd0 task.ti=e738ee3c)
> Jul 13 22:50:02 orion kernel: Stack:
> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 ce9c0069
> ce9c0069 001a916e 000fff00
> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b c1514bcb
> 000007ea ff0a0004 000fffff
> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc 0004dfc6
> c66d3ba8 e702a4c0 c66d3bdc
> Jul 13 22:50:02 orion kernel: Call Trace:
> Jul 13 22:50:02 orion kernel: [<001a884b>] ? string.isra.1+0x25/0x8c
> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257
> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e
> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?
> rsbac_adf_set_attr_cap+0x680/0x9a6
> Jul 13 22:50:02 orion kernel: [<00038a00>] ?
> smp_apic_timer_interrupt+0x62/0x6a
> Jul 13 22:50:02 orion kernel: [<00407f91>] ? resume_userspace_sig+0x1b/0x2a
> Jul 13 22:50:02 orion kernel: [<0007148e>] ?
> rsbac_adf_set_attr+0x45f/0x12b3
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? free_thread_xstate+0x17/0x23
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf
> Jul 13 22:50:02 orion kernel: [<00030502>] ? x86_pmu_event_init+0x23c/0x2d1
> Jul 13 22:50:02 orion kernel: [<000e2f53>] ? do_execve_common+0x363/0x45e
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf
> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb
> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50
> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20
> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
> Jul 13 22:50:02 orion kernel: [<000290d5>] ? math_state_restore+0x96/0x96
> Jul 13 22:50:02 orion kernel: [<00010206>] ?
> kvm_arch_vcpu_ioctl_run+0x79a/0xbdc
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
> Jul 13 22:50:02 orion kernel: [<0040007b>] ? pcnet32_remove_one+0x22/0xe3
> Jul 13 22:50:02 orion kernel: [<0001007b>] ?
> kvm_arch_vcpu_ioctl_run+0x60f/0xbdc
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1
> Jul 13 22:50:02 orion kernel: [<00010287>] ?
> kvm_arch_vcpu_ioctl_run+0x81b/0xbdc
> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f eb 02
> 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 f8 5f c3 89
> c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57
> 83 c9
> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 SS:ESP
> 0068:c66d3b38
> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033
> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---
>
> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging request
> at 000010a1
> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde =
> 0000000000000000
> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]
> Jul 13 22:59:01 orion kernel:
> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: G      D
> 3.4.0-rsbac #9 innotek GmbH VirtualBox
> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU:
> 0
> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18
> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: 000010a1
> EDX: 0000000e
> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: ce9c0ff5
> ESP: c66cfb48
> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068
> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: 01415000
> CR4: 000006f0
> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000
> DR3: 00000000
> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400
> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c
> task=e738ebd0 task.ti=e738ee3c)
>