|
Message-ID: <20170313211422.cxtmes35ozkwaisu@docker>
Date: Mon, 13 Mar 2017 14:14:22 -0700
From: Tycho Andersen <tycho@...ker.com>
To: PaX Team <pageexec@...email.hu>, Kees Cook <keescook@...omium.org>
Cc: kernel-hardening@...ts.openwall.com
Subject: stackleak plugin port to upstream kernel
Hi all,
I have an initial version of a port of the stackleak plugin ported to the
mainline kernel (attached), but naturally it doesn't quite work, killing init
with:
[ 0.684209] Kernel BUG at ffffffff819893e2 [verbose debug info unavailable]
[ 0.686467] invalid opcode: 0000 [#2] SMP
[ 0.688337] Modules linked in:
[ 0.691232] CPU: 3 PID: 1 Comm: init Tainted: G D 4.11.0-rc1+ #5
[ 0.693076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014
[ 0.695461] task: ffff880134af0000 task.stack: ffffc90000630000
[ 0.696736] RIP: 0010:erase_kstack+0x52/0x80
[ 0.697854] RSP: 0000:ffffc90000633f28 EFLAGS: 00010006
[ 0.699025] RAX: ffffffffffff4111 RBX: ffffffff81982a20 RCX: 0000000000633f18
[ 0.700430] RDX: 000000000000028b RSI: 0000000000000002 RDI: 0000000000000010
[ 0.701989] RBP: ffffc90000633f50 R08: 000000000001cc00 R09: 0000000000000000
[ 0.703693] R10: ffffea0004d1b780 R11: ffff880134af0000 R12: 0000000000000000
[ 0.705069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 0.706393] FS: 0000000000000000(0000) GS:ffff880139d80000(0000) knlGS:0000000000000000
[ 0.707958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.708917] CR2: 00007ffe49fb2a29 CR3: 000000013476d000 CR4: 00000000000006e0
[ 0.709946] Call Trace:
[ 0.710565] ? ret_from_fork+0x20/0x40
[ 0.711285] Code: 03 f2 48 af 67 e3 12 83 f9 10 72 0d b9 10 00 00 00 f3 48 af 67 e3 02 75 dd fc 48 83 cf 10 89 e1 29 f9 48 81 f9 00 40 00 00 72 02 <0f> 0b c1 e9 03 f3 48 ab 49 8b bb d8 08 00 00 48 81 ef 00 01 00
[ 0.713935] RIP: erase_kstack+0x52/0x80 RSP: ffffc90000633f28
The problem seems to be in the erase_kstack routine in
arch/x86/entry/entry_64.S, it seems to be looking for a series of 0xBEEFs,
which aren't found. I'm struggling to figure out where these 0xBEEFs come from:
are they part of the mainline kernel stack initialization and something has
gone totally haywire, or is this some PaX thing that I've overlooked?
Thanks!
Tycho
View attachment "0001-gcc-plugins-add-stackleak-plugin-to-zero-kernel-stac.patch" of type "text/x-diff" (23452 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.