|
Message-ID: <5be58a6e.w0IbLdKsiRknTygq%lkp@intel.com> Date: Fri, 09 Nov 2018 21:23:58 +0800 From: kernel test robot <lkp@...el.com> To: Alexander Popov <alex.popov@...ux.com> Cc: LKP <lkp@...org>, kernel-hardening@...ts.openwall.com, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, Dave Hansen <dave.hansen@...ux.intel.com>, Kees Cook <keescook@...omium.org> Subject: afaef01c00 ("x86/entry: Add STACKLEAK erasing the kernel stack .."): double fault: 0000 [#1] Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master commit afaef01c001537fa97a25092d7f54d764dc7d8c1 Author: Alexander Popov <alex.popov@...ux.com> AuthorDate: Fri Aug 17 01:16:58 2018 +0300 Commit: Kees Cook <keescook@...omium.org> CommitDate: Tue Sep 4 10:35:47 2018 -0700 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls The STACKLEAK feature (initially developed by PaX Team) has the following benefits: 1. Reduces the information that can be revealed through kernel stack leak bugs. The idea of erasing the thread stack at the end of syscalls is similar to CONFIG_PAGE_POISONING and memzero_explicit() in kernel crypto, which all comply with FDP_RIP.2 (Full Residual Information Protection) of the Common Criteria standard. 2. Blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712, CVE-2010-2963). That kind of bugs should be killed by improving C compilers in future, which might take a long time. This commit introduces the code filling the used part of the kernel stack with a poison value before returning to userspace. Full STACKLEAK feature also contains the gcc plugin which comes in a separate commit. The STACKLEAK feature is ported from grsecurity/PaX. More information at: https://grsecurity.net/ https://pax.grsecurity.net/ This code is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on our understanding of the code. Changes or omissions from the original code are ours and don't reflect the original grsecurity/PaX code. Performance impact: Hardware: Intel Core i7-4770, 16 GB RAM Test #1: building the Linux kernel on a single core 0.91% slowdown Test #2: hackbench -s 4096 -l 2000 -g 15 -f 25 -P 4.2% slowdown So the STACKLEAK description in Kconfig includes: "The tradeoff is the performance impact: on a single CPU system kernel compilation sees a 1% slowdown, other systems and workloads may vary and you are advised to test this feature on your expected workload before deploying it". Signed-off-by: Alexander Popov <alex.popov@...ux.com> Acked-by: Thomas Gleixner <tglx@...utronix.de> Reviewed-by: Dave Hansen <dave.hansen@...ux.intel.com> Acked-by: Ingo Molnar <mingo@...nel.org> Signed-off-by: Kees Cook <keescook@...omium.org> 57361846b5 Linux 4.19-rc2 afaef01c00 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls 24ccea7e10 Merge tag 'xfs-4.20-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux 442b8cea24 Add linux-next specific files for 20181109 +---------------------------------------------------------------+-----------+------------+------------+---------------+ | | v4.19-rc2 | afaef01c00 | 24ccea7e10 | next-20181109 | +---------------------------------------------------------------+-----------+------------+------------+---------------+ | boot_successes | 498 | 171 | 165 | 26 | | boot_failures | 0 | 2 | 8 | 1 | | double_fault:#[##] | 0 | 2 | 8 | | | RIP:ftrace_ops_test | 0 | 2 | 8 | 1 | | WARNING:stack_recursion | 0 | 2 | 8 | 1 | | WARNING:at(____ptrval____)for_ip_syscall_return_via_sysret/0x | 0 | 2 | 8 | 1 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 2 | 8 | 1 | +---------------------------------------------------------------+-----------+------------+------------+---------------+ [main] Setsockopt(0 8 68b000 4) on fd 376 [2:1:0] [main] Setsockopt(29 1a 68b000 2f) on fd 377 [10:2:0] [main] Setsockopt(1 2c 68b000 4) on fd 379 [2:1:0] [main] Setsockopt(0 13 68b000 1) on fd 380 [10:1:0] [main] 375 sockets created based on info from socket cachefile. [ 127.808225] double fault: 0000 [#1] [ 127.808695] CPU: 0 PID: 414 Comm: trinity-main Tainted: G T 4.19.0-rc2-00001-gafaef01 #1 [ 127.809799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 127.810760] RIP: 0010:ftrace_ops_test+0x27/0xa0 [ 127.811289] Code: eb 9a 90 41 54 55 49 89 f4 53 48 89 d3 48 89 fd 48 81 ec b0 00 00 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 a8 00 00 00 31 c0 <e8> 54 df ff ff 48 85 db 74 57 e8 4a df ff ff 48 8b 85 d0 00 00 00 [ 127.813385] RSP: 0018:fffffe0000001fb8 EFLAGS: 00010046 [ 127.813991] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000800 [ 127.814802] RDX: 0000000000000000 RSI: ffffffff811c4560 RDI: ffff8800158c2d20 [ 127.815652] RBP: ffff8800158c2d20 R08: 0000000000000000 R09: 0000000000000000 [ 127.816494] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff811c4560 [ 127.817357] R13: 0000000000000000 R14: ffffffff82400160 R15: 0000000000000800 [ 127.818178] FS: 00007fac9f0de700(0000) GS:ffffffff83044000(0000) knlGS:0000000000000000 [ 127.819099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.819762] CR2: fffffe0000001fa8 CR3: 000000001579a000 CR4: 00000000000006b0 [ 127.820583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.821406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 127.822234] Call Trace: [ 127.822530] <ENTRY_TRAMPOLINE> [ 127.822914] ? __ia32_sys_rseq+0x2f0/0x2f0 [ 127.823395] ftrace_ops_list_func+0xa5/0x1b0 [ 127.823922] ftrace_call+0x5/0x34 [ 127.824318] ? stackleak_erase+0x5/0xf0 [ 127.824789] ? stackleak_erase+0x43/0xf0 [ 127.825260] stackleak_erase+0x5/0xf0 [ 127.825699] syscall_return_via_sysret+0x61/0x81 [ 127.826238] WARNING: stack recursion on stack type 4 [ 127.826243] WARNING: can't dereference registers at (____ptrval____) for ip syscall_return_via_sysret+0x61/0x81 [ 127.826246] </ENTRY_TRAMPOLINE> [ 127.828342] ---[ end trace e9f96d3f45575499 ]--- [ 127.828911] RIP: 0010:ftrace_ops_test+0x27/0xa0 # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD git bisect start 651022382c7f8da46cb4872a545ee1da6d097d2a v4.19 -- git bisect good 685f7e4f161425b137056abe35ba8ef7b669d83d # 14:15 G 167 0 0 0 Merge tag 'powerpc-4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux git bisect good 519f64bf15dccb4f64af34b74ed186c32363ab59 # 14:45 G 157 0 0 0 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux git bisect bad 63c6e188f639b5828bf744e675270bb5e2adc139 # 14:59 B 0 1 15 0 Merge tag 'riscv-for-linus-4.20-mw3' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux git bisect good 82aa4671516a3203261c835e98c3eecab10c994d # 16:03 G 158 0 0 0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net git bisect bad 34c7685a177a7bc98066f7e5daa42eef621d0bdb # 16:31 B 27 1 0 0 Merge tag 'devicetree-fixes-for-4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux git bisect bad 2d6bb6adb714b133db92ccd4bfc9c20f75f71f3f # 17:08 B 32 1 0 0 Merge tag 'stackleak-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux git bisect good 6444ccfd699cda8db5edaac7fa469d6a29aa9a47 # 18:02 G 162 0 0 0 Merge branch 'for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu git bisect good 7c6c54b505b8aea1782ce6a6e8f3b8297d179937 # 18:32 G 161 0 0 0 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux git bisect bad c8d126275a5fa59394fe17109bdb9812fed296b8 # 18:55 B 10 3 0 0 fs/proc: Show STACKLEAK metrics in the /proc file system git bisect bad 10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d # 19:15 B 13 3 0 0 gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack git bisect bad afaef01c001537fa97a25092d7f54d764dc7d8c1 # 19:33 B 15 1 0 0 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls # first bad commit: [afaef01c001537fa97a25092d7f54d764dc7d8c1] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls git bisect good 57361846b52bc686112da6ca5368d11210796804 # 20:29 G 475 0 0 0 Linux 4.19-rc2 # extra tests with debug options git bisect bad afaef01c001537fa97a25092d7f54d764dc7d8c1 # 20:47 B 44 2 0 0 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls # extra tests on HEAD of linux-devel/devel-spot-201811090824 git bisect bad 8992397c6e1a0adf719e7263a0c965fce4629b15 # 20:47 B 59 2 0 0 0day head guard for 'devel-spot-201811090824' # extra tests on tree/branch linus/master git bisect bad 24ccea7e102de8cbc93ab3befb123bbd18532be9 # 21:06 B 10 1 0 0 Merge tag 'xfs-4.20-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux # extra tests on tree/branch linux-next/master git bisect bad 442b8cea2477fa95c22f28ca982addb5bc6b0845 # 21:22 B 22 1 0 0 Add linux-next specific files for 20181109 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation Download attachment "dmesg-quantal-lkp-kboot01-43:20181109194049:x86_64-randconfig-g0-11091005:4.19.0-rc2-00001-gafaef01:1.gz" of type "application/gzip" (20088 bytes) View attachment "reproduce-quantal-lkp-kboot01-43:20181109194049:x86_64-randconfig-g0-11091005:4.19.0-rc2-00001-gafaef01:1" of type "text/plain" (912 bytes) View attachment "config-4.19.0-rc2-00001-gafaef01" of type "text/plain" (114761 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.