Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <e48553d7-62e0-4ef5-be2d-d2c9bd43f01c@riseup.net>
Date: Fri, 17 Jan 2020 13:32:50 +0000
From: Patrick Schleizer <adrelanos@...eup.net>
To: lkrg-users@...ts.openwall.com
Subject: ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg] - was: LIST HASH IS DIFFERENT -
 nf_nat / nf_conntrack Linux version 5.3.0-0

Hello,

I would like to "update" my previous bug report "LIST HASH IS DIFFERENT
- nf_nat / nf_conntrack Linux version 5.3.0-0". Either upgrading the
Linux kernel and/or LKRG as per git master fixed that very issue.

Qubes, Debian buster

cat /proc/version
Linux version 5.4.0-0.bpo.2-amd64 (debian-kernel@...ts.debian.org) (gcc
version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 5.4.8-1~bpo10+1 (2020-01-07)

cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-5.4.0-0.bpo.2-amd64 root=/dev/xvda3 ro
root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume
xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0
swiotlb=8192 noresume debug=vc random.trust_cpu=off intel_iommu=on
amd_iommu=on slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1
mce=0 pti=on mds=full,nosmt vsyscall=none page_alloc.shuffle=1

LKRG version commit 403f2fa92cdb8071a39afa031f08719972aa563e
Date:   Thu Jan 16 06:05:15 2020 +0000
Commit message: Fix compilation on non-x86 platforms for kernel 5.3+

~/Whonix/packages/lkrg $ git diff --stat adam/master
 README.md                        |   82 ++++++
 changelog.upstream               | 1140
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 debian/30_lkrg.conf              |   14 +
 debian/40_lkrg.conf              |    8 +
 debian/changelog                 |   89 ++++++
 debian/compat                    |    1 +
 debian/control                   |   83 ++++++
 debian/copyright                 |   15 ++
 debian/lkrg-dkms.dkms            |   20 ++
 debian/lkrg-dkms.install         |   16 ++
 debian/lkrg-dkms.maintscript     |    4 +
 debian/lkrg-dkms.service         |   29 ++
 debian/make-helper-overrides.bsh |    6 +
 debian/rules                     |   25 ++
 debian/source/format             |    1 +
 debian/source/lintian-overrides  |    2 +
 debian/watch                     |    6 +
 17 files changed, 1541 insertions(+)

In other words: does not touch "core" (real LKRG source code) of LKRG at
all. Packaging only.


sudo sysctl -a | grep lkrg
lkrg.block_modules = 0
lkrg.ci_panic = 0
lkrg.clean_message = 0
lkrg.enforce_msr = 1
lkrg.force_run = 0
lkrg.hide = 0
lkrg.log_level = 1
lkrg.random_events = 1
lkrg.smep_panic = 1
lkrg.timestamp = 15
lkrg.umh_lock = 0


Is the following considered output only? Could be safely ignored?

[    9.899004] [p_lkrg] Loading LKRG...
[   10.317555] [p_lkrg] LKRG initialized successfully!
[   19.734602]  ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.734654]  ? p_count_modules_from_sysfs_kobj+0xcc/0xf0 [p_lkrg]
[   19.734671]  p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.734686]  p_module_event_notifier+0x1c3/0x3e0 [p_lkrg]
[   19.791451]  ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.791499]  ? p_count_modules_from_sysfs_kobj+0xcc/0xf0 [p_lkrg]
[   19.791516]  p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.791531]  p_module_event_notifier+0x1c3/0x3e0 [p_lkrg]


Are these messages expected? Would lkrg.log_level have to be lowered to
hide these messages?

Kind regards,
Patrick

Patrick Schleizer:
> Qubes, Debian buster
> 
> user@...t:~$ cat /proc/version
> Linux version 5.3.0-0.bpo.2-amd64 (debian-kernel@...ts.debian.org) (gcc
> version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 5.3.9-2~bpo10+1 (2019-11-13)
> 
> user@...t:~$ cat /proc/cmdline
> BOOT_IMAGE=/boot/vmlinuz-5.3.0-0.bpo.2-amd64 root=/dev/xvda3 ro
> xen_scrub_pages=0 root=/dev/mapper/dmroot console=hvc0 console=tty0
> swiotlb=8192 noresume intel_iommu=on amd_iommu=on slab_nomerge
> slub_debug=FZ init_on_alloc=1 init_on_free=1 mce=0 pti=on mds=full,nosmt
> vsyscall=none page_alloc.shuffle=1
> 
> user@...t:~$ sudo journalctl -b -o cat | grep lkrg
> p_lkrg: loading out-of-tree module taints kernel.
> p_lkrg: module verification failed: signature and/or required key
> missing - tainting kernel
> [p_lkrg] Loading LKRG...
> [p_lkrg] LKRG initialized successfully!
> Inserted module 'p_lkrg'
> [p_lkrg] Disabling "clean" message.
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
>     user : TTY=pts/0 ; PWD=/home/user ; USER=root ;
> COMMAND=/usr/bin/journalctl -b -o cat -u lkrg
>     user : TTY=pts/0 ; PWD=/home/user ; USER=root ;
> COMMAND=/usr/bin/journalctl -b -o cat -u lkrg-dkms
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> 
> Kind regards,
> Patrick
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.