Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200611164426.GA27135@pi3.com.pl>
Date: Thu, 11 Jun 2020 18:44:26 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: RE: ISRA optimized functions

Hi,

On Wed, Jun 10, 2020 at 09:18:44AM +0200, Mikhail Morfikov wrote:
> I just tested and:
> 
> # cat /proc/version
> Linux version 5.7.1-amd64 (morfik@...fikownia) (gcc version 10.1.0 (Debian 10.1.0-3), GNU ld (GNU Binutils for Debian) 2.34) #3 SMP PREEMPT Wed Jun 10 07:21:29 CEST 2020
> 
> # dkms status
> lkrg, 0.7+git20200609, 5.7.1-amd64, x86_64: installed
> 
> # modprobe -v p_lkrg
> insmod /lib/modules/5.7.1-amd64/updates/dkms/p_lkrg.ko
> 
> # lsmod
> Module                  Size  Used by
> p_lkrg                225280  0
> 
> In the syslog I have the following messages now:
> 
> kernel: p_lkrg: loading out-of-tree module taints kernel.
> kernel: [p_lkrg] Loading LKRG...
> kernel: [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
> kernel: Freezing user space processes ... (elapsed 0.031 seconds) done.
> kernel: OOM killer disabled.
> kernel: [p_lkrg] 8/23 UMH paths were whitelisted...
> kernel: [p_lkrg] [kretprobe] register_kretprobe() for <lookup_fast> failed! [err=-22]
> kernel: [p_lkrg] Trying to find ISRA name for <lookup_fast>
> kernel: [p_lkrg] ISRA version not found!
> kernel: [p_lkrg] LKRG won't enforce pCFI validation on 'lookup_fast'
> kernel: [p_lkrg] LKRG initialized successfully!
> kernel: OOM killer enabled.
> kernel: Restarting tasks ... done.
> 
> So what to do with this *lookup_fast* ?
> 

It is not critical hook,  that's why LKRG continue initialization. If you have 
set log_level=3 then you should see an extra message printing such information.
However, can you please run the following command and provide the result?

# cat /proc/kallsyms|grep lookup_fast

I'm just curious

> Also, when the LKRG module is being unloaded, it generates the following log:
> 

I've just pushed the fix for that.

Thanks,
Adam

> kernel: [p_lkrg] Unloading LKRG...
> kernel: Freezing user space processes ... (elapsed 0.057 seconds) done.
> kernel: OOM killer disabled.
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G           O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: Disabling lock debugging due to kernel taint
> kernel: INFO: Slab 0x00000000a62c66d5 objects=32 used=1 fp=0x000000003169a95c flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  ? slub_cpu_dead+0x90/0x90
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x00000000bee7e5b5 @offset=10304
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: INFO: Slab 0x00000000fbd76826 objects=32 used=2 fp=0x00000000c3ab1de7 flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x00000000286c2234 @offset=7232
> kernel: INFO: Object 0x00000000031eefe7 @offset=11328
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: INFO: Slab 0x0000000057688f36 objects=32 used=1 fp=0x0000000091130281 flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x000000000f01ce90 @offset=3648
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: INFO: Slab 0x00000000f8a90b64 objects=32 used=1 fp=0x00000000683389e1 flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x0000000039e7acd2 @offset=7232
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: INFO: Slab 0x00000000a8994edb objects=32 used=2 fp=0x0000000090b6b881 flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x00000000c0d89ab9 @offset=11840
> kernel: INFO: Object 0x0000000021fa6292 @offset=15424
> kernel: =============================================================================
> kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
> kernel: -----------------------------------------------------------------------------
> kernel: INFO: Slab 0x000000008ef7d8bb objects=32 used=1 fp=0x00000000b3b64d27 flags=0x2ffe00000010200
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  slab_err+0xdc/0x103
> kernel:  __kmem_cache_shutdown.cold+0x31/0x156
> kernel:  shutdown_cache+0x16/0x1b0
> kernel:  kmem_cache_destroy+0x237/0x270
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: INFO: Object 0x000000005349a6c9 @offset=11328
> kernel: kmem_cache_destroy p_ed_pids: Slab cache still has objects
> kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
> kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
> kernel: Call Trace:
> kernel:  dump_stack+0x50/0x68
> kernel:  kmem_cache_destroy.cold+0x16/0x1b
> kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
> kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
> kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
> kernel:  ? __x64_sys_delete_module+0x18a/0x310
> kernel:  ? trace_clock_x86_tsc+0x10/0x10
> kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: OOM killer enabled.
> kernel: Restarting tasks ... done.
> kernel: [p_lkrg] LKRG unloaded!
> 




-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.