Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180626092012.GA8328@openwall.com>
Date: Tue, 26 Jun 2018 11:20:12 +0200
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Cc: Vasily Averin <vvs@...tuozzo.com>
Subject: Re: 32-bit syscall breakage in -431 kernel with KAISER

On Mon, Jun 25, 2018 at 10:48:28PM +0200, Pavel Kankovsky wrote:
> To get more information, I added show_regs(task_pt_regs(current)) to the 
> beginning of dev_ifconf() and here is the result:
> 
> CPU 0, VCPU 0:0
> Modules linked in: vzethdev simfs exportfs vzdquota vznetdev vzmon vzdev
> Pid: 986, comm: ifconfig32 Tainted:  P     --------------------    
> 2.6.18-431.el5.028stab123.1.owl1xxx #1 028stab123
> RIP: 0292:[<0000000000000073>]  [<0000000000000073>]
> RSP: 007b:000000000000007b  EFLAGS: bf98675c
> RAX: 0000000000008912 RBX: 0000000000000000 RCX: 00000000bf986774
> RDX: 0000000000000004 RSI: 00000000bf986774 RDI: 0000000000000036
> RBP: ffffffff80065a3e R08: 0000000000000036 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> FS:  0000000000000000(0000) GS:ffffffff805b2000(0033) knlGS:00000000b7e44a90
> CS:  0060 DS: 007b ES: 007b CR0: 000000008005003b
> CR2: 00000000b7eab100 CR3: 000000003f808000 CR4: 00000000000006e0
> 
> Userland rsp seems to be 0x7b and this makes compat_alloc_user_space() 
> fail.
> 
> It seems to me the data are shifted: the value reported as "EFLAGS" looks 
> like an actual userland stack pointer, "0000000000000073" should probably 
> be CS rather than RIP (the offset) etc.

Yes.  Shifting is what I had expected - I was looking for extra pushes
not undone with pops, or similar, before calling the syscall function,
but didn't immediately see that kind of change in there.  Maybe I
overlooked or maybe it's not exactly the pattern to look for; I'm not
familiar with how/where the pt_regs pointer is derived.  Maybe you'd
take a look?

You can interdiff our current patch-431* vs. the one that worked fine
before, from here:

https://openvz.org/Download/kernel/rhel5/028stab122.4

IIRC, this interdiff output is a little over 300 KB.

Thank you for your help!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.