Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Mar 2017 14:14:22 -0700
From: Tycho Andersen <tycho@...ker.com>
To: PaX Team <pageexec@...email.hu>, Kees Cook <keescook@...omium.org>
Cc: kernel-hardening@...ts.openwall.com
Subject: stackleak plugin port to upstream kernel

Hi all,

I have an initial version of a port of the stackleak plugin ported to the
mainline kernel (attached), but naturally it doesn't quite work, killing init
with:

[    0.684209] Kernel BUG at ffffffff819893e2 [verbose debug info unavailable]
[    0.686467] invalid opcode: 0000 [#2] SMP
[    0.688337] Modules linked in:
[    0.691232] CPU: 3 PID: 1 Comm: init Tainted: G      D         4.11.0-rc1+ #5
[    0.693076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014
[    0.695461] task: ffff880134af0000 task.stack: ffffc90000630000
[    0.696736] RIP: 0010:erase_kstack+0x52/0x80
[    0.697854] RSP: 0000:ffffc90000633f28 EFLAGS: 00010006
[    0.699025] RAX: ffffffffffff4111 RBX: ffffffff81982a20 RCX: 0000000000633f18
[    0.700430] RDX: 000000000000028b RSI: 0000000000000002 RDI: 0000000000000010
[    0.701989] RBP: ffffc90000633f50 R08: 000000000001cc00 R09: 0000000000000000
[    0.703693] R10: ffffea0004d1b780 R11: ffff880134af0000 R12: 0000000000000000
[    0.705069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[    0.706393] FS:  0000000000000000(0000) GS:ffff880139d80000(0000) knlGS:0000000000000000
[    0.707958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.708917] CR2: 00007ffe49fb2a29 CR3: 000000013476d000 CR4: 00000000000006e0
[    0.709946] Call Trace:
[    0.710565]  ? ret_from_fork+0x20/0x40
[    0.711285] Code: 03 f2 48 af 67 e3 12 83 f9 10 72 0d b9 10 00 00 00 f3 48 af 67 e3 02 75 dd fc 48 83 cf 10 89 e1 29 f9 48 81 f9 00 40 00 00 72 02 <0f> 0b c1 e9 03 f3 48 ab 49 8b bb d8 08 00 00 48 81 ef 00 01 00 
[    0.713935] RIP: erase_kstack+0x52/0x80 RSP: ffffc90000633f28

The problem seems to be in the erase_kstack routine in
arch/x86/entry/entry_64.S, it seems to be looking for a series of 0xBEEFs,
which aren't found. I'm struggling to figure out where these 0xBEEFs come from:
are they part of the mainline kernel stack initialization and something has
gone totally haywire, or is this some PaX thing that I've overlooked?

Thanks!

Tycho

View attachment "0001-gcc-plugins-add-stackleak-plugin-to-zero-kernel-stac.patch" of type "text/x-diff" (23452 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.