Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Jan 2020 13:32:50 +0000
From: Patrick Schleizer <adrelanos@...eup.net>
To: lkrg-users@...ts.openwall.com
Subject: ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg] - was: LIST HASH IS DIFFERENT -
 nf_nat / nf_conntrack Linux version 5.3.0-0

Hello,

I would like to "update" my previous bug report "LIST HASH IS DIFFERENT
- nf_nat / nf_conntrack Linux version 5.3.0-0". Either upgrading the
Linux kernel and/or LKRG as per git master fixed that very issue.

Qubes, Debian buster

cat /proc/version
Linux version 5.4.0-0.bpo.2-amd64 (debian-kernel@...ts.debian.org) (gcc
version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 5.4.8-1~bpo10+1 (2020-01-07)

cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-5.4.0-0.bpo.2-amd64 root=/dev/xvda3 ro
root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume
xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0
swiotlb=8192 noresume debug=vc random.trust_cpu=off intel_iommu=on
amd_iommu=on slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1
mce=0 pti=on mds=full,nosmt vsyscall=none page_alloc.shuffle=1

LKRG version commit 403f2fa92cdb8071a39afa031f08719972aa563e
Date:   Thu Jan 16 06:05:15 2020 +0000
Commit message: Fix compilation on non-x86 platforms for kernel 5.3+

~/Whonix/packages/lkrg $ git diff --stat adam/master
 README.md                        |   82 ++++++
 changelog.upstream               | 1140
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 debian/30_lkrg.conf              |   14 +
 debian/40_lkrg.conf              |    8 +
 debian/changelog                 |   89 ++++++
 debian/compat                    |    1 +
 debian/control                   |   83 ++++++
 debian/copyright                 |   15 ++
 debian/lkrg-dkms.dkms            |   20 ++
 debian/lkrg-dkms.install         |   16 ++
 debian/lkrg-dkms.maintscript     |    4 +
 debian/lkrg-dkms.service         |   29 ++
 debian/make-helper-overrides.bsh |    6 +
 debian/rules                     |   25 ++
 debian/source/format             |    1 +
 debian/source/lintian-overrides  |    2 +
 debian/watch                     |    6 +
 17 files changed, 1541 insertions(+)

In other words: does not touch "core" (real LKRG source code) of LKRG at
all. Packaging only.


sudo sysctl -a | grep lkrg
lkrg.block_modules = 0
lkrg.ci_panic = 0
lkrg.clean_message = 0
lkrg.enforce_msr = 1
lkrg.force_run = 0
lkrg.hide = 0
lkrg.log_level = 1
lkrg.random_events = 1
lkrg.smep_panic = 1
lkrg.timestamp = 15
lkrg.umh_lock = 0


Is the following considered output only? Could be safely ignored?

[    9.899004] [p_lkrg] Loading LKRG...
[   10.317555] [p_lkrg] LKRG initialized successfully!
[   19.734602]  ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.734654]  ? p_count_modules_from_sysfs_kobj+0xcc/0xf0 [p_lkrg]
[   19.734671]  p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.734686]  p_module_event_notifier+0x1c3/0x3e0 [p_lkrg]
[   19.791451]  ? p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.791499]  ? p_count_modules_from_sysfs_kobj+0xcc/0xf0 [p_lkrg]
[   19.791516]  p_kmod_hash+0x2a1/0x3b0 [p_lkrg]
[   19.791531]  p_module_event_notifier+0x1c3/0x3e0 [p_lkrg]


Are these messages expected? Would lkrg.log_level have to be lowered to
hide these messages?

Kind regards,
Patrick

Patrick Schleizer:
> Qubes, Debian buster
> 
> user@...t:~$ cat /proc/version
> Linux version 5.3.0-0.bpo.2-amd64 (debian-kernel@...ts.debian.org) (gcc
> version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 5.3.9-2~bpo10+1 (2019-11-13)
> 
> user@...t:~$ cat /proc/cmdline
> BOOT_IMAGE=/boot/vmlinuz-5.3.0-0.bpo.2-amd64 root=/dev/xvda3 ro
> xen_scrub_pages=0 root=/dev/mapper/dmroot console=hvc0 console=tty0
> swiotlb=8192 noresume intel_iommu=on amd_iommu=on slab_nomerge
> slub_debug=FZ init_on_alloc=1 init_on_free=1 mce=0 pti=on mds=full,nosmt
> vsyscall=none page_alloc.shuffle=1
> 
> user@...t:~$ sudo journalctl -b -o cat | grep lkrg
> p_lkrg: loading out-of-tree module taints kernel.
> p_lkrg: module verification failed: signature and/or required key
> missing - tainting kernel
> [p_lkrg] Loading LKRG...
> [p_lkrg] LKRG initialized successfully!
> Inserted module 'p_lkrg'
> [p_lkrg] Disabling "clean" message.
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
>     user : TTY=pts/0 ; PWD=/home/user ; USER=root ;
> COMMAND=/usr/bin/journalctl -b -o cat -u lkrg
>     user : TTY=pts/0 ; PWD=/home/user ; USER=root ;
> COMMAND=/usr/bin/journalctl -b -o cat -u lkrg-dkms
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is
> [0x8daa4a39f8ae8401] and should be [0x25ed90ca36ee0266] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it is
> [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is
> [0x333c093b7373b41b] and should be [0xd42a3b20e4da8541] !!!
> [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is
> [0x5f13310a27d2344f] and should be [0xbf5da19a4b5e9f8d] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_conntrack> HASH IS DIFFERENT it
> is [0xfe2e9cd1fd5ea173] and should be [0x99dd56638030bb2b] !!!
> [p_lkrg] [KOBJ] ALERT !!! MODULE'S <nf_nat> HASH IS DIFFERENT it is
> [0x3d9dae4aaff5f86d] and should be [0xd8e509a7b4d09682] !!!
> [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 7
> CHECKSUMS !!!
> 
> Kind regards,
> Patrick
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.