Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 10 Jun 2020 09:18:44 +0200
From: Mikhail Morfikov <mmorfikov@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: RE: ISRA optimized functions

I just tested and:

# cat /proc/version
Linux version 5.7.1-amd64 (morfik@...fikownia) (gcc version 10.1.0 (Debian 10.1.0-3), GNU ld (GNU Binutils for Debian) 2.34) #3 SMP PREEMPT Wed Jun 10 07:21:29 CEST 2020

# dkms status
lkrg, 0.7+git20200609, 5.7.1-amd64, x86_64: installed

# modprobe -v p_lkrg
insmod /lib/modules/5.7.1-amd64/updates/dkms/p_lkrg.ko

# lsmod
Module                  Size  Used by
p_lkrg                225280  0

In the syslog I have the following messages now:

kernel: p_lkrg: loading out-of-tree module taints kernel.
kernel: [p_lkrg] Loading LKRG...
kernel: [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
kernel: Freezing user space processes ... (elapsed 0.031 seconds) done.
kernel: OOM killer disabled.
kernel: [p_lkrg] 8/23 UMH paths were whitelisted...
kernel: [p_lkrg] [kretprobe] register_kretprobe() for <lookup_fast> failed! [err=-22]
kernel: [p_lkrg] Trying to find ISRA name for <lookup_fast>
kernel: [p_lkrg] ISRA version not found!
kernel: [p_lkrg] LKRG won't enforce pCFI validation on 'lookup_fast'
kernel: [p_lkrg] LKRG initialized successfully!
kernel: OOM killer enabled.
kernel: Restarting tasks ... done.

So what to do with this *lookup_fast* ?

Also, when the LKRG module is being unloaded, it generates the following log:

kernel: [p_lkrg] Unloading LKRG...
kernel: Freezing user space processes ... (elapsed 0.057 seconds) done.
kernel: OOM killer disabled.
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G           O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: Disabling lock debugging due to kernel taint
kernel: INFO: Slab 0x00000000a62c66d5 objects=32 used=1 fp=0x000000003169a95c flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  ? slub_cpu_dead+0x90/0x90
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x00000000bee7e5b5 @offset=10304
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: INFO: Slab 0x00000000fbd76826 objects=32 used=2 fp=0x00000000c3ab1de7 flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x00000000286c2234 @offset=7232
kernel: INFO: Object 0x00000000031eefe7 @offset=11328
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: INFO: Slab 0x0000000057688f36 objects=32 used=1 fp=0x0000000091130281 flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x000000000f01ce90 @offset=3648
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: INFO: Slab 0x00000000f8a90b64 objects=32 used=1 fp=0x00000000683389e1 flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x0000000039e7acd2 @offset=7232
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: INFO: Slab 0x00000000a8994edb objects=32 used=2 fp=0x0000000090b6b881 flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x00000000c0d89ab9 @offset=11840
kernel: INFO: Object 0x0000000021fa6292 @offset=15424
kernel: =============================================================================
kernel: BUG p_ed_pids (Tainted: G    B      O    T): Objects remaining in p_ed_pids on __kmem_cache_shutdown()
kernel: -----------------------------------------------------------------------------
kernel: INFO: Slab 0x000000008ef7d8bb objects=32 used=1 fp=0x00000000b3b64d27 flags=0x2ffe00000010200
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  slab_err+0xdc/0x103
kernel:  __kmem_cache_shutdown.cold+0x31/0x156
kernel:  shutdown_cache+0x16/0x1b0
kernel:  kmem_cache_destroy+0x237/0x270
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: INFO: Object 0x000000005349a6c9 @offset=11328
kernel: kmem_cache_destroy p_ed_pids: Slab cache still has objects
kernel: CPU: 2 PID: 67983 Comm: modprobe Tainted: G    B      O    T 5.7.1-amd64 #3
kernel: Hardware name: LENOVO 2349BM5/2349BM5, BIOS G1ETC2WW (2.82 ) 08/07/2019
kernel: Call Trace:
kernel:  dump_stack+0x50/0x68
kernel:  kmem_cache_destroy.cold+0x16/0x1b
kernel:  p_delete_rb_ed_pids+0x8f/0xb0 [p_lkrg]
kernel:  ? p_exploit_detection_exit+0x3e/0x60 [p_lkrg]
kernel:  ? p_lkrg_deregister+0x5a/0x5ae [p_lkrg]
kernel:  ? __x64_sys_delete_module+0x18a/0x310
kernel:  ? trace_clock_x86_tsc+0x10/0x10
kernel:  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: OOM killer enabled.
kernel: Restarting tasks ... done.
kernel: [p_lkrg] LKRG unloaded!



Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.