Received: by 10.223.164.202 with SMTP id h10csp339997wrb; Wed, 22 Nov 2017 08:01:48 -0800 (PST) X-Google-Smtp-Source: AGs4zMbYwWWmlnGNbu3D9dicEIUfqNSOtk4AqzwM/0n/1ycZ9k2/InC2szDiMCxPixelYVvQ8CMm X-Received: by 10.98.201.1 with SMTP id k1mr19752082pfg.48.1511366507956; Wed, 22 Nov 2017 08:01:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511366507; cv=none; d=google.com; s=arc-20160816; b=nrR3Md0s2Z9wq88s77rbBbSPnDN5iaiIFPUBho9dD+qmy3dUT/gc0DTvCIc7kbOkTn pwZocfzchaHcifukKz61hJNVkgRU5mjN5H+ax7r+l0Yr5W3QPOV00fjzQMnjGj1jjlvN KXBK1VjnPhx0+qkvlefPz3Gmk/vLQyFLRmG4xkVgzAQ4qe7zGFTaYjQakj9GAUWv+T/S D5l1//BcVQk8fyVFgqlRUzfq4DBEADnpaq+krOyi7FYnSI6Z0ZJHurFXau/jwRi2cBiq Hwq80qX/B00DIVOZRx8x723aUHYz6JgYIJ20yVNyROekniBXUbicyT9Hp/HxtRJ0i2Cb Iq0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=UWa/aN4befiohyyX3uiW/k9AmNibavUDV7TmINcso6Q=; b=i9OkIN5WH9v20+4tVmLJpj63zQTNaWff7cUSajlRwOKfu86NVo23V6Wkgx09qChbPg QeaS0woOvtsB99JmrqoSM09xf+Ra9FrAYQBRgwXIFRUAI+VABWsNfNK2s8lmXDFDa4tH Xl27TUp8LPzOqmQkn8c/uz2P328/MWjJyFLsIrcyqt/Z0Nsym5fljtb62h/sHhYNh2ib yyLhcE71Ud6kbYVjbfVEIgmnT4SdvndOxd0QTsmXvXey2WHf41PFaqNgpVPF4xjksinb 29IxI+x1DqigFi07NoeyAscmlBF69QBhyHIoqb9TMqTszxrBeNKdSTGE8btGBCUZMojr S4bA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 43si14495594plc.469.2017.11.22.08.01.35; Wed, 22 Nov 2017 08:01:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751686AbdKVP7d (ORCPT + 77 others); Wed, 22 Nov 2017 10:59:33 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:51239 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751448AbdKVP7b (ORCPT ); Wed, 22 Nov 2017 10:59:31 -0500 Received: from static-50-53-35-55.bvtn.or.frontiernet.net ([50.53.35.55] helo=[192.168.192.153]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eHXQv-0001Lv-5X; Wed, 22 Nov 2017 15:59:29 +0000 Subject: Re: Linux 4.14 - BUG: unable to handle kernel paging request at ffffffff3bbbe160 IP: audit_signal_cb+0x75/0xf0 To: Shuah Khan Cc: torvalds@linux-foundation.org, linux-kernel@vger.kernel.org References: <5f0f4166-04b3-04de-16e7-884500ad03ca@osg.samsung.com> <95bbe49c-b55e-e3d6-16af-6abc7e4bba96@canonical.com> <3303fea7-9f10-d7f1-fb01-d2e9de26173b@osg.samsung.com> <622d2142-a68e-2115-82e8-5899be8bdba8@canonical.com> From: John Johansen Organization: Canonical Message-ID: <352dbbb0-ceaa-cd83-876b-9471a24d62aa@canonical.com> Date: Wed, 22 Nov 2017 07:59:26 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Can you verify the following patch fixes the problem for you --- >From 6ba06322267ea931be5f1f559965120d1e09b030 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 22 Nov 2017 07:33:38 -0800 Subject: [PATCH] apparmor: fix oops in audit_signal_cb hook The apparmor_audit_data struct ordering got messed up during a merge conflict, resulting in the signal integer and peer pointer being in a union instead of a struct together. For most of the 4.13 and 4.14 life cycle, this was hidden by commit 651e28c5537abb39076d3949fb7618536f1d242e which fixed the apparmor_audit_data struct when its data was added. When that commit was reverted in -rc7 the signal audit bug was exposed, and unfortunately it never showed up in any of the testing until after 4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed nearly simultaneous bug reports (with different oopes, the smaller of which is included below). Full credit goes to Tetsuo Handa for jumping on this as well and noticing the audit data struct problem and reporting it. Alright, trying again, this time with my mail settings to actually send as plain text, and with some more detail. I am running Ubuntu 16.04, with a mainline 4.14 kernel. [ 76.178568] BUG: unable to handle kernel paging request at ffffffff0eee3bc0 [ 76.178579] IP: audit_signal_cb+0x6c/0xe0 [ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0 [ 76.178586] Oops: 0000 [#1] PREEMPT SMP [ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel [ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted 4.14.0-f1-dirty #135 [ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio 9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015 [ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000 [ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0 [ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292 [ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX: 0000000000000000 [ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI: ffff9c7a9493d800 [ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09: ffffa09b02a4fc46 [ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12: ffffa09b02a4fd40 [ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15: 0000000000000001 [ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000) knlGS:0000000000000000 [ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4: 00000000001606f0 [ 76.178652] Call Trace: [ 76.178660] common_lsm_audit+0x1da/0x780 [ 76.178665] ? d_absolute_path+0x60/0x90 [ 76.178669] ? aa_check_perms+0xcd/0xe0 [ 76.178672] aa_check_perms+0xcd/0xe0 [ 76.178675] profile_signal_perm.part.0+0x90/0xa0 [ 76.178679] aa_may_signal+0x16e/0x1b0 [ 76.178686] apparmor_task_kill+0x51/0x120 [ 76.178690] security_task_kill+0x44/0x60 [ 76.178695] group_send_sig_info+0x25/0x60 [ 76.178699] kill_pid_info+0x36/0x60 [ 76.178703] SYSC_kill+0xdb/0x180 [ 76.178707] ? preempt_count_sub+0x92/0xd0 [ 76.178712] ? _raw_write_unlock_irq+0x13/0x30 [ 76.178716] ? task_work_run+0x6a/0x90 [ 76.178720] ? exit_to_usermode_loop+0x80/0xa0 [ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94 [ 76.178727] RIP: 0033:0x7f8b0e58b767 [ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX: 000000000000003e [ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX: 00007f8b0e58b767 [ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000263b [ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09: 0000000000000001 [ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12: 0000000000000000 [ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15: 0000000000000000 [ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b 42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd 00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35 [ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08 [ 76.178796] CR2: ffffffff0eee3bc0 [ 76.178799] ---[ end trace 514af9529297f1a3 ]--- Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals") Reported-by: Zephaniah E. Loss-Cutler-Hull Reported-by: Shuah Khan Reported-by: Tetsuo Handa Signed-off-by: John Johansen --- security/apparmor/include/audit.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 620e81169659..4ac095118717 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -121,17 +121,19 @@ struct apparmor_audit_data { /* these entries require a custom callback fn */ struct { struct aa_label *peer; - struct { - const char *target; - kuid_t ouid; - } fs; + union { + struct { + const char *target; + kuid_t ouid; + } fs; + int signal; + }; }; struct { struct aa_profile *profile; const char *ns; long pos; } iface; - int signal; struct { int rlim; unsigned long max; -- 2.11.0 From 1584724025726145767@xxx Wed Nov 22 00:30:01 +0000 2017 X-GM-THRID: 1584695654997301913 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread