This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug runtime/17862] Kernel crash on module insertion: kernel tried to execute NX-protected page - exploit attempt


https://sourceware.org/bugzilla/show_bug.cgi?id=17862

--- Comment #6 from izi at guardicore dot com ---
I'm loading several systemtap modules concurrently, so I'm guessing there is a
race here. The other modules also include a few uprobes and a timer probe for
each one. The module insertion usually works fine in 9 out of 10 runs and I see
the printfs later on when the probed functions are called. So it probably does
successfully install the probes in the correct place, unless a race occurs.

Additionally, I see that the crash doesn't necessarily occurs in the same
place. This could be the same problem or a separate one. For instance, one of
them:

Jan 18 05:37:36 ldsm kernel: [   17.113464] WARNING: CPU: 0 PID: 2759 at
/build/buildd/linux-3.11.0/kernel/trace/ftrace.c:1701 ftrace_bug+0x206/0x270()
Jan 18 05:37:36 ldsm kernel: [   17.113465] Modules linked in: gc__2757(OF+)
g_2759(OF+) gc_2751(OF) g_2745(OF) g_2742(OF) veth(F) arc4(F) md4(F) nls_utf8
cifs(F) fscache(F) openvswitch gre(F) snd_hda_intel cirrus snd_hda_codec ttm
drm_kms_helper microcode(F) snd_hwdep(F) psmouse(F) snd_pcm(F) serio_raw(F)
snd_page_alloc(F) drm virtio_balloon(F) snd_timer(F) snd(F) soundcore(F)
syscopyarea(F) sysfillrect(F) sysimgblt(F) i2c_piix4 mac_hid lp(F) parport(F)
ext2(F) 8139too(F) 8139cp(F) mii(F) floppy(F)
Jan 18 05:37:36 ldsm kernel: [   17.113498] CPU: 0 PID: 2759 Comm: staprun
Tainted: GF          O 3.11.0-12-generic #19-Ubuntu
Jan 18 05:37:36 ldsm kernel: [   17.113500] Hardware name: QEMU Standard PC
(i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Jan 18 05:37:36 ldsm kernel: [   17.113501]  0000000000000009 ffff88006a99bc30
ffffffff816e547a 0000000000000000
Jan 18 05:37:36 ldsm kernel: [   17.113504]  ffff88006a99bc68 ffffffff81061dbd
0000000000000000 ffffffffa0358000
Jan 18 05:37:36 ldsm kernel: [   17.113506]  ffff88007b735b80 0000000000000000
ffff880069d85000 ffff88006a99bc78
Jan 18 05:37:36 ldsm kernel: [   17.113508] Call Trace:
Jan 18 05:37:36 ldsm kernel: [   17.113514]  [<ffffffff816e547a>]
dump_stack+0x45/0x56
Jan 18 05:37:36 ldsm kernel: [   17.113517]  [<ffffffff81061dbd>]
warn_slowpath_common+0x7d/0xa0
Jan 18 05:37:36 ldsm kernel: [   17.113520]  [<ffffffffa0358000>] ?
0xffffffffa0357fff
Jan 18 05:37:36 ldsm kernel: [   17.113522]  [<ffffffff81061e9a>]
warn_slowpath_null+0x1a/0x20
Jan 18 05:37:36 ldsm kernel: [   17.113525]  [<ffffffff81108566>]
ftrace_bug+0x206/0x270
Jan 18 05:37:36 ldsm kernel: [   17.113527]  [<ffffffffa0358000>] ?
0xffffffffa0357fff
Jan 18 05:37:36 ldsm kernel: [   17.113529]  [<ffffffff811088da>]
ftrace_process_locs+0x30a/0x640
Jan 18 05:37:36 ldsm kernel: [   17.113532]  [<ffffffff81108c4c>]
ftrace_module_notify_enter+0x3c/0x40
Jan 18 05:37:36 ldsm kernel: [   17.113535]  [<ffffffff816f0a7c>]
notifier_call_chain+0x4c/0x70
Jan 18 05:37:36 ldsm kernel: [   17.113539]  [<ffffffff8108a1dd>]
__blocking_notifier_call_chain+0x4d/0x70
Jan 18 05:37:36 ldsm kernel: [   17.113541]  [<ffffffff8108a216>]
blocking_notifier_call_chain+0x16/0x20
Jan 18 05:37:36 ldsm kernel: [   17.113544]  [<ffffffff810cbd3f>]
load_module+0x125f/0x1b80
Jan 18 05:37:36 ldsm kernel: [   17.113546]  [<ffffffff810c7c60>] ?
store_uevent+0x40/0x40
Jan 18 05:37:36 ldsm kernel: [   17.113550]  [<ffffffff810cc702>]
SyS_init_module+0xa2/0xf0
Jan 18 05:37:36 ldsm kernel: [   17.113552]  [<ffffffff816f542f>]
tracesys+0xe1/0xe6
Jan 18 05:37:36 ldsm kernel: [   17.113554] ---[ end trace 41fb784a51ea714c
]---
Jan 18 05:37:36 ldsm kernel: [   17.113555] ftrace faulted on writing
[<ffffffffa0358000>] stp_task_work_cancel+0x0/0x20 [g_2759]
Jan 18 05:37:36 ldsm kernel: [   17.121994] gc_2751: systemtap: 2.6/0.157,
base: ffffffffa0319000, memory: 195data/52text/960ctx/2058net/9alloc kb,
probes: 2
Jan 18 05:37:36 ldsm kernel: [   17.183226] g_2759: systemtap: 2.6/0.157, base:
ffffffffa0358000, memory: 191data/48text/448ctx/2058net/9alloc kb, probes: 2

But it also crashes in other places.

-- 
You are receiving this mail because:
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]