summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Holzheu <holzheu@linux.vnet.ibm.com>2017-11-15 17:06:30 +0100
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2017-11-16 13:12:21 +0100
commit6470c0cc4840c229c6f1c270ebbcacb8e14f477d (patch)
treee94259325411b3063e0bf40dd00463078a8ef6b7
parent049a2c2d486e8cc82c5cd79fa479c5b105b109e9 (diff)
s390: Remove CONFIG_HARDENED_USERCOPY
When running the crash tool on a s390 live system we get a kernel panic for reading memory within the kernel image: # uname -a Linux r3545011 4.14.0-rc8-00066-g1c9dbd4615fd #45 SMP PREEMPT Fri Nov 10 16:16:22 CET 2017 s390x s390x s390x GNU/Linux # crash /boot/vmlinux-devel /dev/mem # crash> rd 0x100000 usercopy: kernel memory exposure attempt detected from 0000000000100000 (<kernel text>) (8 bytes) ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:72! illegal operation: 0001 ilc:1 [#1] PREEMPT SMP. Modules linked in: CPU: 0 PID: 1461 Comm: crash Not tainted 4.14.0-rc8-00066-g1c9dbd4615fd-dirty #46 Hardware name: IBM 2827 H66 706 (z/VM 6.3.0) task: 000000001ad10100 task.stack: 000000001df78000 Krnl PSW : 0704d00180000000 000000000038165c (__check_object_size+0x164/0x1d0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000012440e1d 0000000080000000 0000000000000061 00000000001cabc0 00000000001cc6d6 0000000000000000 0000000000cc4ed2 0000000000001000 000003ffc22fdd20 0000000000000008 0000000000100008 0000000000000001 0000000000000008 0000000000100000 0000000000381658 000000001df7bc90 Krnl Code: 000000000038164c: c020004a1c4a larl %r2,cc4ee0 0000000000381652: c0e5fff2581b brasl %r14,1cc688 #0000000000381658: a7f40001 brc 15,38165a >000000000038165c: eb42000c000c srlg %r4,%r2,12 0000000000381662: eb32001c000c srlg %r3,%r2,28 0000000000381668: c0110003ffff lgfi %r1,262143 000000000038166e: ec31ff752065 clgrj %r3,%r1,2,381558 0000000000381674: a7f4ff67 brc 15,381542 Call Trace: ([<0000000000381658>] __check_object_size+0x160/0x1d0) [<000000000082263a>] read_mem+0xaa/0x130. [<0000000000386182>] __vfs_read+0x42/0x168. [<000000000038632e>] vfs_read+0x86/0x140. [<0000000000386a26>] SyS_read+0x66/0xc0. [<0000000000ace6a4>] system_call+0xc4/0x2b0. INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000000000381658>] __check_object_size+0x160/0x1d0 Kernel panic - not syncing: Fatal exception: panic_on_oops With CONFIG_HARDENED_USERCOPY copy_to_user() checks in __check_object_size() if the source address is within the kernel image. When the crash tool reads from 0x100000, this check leads to the kernel BUG(). So disable the kernel config option until this bug is fixed. Corresponding bug report on LKML: https://lkml.org/lkml/2017/11/10/341 Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--arch/s390/configs/default_defconfig5
-rw-r--r--arch/s390/configs/gcov_defconfig4
-rw-r--r--arch/s390/configs/performance_defconfig4
3 files changed, 1 insertions, 12 deletions
diff --git a/arch/s390/configs/default_defconfig b/arch/s390/configs/default_defconfig
index 84eccc88c065..5af8458951cf 100644
--- a/arch/s390/configs/default_defconfig
+++ b/arch/s390/configs/default_defconfig
@@ -629,6 +629,7 @@ CONFIG_STACK_TRACER=y
CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_FUNCTION_PROFILER=y
CONFIG_HIST_TRIGGERS=y
+CONFIG_DMA_API_DEBUG=y
CONFIG_LKDTM=m
CONFIG_TEST_LIST_SORT=y
CONFIG_TEST_SORT=y
@@ -637,14 +638,12 @@ CONFIG_RBTREE_TEST=y
CONFIG_INTERVAL_TREE_TEST=m
CONFIG_PERCPU_TEST=m
CONFIG_ATOMIC64_SELFTEST=y
-CONFIG_DMA_API_DEBUG=y
CONFIG_TEST_BPF=m
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_S390_PTDUMP=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
@@ -660,13 +659,11 @@ CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_MCRYPTD=m
CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_KEYWRAP=m
-CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_CRC32=m
diff --git a/arch/s390/configs/gcov_defconfig b/arch/s390/configs/gcov_defconfig
index f7202358e6d7..d52eafe57ae8 100644
--- a/arch/s390/configs/gcov_defconfig
+++ b/arch/s390/configs/gcov_defconfig
@@ -587,7 +587,6 @@ CONFIG_BIG_KEYS=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_HARDENED_USERCOPY=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
@@ -605,13 +604,10 @@ CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_MCRYPTD=m
CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_CCM=m
-CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_KEYWRAP=m
-CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_CRC32=m
diff --git a/arch/s390/configs/performance_defconfig b/arch/s390/configs/performance_defconfig
index 03100fe74ea8..20ed149e1137 100644
--- a/arch/s390/configs/performance_defconfig
+++ b/arch/s390/configs/performance_defconfig
@@ -585,7 +585,6 @@ CONFIG_BIG_KEYS=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_HARDENED_USERCOPY=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
@@ -603,13 +602,10 @@ CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_MCRYPTD=m
CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_CCM=m
-CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_KEYWRAP=m
-CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_CRC32=m