Discussion:
[lsm] Kernel panic - not syncing: Could not register security module
Fengguang Wu
2014-10-20 14:57:14 UTC
Permalink
Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/mnt-restrict
commit 3d916db0f37e377a84754131fea74ff022810e80
Author: Kees Cook <***@chromium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit: Kees Cook <***@chromium.org>
CommitDate: Thu Oct 16 13:22:15 2014 -0700

LSM: MntRestrict blocks mounts on symlink targets

On systems where certain filesystem contents cannot be entirely trusted,
it is beneficial to block mounts on symlinks. This makes sure that
malicious filesystem contents cannot trigger the over-mounting of trusted
filesystems. (For example, a bind-mounted subdirectory of /var cannot be
redirected to mount on /etc via a symlink: a daemon cannot elevate privs
to uid-0.)

Signed-off-by: Kees Cook <***@chromium.org>

+-------------------------------------------------------------+------------+------------+------------------+
| | 0429fbc0bd | 3d916db0f3 | v3.18-rc1_102012 |
+-------------------------------------------------------------+------------+------------+------------------+
| boot_successes | 60 | 0 | 0 |
| boot_failures | 0 | 20 | 11 |
| Kernel_panic-not_syncing:Could_not_register_security_module | 0 | 20 | 11 |
| backtrace:panic | 0 | 20 | 11 |
| backtrace:mntrestrict_init | 0 | 20 | 11 |
| backtrace:security_init | 0 | 20 | 11 |
+-------------------------------------------------------------+------------+------------+------------------+

[ 0.008000] ACPI: Core revision 20140828
[ 0.008720] ACPI: All ACPI Tables successfully acquired
[ 0.009215] Security Framework initialized
[ 0.009581] Kernel panic - not syncing: Could not register security module
[ 0.010122] CPU: 0 PID: 0 Comm: swapper Not tainted 3.17.0-09671-g3d916db #1
[ 0.010676] b10a0a81 b2072210 b2683960 b1c35f9c b1789bd1 b1c35fb4 b1787a90 b2683960
[ 0.011375] b2072210 b2683960 00000001 b1c35fc0 b202e2f4 b1ba67e4 b1c35fcc b202c558
[ 0.012000] b2006468 b1c35fe8 b2003e7f b2082800 b205e100 00000800 00020800 b2082800
[ 0.012000] Call Trace:
[ 0.012000] [<b10a0a81>] ? dump_stack_print_info+0x81/0xa0
[ 0.012000] [<b1789bd1>] dump_stack+0x16/0x18
[ 0.012000] [<b1787a90>] panic+0xcb/0x24f
[ 0.012000] [<b202e2f4>] mntrestrict_init+0x64/0x73
[ 0.012000] [<b202c558>] security_init+0x32/0x3e
[ 0.012000] [<b2006468>] ? ftrace_define_fields_x86_irq_vector+0x35/0x35
[ 0.012000] [<b2003e7f>] start_kernel+0x4f6/0x536
[ 0.012000] [<b20032c6>] i386_start_kernel+0x90/0x94

Elapsed time: 5
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/i386-randconfig-c0-10201237/linux-devel:devel-hourly-2014102012:3d916db0f37e377a84754131fea74ff022810e80:bisect-linux-1/.vmlinuz-3d916db0f37e377a84754131fea74ff022810e80-20141020141905-10-ivb41 branch=linux-devel/devel-hourly-2014102012 BOOT_IMAGE=/kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-i386.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-ivb41-96 -serial file:/dev/shm/kboot/serial-quantal-ivb41-96 -daemonize -display none -monitor null

git bisect start bd8b2ce2e8bce29196f300c161af1ebd7574ae6c f114040e3ea6e07372334ade75d1ee0775c355e1 --
git bisect good c5040577f53e66d792619d2de6d42b1fd7d3c334 # 13:26 20+ 0 Merge 's390/for-linus' into devel-hourly-2014102012
git bisect bad bee85c01dc2839e4cf8c77b89d0bb28abc896f71 # 13:31 0- 5 Merge 'socfpga-nex/next-dt' into devel-hourly-2014102012
git bisect good 5e340d128fa934d51d94d7bb12fda129d735381c # 13:40 20+ 0 Merge 'hwmon/hwmon-staging' into devel-hourly-2014102012
git bisect bad fd62838da2ee1f0bcf730e5721bd5504eb7d9801 # 13:49 0- 1 Merge 'kees/lsm/mnt-restrict' into devel-hourly-2014102012
git bisect good 239f086122cee5556682464597b30ce6611e551c # 13:58 20+ 0 Merge 'iwlwifi-fixes/master' into devel-hourly-2014102012
git bisect good 678e4bb52ad38b955643ebd6ad4bea2d62957d07 # 14:01 20+ 0 Merge 'socfpga-nex/for-next' into devel-hourly-2014102012
git bisect bad 3d916db0f37e377a84754131fea74ff022810e80 # 14:20 0- 20 LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [3d916db0f37e377a84754131fea74ff022810e80] LSM: MntRestrict blocks mounts on symlink targets
git bisect good 0429fbc0bdc297d64188483ba029a23773ae07b0 # 14:27 60+ 0 Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
git bisect bad bd8b2ce2e8bce29196f300c161af1ebd7574ae6c # 14:27 0- 11 0day head guard for 'devel-hourly-2014102012'
git bisect good f114040e3ea6e07372334ade75d1ee0775c355e1 # 14:31 60+ 0 Linux 3.18-rc1
git bisect good 062a08d6ad56da23209083748ea5e0f1ab65a0e7 # 14:40 60+ 0 Add linux-next specific files for 20141020


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-m 320
-smp 2
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)

append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

Loading...