proc_keys_show crash when reading /proc/keys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Fix Released
|
Medium
|
|||
linux (Ubuntu) |
Fix Released
|
High
|
Colin Ian King | ||
Precise |
Fix Released
|
High
|
Colin Ian King | ||
Trusty |
Fix Released
|
High
|
Colin Ian King | ||
Vivid |
Fix Released
|
High
|
Colin Ian King | ||
Xenial |
Fix Released
|
High
|
Colin Ian King | ||
Yakkety |
Fix Released
|
High
|
Colin Ian King |
Bug Description
Running stress-ng /proc test trips the following crash:
[ 5315.044206] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae
[ 5315.044206]
[ 5315.044883] CPU: 0 PID: 4820 Comm: Tainted: P OE 4.8.0-25-generic #27-Ubuntu
[ 5315.045361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-
[ 5315.045911] 0000000000000086 00000000b337622b ffff8fe574f37c78 ffffffff8962f5d2
[ 5315.046371] 00000000b3405b00 ffffffff89e83530 ffff8fe574f37d00 ffffffff8939e71c
[ 5315.046841] ffff8fe500000010 ffff8fe574f37d10 ffff8fe574f37ca8 00000000b337622b
[ 5315.047305] Call Trace:
[ 5315.047457] [<ffffffff8962f
[ 5315.047763] [<ffffffff8939e
[ 5315.048049] [<ffffffff8956b
[ 5315.048398] [<ffffffff89282
[ 5315.048735] [<ffffffff8956b
[ 5315.049072] [<ffffffff89568
[ 5315.049396] [<ffffffff89565
[ 5315.049737] [<ffffffff89459
[ 5315.050042] [<ffffffff894a6
[ 5315.050363] [<ffffffff89432
[ 5315.050674] [<ffffffff89432
[ 5315.050977] [<ffffffff89434
[ 5315.051275] [<ffffffff89a9f
[ 5315.051735] Kernel Offset: 0x8200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000
[ 5315.052563] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae
[ 5315.052563]
"The proc_keys_show function in security/
Fix detailed in: https:/
see: https:/
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
status: | New → In Progress |
information type: | Private Security → Public Security |
Changed in linux (Ubuntu): | |
assignee: | nobody → Colin Ian King (colin-king) |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Trusty): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Vivid): | |
assignee: | nobody → Colin Ian King (colin-king) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Precise): | |
assignee: | nobody → Colin Ian King (colin-king) |
Changed in linux (Ubuntu Trusty): | |
assignee: | nobody → Colin Ian King (colin-king) |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Colin Ian King (colin-king) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Yakkety): | |
assignee: | nobody → Colin Ian King (colin-king) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Yakkety): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Vivid): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in linux: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in linux: | |
status: | Confirmed → Fix Released |
It was found that when gcc stack protector is turned on, proc_keys_show() can cause a panic due to stack corruption. This happens because xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks.
Product bug:
https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1373499