From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RqoKz-0007ux-IW for garchives@archives.gentoo.org; Fri, 27 Jan 2012 16:07:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D6D1E0B52; Fri, 27 Jan 2012 16:07:32 +0000 (UTC) Received: from atoth.sote.hu (atoth.sote.hu [195.111.75.211]) by pigeon.gentoo.org (Postfix) with ESMTP id AB581E0B7D for ; Fri, 27 Jan 2012 16:06:45 +0000 (UTC) Received: from atoth.sote.hu (apache@localhost [127.0.0.1]) by atoth.sote.hu (8.14.5/8.14.5/atoth@atoth.sote.hu) with ESMTP id q0RG6eiu008144 for ; Fri, 27 Jan 2012 17:06:40 +0100 X-DKIM: Sendmail DKIM Filter v2.8.3 atoth.sote.hu q0RG6eiu008144 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=atoth.sote.hu; s=dwokfur; t=1327680404; bh=F9VzlAKhb2o0224FHXBEyqeyo+xY1A4IW4F5u3kLsE4=; l=6430; h=Message-ID:In-Reply-To:References:Date:Subject:From:To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=KgM9wMXCEILKn5x4woyqBr9Dh4Mc8i+LHdpWIJevXHVyStoyUC1/Z2Y0OJ7/8i5BR YVmNNxS7A6Kl22t9HLvOufA2/xAy0ut8l3emDS9xaTr6F2542IV/WgT3ExM+Und79p 4LRDbSeT+mjmaXRpVChFYkKbIbvmTuqtSa3n1cVU= X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 atoth.sote.hu q0RG6eiu008144 DomainKey-Signature: a=rsa-sha1; s=dwokfur; d=atoth.sote.hu; c=nofws; q=dns; h=x-virus-status:x-virus-scanned:received:message-id: in-reply-to:references:date:subject:from:to:user-agent:mime-version: content-type:content-transfer-encoding:x-priority:importance: x-spam-status:x-spam-checker-version:x-list-milter:x-dcc-wuwien-metrics; b=kC2MDLN0I2R9MepQuOrnDtTdzPJrRuSKLpYmaNnMOCGmYifqd1pRj7OhmLiXwC1un i6vNB+VTZHuwwRKuoWVbmJ4DZ52KYOyS0pafPYfmjw3GgW60B7q5sLTq12Q4IqtjPeG p5MA8mp6woUGTg6NgxN/gpHlF9xUJQcU0ZygIck= X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.3 at atoth Received: from 10.97.100.79 (SquirrelMail authenticated user atoth) by atoth.sote.hu with HTTP; Fri, 27 Jan 2012 17:06:40 +0100 Message-ID: In-Reply-To: References: <4F22A8B6.3010107@opensource.dyc.edu> Date: Fri, 27 Jan 2012 17:06:40 +0100 Subject: Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 From: =?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= To: gentoo-hardened@lists.gentoo.org User-Agent: SquirrelMail/1.4.22 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-100.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_40, DKIM_ADSP_ALL,USER_IN_WHITELIST autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on atoth.sote.hu X-List-Milter: local mail X-DCC-wuwien-Metrics: atoth 1290; Body=2 Fuz1=2 Fuz2=2 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: cde9342e-4816-4d4f-a555-b872520e8849 X-Archives-Hash: e3d665c1090c3620d8ee247295dfbe53 And this one is from my laptop: vmalloc: allocation failure: 0 bytes modprobe: page allocation failure: order:0, mode:0x80d2 Pid: 3157, comm: modprobe Tainted: G O 3.2.1-hardened #1 Call Trace: [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<0008922b>] ? warn_alloc_failed+0xbb/0x100 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<000a8a11>] ? __vmalloc_node_range+0x1c1/0x260 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<0001ac3e>] ? module_alloc+0x7e/0x90 [<000080d2>] ? old_ich_force_enable_hpet+0x52/0x140 [<00060053>] ? module_alloc_update_bounds_rw+0x13/0x60 [<00060053>] ? module_alloc_update_bounds_rw+0x13/0x60 [<00060ac1>] ? sys_init_module+0xa01/0x1af0 [<000051f4>] ? smp_x86_platform_ipi+0x44/0x60 [<0000297c>] ? prepare_to_copy+0xc/0xb0 [<0000299c>] ? prepare_to_copy+0x2c/0xb0 [<0061396c>] ? syscall_call+0x7/0xb [<000051f4>] ? smp_x86_platform_ipi+0x44/0x60 [<0001f7e0>] ? vmalloc_sync_all+0xf0/0xf0 [<0061398c>] ? restore_all_pax+0xc/0xc [<0061007b>] ? snd_intel8x0m_probe+0x36e/0x635 [<00010202>] ? x86_schedule_events+0x122/0x2c0 [<00010202>] ? x86_schedule_events+0x122/0x2c0 Mem-Info: DMA per-cpu: CPU 0: hi: 0, btch: 1 usd: 0 Normal per-cpu: CPU 0: hi: 186, btch: 31 usd: 126 HighMem per-cpu: CPU 0: hi: 186, btch: 31 usd: 31 active_anon:523 inactive_anon:72 isolated_anon:0 active_file:2369 inactive_file:2790 isolated_file:0 unevictable:0 dirty:11 writeback:0 unstable:0 free:502375 slab_reclaimable:625 slab_unreclaimable:1183 mapped:570 shmem:89 pagetables:59 bounce:0 DMA free:15928kB min:64kB low:80kB high:96kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15804kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 865 2015 2015 Normal free:826824kB min:3728kB low:4660kB high:5592kB active_anon:0kB inactive_anon:0kB active_file:1716kB inactive_file:1444kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:885944kB mlocked:0kB dirty:44kB writeback:0kB mapped:4kB shmem:0kB slab_reclaimable:2500kB slab_unreclaimable:4732kB kernel_stack:488kB pagetables:236kB unstable:0k= B bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 9202 9202 HighMem free:1166748kB min:512kB low:1748kB high:2988kB active_anon:2092k= B inactive_anon:288kB active_file:7760kB inactive_file:9716kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:1177932kB mlocked:0kB dirty:0kB writeback:0kB mapped:2276kB shmem:356kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 1*8kB 1*16kB 1*32kB 2*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB =3D 15928kB Normal: 116*4kB 67*8kB 46*16kB 10*32kB 5*64kB 3*128kB 3*256kB 0*512kB 2*1024kB 3*2048kB 199*4096kB =3D 826824kB HighMem: 1*4kB 69*8kB 85*16kB 33*32kB 16*64kB 2*128kB 3*256kB 3*512kB 1*1024kB 2*2048kB 282*4096kB =3D 1166748kB 5258 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap =3D 0kB Total swap =3D 0kB 524112 pages RAM 296802 pages HighMem 12058 pages reserved 3473 pages shared 7713 pages non-shared But modules are still get loaded somehow and working. --=20 dr T=C3=B3th Attila, Radiol=C3=B3gus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2012.Janu=C3=A1r 27.(P) 17:02 id=C5=91pontban "T=C3=B3th Attila" ezt =C3=AD= rta: > I've just had this one while booting hardened-3.2.1: > Jan 27 16:40:29 atoth kernel: vmalloc: allocation failure: 0 bytes > Jan 27 16:40:29 atoth kernel: modprobe: page allocation failure: order:= 0, > mode:0x80d2 > Jan 27 16:40:29 atoth kernel: Pid: 7460, comm: modprobe Not tainted > 3.2.1-hardened #1 > Jan 27 16:40:29 atoth kernel: Call Trace: > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000a0e1f>] ? warn_alloc_failed+0xbf/0x1= 00 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000c3cc3>] ? > __vmalloc_node_range+0x1a3/0x240 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<00637cb5>] ? > __mutex_lock_slowpath+0x1a5/0x240 > Jan 27 16:40:29 atoth kernel: [<00020b8e>] ? module_alloc+0x7e/0x90 > Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 > Jan 27 16:40:29 atoth kernel: [<000728a3>] ? > module_alloc_update_bounds_rw+0x13/0x60 > Jan 27 16:40:29 atoth kernel: [<000728a3>] ? > module_alloc_update_bounds_rw+0x13/0x60 > Jan 27 16:40:29 atoth kernel: [<00073196>] ? load_module+0x886/0x1b70 > Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 > Jan 27 16:40:29 atoth kernel: [<000744ca>] ? sys_init_module+0x4a/0x1d0 > Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x3= 0 > Jan 27 16:40:29 atoth kernel: [<00638d71>] ? syscall_call+0x7/0xb > Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 > Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x3= 0 > > It's there for every module loading. Even though modules seems to work. > Strange. The kernel also didn't logged the first page of dmesg in > kernel.log. > > I don't experience this using hardened-3.1.8. > I don't know if it's a known problem. I'll try hardened-3.2.2 later. > > Thanks: > Dw. > -- > dr T=C3=B3th Attila, Radiol=C3=B3gus, 06-20-825-8057 > Attila Toth MD, Radiologist, +36-20-825-8057 > > 2012.Janu=C3=A1r 27.(P) 14:37 id=C5=91pontban Anthony G. Basile ezt =C3= =ADrta: >> Hi everyone, >> >> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >> address CVE-2012-0056. I've tested and they do indeed resist the >> exploit. I will be stabilizing them within 24 hours. However, I feel >> very uncomfortable doing so because I don't want to trade one set of >> problems with another. If anyone has time to test, let me know if you >> encounter any issues. >> >> -- >> Anthony G. Basile, Ph. D. >> Chair of Information Technology >> D'Youville College >> Buffalo, NY 14201 >> (716) 829-8197 >> > > > >