Thread (8 messages) 8 messages, 3 authors, 2024-08-01

Re: static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init()

From: KP Singh <kpsingh@kernel.org>
Date: 2024-07-30 17:40:24
Also in: lkml 

On Tue, Jul 30, 2024 at 5:03 PM Paul Moore [off-list ref] wrote:
On Tue, Jul 30, 2024 at 7:34 AM Borislav Petkov [off-list ref] wrote:
quoted
Hi,

this is with today's linux-next:

...

09:44:13  [console-expect]#kexec -e
09:44:13  kexec -e
09:44:16  ^[[?2004l^M[    0.000000] Linux version 6.11.0-rc1-next-20240730-1722324631886 (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #1 SMP PREEMPT_DYNAMIC Tue Jul 30 07:40:55 UTC 2024
09:44:16  [    0.000000] ------------[ cut here ]------------
09:44:16  [    0.000000] WARNING: CPU: 0 PID: 0 at kernel/static_call_inline.c:153 __static_call_update+0x1c6/0x220
09:44:16  [    0.000000] Modules linked in:
09:44:16  [    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc1-next-20240730-1722324631886 #1
09:44:16  [    0.000000] RIP: 0010:__static_call_update+0x1c6/0x220
09:44:16  [    0.000000] Code: 87 5b eb d9 00 a8 01 0f 85 6c ff ff ff 4c 89 ee 48 c7 c7 e0 fb a2 8c c6 05 44 63 2b 02 01 e8 b1 00 d9 ff 0f 0b e9 4f ff ff ff <0f> 0b 48 c7 c7 40 fc 40 8d e8 dc 52 e1 00 e8 a7 23 d9 ff 48 8b 45
09:44:16  [    0.000000] RSP: 0000:ffffffff8d203dd0 EFLAGS: 00010046 ORIG_RAX: 0000000000000000
09:44:16  [    0.000000] RAX: 0000000000000000 RBX: ffffffff8b7e3250 RCX: 000000006690cbe9
09:44:16  [    0.000000] RDX: 0000000000000000 RSI: ffffffff8dbae58c RDI: ffffffff8d2867a0
09:44:16  [    0.000000] RBP: ffffffff8d203e38 R08: 00000000ff6690cb R09: 2035353a30343a37
09:44:16  [    0.000000] R10: 3230322043545520 R11: 35353a30343a3730 R12: ffffffff8c17a180
09:44:16  [    0.000000] R13: ffffffff8c48db10 R14: ffffffff8d4c7030 R15: 0000000000000000
09:44:16  [    0.000000] FS:  0000000000000000(0000) GS:ffffffff8d69c000(0000) knlGS:0000000000000000
09:44:16  [    0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
09:44:16  [    0.000000] CR2: ff1100007047d000 CR3: 00000000745c2000 CR4: 00000000000010b0
09:44:16  [    0.000000] Call Trace:
09:44:16  [    0.000000]  <TASK>
09:44:16  [    0.000000]  ? show_regs+0x6d/0x80
09:44:16  [    0.000000]  ? __warn+0x91/0x140
09:44:16  [    0.000000]  ? __static_call_update+0x1c6/0x220
09:44:16  [    0.000000]  ? report_bug+0x193/0x1a0
09:44:16  [    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
09:44:16  [    0.000000]  ? early_fixup_exception+0xa6/0xd0
09:44:16  [    0.000000]  ? do_early_exception+0x27/0x70
09:44:16  [    0.000000]  ? __SCT__lsm_static_call_bpf_token_capable_11+0x8/0x8
09:44:17  [    0.000000]  ? early_idt_handler_common+0x2f/0x3a
09:44:17  [    0.000000]  ? __SCT__lsm_static_call_bpf_token_capable_11+0x8/0x8
09:44:17  [    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
09:44:17  [    0.000000]  ? __static_call_update+0x1c6/0x220
09:44:17  [    0.000000]  ? __pfx_lockdown_is_locked_down+0x10/0x10
09:44:17  [    0.000000]  ? vprintk_emit+0xb5/0x410
09:44:17  [    0.000000]  security_add_hooks+0xbd/0x150
09:44:17  [    0.000000]  lockdown_lsm_init+0x25/0x30
09:44:17  [    0.000000]  initialize_lsm+0x38/0x90
09:44:17  [    0.000000]  early_security_init+0x36/0x70
09:44:17  [    0.000000]  start_kernel+0x5f/0xb50
09:44:17  [    0.000000]  x86_64_start_reservations+0x1c/0x30
09:44:17  [    0.000000]  x86_64_start_kernel+0xbf/0x110
09:44:17  [    0.000000]  ? setup_ghcb+0x12/0x130
09:44:17  [    0.000000]  common_startup_64+0x13e/0x141
09:44:17  [    0.000000]  </TASK>
09:44:17  [    0.000000] ---[ end trace 0000000000000000 ]---
09:44:17  [    0.000000] ------------[ cut here ]------------
09:44:17  [    0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init()
09:44:17  [    0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0x99/0xb0
09:44:17  [    0.000000] Modules linked in:
09:44:17  [    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G        W          6.11.0-rc1-next-20240730-1722324631886 #1
09:44:17  [    0.000000] Tainted: [W]=WARN
09:44:17  [    0.000000] RIP: 0010:static_key_enable_cpuslocked+0x99/0xb0
09:44:17  [    0.000000] Code: ff ff ff ff 48 89 df e8 45 fd ff ff c7 03 01 00 00 00 eb d5 48 89 da 48 c7 c6 e0 0a 44 8c 48 c7 c7 b8 00 a3 8c e8 87 f6 d6 ff <0f> 0b eb 8e 0f 0b eb 9c 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40
09:44:17  [    0.000000] RSP: 0000:ffffffff8d203e10 EFLAGS: 00010086 ORIG_RAX: 0000000000000000
09:44:17  [    0.000000] RAX: 0000000000000000 RBX: ffffffff8dd6aaf0 RCX: 0000000000000084
09:44:17  [    0.000000] RDX: ffffffff8d349400 RSI: 00000000ffffe02c RDI: ffffffff8d203cb0
09:44:17  [    0.000000] RBP: ffffffff8d203e20 R08: 000000000000007e R09: 6562616c5f706d75
09:44:17  [    0.000000] R10: 6a206f74206c6c61 R11: 632065726f666562 R12: 0000000000000000
09:44:17  [    0.000000] R13: ffffffff8c48db10 R14: ffffffff8cb0e2f8 R15: 0000000000000000
09:44:17  [    0.000000] FS:  0000000000000000(0000) GS:ffffffff8d69c000(0000) knlGS:0000000000000000
09:44:17  [    0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
09:44:17  [    0.000000] CR2: ff1100007047d000 CR3: 00000000745c2000 CR4: 00000000000010b0
09:44:17  [    0.000000] Call Trace:
09:44:17  [    0.000000]  <TASK>
09:44:17  [    0.000000]  ? show_regs+0x6d/0x80
09:44:17  [    0.000000]  ? __warn+0x91/0x140
09:44:17  [    0.000000]  ? static_key_enable_cpuslocked+0x99/0xb0
09:44:17  [    0.000000]  ? report_bug+0x193/0x1a0
09:44:17  [    0.000000]  ? fixup_exception+0x2b/0x340
09:44:17  [    0.000000]  ? early_fixup_exception+0xa6/0xd0
09:44:17  [    0.000000]  ? do_early_exception+0x27/0x70
09:44:17  [    0.000000]  ? early_idt_handler_common+0x2f/0x3a
09:44:17  [    0.000000]  ? static_key_enable_cpuslocked+0x99/0xb0
09:44:17  [    0.000000]  static_key_enable+0x1f/0x30
09:44:17  [    0.000000]  security_add_hooks+0xce/0x150
09:44:17  [    0.000000]  lockdown_lsm_init+0x25/0x30
09:44:17  [    0.000000]  initialize_lsm+0x38/0x90
09:44:17  [    0.000000]  early_security_init+0x36/0x70
09:44:17  [    0.000000]  start_kernel+0x5f/0xb50
09:44:17  [    0.000000]  x86_64_start_reservations+0x1c/0x30
09:44:17  [    0.000000]  x86_64_start_kernel+0xbf/0x110
09:44:17  [    0.000000]  ? setup_ghcb+0x12/0x130
09:44:17  [    0.000000]  common_startup_64+0x13e/0x141
09:44:17  [    0.000000]  </TASK>
09:44:17  [    0.000000] ---[ end trace 0000000000000000 ]---
KP, please take a look at this as soon as you can (lore link below for
those who aren't on the list).  One obvious first thing to look at is
simply moving the call to early_security_init(), but that requires
some code audit to make sure it is safe and doesn't break something
else.  Of course, if we can do something with how we setup/use static
calls that is even better.  I'll take a look at it myself later today,
but I'm busy with meetings for the next several hours.

If we can't resolve this in the next day or two I'm going to
Thanks for the ping.

Taking a look, yeah it's possible that we need to move jump_label_init
before early_security_init / inside it.

I will do a repro and test my change and reply back.

- KP

bounce/revert the LSM static-call patchset from lsm/dev; not ideal,
but we can't break linux-next.

https://lore.kernel.org/linux-security-module/20240730113419.GBZqjPu6SdAt5qZKnh@fat_crate.local/ (local)

--
paul-moore.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help