makedumpfile issues many readpage_elf: Attempt to read non-existent page
ats-kumagai at wm.jp.nec.com
Tue Oct 25 02:19:40 PDT 2016
>> I have now completed the kernel bisection between 4.7.8 and 4.8-rc1 and
>> identified the kernel modification that triggers the errors cited above :
>>> commit 021182e52fe01c1f7b126f97fd6ba048dc4234fd
>>> Author: Thomas Garnier <thgarnie at google.com>
>>> Date: Tue Jun 21 17:47:03 2016 -0700
>>> x86/mm: Enable KASLR for physical mapping memory regions
>>> Add the physical mapping in the list of randomized memory regions.
>>> The physical memory mapping holds most allocations from boot and heap
>>> allocators. Knowing the base address and physical memory size, an attacker
>>> can deduce the PDE virtual address for the vDSO memory page. This attack
>>> was demonstrated at CanSecWest 2016, in the following presentation:
>>> "Getting Physical: Extreme Abuse of Intel Based Paged Systems":
>>> (See second part of the presentation).
>>> The exploits used against Linux worked successfully against 4.6+ but
>>> fail with KASLR memory enabled:
>>> Similar research was done at Google leading to this patch proposal.
>>> Variants exists to overwrite /proc or /sys objects ACLs leading to
>>> elevation of privileges. These variants were tested against 4.6+.
>>> The page offset used by the compressed kernel retains the static value
>>> since it is not yet randomized during this boot stage.
>>> Signed-off-by: Thomas Garnier <thgarnie at google.com>
>>> Signed-off-by: Kees Cook <keescook at chromium.org>
>>> Cc: Alexander Kuleshov <kuleshovmail at gmail.com>
>> The interesting change seems to be :
>>> -#define __PAGE_OFFSET _AC(0xffff880000000000, UL)
>>> +#define __PAGE_OFFSET_BASE _AC(0xffff880000000000, UL)
>>> +#ifdef CONFIG_RANDOMIZE_MEMORY
>>> +#define __PAGE_OFFSET page_offset_base
>>> +#define __PAGE_OFFSET __PAGE_OFFSET_BASE
>>> +#endif /* CONFIG_RANDOMIZE_MEMORY */
>> I'll try to see if I can fix that.
>> Kind regards,
>Some more *important* information in this mostly monologue thread : Pratyush
>Anand has pushed a patch to the list earlier today that apparently fixes this
>[PATCH Makedumpfile 1/4] x86_64: Calculate page_offset from pt_load
Yeah, It appears so. I'm reviewing the patches,
please wait for that.
I appreciate your investigation for this issue.
>Software engineer, Cloud & Sustaining eng.
>Ubuntu developer Debian Maintainer
>GPG : 429D 7A3B DD05 B6F8 AF63 B9C4 8B3D 867C 823E 7A61
More information about the kexec