Kernel oops with ecryptfs_verbosity=1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
Medium
|
Tyler Hicks |
Bug Description
When the ecryptfs_verbosity module parameter is enabled (handy), I have experienced frequent kernel null pointer dereferences. See example trace below.
This looks like it is the result of ecryptfs_
I have attached a patch that kmaps the unencrypted page prior to printing debug information. The extra kmap shouldn't be an issue, as it is only performed in a debugging scenario.
Typical trace:
Jan 8 22:13:05 e4 sudo: daniel : TTY=pts/0 ; PWD=/home/daniel ; USER=root ; COMMAND=
Jan 8 22:13:05 e4 sudo: pam_unix(
Jan 8 22:13:05 e4 kernel: [ 166.173901] eCryptfs verbosity set to 1. Secret values will be written to the syslog!
Jan 8 22:13:16 e4 sudo: daniel : TTY=pts/0 ; PWD=/home/daniel ; USER=root ; COMMAND=/bin/mount -t ecryptfs bottom top
Jan 8 22:13:16 e4 sudo: pam_unix(
Jan 8 22:13:39 e4 kernel: [ 200.305189] ecryptfs_open: Setting flags for stat...
Jan 8 22:13:39 e4 kernel: [ 200.305193] ecryptfs_open: This is a directory
Jan 8 22:13:49 e4 kernel: [ 210.519997] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.520254] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.520260] 0x38.0x89.
Jan 8 22:13:49 e4 kernel: [ 210.520270] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.522945] write_tag_3_packet: Using previously generated session key encryption key of size [64]
Jan 8 22:13:49 e4 kernel: [ 210.522948] write_tag_3_packet: Cached session key encryption key:
Jan 8 22:13:49 e4 kernel: [ 210.522950] 0x9a.0xc7.
Jan 8 22:13:49 e4 kernel: [ 210.522959] write_tag_3_packet: Session key encryption key:
Jan 8 22:13:49 e4 kernel: [ 210.522961] 0x9a.0xc7.
Jan 8 22:13:49 e4 kernel: [ 210.522972] write_tag_3_packet: Encrypting [16] bytes of the key
Jan 8 22:13:49 e4 kernel: [ 210.522989] write_tag_3_packet: This should be the encrypted key:
Jan 8 22:13:49 e4 kernel: [ 210.522992] write_tag_3_packet: EFEK of size [16]:
Jan 8 22:13:49 e4 kernel: [ 210.522993] 0x10.0x93.
Jan 8 22:13:49 e4 kernel: [ 210.523085] ecryptfs_open: Setting flags for stat...
Jan 8 22:13:49 e4 kernel: [ 210.523090] ecryptfs_open: inode w/ addr = [0xf4c6c000], i_ino = [0x00000000000e
Jan 8 22:13:49 e4 kernel: [ 210.523118] ecryptfs_write_end: Calling fill_zeros_
Jan 8 22:13:49 e4 kernel: [ 210.523123] ecryptfs_write_end: Expanded file size to [0x000000000000
Jan 8 22:13:49 e4 kernel: [ 210.523134] ecryptfs_derive_iv: root iv:
Jan 8 22:13:49 e4 kernel: [ 210.523136] 0x3b.0xa0.
Jan 8 22:13:49 e4 kernel: [ 210.523145] ecryptfs_derive_iv: source:
Jan 8 22:13:49 e4 kernel: [ 210.523146] 0x3b.0xa0.
Jan 8 22:13:49 e4 kernel: [ 210.523155] 0x30.0x00.
Jan 8 22:13:49 e4 kernel: [ 210.523166] ecryptfs_derive_iv: derived iv:
Jan 8 22:13:49 e4 kernel: [ 210.523167] 0xbc.0xdd.
Jan 8 22:13:49 e4 kernel: [ 210.523176] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.523178] 0xbc.0xdd.
Jan 8 22:13:49 e4 kernel: [ 210.523187] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.523200] BUG: unable to handle kernel NULL pointer dereference at (null)
Jan 8 22:13:49 e4 kernel: [ 210.524015] IP: [<f8075e12>] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525058] *pde = 00000000
Jan 8 22:13:49 e4 kernel: [ 210.525292] Oops: 0000 [#1] SMP
Jan 8 22:13:49 e4 kernel: [ 210.525292] Modules linked in: ecb ecryptfs [last unloaded: ecryptfs]
Jan 8 22:13:49 e4 kernel: [ 210.525292]
Jan 8 22:13:49 e4 kernel: [ 210.525292] Pid: 1773, comm: bash Not tainted 3.2.0+ #1 Bochs Bochs
Jan 8 22:13:49 e4 kernel: [ 210.525292] EIP: 0060:[<f8075e12>] EFLAGS: 00010202 CPU: 3
Jan 8 22:13:49 e4 kernel: [ 210.525292] EIP is at ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525292] EAX: 00000001 EBX: 00000000 ECX: c187da80 EDX: 00000008
Jan 8 22:13:49 e4 kernel: [ 210.525292] ESI: f4c6c16c EDI: f4c6c000 EBP: f4c4dd58 ESP: f4c4dd44
Jan 8 22:13:49 e4 kernel: [ 210.525292] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Jan 8 22:13:49 e4 kernel: [ 210.525292] Process bash (pid: 1773, ti=f4c4c000 task=f5170000 task.ti=f4c4c000)
Jan 8 22:13:49 e4 kernel: [ 210.525292] Stack:
Jan 8 22:13:49 e4 kernel: [ 210.525292] c10ce688 c187da80 00000001 00000001 f4c6c16c f4c4de00 f806fac5 f8078478
Jan 8 22:13:49 e4 kernel: [ 210.525292] f8076bf7 f80780d4 f80767c4 0000000f f4c6c000 00000000 f4c6c1b8 00000000
Jan 8 22:13:49 e4 kernel: [ 210.525292] 00000000 f4c5b000 f6e95b60 00000000 00000000 f77dc100 00000000 00000000
Jan 8 22:13:49 e4 kernel: [ 210.525292] Call Trace:
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10ce688>] ? page_address+
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<f806fac5>] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10b34b0>] ? generic_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<f806e054>] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10ba8fb>] __writepage+
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10baee0>] write_cache_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10ba8f0>] ? set_page_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c1243d1d>] ? blk_finish_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10b4f3a>] ? generic_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10bb0e9>] generic_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10bc555>] do_writepages+
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10b4728>] __filemap_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10b5736>] filemap_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10b576f>] filemap_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<f806b1cb>] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10e8c8e>] filp_close+
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10f8ea4>] sys_dup3+0xf4/0x140
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c10f8f15>] sys_dup2+0x25/0x60
Jan 8 22:13:49 e4 kernel: [ 210.525292] [<c157b30c>] sysenter_
Jan 8 22:13:49 e4 kernel: [ 210.525292] Code: 5d f8 89 c3 a1 08 ca 07 f8 89 75 fc 85 c0 7e 11 85 d2 75 17 c7 04 24 e1 c4 07 f8 e8 5f ca 4f c9 90 8b 5d f8 8b 75 fc 89 ec 5d c3 <0f> b6 03 89 55 f4 c7 04 24 ce c4 07 f8 89 44 24 04 e8 3e ca 4f
Jan 8 22:13:49 e4 kernel: [ 210.525292] EIP: [<f8075e12>] ecryptfs_
Jan 8 22:13:49 e4 kernel: [ 210.525292] CR2: 0000000000000000
Jan 8 22:13:49 e4 kernel: [ 210.525845] ---[ end trace 9522d500eba5932b ]---
Thanks for the report and patch, which looks good to me, +1.
I've triaged the bug and assigned to Tyler, who will get it applied/ uploaded to his kernel tree. Thanks!
tested/