* [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots
@ 2024-04-15 5:30 kernel test robot
2024-04-15 8:26 ` KP Singh
0 siblings, 1 reply; 8+ messages in thread
From: kernel test robot @ 2024-04-15 5:30 UTC (permalink / raw)
To: KP Singh
Cc: oe-lkp, lkp, Casey Schaufler, Kees Cook, Song Liu,
Andrii Nakryiko, linux-kernel, linux-security-module, oliver.sang
Hello,
kernel test robot noticed "Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots" on:
commit: 9e15595ed016dc9b726b7b13ec3d9b92b9e53c68 ("security: Replace indirect LSM hook calls with static calls")
https://git.kernel.org/cgit/linux/kernel/git/kpsingh/linux.git static_calls
in testcase: boot
compiler: clang-17
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-----------------------------------------------------------------------+------------+------------+
| | e2f2a7e74d | 9e15595ed0 |
+-----------------------------------------------------------------------+------------+------------+
| Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots | 0 | 12 |
+-----------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202404151225.ce542e38-lkp@intel.com
[ 1.020355][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 1.020966][ T0] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[ 1.022632][ T0] Freeing SMP alternatives memory: 32K
[ 1.023145][ T0] pid_max: default: 32768 minimum: 301
[ 1.025772][ T0] LSM: initializing lsm=capability,ima
[ 1.027282][ T0] Kernel panic - not syncing: lsm_static_call_init - Ran out of static slots.
[ 1.028283][ T0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G T 6.9.0-rc1-00003-g9e15595ed016 #1
[ 1.028948][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.028948][ T0] Call Trace:
[ 1.028948][ T0] dump_stack_lvl (kbuild/src/consumer/lib/dump_stack.c:116)
[ 1.028948][ T0] ? vprintk (kbuild/src/consumer/kernel/printk/printk_safe.c:?)
[ 1.028948][ T0] dump_stack (kbuild/src/consumer/lib/dump_stack.c:123)
[ 1.028948][ T0] panic (kbuild/src/consumer/kernel/panic.c:369)
[ 1.028948][ T0] lsm_static_call_init (kbuild/src/consumer/security/security.c:415)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240415/202404151225.ce542e38-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 5:30 [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots kernel test robot @ 2024-04-15 8:26 ` KP Singh 2024-04-15 13:04 ` Tetsuo Handa 0 siblings, 1 reply; 8+ messages in thread From: KP Singh @ 2024-04-15 8:26 UTC (permalink / raw) To: kernel test robot Cc: oe-lkp, lkp, Casey Schaufler, Kees Cook, Song Liu, Andrii Nakryiko, linux-kernel, linux-security-module > On 15 Apr 2024, at 07:30, kernel test robot <oliver.sang@intel.com> wrote: > > > > Hello, > > kernel test robot noticed "Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots" on: > > commit: 9e15595ed016dc9b726b7b13ec3d9b92b9e53c68 ("security: Replace indirect LSM hook calls with static calls") > https://git.kernel.org/cgit/linux/kernel/git/kpsingh/linux.git static_calls > > in testcase: boot > > compiler: clang-17 > test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G > > (please refer to attached dmesg/kmsg for entire log/backtrace) > > > +-----------------------------------------------------------------------+------------+------------+ > | | e2f2a7e74d | 9e15595ed0 | > +-----------------------------------------------------------------------+------------+------------+ > | Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots | 0 | 12 | > +-----------------------------------------------------------------------+------------+------------+ > This seems like an odd config which does not enable STATIC_CALL, I am going to make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. - KP > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@intel.com> > | Closes: https://lore.kernel.org/oe-lkp/202404151225.ce542e38-lkp@intel.com > > > [ 1.020355][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 > [ 1.020966][ T0] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. > [ 1.022632][ T0] Freeing SMP alternatives memory: 32K > [ 1.023145][ T0] pid_max: default: 32768 minimum: 301 > [ 1.025772][ T0] LSM: initializing lsm=capability,ima > [ 1.027282][ T0] Kernel panic - not syncing: lsm_static_call_init - Ran out of static slots. > [ 1.028283][ T0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G T 6.9.0-rc1-00003-g9e15595ed016 #1 > [ 1.028948][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 > [ 1.028948][ T0] Call Trace: > [ 1.028948][ T0] dump_stack_lvl (kbuild/src/consumer/lib/dump_stack.c:116) > [ 1.028948][ T0] ? vprintk (kbuild/src/consumer/kernel/printk/printk_safe.c:?) [...] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 8:26 ` KP Singh @ 2024-04-15 13:04 ` Tetsuo Handa 2024-04-15 14:23 ` Paul Moore 0 siblings, 1 reply; 8+ messages in thread From: Tetsuo Handa @ 2024-04-15 13:04 UTC (permalink / raw) To: KP Singh, kernel test robot Cc: oe-lkp, lkp, Casey Schaufler, Kees Cook, Song Liu, Andrii Nakryiko, linux-kernel, linux-security-module On 2024/04/15 17:26, KP Singh wrote: > This seems like an odd config which does not enable STATIC_CALL, I am going to > make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 13:04 ` Tetsuo Handa @ 2024-04-15 14:23 ` Paul Moore [not found] ` <CACYkzJ4G7hO0DNSBy4wpJG1PSgNkifuYcfOeTTpyVBtBtWvQSg@mail.gmail.com> 0 siblings, 1 reply; 8+ messages in thread From: Paul Moore @ 2024-04-15 14:23 UTC (permalink / raw) To: Tetsuo Handa Cc: KP Singh, kernel test robot, oe-lkp, lkp, Casey Schaufler, Kees Cook, Song Liu, Andrii Nakryiko, linux-kernel, linux-security-module On Mon, Apr 15, 2024 at 9:21 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > On 2024/04/15 17:26, KP Singh wrote: > > This seems like an odd config which does not enable STATIC_CALL, I am going to > > make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. > > If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not > support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. Agreed. If the arch doesn't support static calls we need a fallback solution for the LSM that is no worse than what we have now, and preferably would still solve the issue of the BPF hooks active even where this is no BPF program attached. -- paul-moore.com ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CACYkzJ4G7hO0DNSBy4wpJG1PSgNkifuYcfOeTTpyVBtBtWvQSg@mail.gmail.com>]
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots [not found] ` <CACYkzJ4G7hO0DNSBy4wpJG1PSgNkifuYcfOeTTpyVBtBtWvQSg@mail.gmail.com> @ 2024-04-15 15:47 ` KP Singh 2024-04-15 20:42 ` KP Singh 0 siblings, 1 reply; 8+ messages in thread From: KP Singh @ 2024-04-15 15:47 UTC (permalink / raw) To: Paul Moore Cc: Andrii Nakryiko, Casey Schaufler, Kees Cook, Song Liu, Tetsuo Handa, kernel test robot, linux-kernel, linux-security-module, lkp, oe-lkp > On 15 Apr 2024, at 17:34, KP Singh <kpsingh@kernel.org> wrote: > > > > On Mon, 15 Apr 2024 at 16:23, Paul Moore <paul@paul-moore.com> wrote: > On Mon, Apr 15, 2024 at 9:21 AM Tetsuo Handa > <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2024/04/15 17:26, KP Singh wrote: > > > This seems like an odd config which does not enable STATIC_CALL, I am going to > > > make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. > > > > If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not > > support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. > > Agreed. If the arch doesn't support static calls we need a fallback > solution for the LSM that is no worse than what we have now, and > preferably would still solve the issue of the BPF hooks active even > where this is no BPF program attached. Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back. - KP > > -- > paul-moore.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 15:47 ` KP Singh @ 2024-04-15 20:42 ` KP Singh 2024-04-15 20:54 ` Casey Schaufler 0 siblings, 1 reply; 8+ messages in thread From: KP Singh @ 2024-04-15 20:42 UTC (permalink / raw) To: Paul Moore Cc: Andrii Nakryiko, Casey Schaufler, Kees Cook, Song Liu, Tetsuo Handa, kernel test robot, linux-kernel, linux-security-module, lkp, oe-lkp > On 15 Apr 2024, at 17:47, KP Singh <kpsingh@kernel.org> wrote: > > [...] >> <penguin-kernel@i-love.sakura.ne.jp> wrote: >>> On 2024/04/15 17:26, KP Singh wrote: >>>> This seems like an odd config which does not enable STATIC_CALL, I am going to >>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. >>> >>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not >>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. >> >> Agreed. If the arch doesn't support static calls we need a fallback >> solution for the LSM that is no worse than what we have now, and >> preferably would still solve the issue of the BPF hooks active even >> where this is no BPF program attached. > > Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back. Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not hit the bug. Well, now IMA is an LSM, so the following fixes it: kpsingh@kpsingh:~/projects/linux$ git diff diff --git a/include/linux/lsm_count.h b/include/linux/lsm_count.h index dbb3c8573959..77803d117a30 100644 --- a/include/linux/lsm_count.h +++ b/include/linux/lsm_count.h @@ -78,6 +78,12 @@ #define BPF_LSM_ENABLED #endif +#if IS_ENABLED(CONFIG_IMA) +#define IMA_ENABLED 1, +#else +#define IMA_ENABLED +#endif + #if IS_ENABLED(CONFIG_SECURITY_LANDLOCK) #define LANDLOCK_ENABLED 1, #else @@ -103,6 +109,7 @@ LOCKDOWN_ENABLED \ SAFESETID_ENABLED \ BPF_LSM_ENABLED \ + IMA_ENABLED \ LANDLOCK_ENABLED) We don't need a CONFIG_STATIC_CALL dependency, th static_call code nicely falls back. - KP > > - KP > >> >> -- >> paul-moore.com > ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 20:42 ` KP Singh @ 2024-04-15 20:54 ` Casey Schaufler 2024-04-15 21:39 ` KP Singh 0 siblings, 1 reply; 8+ messages in thread From: Casey Schaufler @ 2024-04-15 20:54 UTC (permalink / raw) To: KP Singh, Paul Moore Cc: Andrii Nakryiko, Kees Cook, Song Liu, Tetsuo Handa, kernel test robot, linux-kernel, linux-security-module, lkp, oe-lkp, Casey Schaufler On 4/15/2024 1:42 PM, KP Singh wrote: > >> On 15 Apr 2024, at 17:47, KP Singh <kpsingh@kernel.org> wrote: >> >> > [...] > >>> <penguin-kernel@i-love.sakura.ne.jp> wrote: >>>> On 2024/04/15 17:26, KP Singh wrote: >>>>> This seems like an odd config which does not enable STATIC_CALL, I am going to >>>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. >>>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not >>>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. >>> Agreed. If the arch doesn't support static calls we need a fallback >>> solution for the LSM that is no worse than what we have now, and >>> preferably would still solve the issue of the BPF hooks active even >>> where this is no BPF program attached. >> Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back. > Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not hit the bug. Well, now IMA is an LSM, so the following fixes it: You'll want CONFIG_EVM as well, I bet. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots 2024-04-15 20:54 ` Casey Schaufler @ 2024-04-15 21:39 ` KP Singh 0 siblings, 0 replies; 8+ messages in thread From: KP Singh @ 2024-04-15 21:39 UTC (permalink / raw) To: Casey Schaufler Cc: Paul Moore, Andrii Nakryiko, Kees Cook, Song Liu, Tetsuo Handa, kernel test robot, linux-kernel, linux-security-module, lkp, oe-lkp > On 15 Apr 2024, at 22:54, Casey Schaufler <casey@schaufler-ca.com> wrote: > > On 4/15/2024 1:42 PM, KP Singh wrote: >> >>> On 15 Apr 2024, at 17:47, KP Singh <kpsingh@kernel.org> wrote: >>> >>> >> [...] >> >>>> <penguin-kernel@i-love.sakura.ne.jp> wrote: >>>>> On 2024/04/15 17:26, KP Singh wrote: >>>>>> This seems like an odd config which does not enable STATIC_CALL, I am going to >>>>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit. >>>>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not >>>>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency. >>>> Agreed. If the arch doesn't support static calls we need a fallback >>>> solution for the LSM that is no worse than what we have now, and >>>> preferably would still solve the issue of the BPF hooks active even >>>> where this is no BPF program attached. >>> Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back. >> Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not hit the bug. Well, now IMA is an LSM, so the following fixes it: > > You'll want CONFIG_EVM as well, I bet. Indeed, thanks Casey! ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-04-15 21:39 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-15 5:30 [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots kernel test robot
2024-04-15 8:26 ` KP Singh
2024-04-15 13:04 ` Tetsuo Handa
2024-04-15 14:23 ` Paul Moore
[not found] ` <CACYkzJ4G7hO0DNSBy4wpJG1PSgNkifuYcfOeTTpyVBtBtWvQSg@mail.gmail.com>
2024-04-15 15:47 ` KP Singh
2024-04-15 20:42 ` KP Singh
2024-04-15 20:54 ` Casey Schaufler
2024-04-15 21:39 ` KP Singh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox