Recent VFS/LSM patches cause Kernel panic - not syncing: Can't create rootfs

Dexuan Cui decui at microsoft.com
Thu Dec 20 04:30:05 UTC 2018 

Hi,
We started to see a "Can't create rootfs" panic with linux-next's
next-20181218 and next-20181219. Note: next-20181217 is good.

Our test team found the first bad commit by git-bisect:
013c7af575e5 ("vfs: Implement a filesystem superblock creation/configuration context")

I had a look and I think another patch also helped to cause the panic:
c36d02347290 ("apparmor: Implement security hooks for the new mount API")

My kernel config for next-20181218, and my dmesg are attached. 
I can always reproduce the panic every time I boot up the kernel.

My finding is: the panic happens because 
start_kernel() -> vfs_caches_init() -> mnt_init() ->
sysfs_init() -> register_filesystem() -> init_mount_tree() ->
vfs_kern_mount(type, 0, "rootfs", NULL) -> vfs_get_tree() ->
security_sb_set_mnt_opts(sb, fc->security, 0, NULL) returns -EOPNOTSUPP:

int security_sb_set_mnt_opts(struct super_block *sb,
                                void *mnt_opts,
                                unsigned long kern_flags,
                                unsigned long *set_kern_flags)
{
        return call_int_hook(sb_set_mnt_opts,
                                mnt_opts ? -EOPNOTSUPP : 0, sb,
                                mnt_opts, kern_flags, set_kern_flags);
}

This means: fc->security is not NULL in
security_sb_set_mnt_opts(sb, fc->security, 0, NULL), and the 
security_hook_heads.FUNC is empty in call_int_hook().

The fc->security is assigned in this function (i.e. the line "fc->security = afc;" ):

static int apparmor_fs_context_parse_param(struct fs_context *fc,
                                           struct fs_parameter *param)
{
        struct apparmor_fs_context *afc = fc->security;
        const char *value;
        size_t space = 0, k_len = strlen(param->key), len = k_len, v_len;
        char *p, *q;

        if (!afc) {
                afc = kzalloc(sizeof(*afc), GFP_KERNEL);
                fc->security = afc;
        }

apparmor_fs_context_parse_param() is added recently in:
c36d02347290 ("apparmor: Implement security hooks for the new mount API")

Unluckily I know nothing about LSM, so I'm not sure if the bug is in the VFS or
LSM. Here let me Cc the related people. I suppose somebody would give a quick fix.

Thanks!
-- Dexuan

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg.txt
URL: <http://kernsec.org/pipermail/linux-security-module-archive/attachments/20181220/c1ff3846/attachment.txt>

More information about the Linux-security-module-archive mailing list