[PATCH] init/main.c: Initialize early LSMs after arch code

Guenter Roeck linux at roeck-us.net
Thu Aug 8 04:07:08 UTC 2024 

On 8/7/24 19:13, Guenter Roeck wrote:
...
> 
> I'll need to establish a baseline first to determine if the failures
> are caused by newly enabled configuration options or by this patch set.
> Below are just early test results.
> 
> [ Though if those are all upstream there seems to be be something seriously
>    wrong with the lockdown lsm.
> ]
> 

Verdict is that all the messages below are from this patch set.

On top of the reports below, alpha images fail completely, and the
backtraces are seen with several architectures. Please see the
"testing" column at https://kerneltests.org/builders for details.

The only unrelated problems are the apparmor unit test failures;
those apparently fail on all big endian systems.

Guenter

> Guenter
> 
> ----
> arm:
> 
> [    0.000000] ------------[ cut here ]------------
> [    0.000000] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:199 static_key_enable_cpuslocked+0xb0/0xfc
> [    0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x8' used before call to jump_label_init()
> [    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
> [    0.000000] Hardware name: Generic DT based system
> [    0.000000] Call trace:
> [    0.000000]  unwind_backtrace from show_stack+0x18/0x1c
> [    0.000000]  show_stack from dump_stack_lvl+0x48/0x74
> [    0.000000]  dump_stack_lvl from __warn+0x7c/0x134
> [    0.000000]  __warn from warn_slowpath_fmt+0x9c/0xdc
> [    0.000000]  warn_slowpath_fmt from static_key_enable_cpuslocked+0xb0/0xfc
> [    0.000000]  static_key_enable_cpuslocked from security_add_hooks+0xa0/0x104
> [    0.000000]  security_add_hooks from lockdown_lsm_init+0x1c/0x2c
> [    0.000000]  lockdown_lsm_init from initialize_lsm+0x44/0x84
> [    0.000000]  initialize_lsm from early_security_init+0x3c/0x58
> [    0.000000]  early_security_init from start_kernel+0x78/0x748
> [    0.000000]  start_kernel from 0x0
> [    0.000000] irq event stamp: 0
> [    0.000000] hardirqs last  enabled at (0): [<00000000>] 0x0
> [    0.000000] hardirqs last disabled at (0): [<00000000>] 0x0
> [    0.000000] softirqs last  enabled at (0): [<00000000>] 0x0
> [    0.000000] softirqs last disabled at (0): [<00000000>] 0x0
> [    0.000000] ---[ end trace 0000000000000000 ]---
> 
> m68k:
> 
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0xc4/0x12c
> static_key_enable(): static key '0x6e5860' used before call to jump_label_init()
> Modules linked in:
> CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-mac-00134-g679d51771510 #1
> Stack from 0065df00:
>          0065df00 005ff98d 005ff98d 00000000 00000009 00000009 004aa710 005ff98d
>          0049f87a 005c9849 00000142 0063f5ec 004cbd3e 0049f8f8 005c9849 00000142
>          0075ac3e 00000009 00000000 0065df60 00000000 00000040 00000000 00000000
>          005c980c 0065df7c 0075ac3e 005c9849 00000142 00000009 005c980c 004c9f98
>          006e5860 00000000 00782b50 00000000 00000000 0075b7ba 0063f5ec 00000001
>          004cbd3e 0075a62e 00782b50 0075a79e 00782b50 00782b50 0049feb6 00749d4c
> Call Trace: [<004aa710>] dump_stack+0xc/0x10
>   [<0049f87a>] __warn+0x7e/0xb4
>   [<0049f8f8>] warn_slowpath_fmt+0x48/0x66
>   [<0075ac3e>] security_add_hooks+0xc4/0x12c
>   [<0075ac3e>] security_add_hooks+0xc4/0x12c
>   [<0075b7ba>] lockdown_lsm_init+0x16/0x1e
>   [<0075a62e>] initialize_lsm+0x32/0x5c
>   [<0075a79e>] early_security_init+0x30/0x38
>   [<0049feb6>] _printk+0x0/0x18
>   [<00749d4c>] start_kernel+0x60/0x600
>   [<00748414>] _sinittext+0x414/0xae0
> ---[ end trace 0000000000000000 ]---
> 
> Microblaze:
> 
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0x124/0x21c
> static_key_enable(): static key 'security_hook_active_locked_down_0+0x0/0x4' used before call to jump_label_init()
> Modules linked in:
> CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
> Kernel Stack:
> (ptrval): c0999390 c0f4c9ec 00000000 00000000 ffffffff a589f3a9 c0984c20 00000000
> (ptrval): c0c51ef8 00000009 c0984c30 00000000 00000000 c0c51ef8 00000000 c0c51ef8
> (ptrval): 00000009 c0984cf8 c09bad94 00000000 00000000 c0a30c10 00000142 c0d19e10
> (ptrval): c0a30bd0 c0a30c10 00000000 c0d19e10 c09bade4 00000142 00000009 c0a30bd0
> (ptrval): c0a30ca0 c0f58820 c0a30bd0 c0c51f28 00000142 00000009 c0d19e10 c0a37340
> (ptrval): c0c190c0 c0d1b1d0 00000000 00000000 00000000 c0a30bd0 c0a30ca0 c0f58820
> (ptrval): c0d42b20 c0d35464 c0d42b38 00000000 00000000 00000000 00000000 00000000
> (ptrval): 00100000 00000280 c0d196e8 c0d04ed0 00000000 c098465c 00000000 00000000
> (ptrval): c0d19778 c0d19784 00000000 00000000 c0d0488c c09b8e40 c09b9b24 c0d42b20
> (ptrval): c0d42b38 c0d00898 4883e4b3 00000000 c0d0088c 00000280 00000000 00000000
> (ptrval): 00000000 00000000 00000000 c0984194 c09b7208 c0b125f8 c0f5d59c 00000000
> (ptrval): 00000002 00000000 c00002e0 91a86e08 c0d33f7c 00000000 00000000 00000000
> (ptrval): 00000000 00000000 00000000 00000000
> Call Trace:
> [<c0003168>] microblaze_unwind+0x64/0x80
> [<c0984548>] show_stack+0x128/0x180
> [<c0999330>] dump_stack_lvl+0x44/0x94
> [<c099938c>] dump_stack+0xc/0x24
> [<c0984c2c>] __warn+0xac/0xfc
> [<c0984cf4>] warn_slowpath_fmt+0x78/0x98
> [<c0d19e0c>] security_add_hooks+0x120/0x21c
> [<c0d1b1cc>] lockdown_lsm_init+0x18/0x34
> [<c0d196e4>] initialize_lsm+0x44/0x94
> [<c0d19780>] early_security_init+0x4c/0x74
> [<c0d00894>] start_kernel+0x90/0x8ac
> [<c0984190>] machine_shutdown+0x1c/0x20
> no locks held by swapper/0.
> ---[ end trace 0000000000000000 ]---
> 
> mips:
> 
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 0 at include/linux/jump_label.h:322 security_add_hooks+0xf8/0x1bc
> static_key_enable(): static key 'security_hook_active_locked_down_0+0x0/0x4' used before call to jump_label_init()
> Modules linked in:
> CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2-00134-g679d51771510 #1
> Hardware name: mti,malta
> Stack : 00000000 811eedd8 00000000 00000000 00000000 00000000 00000000 00000000
>          00000000 00000000 00000000 00000000 00000000 00000001 81257cd8 00000000
>          81257d70 00000000 00000000 00000000 00000038 80e549c4 00000000 ffffffff
>          00000000 00000000 00000000 00040000 00000000 00000000 81174584 81280000
>          00000000 00000142 00000000 00000000 00000000 00000000 0a0a0b0b bbe00cfc
>          ...
> Call Trace:
> [<8010a0a8>] show_stack+0x60/0x154
> [<80e731d8>] dump_stack_lvl+0xbc/0x138
> [<8012f908>] __warn+0x9c/0x1f8
> [<8012fc20>] warn_slowpath_fmt+0x1bc/0x1cc
> [<8138a184>] security_add_hooks+0xf8/0x1bc
> [<8138a5fc>] lockdown_lsm_init+0x20/0x30
> [<813899e8>] initialize_lsm+0x44/0x80
> [<81389be0>] early_security_init+0x50/0x6c
> [<8136c82c>] start_kernel+0xa8/0x7dc
> irq event stamp: 0
> hardirqs last  enabled at (0): [<00000000>] 0x0
> hardirqs last disabled at (0): [<00000000>] 0x0
> softirqs last  enabled at (0): [<00000000>] 0x0
> softirqs last disabled at (0): [<00000000>] 0x0
> ---[ end trace 0000000000000000 ]---
> 
> Loongarch (crash):
> 
> [    0.000000] ------------[ cut here ]------------
> [    0.000000] static_key_enable_cpuslocked(): static key 'security_hook_active_locked_down_0+0x0/0x10' used before call to jump_label_init()
> [    0.000000] ------------[ cut here ]------------
> [    0.000000] DEBUG_LOCKS_WARN_ON(early_boot_irqs_disabled)
> [    0.000000] Caught reserved exception 12 on pid:0 [swapper] - should not happen
> [    0.000000] do_reserved exception[#1]:
> [    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc2+ #1
> [    0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
> [    0.000000] pc 9000000004cf9334 ra 9000000004cf9334 tp 9000000006cc8000 sp 9000000006ccbc10
> [    0.000000] a0 000000000000002d a1 9000000006df7830 a2 0000000000000000 a3 9000000006ccba28
> [    0.000000] a4 0000000000000001 a5 0000000000000000 a6 9000000006175570 a7 0000000000000005
> [    0.000000] t0 0000000000000000 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001
> [    0.000000] t4 0000000000000004 t5 0000000000000094 t6 0000000000000023 t7 0000000000000030
> [    0.000000] t8 ffffffff8dcb3998 u0 9000000006a45388 s9 000000000f5ea330 s0 9000000006230788
> [    0.000000] s1 9000000006265c70 s2 0000000000000001 s3 0000000000000001 s4 9000000006cfaa80
> [    0.000000] s5 000000000f75dad8 s6 000000000a5b0000 s7 000000000f75db30 s8 000000000eee5b18
> [    0.000000]    ra: 9000000004cf9334 lockdep_hardirqs_on_prepare+0x200/0x208
> [    0.000000]   ERA: 9000000004cf9334 lockdep_hardirqs_on_prepare+0x200/0x208
> [    0.000000]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
> [    0.000000]  PRMD: 00000000 (PPLV0 -PIE -PWE)
> [    0.000000]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)
> [    0.000000]  ECFG: 00070800 (LIE=11 VS=7)
> [    0.000000] ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)
> [    0.000000]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)
> [    0.000000] Modules linked in:
> [    0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))
> [    0.000000] Stack : 0000000000000001 9000000006265c70 9000000006169c58 9000000004dd9ba8
> [    0.000000]         9000000006ccbc70 0000000000000000 9000000006ccbc70 9000000006169c58
> [    0.000000]         00000000000000b0 90000000074f08b8 9000000008616478 9000000007ad1924
> [    0.000000]         0000000000000000 9000000004e95fa8 9000000006cc8000 9000000006ccbdb0
> [    0.000000]         000000000000007e 9000000006df7830 0000000000000000 9000000006ccbbc8
> [    0.000000]         0000000000000001 0000000000000001 90000000073f6e58 9000000006175570
> [    0.000000]         0000000000000000 0000000000000000 0000000000000001 0000000000000001
> [    0.000000]         0000000000000000 0000000000000092 0000000000000001 0000000000006000
> [    0.000000]         ffffffff8dcb3998 9000000006a6bed8 000000000f5ea330 9000000008616478
> [    0.000000]         90000000074f08b8 0000000000000001 0000000000000001 9000000006cfaa80
> [    0.000000]         ...
> [    0.000000] Call Trace:
> [    0.000000] [<9000000004cf9334>] lockdep_hardirqs_on_prepare+0x200/0x208
> [    0.000000] [<9000000004dd9ba4>] trace_hardirqs_on+0x54/0x70
> [    0.000000] [<9000000006169c54>] do_reserved+0x1c/0xcc
> [    0.000000] [<9000000004c52560>] handle_bp+0x120/0x1c0
> [    0.000000] [<9000000004e95fa8>] static_key_enable_cpuslocked+0xdc/0xec
> [    0.000000] [<9000000004e960b8>] static_key_enable+0x18/0x2c
> [    0.000000] [<90000000061a9154>] security_add_hooks+0xbc/0x12c
> [    0.000000] [<90000000061aa880>] lockdown_lsm_init+0x20/0x34
> [    0.000000] [<90000000061a8a80>] initialize_lsm+0x3c/0x6c
> [    0.000000] [<90000000061a8c34>] early_security_init+0x44/0x68
> [    0.000000] [<9000000006180830>] start_kernel+0xa0/0x84c
> [    0.000000] [<900000000616d0f0>] kernel_entry+0xf0/0xf8
> 
>

More information about the Linux-security-module-archive mailing list