crash bug 分析

[  494.250386] init kernel rcv buf size [20971520]
[  494.252194] security_bprm_check hooks success
[  494.253444] do_sys_open hooks success
[  494.255155] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[  494.255158] BUG: unable to handle kernel paging request at ffff8800278b1800
[  494.255160] IP: [] 0xffff8800278b1800
[  494.255163] PGD 2212067 PUD 2213067 PMD 80000000278000e3 
[  494.255166] Oops: 0011 [#1] SMP 
[  494.255168] Modules linked in: xxnd(OE+) rfcomm bnep snd_ens1371 snd_ac97_codec gameport ac97_bus coretemp snd_pcm snd_seq_midi snd_seq_midi_event crct10dif_pclmul snd_rawmidi crc32_pclmul snd_seq ghash_clmulni_intel snd_seq_device snd_timer aesni_intel aes_x86_64 snd soundcore lrw gf128mul glue_helper ablk_helper cryptd btusb btrtl btbcm btintel bluetooth vmw_balloon ecdh_generic joydev input_leds serio_raw 8250_fintek shpchp i2c_piix4 vmw_vmci mac_hid parport_pc ppdev lp parport autofs4 hid_generic usbhid hid vmwgfx psmouse ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mptspi ahci libahci e1000 mptscsih mptbase scsi_transport_spi drm pata_acpi fjes
[  494.255193] CPU: 0 PID: 339 Comm: systemd-udevd Tainted: G           OE   4.4.0-169-generic #198-Ubuntu
[  494.255195] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  494.255196] task: ffff880073238000 ti: ffff8800358cc000 task.ti: ffff8800358cc000
[  494.255197] RIP: 0010:[]  [] 0xffff8800278b1800
[  494.255199] RSP: 0018:ffff8800358cff20  EFLAGS: 00010202
[  494.255200] RAX: ffff8800278b1800 RBX: 00000000ffffffff RCX: 00000000000001a4
[  494.255202] RDX: 0000000000088141 RSI: 0000555f5a775a66 RDI: 00000000ffffff9c
[  494.255203] RBP: ffff8800358cff38 R08: 0000000000000001 R09: c3488152e767770d
[  494.255204] R10: ddfeacca19626bc8 R11: 0000000000000246 R12: 0000555f5b7ff010
[  494.255205] R13: 00000000fffffffe R14: 0000000000000000 R15: 0000555f5b80a690
[  494.255207] FS:  00007f1bd03f48c0(0000) GS:ffff88007b600000(0000) knlGS:0000000000000000
[  494.255208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  494.255209] CR2: ffff8800278b1800 CR3: 0000000076664000 CR4: 0000000000360670
[  494.255250] Stack:
[  494.255251]  ffffffffc04238e2 00000000ffffffff 0000555f5b7ff010 ffff8800358cff48
[  494.255253]  ffffffff8121d19e 0000555f5a775a66 ffffffff8186671b 0000555f5b80ff90
[  494.255255]  0000000000002710 0000555f5b846e20 00007f1bcf540b78 0000000000000120
[  494.255257] Call Trace:
[  494.255268]  [] ? hook_do_sys_open+0x22/0x70 [xxdefend]
[  494.255271]  [] SyS_open+0x1e/0x20
[  494.255274]  [] entry_SYSCALL_64_fastpath+0x22/0xcb
[  494.255276] Code: 00 2f 00 00 00 00 00 2f 00 00 00 00 01 2f 00 00 00 00 02 00 03 51 00 00 00 50 2b 00 00 04 44 00 00 00 03 00 0e 00 00 00 00 2c 2c <0f> 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 41 89 ff 53 
[  494.255295] RIP  [] 0xffff8800278b1800
[  494.255297]  RSP
[  494.255298] CR2: ffff8800278b1800

问题分析:
4.15.0-60-generic #67~16.04.1-Ubuntu  
root@virtual-machine:/linux-source-4.15.0# cat /etc/os-release 
NAME="Ubuntu"
VERSION="16.04.1 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.1 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
UBUNTU_CODENAME=xenial

 [root@xx-ISP linux]# uname -a
Linux xx-ISP 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux 
arch/x86/kernel/module.c 
 void *module_alloc(unsigned long size)
 {   
     void *p;
         
     if (PAGE_ALIGN(size) > MODULES_LEN)
         return NULL;
 
     p = __vmalloc_node_range(size, MODULE_ALIGN,
                     MODULES_VADDR + get_module_load_offset(),
                     MODULES_END, GFP_KERNEL | __GFP_HIGHMEM,
                     PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
                     __builtin_return_address(0));
     if (p && (kasan_module_alloc(p, size) < 0)) {
         vfree(p);
         return NULL;
     }
 
     return p;
 }
                 

出问题的内核:4.15.0-60-generic #67~16.04.1-Ubuntu  
linux/arch/x86/kernel/module.c 
 void *module_alloc(unsigned long size)
 {
     void *p;
 
     if (PAGE_ALIGN(size) > MODULES_LEN)
         return NULL;
 
     p = __vmalloc_node_range(size, MODULE_ALIGN,
                     MODULES_VADDR + get_module_load_offset(),
                     MODULES_END, GFP_KERNEL,
                     PAGE_KERNEL, 0, NUMA_NO_NODE,     //缺少可执行标识PAGE_KERNEL_EXEC
                     __builtin_return_address(0));
     if (p && (kasan_module_alloc(p, size) < 0)) {
         vfree(p);
         return NULL;
     }
 
     return p;
 }
  
  

解决:
使module_alloc分配的地址具有可执行权限
    set_memory_x((unsigned long)sym->new_addr,1);
 

你可能感兴趣的:(linux内核)