カーネルメモリーを露出する試みが検出されたサーバークラッシュ
Issue
- 強化された usercopy コードでサーバーがクラッシュし、エラーが表示されます:
[16835.468933] usercopy: kernel memory exposure attempt detected from ffffa10d1effe07c (kmalloc-4096) (16260 bytes)
[16835.469026] ------------[ cut here ]------------
[16835.469052] kernel BUG at mm/usercopy.c:72!
[16835.469068] invalid opcode: 0000 [#1] SMP
[16835.469084] Modules linked in: nfsv3 nfs_acl nfs lockd grace fscache vmw_vsock_vmci_transport vsock sunrpc ppdev vmw_balloon sb_edac iosf_mbi crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd joydev pcspkr sg vmw_vmci i2c_piix4 parport_pc parport binfmt_misc ip_tables xfs libcrc32c sr_mod cdrom sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi crct10dif_pclmul crct10dif_common crc32c_intel vmwgfx serio_raw drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm vmxnet3 ata_piix mptspi libata scsi_transport_spi mptscsih mptbase drm_panel_orientation_quirks dm_mirror dm_region_hash dm_log dm_mod
[16835.469394] CPU: 4 PID: 29718 Comm: ssh Kdump: loaded Not tainted 3.10.0-957.1.3.el7.x86_64 #1
[16835.469424] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
[16835.469458] task: ffffa108ad2f2080 ti: ffffa10a49ffc000 task.ti: ffffa10a49ffc000
[16835.469483] RIP: 0010:[<ffffffffa443e167>] [<ffffffffa443e167>] __check_object_size+0x87/0x250
[16835.469517] RSP: 0018:ffffa10a49fffd18 EFLAGS: 00010246
[16835.469536] RAX: 0000000000000064 RBX: ffffa10d1effe07c RCX: 0000000000000000
[16835.469560] RDX: 0000000000000000 RSI: ffffa10d1d713898 RDI: ffffa10d1d713898
[16835.469583] RBP: ffffa10a49fffd38 R08: 0000000000000000 R09: ffffa10d18e99b80
[16835.469608] R10: 00000000000007bc R11: 0000000000000000 R12: 0000000000003f84
[16835.469632] R13: 0000000000000001 R14: ffffa10d1f002000 R15: ffffa10a53af6400
[16835.469657] FS: 00007ff8a310c840(0000) GS:ffffa10d1d700000(0000) knlGS:0000000000000000
[16835.469684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[16835.469730] CR2: 000055bd16930ab0 CR3: 000000079ae8e000 CR4: 00000000003607e0
[16835.469796] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[16835.469821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[16835.469847] Call Trace:
[16835.469872] [<ffffffffa465a0a2>] copy_from_read_buf+0xa2/0x190
[16835.469895] [<ffffffffa465ae14>] n_tty_read+0x394/0x930
[16835.470716] [<ffffffffa49696eb>] ? ldsem_down_read+0x3b/0x220
[16835.471545] [<ffffffffa42d67b0>] ? wake_up_state+0x20/0x20
[16835.472288] [<ffffffffa4656550>] tty_read+0x90/0x100
[16835.473037] [<ffffffffa444117f>] vfs_read+0x9f/0x170
[16835.473774] [<ffffffffa444203f>] SyS_read+0x7f/0xf0
[16835.474501] [<ffffffffa4974ddb>] system_call_fastpath+0x22/0x27
[16835.475243] Code: 45 d1 48 c7 c6 34 b7 c7 a4 48 c7 c1 40 4c c8 a4 48 0f 45 f1 49 89 c0 4d 89 e1 48 89 d9 48 c7 c7 30 1b c8 a4 31 c0 e8 20 d5 51 00 <0f> 0b 0f 1f 80 00 00 00 00 48 c7 c0 00 00 20 a4 4c 39 f0 73 0d
[16835.476974] RIP [<ffffffffa443e167>] __check_object_size+0x87/0x250
[16835.477788] RSP <ffffa10a49fffd18>
Environment
- Red Hat Enterprise Linux 7.6
- Red Hat Enterprise Linux 7.5
- Red Hat Enterprise Linux 7.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
