From owner-freebsd-security@freebsd.org Thu Jun 21 06:14:52 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0EF1100ACE3 for ; Thu, 21 Jun 2018 06:14:51 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 72FC28C578 for ; Thu, 21 Jun 2018 06:14:51 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: by mail-pf0-x22a.google.com with SMTP id w7-v6so983395pfn.9 for ; Wed, 20 Jun 2018 23:14:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=i/ckSoi5SPmg+x2WMj571A1kzdHIGsI10mdz5zoAS1I=; b=GafNMiRXhxfexg5zGaM5If8dc3UoPV5Tv8EEsHyrX/+zrgYau5WFUV4kjzEP2EBnmj Gcb/ftAjvHxhtW5LRhhGGP8Q/t1EqDcftpiesuGtxnuO93XZIORIe00cACmU5cpALHeP RqAtKjvi6MKYwuEQoGjRiepLXsrrRryMjf5tt/fZB+Uypf5bQuTEtA3ydH/RYhrIuuXX zwCDp5ZqrJLCDixkd6DG9o4yTsZU51itbJi8w9GbWHOikzqv4BEiP5EB+yaxR2pPa5SN noJUKM5iWZt0WGW6t8YnA5jobR7CODZzISOiEd4ui8PkvrOLE5y4Lwp+kFBPYTuIo8oW E39Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=i/ckSoi5SPmg+x2WMj571A1kzdHIGsI10mdz5zoAS1I=; b=r0PtKSGlu0crZbZi2ql+OITK6bVY0ha7r2fn1Ozl0W1CpjYTZACKmPw9yMH+sXJSQ/ iGmNeN0pK/6DPTYvzuB5Sk4ggCR4nZNPzChAmd0eVeu5uuhCP3ahdep4t16Lu+mG8FyH xae/ue04IA5IyOeaK4bsbXXYM/UDoPhatOmLDjnSkTov9PEXEmFxjrglnKP5/5qJ4r6I 9COFukSIBVhw08y+M38v9oHMQnAv1jpveVJ3gp0tTWis4++7NXMeSdHX8m2ysUoVjdPI 631ATgZh0zOQ6+Ck4FoXmt6H/piAg+emsm+6kPBGXq0FWTjZ3d7Jc5kAn9kNtKl2byvu T+uA== X-Gm-Message-State: APt69E2FrVI0F/1N0ORb6iLajfphKSSXH8ki7piJ++WOORBG9o3XkQ+W mkeed3t9kQHLQmrE3K8b7LY0nMKQlLQDojzveyQ= X-Google-Smtp-Source: ADUXVKIv2gTbSPulBU69tYpPEqYi4GGgvZuCQ2JtZmOvCjI/9BnLk+ugad394KTR8TrfN2vLucCWAF1srXZVgdzcUFU= X-Received: by 2002:a63:3807:: with SMTP id f7-v6mr21411858pga.446.1529561690111; Wed, 20 Jun 2018 23:14:50 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:65c1:0:0:0:0 with HTTP; Wed, 20 Jun 2018 23:14:49 -0700 (PDT) From: Denis Polygalov Date: Thu, 21 Jun 2018 15:14:49 +0900 Message-ID: Subject: Recent security patch cause reboot loop on 11.1 RELEASE To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 06:14:52 -0000 What I did is following: # uname -a FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue May 8 05:21:56 UTC 2018 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 # freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be updated as part of updating to 11.1-RELEASE-p11: /boot/kernel/kernel Installing this update cause endless reboot loop. # cat /boot/loader.conf kern.maxfiles="32768" zfs_load="YES" linux_load="YES" linprocfs_load="YES" linsysfs_load="YES" # dmesg |grep CPU CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs SMP: AP CPU #1 Launched! SMP: AP CPU #3 Launched! SMP: AP CPU #2 Launched! cpu0: on acpi0 cpu1: on acpi0 cpu2: on acpi0 cpu3: on acpi0 acpi_perf0: on cpu0 est: CPU supports Enhanced Speedstep, but is not recognized. est: CPU supports Enhanced Speedstep, but is not recognized. est: CPU supports Enhanced Speedstep, but is not recognized. The machine is HP ProLiant ML350 Regards, Denis From owner-freebsd-security@freebsd.org Thu Jun 21 06:01:43 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24110100A231 for ; Thu, 21 Jun 2018 06:01:43 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB0408BE82; Thu, 21 Jun 2018 06:01:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id C417428F0; Thu, 21 Jun 2018 06:01:42 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20180621060142.C417428F0@freefall.freebsd.org> Date: Thu, 21 Jun 2018 06:01:42 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 06:01:43 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07.lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Category: core Module: kernel Announced: 2018-06-21 Credits: Julian Stecklina from Amazon Germany Thomas Prescher from Cyberus Technology GmbH Zdenek Sojka from SYSGO AG Colin Percival Affects: All supported version of FreeBSD. Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE) 2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3) 2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11) CVE Name: CVE-2018-3665 Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Modern CPUs have a floating point unit (FPU) which needs to maintain state per thread. One technique is to only save and to only restore the FPU state for a thread when a thread attempts to utilize the FPU. This technique is called Lazy FPU state restore. II. Problem Description A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. III. Impact Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. IV. Workaround No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. V. Solution The patch changes from Lazy FPU state restore to Eager FPU state restore. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch.asc # gpg --verify lazyfpu-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r335169 releng/11.2/ r335196 releng/11.1/ r335465 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlsrN1hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJTLA/+Kt7QLkNCVudaiE+d+VMuC2f1aGhqoyd+36xL9rNsn2ShZhIo+gq1dhXn 2lJiOYCPN5cJkasj1YdP2bSIv25nTcFMp0rKOww0A1scOnzi66LAD+DXmGVUhmaA MPyrnuL7rbuPq9ls9FGAO2XURwB9IrGYtqPuVWmNyn+HyKBYcGCkL5+UEnHeUCg8 oopJudZgrGBVMFCsqG6K/b+3uc397Hyq0PZzpyWFfkaxrbTwVMMwgWyTxIYaPVs7 2g7WK2JWjJNk0IWQGot9qpKYDRyxc9PPFX/0blwOLe1Wwrt5nEF+9av89HQJ6PXF +Ws5w8Gnhi9wWuK19ew1j0nvP+f0zw09r4GuEzhZXADAz733HNK5dtsS/dMJi2wa 9fQ0s1joT3JFDvWZKUQS2mNuhpvBfYoI0d0OEJT2H2eycFYe4B+VNhB2V1e9wLn6 9X4+Vbc2LEOF09klQQFMYNMEyQzLtfq2gHIoD37sCw9mMrYKWjgy3NhY5AKrfGHG OcBsvnaXCW/x9/kV9Pfoel/psrmjcQdp4QEKAZbRNwvJG5sGhtsQXTp0Nk+BCuVy G0NNB9306dLfk0OTZ02SiOUjVagXObyo+LgWTBO6FryDlHVkopsYNkB5oRx9fLrm 68r7OXidl0ndGqnh87meMVH1/Fu/rr09Jd4osIzS+Gc0Dt7NOEQ= =8fnI -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jun 21 07:19:02 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3A781010C52 for ; Thu, 21 Jun 2018 07:19:02 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3C2438FB37 for ; Thu, 21 Jun 2018 07:19:02 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-ua0-x22d.google.com with SMTP id c2-v6so1386599uae.4 for ; Thu, 21 Jun 2018 00:19:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xZMyo9VoU5T6ZEbHcRmjVjL7U90ERiF2otXtF0SJF2Y=; b=AZyBpRgj6xa1D7YH7Y1MPzkKNTwgsPximzdhvUw7mwvbJFI+uouucrhZAZgXy8hiBV tSr2KsULng5ohh5m6WQ5jJVyRN3TI2rjSGZ3j2GF5OQM3vyEJ/zGatDPHopWy8Bp1J2E toEGrd2PWlE6YeLL8+cVTI4FROLFI1rrxYje0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xZMyo9VoU5T6ZEbHcRmjVjL7U90ERiF2otXtF0SJF2Y=; b=ZkLttiDycEgIh9KxE91lXXgyjHWT0kJy9Cp1ZX0mCfkTSQ/2Qb8NwxDzX+SklTTIUI kg+9RidTrakc7otb4CB/GLHFSB8r1b7Os3sSHDzMl7FcjY9LsAmYAoNNmBAGasiF0Bmt RtAy5azQMo/U0wb7LLZCBmVzGwmUvEcNCxZrpmEu30aYexJ1DiYCLFsGU7SynLcPW4F2 aCRM2JoYlbPY+yri9/TTFfkKA6/cOQMDTFNfbLqKuuPDLYqZVPjmPtd1lkuBY5IWic48 SkLlW2cei2j4sP1bHAQIlIb1scQYOsaUzwzlwnF/1YOx40iuy7Z3m85YjG93kNgGxMDd 1/yg== X-Gm-Message-State: APt69E0fRwez4u049Z31xE3gyb7zFj2CzFlJAA5r6Iq4p+xeZCIEDfgU T8wsSo+KX+nw8r6ML9/SBUFfcu9z0Woq+hp4klJzZ4hby8z6 X-Google-Smtp-Source: ADUXVKIhjSlN8MAFO9LGKXstmLCGjRbg1cihyLjt2DdI3O0pKaLXxQrf4+KpJ1OK/3yizimLyHcwg9beufG94cvaLhg= X-Received: by 2002:ab0:1446:: with SMTP id c6-v6mr15474980uae.12.1529565541709; Thu, 21 Jun 2018 00:19:01 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ab0:4546:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 00:19:01 -0700 (PDT) In-Reply-To: References: From: Gordon Tetlow Date: Thu, 21 Jun 2018 00:19:01 -0700 Message-ID: Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE To: Denis Polygalov Cc: freebsd-security Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 07:19:03 -0000 On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov wrote: > What I did is following: > > # uname -a > FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue > May 8 05:21:56 UTC 2018 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > # freebsd-update fetch > Looking up update.FreeBSD.org mirrors... 3 mirrors found. > Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... done. > Fetching metadata index... done. > Inspecting system... done. > Preparing to download files... done. > > The following files will be updated as part of updating to 11.1-RELEASE-p11: > /boot/kernel/kernel > > Installing this update cause endless reboot loop. > > # cat /boot/loader.conf > kern.maxfiles="32768" > zfs_load="YES" > linux_load="YES" > linprocfs_load="YES" > linsysfs_load="YES" > > # dmesg |grep CPU > CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > SMP: AP CPU #1 Launched! > SMP: AP CPU #3 Launched! > SMP: AP CPU #2 Launched! > cpu0: on acpi0 > cpu1: on acpi0 > cpu2: on acpi0 > cpu3: on acpi0 > acpi_perf0: on cpu0 > est: CPU supports Enhanced Speedstep, but is not recognized. > est: CPU supports Enhanced Speedstep, but is not recognized. > est: CPU supports Enhanced Speedstep, but is not recognized. > > The machine is HP ProLiant ML350 Sorry to hear you are having a problem. Just to confirm, this is running on hardware and not on a Xen hypervisor, correct? Assuming it's running directly on the hardware, can you see if setting: hw.lazy_fpu_switch=1 in /boot/loader.conf makes any difference? Is there any panic message? Thanks, Gordon From owner-freebsd-security@freebsd.org Thu Jun 21 12:14:00 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA2EA101D1E9 for ; Thu, 21 Jun 2018 12:14:00 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 211677A386 for ; Thu, 21 Jun 2018 12:14:00 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: by mail-pf0-x235.google.com with SMTP id a63-v6so1463180pfl.1 for ; Thu, 21 Jun 2018 05:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:cc:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=W/HJQ7uMjiozZBoMQieHFgzocS6P1zM/dLo5Tlh+tf4=; b=seCtzIkkVLfCdi3sLrKY9NrND+7XV/PN0YkdcY9QsTWZmI4B2Qbt1fhvFsRuPdGtRg fy8Tmzy6oGE6flDKk2BuRTrQ7++fCQscQt+UztqhOysL7jeZimMk28KqIzmxfkdhg8eS drnUBo6dbSciu8xugF0zX6a6IUB1SdhnL5pOaL7yq/Flp2xgJ6qu6xrizusq+w7G8HIy 5WR9rF6A+vWWUzaQiD/RtQPGhPWHLPdSyfOT7bJPcmOQ0Vdex/eq35cFZ4BAzQd0YB5h BHY4dFWL+Y8vr8R8jY42CSNxOSNWB2mM/MDPSO3Nv2W+rBZAZLT6cbDryncd0Jkn7kq2 lC+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=W/HJQ7uMjiozZBoMQieHFgzocS6P1zM/dLo5Tlh+tf4=; b=dJd7XrcCOCazXIB6ELej/zXp0V++2OEWa4XVK6ziXJkthSgKyf101x5I/JTr07zr3E ZC9hxi317XpLIlIMfkn/GY5bFMoMYylI6uF5bOxNFVSOuoNFvyVYEwNN4+XKiyZXzWwT CbIrs6VlDc0IJOUASMpt0k8++mnCLFG1+ZG/1AsC68ObaWEXj3Ds/oEU8gKSSkmqIc/8 GJl9eL/V5h8i1cVSyCqpxcEawWtAlHFollikpplEVIqyde/ZZFCMfmckItxmJOtOuviZ PT/r8qYLiPuFL9tIndjGOuw6obCZkffO5B1Zl4IdEv2B3QdEKSacxWRTAoYG+dXEcRY9 SfXg== X-Gm-Message-State: APt69E0YoIG59shWk1lAnZSajFuvr4qqK9mjOfK/6Vq8bmh6a0aGpVXm QAVnqbwJz5ALq0+dyo88YiRUwg== X-Google-Smtp-Source: ADUXVKLwGgqtJu2H43MFZwlQMZemxMPCHlIVUUO1kwvcDUMnSU22A7Lxktp+oVLaI3j9hSdhSyW4pg== X-Received: by 2002:a65:6355:: with SMTP id p21-v6mr21999614pgv.293.1529583238949; Thu, 21 Jun 2018 05:13:58 -0700 (PDT) Received: from [192.168.1.100] (ngn8-ppp274.tokyo.sannet.ne.jp. [157.192.113.20]) by smtp.googlemail.com with ESMTPSA id h124-v6sm9128176pfc.100.2018.06.21.05.13.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jun 2018 05:13:58 -0700 (PDT) Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE Cc: freebsd-security References: From: Denis Polygalov Message-ID: Date: Thu, 21 Jun 2018 21:13:54 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 12:14:01 -0000 Seems like I did not cc my reply to the mailing list. Doing it now because I found a hint which may lead to the cause of the reboot loop. Removing: linux_load="YES" linprocfs_load="YES" linsysfs_load="YES" prevent the reboot loop in multi-user mode but leave me without Linux emulation... Regards, Denis. > Hi Gordon, > > this is real hardware. I found the reason (see below). > Setting hw.lazy_fpu_switch=1 in /boot/loader.conf makes no difference. > No panic messages. > I can tell you when it happen. Here is the boot messages: > ... skipped ... > Timecounters tick every 1.000 msec > nvme cam probe device init > ugen2.1: at usbus2 > ugen1.1: at usbus1 > ugen0.1: at usbus0 > uhub0: on usbus2 > uhub1: on usbus0 > uhub2: on usbus1 > uhub1: 2 ports with 2 removable, self powered > uhub2: 2 ports with 2 removable, self powered > uhub0: 4 ports with 4 removable, self powered > > <---- here screen (local monitor) goes black and machine restarted. > > ada0 at ata2 bus 0 scbus8 target 0 lun 0 > ada0: ATA8-ACS SATA 3.x device > ada0: Serial Number WD-WMC1P0D1KEHJ > ada0: 150.000MB/s transfers (SATA 1.x, UDMA5, PIO 8192bytes) > ada0: 1907729MB (3907029168 512 byte sectors) > da0 at ciss0 bus 0 scbus0 target 0 lun 0 > da0: Fixed Direct Access SCSI device > da0: 135.168MB/s transfers > da0: Command Queueing enabled > da0: 858293MB (1757784604 512 byte sectors) > Trying to mount root from ufs:/dev/da0s1a [rw]... > > I noticed that I can boot the *patched* kernel in single user mode. > Removing these 3 lines from the /boot/loader.conf fixed rebooting loop problem: > > linux_load="YES" > linprocfs_load="YES" > linsysfs_load="YES" > > This machine is used as a test bench to test stuff > before deploying on a production server. > We need Linux emulation support on the production > server to run closed source software... > So... maybe this will help someone. > > Blaming evil penguins, > Denis On 21/06/2018 4:19 PM, Gordon Tetlow wrote: > On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov wrote: >> What I did is following: >> >> # uname -a >> FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue >> May 8 05:21:56 UTC 2018 >> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >> >> # freebsd-update fetch >> Looking up update.FreeBSD.org mirrors... 3 mirrors found. >> Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... done. >> Fetching metadata index... done. >> Inspecting system... done. >> Preparing to download files... done. >> >> The following files will be updated as part of updating to 11.1-RELEASE-p11: >> /boot/kernel/kernel >> >> Installing this update cause endless reboot loop. >> >> # cat /boot/loader.conf >> kern.maxfiles="32768" >> zfs_load="YES" >> linux_load="YES" >> linprocfs_load="YES" >> linsysfs_load="YES" >> >> # dmesg |grep CPU >> CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) >> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >> SMP: AP CPU #1 Launched! >> SMP: AP CPU #3 Launched! >> SMP: AP CPU #2 Launched! >> cpu0: on acpi0 >> cpu1: on acpi0 >> cpu2: on acpi0 >> cpu3: on acpi0 >> acpi_perf0: on cpu0 >> est: CPU supports Enhanced Speedstep, but is not recognized. >> est: CPU supports Enhanced Speedstep, but is not recognized. >> est: CPU supports Enhanced Speedstep, but is not recognized. >> >> The machine is HP ProLiant ML350 > > Sorry to hear you are having a problem. > > Just to confirm, this is running on hardware and not on a Xen > hypervisor, correct? > > Assuming it's running directly on the hardware, can you see if setting: > hw.lazy_fpu_switch=1 > in /boot/loader.conf makes any difference? > > Is there any panic message? > > Thanks, > Gordon > From owner-freebsd-security@freebsd.org Thu Jun 21 12:30:45 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 99294101D787 for ; Thu, 21 Jun 2018 12:30:45 +0000 (UTC) (envelope-from johannes@perceivon.net) Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com [IPv6:2607:f8b0:400c:c08::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 38FDD7AB12 for ; Thu, 21 Jun 2018 12:30:45 +0000 (UTC) (envelope-from johannes@perceivon.net) Received: by mail-ua0-x22c.google.com with SMTP id f30-v6so1893281uab.11 for ; Thu, 21 Jun 2018 05:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perceivon-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XQgE6gWvEbQqFyNxRl3yHqGMgn4d9bNcoQQxUQUM0zk=; b=Oaonws+MCPI8E4dkcDRNgb7I7BUk6pb2oIdNe7dFVcndxT6FhMD+nUegm/IARmR2td hjMnGOoSuSICZLejszLvf3BNkU2i2RfmLn2XPgLmj1bzjr0ALyvShD0WYqWB4QM+2G6e OEEiuMr13qRSIFNYgHE1mfjQQwhWLWV6CGvQ3nc/uHXUS/3Cb9CMHGs/qieZrVne2+5w FFl8e5Da9f9/Xlu69eMa7lpZzz1w11mBYDj09SBBVezaJV7llgG7bQ9GrD1UwagGU3hH uA6cyhWdC5Q2GTiQW9PDtTm/9UEzdHKCMiTJLy42LaAzUeFJelWKs/ugWHVX9OOKAS27 dYGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XQgE6gWvEbQqFyNxRl3yHqGMgn4d9bNcoQQxUQUM0zk=; b=mLjscI1QyyVaMG1fC+vgg4+LOqdHvtclxkd4bZ5tcF9wtCoHU9JSF2WVZBnEwu4/5/ aVK1UVFnh6PVzX0vbzXB2yQ5rlHoYqrCZpDpQ0g0vOoT6PHTBkBqGGruUIswHrjip58o TD/iTwtAV2YCQ9IEg2D7qbzz4hkhrQGIg5skc6MQWuIemKGRpO9S7LeDKzUvxH1PIurG gslQdgKY+jDIJkwRNoXYhdvEOlhcI9HCO2DFTQS8z7xm2tU7+IjZwpGBik09z+2WAeAT aaohppYmT9Wu4M4nW4GlAxgrVys1Y+3v49SUXs8LqtcdbO+6XS67GkT7ttBSL5IDGqE6 CTgg== X-Gm-Message-State: APt69E04+dpa/7nYcRwWtAsDMg62NA0JgLHvBDsWgIk49thLcTT2E0Re vUX8NZpeFtHtnS2n/0ZPULwuayI9VB7s+5qE0eHeQA== X-Google-Smtp-Source: ADUXVKISAPV+RQmZwu7FtE5wtfMvNvnQp8u6h5ZNzqClAT5ZErfC+Z7dfIlnAJKPLp/EAsf9Iuv3ppzxQt+eufDl420= X-Received: by 2002:ab0:19c2:: with SMTP id r2-v6mr16181358uai.110.1529584244457; Thu, 21 Jun 2018 05:30:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Johannes Meixner Date: Thu, 21 Jun 2018 15:30:32 +0300 Message-ID: Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE To: Denis Polygalov Cc: freebsd-security X-Mailman-Approved-At: Thu, 21 Jun 2018 13:58:33 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 12:30:45 -0000 If you put those modules into rc.conf's kld_list, will it reboot as well? According to the manpage, rc.conf is the faster way to load modules not essential to booting. On Thu, 21 Jun 2018, 3:15 pm Denis Polygalov, wrote: > Seems like I did not cc my reply to the mailing list. > Doing it now because I found a hint which may > lead to the cause of the reboot loop. > > Removing: > > linux_load="YES" > linprocfs_load="YES" > linsysfs_load="YES" > > prevent the reboot loop in multi-user mode but > leave me without Linux emulation... > > Regards, > Denis. > > > Hi Gordon, > > > > this is real hardware. I found the reason (see below). > > Setting hw.lazy_fpu_switch=1 in /boot/loader.conf makes no difference. > > No panic messages. > > I can tell you when it happen. Here is the boot messages: > > ... skipped ... > > Timecounters tick every 1.000 msec > > nvme cam probe device init > > ugen2.1: at usbus2 > > ugen1.1: at usbus1 > > ugen0.1: at usbus0 > > uhub0: on usbus2 > > uhub1: on usbus0 > > uhub2: on usbus1 > > uhub1: 2 ports with 2 removable, self powered > > uhub2: 2 ports with 2 removable, self powered > > uhub0: 4 ports with 4 removable, self powered > > > > <---- here screen (local monitor) goes black and machine restarted. > > > > ada0 at ata2 bus 0 scbus8 target 0 lun 0 > > ada0: ATA8-ACS SATA 3.x device > > ada0: Serial Number WD-WMC1P0D1KEHJ > > ada0: 150.000MB/s transfers (SATA 1.x, UDMA5, PIO 8192bytes) > > ada0: 1907729MB (3907029168 512 byte sectors) > > da0 at ciss0 bus 0 scbus0 target 0 lun 0 > > da0: Fixed Direct Access SCSI device > > da0: 135.168MB/s transfers > > da0: Command Queueing enabled > > da0: 858293MB (1757784604 512 byte sectors) > > Trying to mount root from ufs:/dev/da0s1a [rw]... > > > > I noticed that I can boot the *patched* kernel in single user mode. > > Removing these 3 lines from the /boot/loader.conf fixed rebooting loop > problem: > > > > linux_load="YES" > > linprocfs_load="YES" > > linsysfs_load="YES" > > > > This machine is used as a test bench to test stuff > > before deploying on a production server. > > We need Linux emulation support on the production > > server to run closed source software... > > So... maybe this will help someone. > > > > Blaming evil penguins, > > Denis > > > > On 21/06/2018 4:19 PM, Gordon Tetlow wrote: > > On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov > wrote: > >> What I did is following: > >> > >> # uname -a > >> FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue > >> May 8 05:21:56 UTC 2018 > >> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > >> > >> # freebsd-update fetch > >> Looking up update.FreeBSD.org mirrors... 3 mirrors found. > >> Fetching metadata signature for 11.1-RELEASE from > update6.freebsd.org... done. > >> Fetching metadata index... done. > >> Inspecting system... done. > >> Preparing to download files... done. > >> > >> The following files will be updated as part of updating to > 11.1-RELEASE-p11: > >> /boot/kernel/kernel > >> > >> Installing this update cause endless reboot loop. > >> > >> # cat /boot/loader.conf > >> kern.maxfiles="32768" > >> zfs_load="YES" > >> linux_load="YES" > >> linprocfs_load="YES" > >> linsysfs_load="YES" > >> > >> # dmesg |grep CPU > >> CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) > >> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > >> SMP: AP CPU #1 Launched! > >> SMP: AP CPU #3 Launched! > >> SMP: AP CPU #2 Launched! > >> cpu0: on acpi0 > >> cpu1: on acpi0 > >> cpu2: on acpi0 > >> cpu3: on acpi0 > >> acpi_perf0: on cpu0 > >> est: CPU supports Enhanced Speedstep, but is not recognized. > >> est: CPU supports Enhanced Speedstep, but is not recognized. > >> est: CPU supports Enhanced Speedstep, but is not recognized. > >> > >> The machine is HP ProLiant ML350 > > > > Sorry to hear you are having a problem. > > > > Just to confirm, this is running on hardware and not on a Xen > > hypervisor, correct? > > > > Assuming it's running directly on the hardware, can you see if setting: > > hw.lazy_fpu_switch=1 > > in /boot/loader.conf makes any difference? > > > > Is there any panic message? > > > > Thanks, > > Gordon > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Fri Jun 22 04:35:00 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 072CA100D68B for ; Fri, 22 Jun 2018 04:35:00 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 86A3A7D70E for ; Fri, 22 Jun 2018 04:34:59 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-vk0-x236.google.com with SMTP id w8-v6so3194059vkh.4 for ; Thu, 21 Jun 2018 21:34:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+IHDCnre3MYFA9Jz2NCw2fcnovhNBV4xxu6WtuGYzNk=; b=dK3NHCv2/RFEQ5l5e7Hwqlq8AS7vL6/+9C0EXvOs7NUj04e2vg6FAnKMMDv2nqjyu5 d5y9TfsqY4ZSyEYGUxW0c7Qs01yyJTH2PflklAr1DpMOeFCUPRyG3W0R7C4nuJQ75rKq oUu+UrF8p+VjxON0P0sFldu/0yEl4oV66gNPk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+IHDCnre3MYFA9Jz2NCw2fcnovhNBV4xxu6WtuGYzNk=; b=Ctf7Eg/Kk2xmnv5N8fZABsuZcQNefOmL3p7D7p85qc8/+g7Jc7wZaTkwS0oZfoIlpb RwTTBynksAXUcIsapttJIE8uSHuGkfI634vk21IKUUTe1BrL4XKAskP/zcjZicseEb7Y ZHU0ct0KBViMEODltN/wZ0NR1tbFI0HQfOzuxqTmXygpT8CKec2mC6HcO0MIiCaPqS85 8vvxXUsSy4m3n1CcfwYoFydjjD+TWDxzZzzE+fHWv23VBBLAaHzMXPTd24Fm8EJqTy5L oKlZfPDwzznubJ2U7X9ilyLDOB9kTlnKcTJvZB87KNMMTiPK8d9blatNeE34KqjCHNbx Bt8g== X-Gm-Message-State: APt69E0c4ZFAW2BACQUZS/yb/Wr69R7YSCyZ1kyRO1dbW4krDxQ9Jocn gzRXNOEWwBgFmdxE1eNHep4xIHKTwKJgA6dJiP2jp2E= X-Google-Smtp-Source: ADUXVKIbEmOrbc5uPfNobTtDCOqtt2OginkceBnb8cOHYIi5eMrhjONaQxC6Qdt31GfF+PtWo/TU4AYpcwUEMEdKtAo= X-Received: by 2002:a1f:7f06:: with SMTP id o6-v6mr26283vki.148.1529642098674; Thu, 21 Jun 2018 21:34:58 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ab0:4546:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 21:34:58 -0700 (PDT) In-Reply-To: References: From: Gordon Tetlow Date: Thu, 21 Jun 2018 21:34:58 -0700 Message-ID: Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE To: Denis Polygalov Cc: freebsd-security Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 04:35:00 -0000 Hmm. I'm unable to reproduce the error in any of my testing scenarios. I apologize for not being to help further. As kib advised, if you can please post a verbose dmesg from a successful boot along with where you believe the panic occurs on a bad boot. Gordon On Thu, Jun 21, 2018 at 5:13 AM, Denis Polygalov wrote: > Seems like I did not cc my reply to the mailing list. > Doing it now because I found a hint which may > lead to the cause of the reboot loop. > > Removing: > > linux_load="YES" > linprocfs_load="YES" > linsysfs_load="YES" > > prevent the reboot loop in multi-user mode but > leave me without Linux emulation... > > Regards, > Denis. > >> Hi Gordon, >> >> this is real hardware. I found the reason (see below). >> Setting hw.lazy_fpu_switch=1 in /boot/loader.conf makes no difference. >> No panic messages. >> I can tell you when it happen. Here is the boot messages: >> ... skipped ... >> Timecounters tick every 1.000 msec >> nvme cam probe device init >> ugen2.1: at usbus2 >> ugen1.1: at usbus1 >> ugen0.1: at usbus0 >> uhub0: on usbus2 >> uhub1: on usbus0 >> uhub2: on usbus1 >> uhub1: 2 ports with 2 removable, self powered >> uhub2: 2 ports with 2 removable, self powered >> uhub0: 4 ports with 4 removable, self powered >> >> <---- here screen (local monitor) goes black and machine restarted. >> >> ada0 at ata2 bus 0 scbus8 target 0 lun 0 >> ada0: ATA8-ACS SATA 3.x device >> ada0: Serial Number WD-WMC1P0D1KEHJ >> ada0: 150.000MB/s transfers (SATA 1.x, UDMA5, PIO 8192bytes) >> ada0: 1907729MB (3907029168 512 byte sectors) >> da0 at ciss0 bus 0 scbus0 target 0 lun 0 >> da0: Fixed Direct Access SCSI device >> da0: 135.168MB/s transfers >> da0: Command Queueing enabled >> da0: 858293MB (1757784604 512 byte sectors) >> Trying to mount root from ufs:/dev/da0s1a [rw]... >> >> I noticed that I can boot the *patched* kernel in single user mode. >> Removing these 3 lines from the /boot/loader.conf fixed rebooting loop >> problem: >> >> linux_load="YES" >> linprocfs_load="YES" >> linsysfs_load="YES" >> >> This machine is used as a test bench to test stuff >> before deploying on a production server. >> We need Linux emulation support on the production >> server to run closed source software... >> So... maybe this will help someone. >> >> Blaming evil penguins, >> Denis > > > > > On 21/06/2018 4:19 PM, Gordon Tetlow wrote: >> >> On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov >> wrote: >>> >>> What I did is following: >>> >>> # uname -a >>> FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue >>> May 8 05:21:56 UTC 2018 >>> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >>> >>> # freebsd-update fetch >>> Looking up update.FreeBSD.org mirrors... 3 mirrors found. >>> Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... >>> done. >>> Fetching metadata index... done. >>> Inspecting system... done. >>> Preparing to download files... done. >>> >>> The following files will be updated as part of updating to >>> 11.1-RELEASE-p11: >>> /boot/kernel/kernel >>> >>> Installing this update cause endless reboot loop. >>> >>> # cat /boot/loader.conf >>> kern.maxfiles="32768" >>> zfs_load="YES" >>> linux_load="YES" >>> linprocfs_load="YES" >>> linsysfs_load="YES" >>> >>> # dmesg |grep CPU >>> CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) >>> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >>> SMP: AP CPU #1 Launched! >>> SMP: AP CPU #3 Launched! >>> SMP: AP CPU #2 Launched! >>> cpu0: on acpi0 >>> cpu1: on acpi0 >>> cpu2: on acpi0 >>> cpu3: on acpi0 >>> acpi_perf0: on cpu0 >>> est: CPU supports Enhanced Speedstep, but is not recognized. >>> est: CPU supports Enhanced Speedstep, but is not recognized. >>> est: CPU supports Enhanced Speedstep, but is not recognized. >>> >>> The machine is HP ProLiant ML350 >> >> >> Sorry to hear you are having a problem. >> >> Just to confirm, this is running on hardware and not on a Xen >> hypervisor, correct? >> >> Assuming it's running directly on the hardware, can you see if setting: >> hw.lazy_fpu_switch=1 >> in /boot/loader.conf makes any difference? >> >> Is there any panic message? >> >> Thanks, >> Gordon >> > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Fri Jun 22 05:27:22 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED34F100EB00 for ; Fri, 22 Jun 2018 05:27:21 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A6C97F0D1 for ; Fri, 22 Jun 2018 05:27:21 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: by mail-pf0-x244.google.com with SMTP id h12-v6so2631480pfk.11 for ; Thu, 21 Jun 2018 22:27:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uZDY3vTxOWMSjrNvLm+aPmvGQOKDF3zU/4LFWFyhAdE=; b=k89EHl4+qN/8KS21hPk30wzCf5IMdZKmMvravyXKeY2wW8PrBesq/agmLr4R86ZFOv H0nnwN1Gz8HQSvnRAJ9PoEMflfbcTIaG0VxWdT9Bnr1Wv121P1dBW/oZT5Z8pzZYvl6W z056c5wbcWXWb6qQqu1gQhE+TwcGbQ2l6tXu6Gqp7FEF3XHVZZykA3D/d9rqOcn0/T+q 7zBtBWIpHxZJL3rMLVJQYuJcX2gsG0DRYEOq+vsJGxKrZ0naRaXjPLUK4NdykFFY4Nna UxuLx21TTxB/A4y/V0q9ZBqPnp8Wm7j1k9HT2ONU6nxMKkwwDkY2WwkNjqdL03C3E9Vw G3Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uZDY3vTxOWMSjrNvLm+aPmvGQOKDF3zU/4LFWFyhAdE=; b=hWZs5cr97K59SNHdY9j9m16347wejoKKpNAjlx3EMXuDFdc4uPThdVXotfUium8Krh s4NtSGPedvTAc80M+LysOTPHDQEKdBMjUB77/ybtIXc5h2LXAYIbF9oT7lnfdlmMqBG3 GtU//3G1c8eE5QnZ5T0Q8jEcHJnblPxsIomwtvPN95fPjHNYt+T45z0lC26nH4uNDmSu qxULYiFR/br/uJUWui9W2yf4fRJ4QRLjRUTfKOSvLNqSB80nM52Pxqjxj41KXbiHcTow zDAotH0Sf1ciYBGjcCgeH5/CQ+QXuDOR4DHuCMcHddFTxA8mgCsF06J/lBUc9UYZbRhz S67A== X-Gm-Message-State: APt69E34WQFIffHLCzfjUeNw9GAokamx6l5WAvKMJ/SSgD8PE2zToeAP GvMEk7NX9nYifWUMty5SqlKIKP3fCaCIt6YTXtQ= X-Google-Smtp-Source: ADUXVKKuA6IUOkSSvaYgQTGRUdC7Na0n7WWKbT4rBOeJte5c+IiBGrN7nCkflYL4B9NiF4FW2IKMeXdenmkP7dfLMAs= X-Received: by 2002:a63:3807:: with SMTP id f7-v6mr116495pga.446.1529645240292; Thu, 21 Jun 2018 22:27:20 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:65c1:0:0:0:0 with HTTP; Thu, 21 Jun 2018 22:27:19 -0700 (PDT) In-Reply-To: References: From: Denis Polygalov Date: Fri, 22 Jun 2018 14:27:19 +0900 Message-ID: Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE To: Gordon Tetlow Cc: freebsd-security Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 05:27:22 -0000 Hi Gordon, I was about to make the verbose dmesg output as requested but before doing so I did just # kldload linux.so on the patched kernel. Nothing bad happend. Then I restarted with linux_* lines enabled in the loader.conf and choose verbose dmesg in boot menu. Boot and ... everything was OK. Then non-verbose dmesg and linux_* lines enabled - no problems. So _suddenly_ it is fixed. I had 3 enters into reboot loops yesterday... I will send the verbose dmesg by separated e-mail. Regards, Denis On 6/22/18, Gordon Tetlow wrote: > Hmm. I'm unable to reproduce the error in any of my testing scenarios. > I apologize for not being to help further. As kib advised, if you can > please post a verbose dmesg from a successful boot along with where > you believe the panic occurs on a bad boot. > > Gordon > > On Thu, Jun 21, 2018 at 5:13 AM, Denis Polygalov wrote: >> Seems like I did not cc my reply to the mailing list. >> Doing it now because I found a hint which may >> lead to the cause of the reboot loop. >> >> Removing: >> >> linux_load="YES" >> linprocfs_load="YES" >> linsysfs_load="YES" >> >> prevent the reboot loop in multi-user mode but >> leave me without Linux emulation... >> >> Regards, >> Denis. >> >>> Hi Gordon, >>> >>> this is real hardware. I found the reason (see below). >>> Setting hw.lazy_fpu_switch=1 in /boot/loader.conf makes no difference. >>> No panic messages. >>> I can tell you when it happen. Here is the boot messages: >>> ... skipped ... >>> Timecounters tick every 1.000 msec >>> nvme cam probe device init >>> ugen2.1: at usbus2 >>> ugen1.1: at usbus1 >>> ugen0.1: at usbus0 >>> uhub0: on usbus2 >>> uhub1: on usbus0 >>> uhub2: on usbus1 >>> uhub1: 2 ports with 2 removable, self powered >>> uhub2: 2 ports with 2 removable, self powered >>> uhub0: 4 ports with 4 removable, self powered >>> >>> <---- here screen (local monitor) goes black and machine restarted. >>> >>> ada0 at ata2 bus 0 scbus8 target 0 lun 0 >>> ada0: ATA8-ACS SATA 3.x device >>> ada0: Serial Number WD-WMC1P0D1KEHJ >>> ada0: 150.000MB/s transfers (SATA 1.x, UDMA5, PIO 8192bytes) >>> ada0: 1907729MB (3907029168 512 byte sectors) >>> da0 at ciss0 bus 0 scbus0 target 0 lun 0 >>> da0: Fixed Direct Access SCSI device >>> da0: 135.168MB/s transfers >>> da0: Command Queueing enabled >>> da0: 858293MB (1757784604 512 byte sectors) >>> Trying to mount root from ufs:/dev/da0s1a [rw]... >>> >>> I noticed that I can boot the *patched* kernel in single user mode. >>> Removing these 3 lines from the /boot/loader.conf fixed rebooting loop >>> problem: >>> >>> linux_load="YES" >>> linprocfs_load="YES" >>> linsysfs_load="YES" >>> >>> This machine is used as a test bench to test stuff >>> before deploying on a production server. >>> We need Linux emulation support on the production >>> server to run closed source software... >>> So... maybe this will help someone. >>> >>> Blaming evil penguins, >>> Denis >> >> >> >> >> On 21/06/2018 4:19 PM, Gordon Tetlow wrote: >>> >>> On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov >>> wrote: >>>> >>>> What I did is following: >>>> >>>> # uname -a >>>> FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue >>>> May 8 05:21:56 UTC 2018 >>>> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >>>> >>>> # freebsd-update fetch >>>> Looking up update.FreeBSD.org mirrors... 3 mirrors found. >>>> Fetching metadata signature for 11.1-RELEASE from >>>> update6.freebsd.org... >>>> done. >>>> Fetching metadata index... done. >>>> Inspecting system... done. >>>> Preparing to download files... done. >>>> >>>> The following files will be updated as part of updating to >>>> 11.1-RELEASE-p11: >>>> /boot/kernel/kernel >>>> >>>> Installing this update cause endless reboot loop. >>>> >>>> # cat /boot/loader.conf >>>> kern.maxfiles="32768" >>>> zfs_load="YES" >>>> linux_load="YES" >>>> linprocfs_load="YES" >>>> linsysfs_load="YES" >>>> >>>> # dmesg |grep CPU >>>> CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) >>>> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >>>> SMP: AP CPU #1 Launched! >>>> SMP: AP CPU #3 Launched! >>>> SMP: AP CPU #2 Launched! >>>> cpu0: on acpi0 >>>> cpu1: on acpi0 >>>> cpu2: on acpi0 >>>> cpu3: on acpi0 >>>> acpi_perf0: on cpu0 >>>> est: CPU supports Enhanced Speedstep, but is not recognized. >>>> est: CPU supports Enhanced Speedstep, but is not recognized. >>>> est: CPU supports Enhanced Speedstep, but is not recognized. >>>> >>>> The machine is HP ProLiant ML350 >>> >>> >>> Sorry to hear you are having a problem. >>> >>> Just to confirm, this is running on hardware and not on a Xen >>> hypervisor, correct? >>> >>> Assuming it's running directly on the hardware, can you see if setting: >>> hw.lazy_fpu_switch=1 >>> in /boot/loader.conf makes any difference? >>> >>> Is there any panic message? >>> >>> Thanks, >>> Gordon >>> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" >