From owner-freebsd-security@freebsd.org Thu Jun 21 12:14:00 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA2EA101D1E9 for ; Thu, 21 Jun 2018 12:14:00 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 211677A386 for ; Thu, 21 Jun 2018 12:14:00 +0000 (UTC) (envelope-from dpolyg@gmail.com) Received: by mail-pf0-x235.google.com with SMTP id a63-v6so1463180pfl.1 for ; Thu, 21 Jun 2018 05:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:cc:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=W/HJQ7uMjiozZBoMQieHFgzocS6P1zM/dLo5Tlh+tf4=; b=seCtzIkkVLfCdi3sLrKY9NrND+7XV/PN0YkdcY9QsTWZmI4B2Qbt1fhvFsRuPdGtRg fy8Tmzy6oGE6flDKk2BuRTrQ7++fCQscQt+UztqhOysL7jeZimMk28KqIzmxfkdhg8eS drnUBo6dbSciu8xugF0zX6a6IUB1SdhnL5pOaL7yq/Flp2xgJ6qu6xrizusq+w7G8HIy 5WR9rF6A+vWWUzaQiD/RtQPGhPWHLPdSyfOT7bJPcmOQ0Vdex/eq35cFZ4BAzQd0YB5h BHY4dFWL+Y8vr8R8jY42CSNxOSNWB2mM/MDPSO3Nv2W+rBZAZLT6cbDryncd0Jkn7kq2 lC+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=W/HJQ7uMjiozZBoMQieHFgzocS6P1zM/dLo5Tlh+tf4=; b=dJd7XrcCOCazXIB6ELej/zXp0V++2OEWa4XVK6ziXJkthSgKyf101x5I/JTr07zr3E ZC9hxi317XpLIlIMfkn/GY5bFMoMYylI6uF5bOxNFVSOuoNFvyVYEwNN4+XKiyZXzWwT CbIrs6VlDc0IJOUASMpt0k8++mnCLFG1+ZG/1AsC68ObaWEXj3Ds/oEU8gKSSkmqIc/8 GJl9eL/V5h8i1cVSyCqpxcEawWtAlHFollikpplEVIqyde/ZZFCMfmckItxmJOtOuviZ PT/r8qYLiPuFL9tIndjGOuw6obCZkffO5B1Zl4IdEv2B3QdEKSacxWRTAoYG+dXEcRY9 SfXg== X-Gm-Message-State: APt69E0YoIG59shWk1lAnZSajFuvr4qqK9mjOfK/6Vq8bmh6a0aGpVXm QAVnqbwJz5ALq0+dyo88YiRUwg== X-Google-Smtp-Source: ADUXVKLwGgqtJu2H43MFZwlQMZemxMPCHlIVUUO1kwvcDUMnSU22A7Lxktp+oVLaI3j9hSdhSyW4pg== X-Received: by 2002:a65:6355:: with SMTP id p21-v6mr21999614pgv.293.1529583238949; Thu, 21 Jun 2018 05:13:58 -0700 (PDT) Received: from [192.168.1.100] (ngn8-ppp274.tokyo.sannet.ne.jp. [157.192.113.20]) by smtp.googlemail.com with ESMTPSA id h124-v6sm9128176pfc.100.2018.06.21.05.13.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jun 2018 05:13:58 -0700 (PDT) Subject: Re: Recent security patch cause reboot loop on 11.1 RELEASE Cc: freebsd-security References: From: Denis Polygalov Message-ID: Date: Thu, 21 Jun 2018 21:13:54 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 12:14:01 -0000 Seems like I did not cc my reply to the mailing list. Doing it now because I found a hint which may lead to the cause of the reboot loop. Removing: linux_load="YES" linprocfs_load="YES" linsysfs_load="YES" prevent the reboot loop in multi-user mode but leave me without Linux emulation... Regards, Denis. > Hi Gordon, > > this is real hardware. I found the reason (see below). > Setting hw.lazy_fpu_switch=1 in /boot/loader.conf makes no difference. > No panic messages. > I can tell you when it happen. Here is the boot messages: > ... skipped ... > Timecounters tick every 1.000 msec > nvme cam probe device init > ugen2.1: at usbus2 > ugen1.1: at usbus1 > ugen0.1: at usbus0 > uhub0: on usbus2 > uhub1: on usbus0 > uhub2: on usbus1 > uhub1: 2 ports with 2 removable, self powered > uhub2: 2 ports with 2 removable, self powered > uhub0: 4 ports with 4 removable, self powered > > <---- here screen (local monitor) goes black and machine restarted. > > ada0 at ata2 bus 0 scbus8 target 0 lun 0 > ada0: ATA8-ACS SATA 3.x device > ada0: Serial Number WD-WMC1P0D1KEHJ > ada0: 150.000MB/s transfers (SATA 1.x, UDMA5, PIO 8192bytes) > ada0: 1907729MB (3907029168 512 byte sectors) > da0 at ciss0 bus 0 scbus0 target 0 lun 0 > da0: Fixed Direct Access SCSI device > da0: 135.168MB/s transfers > da0: Command Queueing enabled > da0: 858293MB (1757784604 512 byte sectors) > Trying to mount root from ufs:/dev/da0s1a [rw]... > > I noticed that I can boot the *patched* kernel in single user mode. > Removing these 3 lines from the /boot/loader.conf fixed rebooting loop problem: > > linux_load="YES" > linprocfs_load="YES" > linsysfs_load="YES" > > This machine is used as a test bench to test stuff > before deploying on a production server. > We need Linux emulation support on the production > server to run closed source software... > So... maybe this will help someone. > > Blaming evil penguins, > Denis On 21/06/2018 4:19 PM, Gordon Tetlow wrote: > On Wed, Jun 20, 2018 at 11:14 PM, Denis Polygalov wrote: >> What I did is following: >> >> # uname -a >> FreeBSD my_host_name 11.1-RELEASE-p10 FreeBSD 11.1-RELEASE-p10 #0: Tue >> May 8 05:21:56 UTC 2018 >> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >> >> # freebsd-update fetch >> Looking up update.FreeBSD.org mirrors... 3 mirrors found. >> Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... done. >> Fetching metadata index... done. >> Inspecting system... done. >> Preparing to download files... done. >> >> The following files will be updated as part of updating to 11.1-RELEASE-p11: >> /boot/kernel/kernel >> >> Installing this update cause endless reboot loop. >> >> # cat /boot/loader.conf >> kern.maxfiles="32768" >> zfs_load="YES" >> linux_load="YES" >> linprocfs_load="YES" >> linsysfs_load="YES" >> >> # dmesg |grep CPU >> CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.19-MHz K8-class CPU) >> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs >> SMP: AP CPU #1 Launched! >> SMP: AP CPU #3 Launched! >> SMP: AP CPU #2 Launched! >> cpu0: on acpi0 >> cpu1: on acpi0 >> cpu2: on acpi0 >> cpu3: on acpi0 >> acpi_perf0: on cpu0 >> est: CPU supports Enhanced Speedstep, but is not recognized. >> est: CPU supports Enhanced Speedstep, but is not recognized. >> est: CPU supports Enhanced Speedstep, but is not recognized. >> >> The machine is HP ProLiant ML350 > > Sorry to hear you are having a problem. > > Just to confirm, this is running on hardware and not on a Xen > hypervisor, correct? > > Assuming it's running directly on the hardware, can you see if setting: > hw.lazy_fpu_switch=1 > in /boot/loader.conf makes any difference? > > Is there any panic message? > > Thanks, > Gordon >