TOMOYO
ForkHello.
Vadim Korschok wrote:
> PAX: kvm:6209, uid/euid: 0/0, attempted to modify kernel code
> BUG: unable to handle kernel paging request at ffffffff8059b040
> IP: [<ffffffffa00394d3>] intel_iommu_found+0x4d3/0x4075 [kvm_intel]
I see. That function is not TOMOYO related.
> Call Trace:
> [<ffffffffa0016b9b>] ? kvm_arch_vcpu_put+0xe/0x218 [kvm]
> [<ffffffffa001313d>] ? vcpu_put+0x9/0x9d [kvm]
> [<ffffffffa00196d1>] ? kvm_arch_vcpu_ioctl_run+0x5df/0x5ea [kvm]
> [<ffffffffa001474b>] ? kvm_resched+0x1c5/0x1048 [kvm]
> [<ffffffff8034a8f1>] ? ccs_capable+0xe1/0x1a6
> [<ffffffff8028a2a6>] ? vfs_ioctl+0x46/0x8f
> [<ffffffff8028a518>] ? do_vfs_ioctl+0x229/0x235
> [<ffffffff8028a575>] ? sys_ioctl+0x51/0x74
> [<ffffffff8020250b>] ? system_call_fastpath+0x16/0x1b
But ccs_capable() in vfs_ioctl() may be triggering this problem.
Will you backup /etc/ccs/profile.conf and /etc/ccs/domain_policy.conf in
kvm environment and overwrite as shown below and reboot the kvm?
# echo '0-COMMENT=dummy' > /etc/ccs/profile.conf
# : > /etc/ccs/domain_policy.conf
These configuration files will disable TOMOYO Linux.
If above configuration files solve this problem, please also try below steps.
ccs_capable() may sleep. I think it is safe to call function which may sleep
inside vfs_ioctl(), for "f_op->poll is the only vfs operation which is not
allowed to sleep".
Please restore /etc/ccs/profile.conf and /etc/ccs/domain_policy.conf and
apply below patch with "patch -p1 -R" and recompile and reboot.
--- linux-2.6.27.10.orig/fs/ioctl.c
+++ linux-2.6.27.10/fs/ioctl.c
@@ -35,6 +38,10 @@ static long vfs_ioctl(struct file *filp,
if (!filp->f_op)
goto out;
+ /***** TOMOYO Linux start. *****/
+ if (!ccs_capable(TOMOYO_SYS_IOCTL))
+ return -EPERM;
+ /***** TOMOYO Linux end. *****/
if (filp->f_op->unlocked_ioctl) {
error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
If ccs_capable() in vfs_ioctl() is the bug, this patch will solve the bug.
Regards.