Seg fault with custom proc device
Opened this issue · 0 comments
ninjamar commented
I decided to make a simple input/output proc device using https://xcellerator.github.io/posts/docker_escape/ and editing the code.
https://gist.github.com/ninjamar/fbf236cc09d3a00460b880d0220054b3
The idea is you echo text to /proc/input and it the text is read from /proc/output
vagrant@ubuntu2004:~/proc$ echo 'foo' > /proc/input
vagrant@ubuntu2004:~/proc$ cat /proc/output
fooInstead of foo I get segmentation fault
vagrant@ubuntu2004:~/proc$ sudo dmesg
[ 46.930281] proc: module verification failed: signature and/or required key missing - tainting kernel
[ 46.930668] input: loaded
[ 46.930669] output: loaded
[ 72.082289] Echoing to /proc/output
[ 76.900432] general protection fault: 0000 [#1] SMP PTI
[ 76.900509] CPU: 0 PID: 1530 Comm: cat Tainted: G OE 5.4.0-122-generic #138-Ubuntu
[ 76.900555] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 76.900628] RIP: 0010:proc_reg_release+0x3f/0x70
[ 76.900658] Code: 4d 8d 6c 24 18 4c 89 ef e8 9e 61 78 00 49 8b 44 24 08 48 8d 70 f8 4c 39 e6 75 0f eb 23 48 8b 76 08 48 83 ee 08 4c 39 e6 74 16 <48> 39 1e 75 ee 4c 89 e7 e8 a4 fe ff ff 31 c0 5b 41 5c 41 5d 5d c3
[ 76.900763] RSP: 0018:ffffa7f78053fe38 EFLAGS: 00010207
[ 76.900797] RAX: 7074756f2f636f72 RBX: ffff8ac6f57adf00 RCX: 0000000000000001
[ 76.900837] RDX: 0000000000000001 RSI: 7074756f2f636f6a RDI: ffff8ac6f25233d8
[ 76.900875] RBP: ffffa7f78053fe50 R08: 0000000000000000 R09: 0000000000000000
[ 76.900912] R10: 0000000000000010 R11: ffff8ac6f9044d90 R12: ffff8ac6f25233c0
[ 76.900956] R13: ffff8ac6f25233d8 R14: ffff8ac6fcd702a0 R15: ffff8ac6f911d6c0
[ 76.900994] FS: 00007ff192d4e580(0000) GS:ffff8ac6fda00000(0000) knlGS:0000000000000000
[ 76.901037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.901068] CR2: 00007ff1925c9000 CR3: 0000000070f22005 CR4: 00000000000606f0
[ 76.901111] Call Trace:
[ 76.901136] __fput+0xcc/0x260
[ 76.901158] ____fput+0xe/0x10
[ 76.901182] task_work_run+0x8f/0xb0
[ 76.901208] exit_to_usermode_loop+0x131/0x160
[ 76.901236] do_syscall_64+0x163/0x190
[ 76.901271] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 76.901302] RIP: 0033:0x7ff192c69817
[ 76.901326] Code: ff ff e8 7c 12 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 b3 5d f8 ff
[ 76.901417] RSP: 002b:00007ffe37cad108 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 76.901458] RAX: 0000000000000000 RBX: 00007ff1925ca000 RCX: 00007ff192c69817
[ 76.901496] RDX: 000000000000000f RSI: 0000000000022000 RDI: 0000000000000003
[ 76.901534] RBP: 0000000000000001 R08: 00007ff1925c9000 R09: 0000000000000000
[ 76.901572] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000
[ 76.901610] R13: 0000000000000fff R14: 0000000000020000 R15: 0000000000020000
[ 76.901649] Modules linked in: proc(OE) vboxsf(O) dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua input_leds vboxguest(O) serio_raw mac_hid sch_fq_codel ipmi_devintf ipmi_msghandler msr ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul vboxvideo crc32_pclmul drm_vram_helper ttm ghash_clmulni_intel drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops aesni_intel crypto_simd cryptd glue_helper ahci psmouse pata_acpi video libahci drm e1000 i2c_piix4
[ 76.901967] ---[ end trace 6f242403edf302ec ]---
[ 76.902006] RIP: 0010:proc_reg_release+0x3f/0x70
[ 76.902035] Code: 4d 8d 6c 24 18 4c 89 ef e8 9e 61 78 00 49 8b 44 24 08 48 8d 70 f8 4c 39 e6 75 0f eb 23 48 8b 76 08 48 83 ee 08 4c 39 e6 74 16 <48> 39 1e 75 ee 4c 89 e7 e8 a4 fe ff ff 31 c0 5b 41 5c 41 5d 5d c3
[ 76.902126] RSP: 0018:ffffa7f78053fe38 EFLAGS: 00010207
[ 76.902157] RAX: 7074756f2f636f72 RBX: ffff8ac6f57adf00 RCX: 0000000000000001
[ 76.902194] RDX: 0000000000000001 RSI: 7074756f2f636f6a RDI: ffff8ac6f25233d8
[ 76.902232] RBP: ffffa7f78053fe50 R08: 0000000000000000 R09: 0000000000000000
[ 76.903913] R10: 0000000000000010 R11: ffff8ac6f9044d90 R12: ffff8ac6f25233c0
[ 76.905237] R13: ffff8ac6f25233d8 R14: ffff8ac6fcd702a0 R15: ffff8ac6f911d6c0
[ 76.906543] FS: 00007ff192d4e580(0000) GS:ffff8ac6fda00000(0000) knlGS:0000000000000000
[ 76.908201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.909520] CR2: 00007ff1925c9000 CR3: 0000000070f22005 CR4: 00000000000606f0