View previous topic :: View next topic |
Author |
Message |
freke l33t
Joined: 23 Jan 2003 Posts: 977 Location: Somewhere in Denmark
|
Posted: Fri Nov 26, 2021 5:17 pm Post subject: gentoo-sources-5.15.4 |
|
|
Hi,
Upgraded from the 5.10 LTS to 5.15 LTS and seeing this in my dmesg Code: | [ 0.056329] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.15.5-gentoo root=/dev/sda1 ro rootfstype=ext4 splash console=ttyS0,115200n8 apparmor=1 security=apparmor nordrand net.ifnames=0 init_on_alloc=1 init_on_free=1 slab_nomerge pti=on nosmt slub_debug=ZF
[ 0.056907] Unknown kernel command line parameters "splash BOOT_IMAGE=/boot/vmlinuz-5.15.5-gentoo pti=on", will be passed to user space.
[ 0.059055] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[ 0.060172] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[ 0.060288] mem auto-init: stack:byref_all(zero), heap alloc:on, heap free:on
[ 0.060295] mem auto-init: clearing system memory may take some time...
[ 2.343496] Memory: 4011760K/4176032K available (10242K kernel code, 2319K rwdata, 1696K rodata, 1288K init, 3864K bss, 164012K reserved, 0K cma-reserved)
[ 2.343531] **********************************************************
[ 2.343535] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 2.343539] ** **
[ 2.343543] ** This system shows unhashed kernel memory addresses **
[ 2.343547] ** via the console, logs, and other interfaces. This **
[ 2.343550] ** might reduce the security of your system. **
[ 2.343554] ** **
[ 2.343557] ** If you see this message and you are not debugging **
[ 2.343561] ** the kernel, report this immediately to your system **
[ 2.343564] ** administrator! **
[ 2.343568] ** **
[ 2.343571] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 2.343575] **********************************************************
[ 2.343584] random: get_random_u64 called from __kmem_cache_create+0x21/0x490 with crng_init=0 | I don't really know what debugging I'm supposed to turn off? Code: | # CONFIG_DEBUG_KERNEL is not set |
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21639
|
Posted: Fri Nov 26, 2021 6:08 pm Post subject: |
|
|
This message comes from:This can be triggered by a kernel command-line parameter no_hash_pointers, which you don't have, or by a direct call from:__slub_debug_enabled() is implemented as one of two functions, depending on a Kconfig parameter you didn't show. Choice 1:Choice 2:Choice 2 is clearly not it, as it would always return false, and never call no_hash_pointers_enable. Therefore, you must have used choice 1. Choice 1 is inside two preprocessor guards that look interesting and relevant:You are using SLUB, and you apparently set SLUB_DEBUG_ON, causing it to default to enabling SLUB debugging. This is probably not what you want, even aside from the scary notice. Set SLUB_DEBUG_ON=n and rebuild your kernel. You might also want to set SLUB_DEBUG=n, but that is not required for eliminating the scary message. If you are not a kernel developer or pursuing a problem on behalf of a developer, you probably want SLUB_DEBUG=n. |
|
Back to top |
|
|
freke l33t
Joined: 23 Jan 2003 Posts: 977 Location: Somewhere in Denmark
|
Posted: Fri Nov 26, 2021 7:48 pm Post subject: |
|
|
Oh thanks alot - I had that enabled after having a look at: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
Code: | # Wipe slab and page allocations (Since v5.3; supersedes "slub_debug=P" and "page_poison=1" below)
# See CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y and CONFIG_INIT_ON_FREE_DEFAULT_ON=y above.
init_on_alloc=1
init_on_free=1
# Randomize kernel stack offset on syscall entry (since v5.13).
# See CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT above.
randomize_kstack_offset=on
# Disable slab merging (makes many heap overflow attacks more difficult).
slab_nomerge
# Always enable Kernel Page Table Isolation, even if the CPU claims it is safe from Meltdown.
pti=on
# To prevent against L1TF, at the cost of losing hyper threading (slow).
nosmt
# Enable SLUB redzoning and sanity checking (slow; requires CONFIG_SLUB_DEBUG=y above).
slub_debug=ZF
# (Before v5.3 without "init_on_free=1") Enable slub/slab allocator free poisoning (requires CONFIG_SLUB_DEBUG=y above).
slub_debug=P
# (Before v5.3 without "init_on_free=1") Enable buddy allocator free poisoning (requires CONFIG_PAGE_POISONING=y above).
page_poison=1 |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|