[Linux-ima-user] kernel warnings

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello!

I am using IMA appraisal for files with a special Smack label (_ aka
floor) on a 3.19 kernel:

# Several dont_appraise fsmagic= entries.
...
# Appraise all operations on files with floor label.
appraise obj_user=_

With that policy, the system appears to work (although I have doubts
whether using that file attribute is really protecting against offline
attacks).

However, I get kernel messages that I haven't seen before, about "Root
dentry has weird name" and "warn_slowpath_common". Not sure whether the
two are releated. At least they appear close to each other in the
"dmesg" output below. Any suggestions?

systemd[1]: Started Journal Service.
uvesafb: framebuffer at 0xfd000000, mapped to 0xd0900000, using 16384k, total 16384k
fb0: VESA VGA frame buffer device
systemd-journald[91]: Received request to flush runtime journal from PID 1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 118 at /work/build/iot/x86/tmp-glibc/work-shared/qemux86/kernel-source/fs/dcache.c:2801 prepend_path+0x269/0x2d0()
Root dentry has weird name <>
Modules linked in: uvesafb
CPU: 0 PID: 118 Comm: systemd-machine Not tainted 3.19.2-yocto-standard #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org 04/01/2014
 00000000 00000000 cf3b5d14 c186f8b8 cf3b5d58 cf3b5d48 c104c61b c1ab3768
 cf3b5d74 00000076 c1ab36b8 00000af1 c1171a19 00000af1 c1171a19 ce99cd80
 cf81da10 cf81da00 cf3b5d60 c104c683 00000009 cf3b5d58 c1ab3768 cf3b5d74
Call Trace:
 [<c186f8b8>] dump_stack+0x4b/0x75
 [<c104c61b>] warn_slowpath_common+0x8b/0xc0
 [<c1171a19>] ? prepend_path+0x269/0x2d0
 [<c1171a19>] ? prepend_path+0x269/0x2d0
 [<c104c683>] warn_slowpath_fmt+0x33/0x40
 [<c1171a19>] prepend_path+0x269/0x2d0
 [<c1174414>] d_absolute_path+0x44/0x80
 [<c1387d21>] ima_d_path+0x31/0x70
 [<c1386937>] process_measurement+0x3b7/0x3d0
 [<c138696b>] ima_file_check+0x1b/0x20
 [<c116915b>] do_last.isra.35+0x32b/0xce0
 [<c1179b25>] ? mntput_no_expire+0x25/0x130
 [<c116bbc8>] path_openat+0x448/0x5d0
 [<c106f57b>] ? get_parent_ip+0xb/0x40
 [<c116c5a1>] do_filp_open+0x31/0x90
 [<c115d427>] do_sys_open+0x117/0x210
 [<c115f71d>] ? ____fput+0xd/0x10
 [<c115d542>] SyS_open+0x22/0x30
 [<c1875a4e>] syscall_call+0x7/0x7
---[ end trace 67874c631bfd91f2 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 118 at /work/build/iot/x86/tmp-glibc/work-shared/qemux86/kernel-source/fs/dcache.c:2801 prepend_path+0x269/0x2d0()
Root dentry has weird name <>
Modules linked in: uvesafb
CPU: 0 PID: 118 Comm: systemd-machine Tainted: G        W      3.19.2-yocto-standard #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org 04/01/2014
 00000000 00000000 cf3b5d14 c186f8b8 cf3b5d58 cf3b5d48 c104c61b c1ab3768
 cf3b5d74 00000076 c1ab36b8 00000af1 c1171a19 00000af1 c1171a19 ce99cd80
 cf81da10 cf81da00 cf3b5d60 c104c683 00000009 cf3b5d58 c1ab3768 cf3b5d74
Call Trace:
 [<c186f8b8>] dump_stack+0x4b/0x75
 [<c104c61b>] warn_slowpath_common+0x8b/0xc0
 [<c1171a19>] ? prepend_path+0x269/0x2d0
 [<c1171a19>] ? prepend_path+0x269/0x2d0
 [<c104c683>] warn_slowpath_fmt+0x33/0x40
 [<c1171a19>] prepend_path+0x269/0x2d0
 [<c1174414>] d_absolute_path+0x44/0x80
 [<c1387d21>] ima_d_path+0x31/0x70
 [<c1386937>] process_measurement+0x3b7/0x3d0
 [<c138696b>] ima_file_check+0x1b/0x20
 [<c116915b>] do_last.isra.35+0x32b/0xce0
 [<c1179b25>] ? mntput_no_expire+0x25/0x130
 [<c116bbc8>] path_openat+0x448/0x5d0
 [<c106f57b>] ? get_parent_ip+0xb/0x40
 [<c116c5a1>] do_filp_open+0x31/0x90
 [<c115d427>] do_sys_open+0x117/0x210
 [<c115f71d>] ? ____fput+0xd/0x10
 [<c115d542>] SyS_open+0x22/0x30
 [<c1875a4e>] syscall_call+0x7/0x7
---[ end trace 67874c631bfd91f3 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 167 at /work/build/iot/x86/tmp-glibc/work-shared/qemux86/kernel-source/fs/dcache.c:2801 prepend_path+0x269/0x2d0()
Root dentry has weird name <>
...

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.