Re: [RFC PATCH 5/6] security/fbfam: Detect a fork brute force attack

From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [RFC PATCH 5/6] security/fbfam: Detect a fork brute force attack
Date: Sat, 12 Sep 2020 08:47:31 +0800	[thread overview]
Message-ID: <202009120858.HTfAlR0e%lkp@intel.com> (raw)
In-Reply-To: <20200910202107.3799376-6-keescook@chromium.org>

[-- Attachment #1: Type: text/plain, Size: 3258 bytes --]

Hi Kees,

[FYI, it's a private test report for your RFC patch.]
[auto build test ERROR on tip/sched/core]
[also build test ERROR on kees/for-next/pstore linus/master v5.9-rc4]
[cannot apply to security/next-testing next-20200911]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Kees-Cook/Fork-brute-force-attack-mitigation-fbfam/20200911-042512
base:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git 848785df48835eefebe0c4eb5da7690690b0a8b7
config: microblaze-randconfig-r033-20200911 (attached as .config)
compiler: microblaze-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=microblaze 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   microblaze-linux-ld: security/fbfam/fbfam.o: in function `fbfam_handle_attack':
>> security/fbfam/fbfam.c:206: undefined reference to `__udivdi3'

# https://github.com/0day-ci/linux/commit/2a9c0b8f7327cdab5ef73c9a9a4447d25c084bca
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/Fork-brute-force-attack-mitigation-fbfam/20200911-042512
git checkout 2a9c0b8f7327cdab5ef73c9a9a4447d25c084bca
vim +206 security/fbfam/fbfam.c

   176	
   177	/**
   178	 * fbfam_handle_attack() - Fork brute force attack detection.
   179	 * @signal: Signal number that causes the core dump.
   180	 *
   181	 * The crashing rate of an application is computed in milliseconds per fault in
   182	 * each crash. So, if this rate goes under a certain threshold there is a clear
   183	 * signal that the application is crashing quickly. At this moment, a fork brute
   184	 * force attack is happening.
   185	 *
   186	 * Return: -EFAULT if the current task doesn't have statistical data. Zero
   187	 *         otherwise.
   188	 */
   189	int fbfam_handle_attack(int signal)
   190	{
   191		struct fbfam_stats *stats = current->fbfam_stats;
   192		u64 delta_jiffies, delta_time;
   193		u64 crashing_rate;
   194	
   195		if (!stats)
   196			return -EFAULT;
   197	
   198		if (!(signal == SIGILL || signal == SIGBUS || signal == SIGKILL ||
   199		      signal == SIGSEGV || signal == SIGSYS))
   200			return 0;
   201	
   202		stats->faults += 1;
   203	
   204		delta_jiffies = get_jiffies_64() - stats->jiffies;
   205		delta_time = jiffies64_to_msecs(delta_jiffies);
 > 206		crashing_rate = delta_time / (u64)stats->faults;
   207	
   208		if (crashing_rate < (u64)sysctl_crashing_rate_threshold)
   209			pr_warn("fbfam: Fork brute force attack detected\n");
   210	
   211		return 0;
   212	}
   213	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31538 bytes --]