Bug 746698 (zombie) - No message to indicate that Zombies have eaten our brains.
Summary: No message to indicate that Zombies have eaten our brains.
Keywords:
Status: CLOSED ERRATA
Alias: zombie
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.4
Hardware: All
OS: All
urgent
urgent
Target Milestone: rc
: ---
Assignee: Prarit Bhargava
QA Contact: Evan McNabb
URL: http://www.cdc.gov/phpr/zombies.htm
Whiteboard:
Depends On:
Blocks: 747712 919528
TreeView+ depends on / blocked
 
Reported: 2011-10-17 14:43 UTC by Prarit Bhargava
Modified: 2018-05-01 01:03 UTC (History)
72 users (show)

Fixed In Version: kernel-2.6.32-229.el6
Doc Type: Bug Fix
Doc Text:
Previously, there was no way to tell whether you'd been bitten by a zombie, so you could unknowingly endanger your colleagues and eat their brains. RHEL6 has been updated to issue a warning of "BRRRAAAAAAIIIIINNNNNSSSSSSSS" so that you are aware that you have indeed been zombified.
Clone Of:
: 919528 (view as bug list)
Environment:
Last Closed: 2012-06-20 07:58:10 UTC
Target Upstream Version:


Attachments (Terms of Use)
RHEL6 Zombie patch (1.72 KB, patch)
2011-10-17 14:47 UTC, Prarit Bhargava
no flags Details | Diff
RHEL6 Zombie patch (3.30 KB, patch)
2011-10-17 20:11 UTC, Prarit Bhargava
no flags Details | Diff
RHEL6 Zombie patch (3.65 KB, patch)
2011-10-17 22:01 UTC, Prarit Bhargava
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 40594 None None None Never
Red Hat Product Errata RHSA-2012:0862 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update 2012-06-20 12:55:00 UTC

Description Prarit Bhargava 2011-10-17 14:43:52 UTC
Description of problem:  The RHEL6 kernel lacks a message that indicates that we have been attacked by Zombies.


Version-Release number of selected component (if applicable): 2.6.32-206.el6


How reproducible: 100%


Steps to Reproduce:
1. Step outside during Zombie attack.
2. Get bitten.
3. Return to office.
  
Actual results:  No indication that you are now a Zombie.


Expected results:  Some message indicating that you are a Zombie.


Additional info:

Comment 1 Prarit Bhargava 2011-10-17 14:47:55 UTC
Created attachment 528558 [details]
RHEL6 Zombie patch

Comment 2 Aristeu Rozanski 2011-10-17 14:59:39 UTC
I believe this is a blocker.

Comment 3 Aristeu Rozanski 2011-10-17 15:00:47 UTC
And hotfix/zstream candidate. Zombies don't respect the schedule and won't wait
until 6.3.

Comment 4 Evan McNabb 2011-10-17 15:13:57 UTC
How should QA test?

* Can devel provide sample killer Zombies that could be used to attack innocent victims?
* Do we have any spare victims that could be bit, or is that not in our CapEx budget for this year? (preferably located in the Westford office to limit the distance between them and me here in RDU)
* Could testing be performed in one of the partner cages in the lab?

Assuming these criteria are met, I am willing to set qa_ack+.

Comment 5 Aristeu Rozanski 2011-10-17 15:28:52 UTC
Adding Gurhan to Cc list. He had knee surgery recently and can't run much.
Will make a great victim.

Comment 6 Aristeu Rozanski 2011-10-17 15:32:38 UTC
Cc'ing jburke. this is the kind of automated test we'll want added on tier1.

Comment 7 Evan McNabb 2011-10-17 15:33:29 UTC
Oh, perfect. In that case I may want to be there in person to witness. Not sure if the travel budget will allow that though.

Comment 8 Mike Gahagan 2011-10-17 15:37:22 UTC
It was well established years ago that Fedora will eat Your Brannnnneeee!!! Should we clone this to Fedora as well or is the well known fact that Fedora has been a zombie since the early days sufficient?

http://www.redhat.com/archives/rhl-devel-list/2004-May/msg00104.html

Comment 9 Don Zickus 2011-10-17 17:54:31 UTC
I think we should tie this into the keyboard driver and detect if someone just randomly pushes lots of keys at once, clearly that would make them a zombie.

Perhaps, plugging in a network crossover cable, I mean who does that except zombies.

Comment 10 Evan McNabb 2011-10-17 18:14:41 UTC
It appears I've already been bitten:

emcnabb   2856  0.0  0.0      0     0 ?        Z    09:22   0:09 [chromium-browse] <defunct>

Clearly this is a 0-day invasion. Can I get a hotfix package ASAP?

Comment 11 Aristeu Rozanski 2011-10-17 18:22:37 UTC
A release note might be needed too to make things clear. Even though this will
work correctly it's not a zombie survival kit and/or other forms of zombie
detection replacement.

Comment 12 Mike Snitzer 2011-10-17 18:58:56 UTC
Linda's shot at closing this zombie bug wasn't a deathblow.. therefore this bug, much like the zombies we're preparing our defense for, IS ALIIIVVE!

Comment 13 Prarit Bhargava 2011-10-17 19:33:01 UTC
Mike -- I agree.  It takes a head shot to put a zombie down.

P.

Comment 14 Prarit Bhargava 2011-10-17 20:11:57 UTC
Created attachment 528649 [details]
RHEL6 Zombie patch

Better patch.  Modifies printk code to output Zombie notification.

P.

Comment 15 Prarit Bhargava 2011-10-17 20:13:44 UTC
... isn't this really a security issue? :)

P.

Comment 16 Aristeu Rozanski 2011-10-17 20:22:26 UTC
It is. I'm not pulling this patch without the ACK of the building security
officer.

Comment 17 Prarit Bhargava 2011-10-17 22:01:59 UTC
Created attachment 528662 [details]
RHEL6 Zombie patch

Changed "ZOMBIE" to more appropriate "OMGZOMBIE".

P.

Comment 18 Jarod Wilson 2011-10-18 00:44:00 UTC
Has this been cloned for RHEL5 yet? Lots of people haven't upgraded to 6 yet... Actually, simply using 5 still might suggest zombie users...

Comment 19 Bill Burns 2011-10-18 15:17:09 UTC
NACK, we need a new error code for false positives ENOZOMBIE

Comment 20 Jay Greguske 2011-10-18 15:46:52 UTC
We'll want to get this patch on the Brew builders as soon as possible. Half of Rel-Eng can't tell the difference between zombie/non-zombie anyway; there's no process defined for it.

Comment 21 Lon Hohberger 2011-10-18 16:01:13 UTC
Changing severity/priority to match the problem at hand.

Comment 23 Bill Burns 2011-10-18 17:13:43 UTC
Looks like the zombies got to Sly...and non one noticed in the RHEL meeting!

Comment 24 Aristeu Rozanski 2011-10-18 17:17:16 UTC
pm clearly can't be trusted anymore. people sneezing in the office. it's happening. reach for baseball bats and your tactical bacon cans people, the time
has come.

Comment 25 Prarit Bhargava 2011-10-18 17:21:28 UTC
Sly you should know better.  Zombies cannot be easily killed.

Comment 26 Prarit Bhargava 2011-10-18 17:25:08 UTC
Moving to 6.3 ... clalance can still POST.

P.

Comment 27 Dave Shin 2011-10-19 18:49:43 UTC
c'mon now my customers are pressuring me to get this fixed ASAP!!

SRM.

Comment 29 Don Howard 2011-10-20 14:35:52 UTC
I'm pretty certain that this will be needed in "Z" stream also.

Comment 30 Bill Burns 2011-10-20 14:42:48 UTC
+1...This whole thing is about the z-stream...we may need a v-stream when the vampire CVE comes in....

Comment 31 Jeremy West 2011-10-20 14:56:27 UTC
GSS approves the fix to restore brains after a zombie attack

Comment 32 Fabio Olive Leite 2011-10-20 15:00:55 UTC
Why do I always have to go in and fix Platform/OS? Are those zombie fields?

Setting Customer Facing flag to Yes. Customers have reported zombie processes forever.

Comment 33 Bryn M. Reeves 2011-10-20 15:22:36 UTC
I think we need a kbase to accompany this fix. We need to provide guidance on workarounds using improvised anti-zombie weapons likely to be at hand in an Enterprise computing environment.

Also do we need to add a discussion of zombie protection to our SLAs?

Comment 35 Fabio Olive Leite 2011-10-20 21:56:56 UTC
(In reply to comment #33)
> Also do we need to add a discussion of zombie protection to our SLAs?

RH Legal is crafting a Zombie-specific ZLA document to release with the Zombie-enabled versions. Of course the ZLA does not mention "best effort" anywhere.

Comment 36 Don Bayly 2011-10-21 11:31:22 UTC
Adding "OtherQA" to this in an effort to "Share the Love" with our partners.

NOTE: I would like to recommend adding an appropriate Zombie SKU to the Partner Entitlements, for those partners needing extra encouragement to help with the testing efforts

Comment 37 Larry Troan 2011-10-21 13:21:25 UTC
The local bokor has provided his ACK.

Has Legal verified no copyright infringement on George A. Romero ("Godfather of all Zombies") works to avoid future law suites by him or his estate? 

Incidentally, the first Red Hat Release was known as the "Halloween Release" because it was released on October 31, 1994. I have it on expert authority that Red Hat made a specific number of copies and when we ran out, Mark Ewing instructed the Red Hatters simply to stop answering their phones.

Comment 38 Bill Sanford 2012-01-11 19:07:36 UTC
We have interns in the QA Desktop group. I will ack the qe_test_coverage.

Comment 39 Kate Grainger 2012-01-11 23:34:18 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, there was no way to tell whether you'd been bitten by a zombie, so you could unknowingly endanger your colleagues and eat their brains. RHEL6 has been updated to issue a warning of "BRRRAAAAAAIIIIINNNNNSSSSSSSS" so that you are aware that you have indeed been zombified.

Comment 40 Ryan Lerch 2012-01-11 23:43:33 UTC
Technical Note has been added. 

If this note is incorrect, needs to be changed, or needs more Zombie references,  please edit the Technical Notes field above, and set the technical_notes flag to '?'

cheers,
ryanlerch

Comment 41 David Ryan 2012-01-11 23:59:26 UTC
From the perspective of the Docs team; assuming an increasing zombie
demographic, is there not an opportunity cost of not being first to market with
en_ZM? 

Also, just to clarify the meeting earlier, I suggested a "SWOT analysis", not a
"SWAT analysis". Could whoever called in the airstrike please cancel it. We're
losing far too many members of the control group, and HR were concerned that
their turnover and staff attrition KPI's are going through the roof.

Comment 42 Gary Smith 2012-01-12 09:37:32 UTC
Which Open Sores license is this released under?

Comment 43 Bryn M. Reeves 2012-01-12 09:57:54 UTC
Regarding comment #38, is it ethical to propose using interns as zombie fodder?

I don't recall a module in our compliance & ethics training that would apply to this situation...

Comment 44 Bill Sanford 2012-01-12 15:33:17 UTC
Bryn, maybe we can switch this to contractor/intern for liability purposes. I think it depends on the relationship that RH has negotiated with the placement services it uses. There is an ambiguity in the contracts or ethics training that it says nothing about Zombies, so it should be ok to use them until otherwise mandated if this becomes an issue.

Comment 46 J.H.M. Dassen (Ray) 2012-01-18 12:13:26 UTC
(In reply to comment #18)
> Has this been cloned for RHEL5 yet?

Shouldn't we focus on RHEL4 first? I don't like the pale green look on it...

Comment 47 Ondrej Vasik 2012-01-18 12:24:29 UTC
What ebout Extended Zombie Support for RHEL 2.1?

Comment 48 Bryn M. Reeves 2012-01-18 13:54:20 UTC
Ack. Field reports indicate AS2.1 and RHEL4 have been undead for some time.

Comment 49 Bill Sanford 2012-01-18 14:20:49 UTC
I can't guarantee test coverage until 7.0 is verified, then 6.3 and so on. We have a limited amount of contractors/interns, unless we have reqs for more, qe_coverage will be limited.

Comment 50 Aristeu Rozanski 2012-02-10 19:29:58 UTC
Patch(es) available on kernel-2.6.32-229.el6

Comment 53 Evan McNabb 2012-02-22 15:09:50 UTC
The transition of this bug to ON_QA lined up perfectly with new intern orientation. Great timing.

We started off by entering the training room and giving them a warm "Welcome to Red Hat" speech. After indoctrinating them with propaganda, we quickly unleashed a horde of apocalyptic zombies into the room and locked the door from the outside. Then it was lunchtime, where I had the meat-lovers pizza combo at Ruckus. Very tasty... and a good deal too.

An hour later we returned. Using a taser gun, we stunned them long enough to upgrade the kernel to -236.el6 for each intern, set the "OMGZOMBIES" option in grub, and connected up a serial console. They quickly returned to their senseless moaning about wanting more brains.

Here is sample output. For example, from intern #17:

# uname -a
Linux intern17.victim.rhts.eng.rdu.redhat.com 2.6.32-236.el6.x86_64 #1 SMP Mon Feb 20 10:01:09 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
# cat /proc/cmdline 
... KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM OMGZOMBIES
# dmesg
...
------------[ cut here ]------------
WARNING: at kernel/rh_taint.c:43 bitten_by_zombie+0x28/0x30() (Not tainted)
Hardware name: 2012 Client Platform
... ... ... BRAAAAIIIINNNNSSSSS
Modules linked in:
Pid: 0, comm: swapper Not tainted 2.6.32-236.el6.x86_64 #1
Call Trace:
 [<ffffffff81069b67>] ? warn_slowpath_common+0x87/0xc0
 [<ffffffff81069bff>] ? warn_slowpath_fmt_taint+0x3f/0x50
 [<ffffffff81c3e2a6>] ? console_setup+0xb1/0xf5
 [<ffffffff810995b8>] ? bitten_by_zombie+0x28/0x30
 [<ffffffff81c1fa12>] ? unknown_bootoption+0xe6/0x1ee
 [<ffffffff8108e5a7>] ? parse_args+0x167/0x2e0
 [<ffffffff814f09f8>] ? printk+0x41/0x49
 [<ffffffff81c1f92c>] ? unknown_bootoption+0x0/0x1ee
 [<ffffffff81c1fd58>] ? start_kernel+0x201/0x430
 [<ffffffff81c1f33a>] ? x86_64_start_reservations+0x125/0x129
 [<ffffffff81c1f438>] ? x86_64_start_kernel+0xfa/0x109
---[ end trace a7919e7f17c0a725 ]---
Disabling lock debugging due to kernel taint
[BRRAAIIIINNNSSSSS!] PID hash table entries: 4096 (order: 3, 32768 bytes)
[BRRAAIIIINNNSSSSS!] xsave/xrstor: enabled xstate_bv 0x7, cntxt size 0x340
[BRRAAIIIINNNSSSSS!] Checking aperture...
[BRRAAIIIINNNSSSSS!] No AGP bridge found
...

So looks good. Unfortunately, pretty much every department at Red Hat and also the University is frustrated we contaminated such a large batch of interns. We're still not sure what to do with all of them, so we'll send them up to Westford since they have more lab space. I'll provide FedEx tracking numbers via email.

Setting to VERIFIED.

Comment 57 Bill Sanford 2012-06-19 18:09:01 UTC
We are not sure that upstream hasn't been infected/eaten. We need to test upstream first for 6.4 to see that the fixes are implemented.

Comment 58 Dmitri Pal 2012-06-19 18:48:06 UTC
Please add steps to verify.

Comment 59 Evan McNabb 2012-06-19 18:51:57 UTC
This bug won't die, will it?

Comment 60 Bill Sanford 2012-06-19 18:56:41 UTC
Dmitri, steps are still being defined as we get interns to test.

Evan, no. There are always zombies.

Comment 61 Don Zickus 2012-06-19 20:16:50 UTC
The virus is live and released, we can't fail QA now.  Please file a new bz or clone this one to address any issues.

Cheers,
Don

Comment 62 Prarit Bhargava 2012-06-19 22:22:45 UTC
(In reply to comment #61)
> The virus is live and released, we can't fail QA now.  Please file a new bz
> or clone this one to address any issues.
> 

OMG ... we're now cloning zombies.

P.

Comment 63 errata-xmlrpc 2012-06-20 07:58:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0862.html

Comment 64 Bryn M. Reeves 2012-06-20 08:58:48 UTC
If a closed bug is dead and this bug is unclosed does that mean.... ?!?!?!?!

Comment 65 Dave Shin 2012-07-03 19:06:20 UTC
All right.  I just got word that there is an attack slated for our Independence day.  

Can we get a fix pls?/????

Comment 66 Jamie Duncan 2012-07-03 19:14:54 UTC
Should we make the public aware of this errata?

Comment 68 Justin Clift 2012-07-11 06:55:04 UTC
It's not just RHEL.  :(

Zombies seem to be stumbling into our Cloud products too. (!)

Yes, we now need awareness and warning messages for Virtual Zombies too.

(Oh, the horror!)

Comment 69 Dave Shin 2012-07-12 14:15:19 UTC
REQUEST MANAGEMENT ESCALATION!!

Well anybody alive?

Comment 70 Máirín Duffy 2012-07-12 20:43:55 UTC
BRRRAAAAAAIIIIINNNNNSSSSSSSS

Comment 71 Stephen Gallagher 2012-07-13 11:15:42 UTC
Oh no! Vegetarian zombies now too?

GRRRRAAAAAAAAIIIIIINNNNNNNSSSSSS

Comment 72 Dave Shin 2012-07-13 18:11:58 UTC
REQUEST MANAGEMENT ESCALATION!!

I think y'allll are ZOMBIEEEEEESSSSSSSSSSSSSSSSSSSSSSSS

Comment 73 J.H.M. Dassen (Ray) 2013-04-09 08:36:18 UTC
Brief documentation of this functionality has been added to <https://access.redhat.com/site/solutions/40594>, «Why is the kernel "tainted" and how are the taint values deciphered?», deferring to the CDC for recommended actions.

Comment 74 John Brier 2013-04-09 16:19:31 UTC
I notice on the kbase it says this is a Red Hat extension, does that mean this isn't upstream? If so, shouldn't we work to get it upstream so that the community can benefit from being properly prepared for Zombies and also to benefit from upstream compatibility and maintainability?

Comment 75 Justin Clift 2013-04-09 16:30:17 UTC
You're probably meaning this:

  https://github.com/bergwolf/rhel6/blob/master/kernel/rh_taint.c#L38

It's there if upstream wants it. :)

Comment 76 Justin Clift 2013-04-09 16:36:47 UTC
@Don Zikus:

  "I think we should tie this into the keyboard driver and detect if someone just randomly pushes lots of keys at once, clearly that would make them a zombie."

No, they might also be a cat. :)

Comment 77 Bill Sanford 2013-04-09 17:16:22 UTC
@Justin Clift 

Or if we see key logging that a git commit will then follow a random number of keys (From fists) hitting said keyboard.

Comment 78 J.H.M. Dassen (Ray) 2013-04-09 17:36:30 UTC
(In reply to comment #74)
> I notice on the kbase it says this is a Red Hat extension, does that mean
> this isn't upstream?

That's my understanding, yes.

> If so, shouldn't we work to get it upstream so that the community can
> benefit from being properly prepared for Zombies and also to benefit from
> upstream compatibility and maintainability?

I believe this has been attempted before with unfortunately little result
(cf. e.g. comment #55). Maybe it's time to, erm, resurrect that effort?

Comment 79 Ahmed Nazmy 2017-10-23 07:32:07 UTC
Do we have a reproducer for this?

Comment 80 Stephen Gallagher 2017-10-23 12:24:42 UTC
(In reply to Ahmed Nazmy from comment #79)
> Do we have a reproducer for this?

Zombies reproduce asexually.

Comment 81 Ahmed Nazmy 2017-10-25 07:27:38 UTC
(In reply to Stephen Gallagher from comment #80)
> (In reply to Ahmed Nazmy from comment #79)
> > Do we have a reproducer for this?
> 
> Zombies reproduce asexually.

Damn, this can only be faced by the first human conceived AI

Comment 82 Marek Czernek 2017-10-25 09:49:13 UTC
Though a kernel component, I think we could provide some integration with EWS/JWS... WDYT, Coty?

Comment 84 Coty Sutherland 2017-10-25 14:53:57 UTC
(In reply to Marek Czernek from comment #82)
> Though a kernel component, I think we could provide some integration with
> EWS/JWS... WDYT, Coty?

Sure?

Comment 85 Prarit Bhargava 2017-10-25 14:55:25 UTC
(In reply to Pavel Raiskup from comment #83)
> Are there still reasons to keep this private?

Sound attracts zombies.  Be careful out there.

P.

Comment 86 Igor Gnatenko 2017-10-25 15:41:33 UTC
I think this affects RHEL7 as well..

Comment 87 Prarit Bhargava 2017-10-26 11:40:26 UTC
BTW, if you add 'shadowman' as a kernel parameter in RHEL7 you also get a surprise.

P.


Note You need to log in before you can comment on or make changes to this bug.