lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Sun, 06 Apr 2014 10:42:23 -0400
From:	Sasha Levin <sasha.levin@...cle.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	"H. Peter Anvin" <hpa@...or.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	Dave Jones <davej@...hat.com>
Subject: mm,x86: page table corruption after adding reserve_memtype

Hi all,

While fuzzing with trinity inside a KVM tools guest running the latest -next
kernel, I've stumbled on the following spew:

[ 1590.944125] reserve_memtype added [mem 0xffff8800000b0000-0xffff8800000b0fff], track uncached-minus, req uncached-minus, ret uncached-minus
[ 1593.391567] trinity-c184: Corrupted page table at address 7f16a347d000
[ 1593.391567] PGD 120e67067 PUD 104d2c067 PMD 9b71b067 PTE ffff8800000b0235
[ 1593.391567] Bad pagetable: 0009 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 1593.391567] Dumping ftrace buffer:
[ 1593.391567]    (ftrace buffer empty)
[ 1593.391567] Modules linked in:
[ 1593.391567] CPU: 8 PID: 8739 Comm: trinity-c184 Not tainted 3.14.0-next-20140403-sasha-00022-g10224c0 #377
[ 1593.391567] task: ffff8800cb8f3000 ti: ffff880113d90000 task.ti: ffff880113d90000
[ 1593.391567] RIP: copy_user_generic_unrolled (arch/x86/lib/copy_user_64.S:142)
[ 1593.391567] RSP: 0018:ffff880113d91e80  EFLAGS: 00010206
[ 1593.391567] RAX: ffff880113d90000 RBX: 00007f16a347d000 RCX: 0000000000000003
[ 1593.391567] RDX: 0000000000000010 RSI: 00007f16a347d000 RDI: ffff880113d91e88
[ 1593.391567] RBP: ffff880113d91f68 R08: 00000000000f5a5a R09: 0000000000000000
[ 1593.391567] R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000009f
[ 1593.391567] R13: 000000000000009f R14: 00007f16a3444ae8 R15: 000000000000009f
[ 1593.391567] FS:  00007f16a346e700(0000) GS:ffff8801ef000000(0000) knlGS:0000000000000000
[ 1593.391567] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1593.391567] CR2: 00007f16a347d000 CR3: 0000000102ed6000 CR4: 00000000000006a0
[ 1593.391567] DR0: 0000000000696000 DR1: 0000000000696000 DR2: 0000000000000000
[ 1593.391567] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1593.391567] Stack:
[ 1593.391567]  ffffffff8c15f5fa 00007f16a3444ae8 0000000000000082 ffffffff8c27a9c5
[ 1593.391567]  ffff8800cb8f3000 000000000000009f 00007f16a3444ae8 ffff880113d91ec8
[ 1593.391567]  ffffffff8cb2e853 ffff880113d91ee8 ffffffff8c1c16e4 0000000000000282
[ 1593.391567] Call Trace:
[ 1593.391567] ? SYSC_adjtimex (kernel/time.c:218)
[ 1593.391567] ? context_tracking_user_exit (arch/x86/include/asm/paravirt.h:809 (discriminator 2) kernel/context_tracking.c:182 (discriminator 2))
[ 1593.391567] ? __this_cpu_preempt_check (lib/smp_processor_id.c:63)
[ 1593.391567] ? trace_hardirqs_on_caller (kernel/locking/lockdep.c:2557 kernel/locking/lockdep.c:2599)
[ 1593.391567] ? trace_hardirqs_on (kernel/locking/lockdep.c:2607)
[ 1593.391567] ? syscall_trace_enter (include/linux/context_tracking.h:27 arch/x86/kernel/ptrace.c:1461)
[ 1593.391567] ? tracesys (arch/x86/kernel/entry_64.S:738)
[ 1593.391567] SyS_adjtimex (kernel/time.c:209)
[ 1593.391567] tracesys (arch/x86/kernel/entry_64.S:749)
[ 1593.391567] Code: 82 8c 00 00 00 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 83 e2 3f c1 e9 06 74 4a <4c> 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 4c 89 07 4c 89 4f
[ 1593.391567] RIP copy_user_generic_unrolled (arch/x86/lib/copy_user_64.S:142)
[ 1593.391567]  RSP <ffff880113d91e80>


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists