| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Apr 2014 13:27:15 +0800
From: Jet Chen <jet.chen@...el.com>
To: "H. Peter Anvin" <hpa@...ux.intel.com>
CC: LKML <linux-kernel@...r.kernel.org>,
Fengguang Wu <fengguang.wu@...el.com>
Subject: [x86, smap] general protection fault: fff2 [#1] PREEMPT DEBUG_PAGEALLOC
Hi Peter,
I got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 4640c7ee9b8953237d05a61ea3ea93981d1bc961
Author: H. Peter Anvin <hpa@...ux.intel.com>
AuthorDate: Thu Feb 13 07:46:04 2014 -0800
Commit: H. Peter Anvin <hpa@...ux.intel.com>
CommitDate: Thu Feb 13 08:40:52 2014 -0800
x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
If CONFIG_X86_SMAP is disabled, smap_violation() tests for conditions
which are incorrect (as the AC flag doesn't matter), causing spurious
faults.
The dynamic disabling of SMAP (nosmap on the command line) is fine
because it disables X86_FEATURE_SMAP, therefore causing the
static_cpu_has() to return false.
Found by Fengguang Wu's test system.
[ v3: move all predicates into smap_violation() ]
[ v2: use IS_ENABLED() instead of #ifdef ]
Reported-by: Fengguang Wu <fengguang.wu@...el.com>
Link: http://lkml.kernel.org/r/20140213124550.GA30497@localhost
Signed-off-by: H. Peter Anvin <hpa@...ux.intel.com>
Cc: <stable@...r.kernel.org> # v3.7+
+------------------------------------------------+------------+------------+
| | 03bbd596ac | 4640c7ee9b |
+------------------------------------------------+------------+------------+
| boot_successes | 920 | 282 |
| boot_failures | 280 | 18 |
| Kernel_panic-not_syncing:No_working_init_found | 248 | |
| backtrace:panic | 248 | |
| BUG:soft_lockup-CPU_stuck_for_s | 31 | |
| RIP:arch_local_irq_enable | 31 | |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 31 | |
| backtrace:setup_IO_APIC | 31 | |
| backtrace:APIC_init_uniprocessor | 31 | |
| backtrace:kernel_init_freeable | 31 | |
| BUG:kernel_boot_hang | 1 | 0 |
| general_protection_fault:fff2 | 0 | 18 |
| RIP:arch_local_irq_restore | 0 | 18 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
| backtrace:SYSC_reboot | 0 | 18 |
| backtrace:SyS_reboot | 0 | 18 |
+------------------------------------------------+------------+------------+
Rebooting... [ 371.058724] reboot: Restarting system
[ 371.058724] reboot: machine restart
[ 371.380921] general protection fault: fff2 [#1] PREEMPT DEBUG_PAGEALLOC
[ 371.380921] Modules linked in:
[ 371.380921] CPU: 0 PID: 230 Comm: reboot Not tainted 3.14.0-rc1-00186-g4640c7e #1
[ 371.380921] task: ffff880011f54000 ti: ffff880011f66000 task.ti: ffff880011f66000
[ 371.380921] RIP: 0010:[<ffffffff81016663>] [<ffffffff81016663>] arch_local_irq_restore+0x6/0xd
[ 371.380921] RSP: 0018:ffff880011f67dc8 EFLAGS: 00000202
[ 371.380921] RAX: ffffffff8160a550 RBX: 0000000000000202 RCX: 0000005677d85f2c
[ 371.380921] RDX: 0000000000010000 RSI: 000000000000000f RDI: 0000000000000202
[ 371.380921] RBP: ffff880011f67dc8 R08: 0000000000000001 R09: 0000000000000000
[ 371.380921] R10: 00000000000092dc R11: 0000000000000000 R12: 0000000028121969
[ 371.380921] R13: 00007fffb011e210 R14: 00000000fee1dead R15: 0000000000000001
[ 371.380921] FS: 00007f7d26ef9700(0000) GS:ffffffff81603000(0000) knlGS:0000000000000000
[ 371.380921] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 371.380921] CR2: 00007f7d26a1f999 CR3: 0000000011f5b000 CR4: 00000000001006b0
[ 371.380921] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 371.380921] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[ 371.380921] Stack:
[ 371.380921] ffff880011f67de0 ffffffff81017036 0000000000000000 ffff880011f67df0
[ 371.380921] ffffffff8101632f ffff880011f67e00 ffffffff8101656c ffff880011f67e10
[ 371.380921] ffffffff810165d3 ffff880011f67e20 ffffffff8101660f ffff880011f67e38
[ 371.380921] Call Trace:
[ 371.380921] [<ffffffff81017036>] lapic_shutdown+0x46/0x49
[ 371.380921] [<ffffffff8101632f>] native_machine_shutdown+0x13/0x20
[ 371.380921] [<ffffffff8101656c>] machine_shutdown+0xf/0x11
[ 371.380921] [<ffffffff810165d3>] native_machine_restart+0x25/0x37
[ 371.380921] [<ffffffff8101660f>] machine_restart+0xf/0x11
[ 371.380921] [<ffffffff81057e4d>] kernel_restart+0x54/0x57
[ 371.380921] [<ffffffff81057fe7>] SYSC_reboot+0xbb/0x168
[ 371.380921] [<ffffffff810ae16f>] ? __free_pages+0x27/0x48
[ 371.380921] [<ffffffff810ae1cd>] ? free_pages+0x3d/0x41
[ 371.380921] [<ffffffff810d2f19>] ? slob_free_pages+0x36/0x38
[ 371.380921] [<ffffffff810d39fb>] ? __kmem_cache_free+0x30/0x32
[ 371.380921] [<ffffffff810d3a54>] ? kmem_cache_free+0x3a/0x7d
[ 371.380921] [<ffffffff810e1ffb>] ? final_putname+0x34/0x37
[ 371.380921] [<ffffffff810d84ed>] ? do_sys_open+0xed/0xff
[ 371.380921] [<ffffffff8123ea26>] ? lockdep_sys_exit_thunk+0x35/0x67
[ 371.380921] [<ffffffff81058125>] SyS_reboot+0xe/0x10
[ 371.380921] [<ffffffff81386deb>] system_call_fastpath+0x1a/0x1f
[ 371.380921] Code: ff b9 50 00 00 00 48 89 e5 e8 fe 7f 32 00 0f b6 c4 c1 e0 19 48 98 5d c3 55 48 89 e5 e8 6a 23 ff ff 66 90 5d c3 55 48 89 e5 57 9d <66> 66 90 66 90 5d c3 55 48 89 e5 fa 66 66 90 66 66 90 5d c3 55 [ 371.380921] RIP [<ffffffff81016663>] arch_local_irq_restore+0x6/0xd
[ 371.380921] RSP <ffff880011f67dc8>
[ 371.380921] ---[ end trace 345c675a0d78fd90 ]---
[ 371.380921] Kernel panic - not syncing: Fatal exception
Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.
git bisect start v3.14 v3.13 --
git bisect good 494479038d97f1b9f76fc633a360a681acdf035c # 21:34 300+ 80 Merge tag 'pinctrl-v3.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
git bisect bad 751a03c3728ed393287374078b98c3094a0b3bd2 # 21:53 229- 3 Merge tag 'pm+acpi-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect bad 87eeff7974ae665f6d4d74c2f97c04d4b180b5d6 # 22:18 252- 11 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
git bisect bad 161aa772f972ec75b292f25d65816a6f1cd285cf # 22:51 281- 1 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 641f832c73babf0405c7afb41c8bfed999ebbad7 # 23:25 300+ 121 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
git bisect good 85643586677c877f28891200e0cb9514547af589 # 23:51 300+ 70 Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
git bisect good 5e57dc81106b942786f5db8e7ab8788bb9319933 # 00:28 300+ 84 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 3bd354abe17f2c8aa426ef84b78f14e505f0a920 # 00:58 300+ 86 Merge tag 'edac_for_3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
git bisect good eef445eedcd80aa4f3646cecf285cf934d264eb6 # 01:52 300+ 92 Merge tag 'pm+acpi-3.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good a9f180345f5378ac87d80ed0bea55ba421d83859 # 02:36 300+ 90 compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
git bisect bad 4640c7ee9b8953237d05a61ea3ea93981d1bc961 # 02:49 240- 1 x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
git bisect good 03bbd596ac04fef47ce93a730b8f086d797c3021 # 03:03 300+ 94 x86, smap: Don't enable SMAP if CONFIG_X86_SMAP is disabled
# first bad commit: [4640c7ee9b8953237d05a61ea3ea93981d1bc961] x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
git bisect good 03bbd596ac04fef47ce93a730b8f086d797c3021 # 03:17 900+ 280 x86, smap: Don't enable SMAP if CONFIG_X86_SMAP is disabled
git bisect bad 21d162b9c6aef0e9bea24f97fe2edefb5965e95c # 03:17 0- 4 0day head guard for 'devel-hourly-2014040912'
git bisect bad 4ba85265790ba3681deeaf73f018c0eb829a7341 # 03:37 756- 27 Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
git bisect bad 53101f8be33d9dab12a5994b154c2029fadaaab4 # 03:46 215- 19 Add linux-next specific files for 20140410
This script may reproduce the error.
-----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd
kvm=(
qemu-system-x86_64 -cpu Haswell,+smep,+smap -kernel $kernel
-initrd $initrd
-smp 2
-m 256M
-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
-net user,vlan=0
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-serial stdio
-display none
-monitor null
)
append=(
debug
sched_debug
apic=debug
ignore_loglevel
sysrq_always_enabled
panic=10
prompt_ramdisk=0
earlyprintk=ttyS0,115200
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
)
"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------
Thanks,
Jet
View attachment "dmesg-yocto-brickland3-173:20140411025202:x86_64-randconfig-i0-04091721:3.14.0-rc1-00186-g4640c7e:1" of type "text/plain" (42157 bytes)
View attachment "dmesg-quantal-brickland3-102:20140411031611:x86_64-randconfig-i0-04091721:3.14.0-rc1-00171-g03bbd59:1" of type "text/plain" (37658 bytes)
Download attachment "x86_64-randconfig-i0-04091721-21d162b9c6aef0e9bea24f97fe2edefb5965e95c-general-protection-fault:-fff--20451.log" of type "application/octet-stream" (54003 bytes)
View attachment "config-3.14.0-rc1-00186-g4640c7e" of type "text/plain" (74063 bytes)
Powered by blists - more mailing lists