| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Sep 2014 15:43:05 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Ingo Molnar <mingo@...nel.org>, Jet Chen <jet.chen@...el.com>,
Su Tao <tao.su@...el.com>, Yuanhan Liu <yuanhan.liu@...el.com>,
LKP <lkp@...org>, linux-kernel@...r.kernel.org
Subject: [hw_breakpoint] WARNING: at kernel/trace/trace_kprobe.c:1393
kprobe_trace_self_tests_init()
Hi Oleg,
0day kernel testing robot got the below dmesg and the first bad commit is
commit 8b4d801b2b123b6c09742f861fe44a8527b84d47
Author: Oleg Nesterov <oleg@...hat.com>
AuthorDate: Thu Jun 20 17:50:06 2013 +0200
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Thu Jun 20 17:57:00 2013 +0200
hw_breakpoint: Fix cpu check in task_bp_pinned(cpu)
trinity fuzzer triggered WARN_ONCE("Can't find any breakpoint
slot") in arch_install_hw_breakpoint() but the problem is not
arch-specific.
The problem is, task_bp_pinned(cpu) checks "cpu == iter->cpu"
but this doesn't account the "all cpus" events with iter->cpu <
0.
This means that, say, register_user_hw_breakpoint(tsk) can
happily create the arbitrary number > HBP_NUM of breakpoints
which can not be activated. toggle_bp_task_slot() is equally
wrong by the same reason and nr_task_bp_pinned[] can have
negative entries.
Simple test:
# perl -e 'sleep 1 while 1' &
# perf record -e mem:0x10,mem:0x10,mem:0x10,mem:0x10,mem:0x10 -p `pidof perl`
Before this patch this triggers the same problem/WARN_ON(),
after the patch it correctly fails with -ENOSPC.
Reported-by: Vince Weaver <vincent.weaver@...ne.edu>
Signed-off-by: Oleg Nesterov <oleg@...hat.com>
Acked-by: Frederic Weisbecker <fweisbec@...il.com>
Cc: <stable@...r.kernel.org>
Link: http://lkml.kernel.org/r/20130620155006.GA6324@redhat.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
+-----------------------------------------------------------------------+------------+------------+------------------+
| | 003002e04e | 8b4d801b2b | v3.17-rc7_093000 |
+-----------------------------------------------------------------------+------------+------------+------------------+
| boot_successes | 60 | 0 | 0 |
| boot_failures | 0 | 20 | 11 |
| WARNING:at_kernel/trace/trace_kprobe.c:kprobe_trace_self_tests_init() | 0 | 20 | 11 |
| backtrace:kprobe_trace_self_tests_init | 0 | 20 | 11 |
| backtrace:warn_slowpath_null | 0 | 20 | 11 |
| backtrace:kernel_init_freeable | 0 | 20 | 11 |
+-----------------------------------------------------------------------+------------+------------+------------------+
[ 4.188679] Testing kprobe tracing:
[ 4.189810] Could not insert probe at kprobe_trace_selftest_target+0: -22
[ 4.191076] ------------[ cut here ]------------
[ 4.191542] WARNING: at kernel/trace/trace_kprobe.c:1393 kprobe_trace_self_tests_init+0x69/0x7f0()
[ 4.192999] Modules linked in:
[ 4.193314] CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc3-00006-g8b4d801 #1
[ 4.193998] 0000000000000009 ffff880013881e78 ffffffff814f4abd ffff880013881eb0
[ 4.194733] ffffffff81075481 ffffffff81aa2570 0000000000000007 0000000000000000
[ 4.195469] 0000000000000000 0000000000000000 ffff880013881ec0 ffffffff810754ea
[ 4.196202] Call Trace:
[ 4.196513] [<ffffffff814f4abd>] dump_stack+0x27/0x30
[ 4.197399] [<ffffffff81075481>] warn_slowpath_common+0x91/0xd0
[ 4.197996] [<ffffffff81aa2570>] ? init_kprobe_trace+0xe8/0xe8
[ 4.198752] [<ffffffff810754ea>] warn_slowpath_null+0x2a/0x40
[ 4.199667] [<ffffffff81aa25d9>] kprobe_trace_self_tests_init+0x69/0x7f0
[ 4.200316] [<ffffffff81aa2570>] ? init_kprobe_trace+0xe8/0xe8
[ 4.200856] [<ffffffff8100031a>] do_one_initcall+0x16a/0x220
[ 4.201387] [<ffffffff81a824f5>] kernel_init_freeable+0x231/0x31b
[ 4.201948] [<ffffffff814ed750>] ? rest_init+0x160/0x160
[ 4.202458] [<ffffffff814ed766>] kernel_init+0x16/0x230
[ 4.202943] [<ffffffff8150897a>] ret_from_fork+0x7a/0xb0
[ 4.203813] [<ffffffff814ed750>] ? rest_init+0x160/0x160
[ 4.204530] ---[ end trace ecbec1edfe4cb96b ]---
[ 4.204957] error on probing function entry.
git bisect start v3.10 v3.9 --
git bisect good ff89acc563a0bd49965674f56552ad6620415fe2 # 05:50 20+ 0 Merge branch 'rcu/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu
git bisect good e4327859341f2d3a93b4b6fef2ea483eac1c270c # 08:08 20+ 0 Merge branch 'for-3.10' of git://git.samba.org/sfrench/cifs-2.6
git bisect good 2601ded7fd8827ddbcc450cbfb153b3f3c59b443 # 08:15 20+ 0 Merge tag 'sound-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
git bisect good 9e895ace5d82df8929b16f58e9f515f6d54ab82d # 08:19 20+ 0 Linux 3.10-rc7
git bisect bad 1a506e473576cdcb922d339aea76b67d0fe344f7 # 08:23 0- 20 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
git bisect good 78750f1908869c3bfcbf2a1f1f00f078f2948271 # 08:39 20+ 0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
git bisect bad 54faf77d065926adbcc2a49e6df3559094cc93ba # 11:54 0- 8 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good de6e1317f746fbc527a73976c58b4119e506ff7c # 11:59 20+ 0 Merge tag 'critical_fix_for_3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rwlove/fcoe
git bisect good e3ff91143eb2a6eaaab4831c85a2837a95fbbea3 # 12:03 20+ 0 Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
git bisect bad 8b4d801b2b123b6c09742f861fe44a8527b84d47 # 12:09 0- 20 hw_breakpoint: Fix cpu check in task_bp_pinned(cpu)
git bisect good 003002e04ed38618fc37b92ba128f5ca79d39f4f # 12:12 20+ 0 kprobes: Fix arch_prepare_kprobe to handle copy insn failures
# first bad commit: [8b4d801b2b123b6c09742f861fe44a8527b84d47] hw_breakpoint: Fix cpu check in task_bp_pinned(cpu)
git bisect good 003002e04ed38618fc37b92ba128f5ca79d39f4f # 12:14 60+ 0 kprobes: Fix arch_prepare_kprobe to handle copy insn failures
git bisect bad 1866293290036c0e5f4843ec702392ad809a38ff # 12:17 0- 11 0day head guard for 'devel-hourly-2014093000'
git bisect bad fe82dcec644244676d55a1384c958d5f67979adb # 12:17 0- 20 Linux 3.17-rc7
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-initrd $initrd
-m 320
-smp 1
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-vp-13:20140930120945:x86_64-randconfig-hsb2-09300248:3.10.0-rc3-00006-g8b4d801:1" of type "text/plain" (64273 bytes)
Download attachment "x86_64-randconfig-hsb2-09300248-1866293290036c0e5f4843ec702392ad809a38ff-WARNING:---at----kprobe_trace_self_tests_init+-x-106626.log" of type "application/octet-stream" (71340 bytes)
View attachment "config-3.10.0-rc3-00006-g8b4d801" of type "text/plain" (66580 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists