lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Apr 2018 10:45:48 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: ORC unwinder bad backtrace

On Wed, Apr 18, 2018 at 06:54:38AM -0700, Matthew Wilcox wrote:
> f81061192 <pte_clear.constprop.18>:
> ...
> ffffffff810611bf:       90                      nop
> ffffffff810611c0 <perf_trace_x86_exceptions>:
> 
> I suspect an off-by-one error; you don't really mean to point to the
> byte before perf_trace_x86_exception, you mean to point to byte 0 of
> perf_trace_x86_exception.
> 
> I'm going to archive up this compilation in case there's anything useful
> I can extract for you from it later.

Thanks for reporting this.  So there are really two issues:

1) The question marks mean the ORC unwinder got confused (and had to
   fall back to the crude "just print all text addresses on the stack").
   This is the real issue.

2) As you found, what should be "perf_trace_x86_exceptions+0x0" is
   actually printed as "pte_clear.constprop.18+0x2e".  I don't think
   this is fixable, because this is printed by the oops fallback code
   which just blindly prints out all the text addresses it finds on the
   stack when the unwinder fails.  It can't know whether the address was
   a call return address (the usual case) or was something else (in this
   case I suspect it's just a function pointer which just happens to be
   on the stack), so it assumes the former, and prints it accordingly.
   This isn't fixable per se -- but it will be "fixed" when we fix #1,
   which will give a deterministic stack trace instead of using the dumb
   fallback code.

Is it possible for you to copy the vmlinux somewhere?  That would be the
easiest option for debugging.

Otherwise I may ask for some specifics for you to gather from it.

Is it recreatable?  Once I come up with a fix, it would be helpful to
test with the same scenario.

Also has the root cause of the stack recursion been found?  It looks
like the perf_trace_x86_exceptions() tracepoint code is doing something
bad.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ