lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 21 Jul 2007 11:30:46 +0530
From:	"Satyam Sharma" <satyam.sharma@...il.com>
To:	"Greg KH" <gregkh@...e.de>
Cc:	"Andrew Morton" <akpm@...ux-foundation.org>,
	"Michal Piotrowski" <michal.k.k.piotrowski@...il.com>,
	rdunlap@...otime.net, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [broken-out-2007-07-20-00-22] kernel bug at kernel/params:570

Ok, this worked:

> His .config has CONFIG_PROFILE_LIKELY=y
> which replaces unlikely() / likely() with do_check_likely() and forces
> gcc to clobber %eax with the condition itself, which in our case was
> (ret < 0) == TRUE, and thus, the "1" value we saw in %eax in the
> register dumps.

The usage of unlikely() in BUG_ON and CONFIG_PROFILE_LIKELY=y
meant %eax that held `ret' from kobject_add() was being lost.

With that turned off:

0xc136071b      call   0xc1103744 <kobject_add>
[ ret i.e. %eax = kobject_add() ]
0xc1360720      test   %eax,%eax
[ %eax = %eax && %eax = %eax ]
[ probably gcc thinks this is an efficient < 0 check on i386 :-) ]
0xc1360722      jns    0xc1360728
[ if false jump down below, else: ]
0xc1360724      ud2a
[ invalid opcode exception. /* from BUG */ ]
0xc1360726      jmp    0xc1360726
[ for (;;) ; /* from BUG */ ]

> We should probably document somewhere that CONFIG_PROFILE_LIKELY
> is not good for debugging.
>
> Hmmm ... thinking out aloud here, but probably I don't need to fix that
> libata breakage at all. I'll just put the BUG_ON(ret < 0) back in the
> code, deselect PROFILE_LIKELY, and this time we _will_ have the
> return of kobject_add() in %eax ...

So %eax retained its value. I reproduced Michal's oops (without having
to select CONFIG_ATA, because param_sysfs_init() is called way
earlier than searching for root block device during boot -- which is what
my system didn't like without ATA), and yes, I saw:

%eax == ffffffea == -22 == -EINVAL.

But:

When I replace the BUG_ON() with Greg's (or my modified) patch,
the kernel ignores that error as we wanted, but _still_ crashes before
finding the root block device (because ATA is not in kernel and my
system seems to require it). Unfortunately, lots of dmesg output
has scrolled up by then, and our "printk" is lost. Because of no
CONFIG_ATA, nothing gets written to disk either. I don't have a
serial cable around, netconsole not up yet at that point.

Ugh, I'm running out of ideas.

Satyam
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ