lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 8 Sep 2008 20:54:17 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Jan Beulich <jbeulich@...ell.com>
Cc:	Yinghai Lu <yhlu.kernel@...il.com>, tglx@...utronix.de,
	linux-kernel@...r.kernel.org, hpa@...or.com
Subject: Re: [PATCH] x86: x86_{phys,virt}_bits field also for i386 (v2)


-tip testing found various kernel crashes on 32-bit testboxes and i've 
bisected it down to:

| 3766e71257859cecb73d929c4974c729efeae51f is first bad commit
| commit 3766e71257859cecb73d929c4974c729efeae51f
| Author: Jan Beulich <jbeulich@...ell.com>
| Date:   Mon Sep 8 11:50:21 2008 +0100
|
|     x86: x86_{phys,virt}_bits field also for i386 (v2)

 # bad:  [6b822d60] manual merge of x86/xen
 # good: [bce7f793] Linux 2.6.26
 # good: [6069fb2e] Re-delete zombie 'drivers/usb/serial/airprime.c' f
 # good: [f97017cd] net-sched: Fix actions flushing
 # good: [36fd71d2] devcgroup: fix race against rmdir()
 # good: [21534a92] Merge branch 'sched/rt'
 # good: [6d97b826] Merge branch 'timers/urgent'
 # good: [9c43834d] Merge branch 'out-of-tree'
 # good: [4ef47608] Merge branch 'x86/unify-cpu-detect'
 # good: [b3800c14] Merge branch 'kmemcheck'
 # good: [b8eb91b4] Merge branch 'x86/iommu'
 # good: [cc643d46] x86: adjust vmalloc_sync_all() for Xen (2nd try)
 # bad:  [4d485d0e] Merge branch 'x86/unify-cpu-detect'
 # bad:  [3766e712] x86: x86_{phys,virt}_bits field also for i386 (v2)
 # good: [5f5ddc2f] Merge branch 'x86/core' into x86/mm-debug

a typical crash is like the one attached below. It's due to the ioremap 
failing. The drivers/char/rio/rio_linux.c driver probes these addresses:

   static int rio_probe_addrs[] = { 0xc0000, 0xd0000, 0xe0000 };

which is questionable ...

for now i've reverted it from current tip/master, see commit 
e3fdd129901. (you can reinstate the commit by doing "git revert 
e3fdd1299"

Even if we decided to fail these ioremaps it would be better to emit a 
warning instead of crashing the box.

	Ingo

[   19.902718] calling  rio_init+0x0/0xd43
[   19.908049] device: 'rioctl': device_add
[   19.912116] PM: Adding info for No Bus:rioctl
[   19.918452] ioremap: invalid physical address c0000
[   19.920060] BUG: unable to handle kernel paging request at 00007c00
[   19.926814] IP: [<c08f3418>] rio_init+0x8d5/0xd43
[   19.931608] *pde = 00000000 
[   19.936242] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[   19.940039] Modules linked in:
[   19.940039] 
[   19.940039] Pid: 1, comm: swapper Not tainted (2.6.27-rc5 #30350)
[   19.940039] EIP: 0060:[<c08f3418>] EFLAGS: 00010206 CPU: 1
[   19.940039] EIP is at rio_init+0x8d5/0xd43
[   19.940039] EAX: 00007c00 EBX: f6b50000 ECX: c0fed9e4 EDX: 00000000
[   19.940039] ESI: 00000000 EDI: 00000000 EBP: f784df6c ESP: f784df30
[   19.940039]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   19.940039] Process swapper (pid: 1, ti=f784c000 task=f7850000 task.ti=f784c000)
[   19.940039] Stack: f784df4c c013eebb 000026e4 48c56ffa a29c9157 00000004 c092fcf4 00000000 
[   19.940039]        f784df5c 00000000 00000200 f784df6c c092fcf4 00000000 00000000 f784dfd0 
[   19.940039]        c0101139 c08f2b43 a29c9157 00000004 00000000 6f727200 6f632072 2d206564 
[   19.940039] Call Trace:
[   19.940039]  [<c013eebb>] ? getnstimeofday+0x3b/0x8d
[   19.940039]  [<c0101139>] ? do_one_initcall+0x42/0x133
[   19.940039]  [<c08f2b43>] ? rio_init+0x0/0xd43
[   19.940039]  [<c015b670>] ? register_irq_proc+0xe/0xb3
[   19.940039]  [<c015b742>] ? init_irq_proc+0x2d/0x38
[   19.940039]  [<c08d3572>] ? kernel_init+0x109/0x157
[   19.940039]  [<c08d3469>] ? kernel_init+0x0/0x157
[   19.940039]  [<c0104767>] ? kernel_thread_helper+0x7/0x10
[   19.940039]  =======================
[   19.940039] Code: f6 05 dd d9 fe c0 08 74 15 8b 43 08 05 00 7c 00 00 50 68 3c 0f 79 c0 e8 7f 69 83 ff 58 5a 31 d2 8b 43 08 05 00 7c 00 00 8d 04 50 <8a> 00 88 82 04 da fe c0 42 83 fa 20 75 e7 b8 04 da fe c0 c6 40 
[   19.940039] EIP: [<c08f3418>] rio_init+0x8d5/0xd43 SS:ESP 0068:f784df30
[   20.080047] Kernel panic - not syncing: Fatal exception

View attachment "config" of type "text/plain" (66576 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ