lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Mon, 9 Nov 2009 13:15:54 +0530
From:	venki kaps <venkiece2005@...il.com>
To:	linux-kernel@...r.kernel.org, linux-mips@...ux-mips.org,
	linux-mips@...r.kernel.org, nubi@...ux-mips.org
Subject: MIPS + Kernel unaligned instruction access issue in 2.6.23 kernel

Hi,

I have been tracing kernel system call information using the my own
Kprobes implementation in the 2.6.23 kernel on MIPS architecture.
I have been facing one issue while running my own kprobe tests.

For instance, when I am planting kprobe at ‘’’sys_call_table’’’
(arch/mips/kernel/scall32-o32.S) while unregister of probe, Kernel
panic is getting generated.
But I do not have any issues with other system calls which are present
in scall32-o32.S expect ‘’’sys_call_table’’’.

The following is debugging snapshot-

•	/ # unaligned.c: in do_ade
•	unaligned.c: in do_ade
•	do_ade: regs->cp0_badvaddr = 13 regs->cp0_epc = 2147741016
regs->cp0_epc & 0x1 = 0
•	emulate_load_store_insn : lw_op
•	res
•	unaligned.c: in do_ade
•	do_ade: regs->cp0_badvaddr = 17 regs->cp0_epc = 2147741024
regs->cp0_epc & 0x1 = 0
•	emulate_load_store_insn : lw_op
•	res
•	do_ade: regs->cp0_badvaddr = 13 regs->cp0_epc = 13 regs->cp0_epc & 0x1 = 1
•	do_ade: regs->cp0_badvaddr == regs->cp0_epc) || (regs->cp0_epc & 0x1
•	Kernel unaligned instruction access[#1]:
•	Cpu 0
•	$ 0   : 00000000 fffffff8 00000000 2abf972c
•	$ 4   : 00001021 0047a540 00000480 0000002d
•	$ 8   : 00000000 c0000008 0000000d 0000000c
•	$12   : 7fb46cd0 0047d830 004214a8 004752b8
•	$16   : 7fb46ef8 00000001 7fb46e28 00000480
•	$20   : 00000000 00000002 004f3008 004f5908
•	$24   : 00000000 2abf971c
•	$28   : 87d0a000 87d0bf30 7fb46d48 8002b0f0
•	Hi    : 00000351
•	Lo    : 002f4a35
•	epc   : 0000000d 0xc     Not tainted
•	ra    : 8002b0f0 stack_done+0x20/0x3c
•	Status: 30048403    KERNEL EXL IE
•	Cause : 10000010
•	BadVA : 0000000d
•	PrId  : 00002d30
•	Modules linked in: kprobe_sys_call_table
•	Process rmmod (pid: 55, threadinfo=87d0a000, task=807c7120)
•	Stack : 004f5608 004f5348 004f3008 00000000 0047d830 004214a8
004752b8 00000000
•	        00000fa0 00000004 00001021 0047a540 00000480 0000002d
2ab1a2e4 00000000
•	        2aac6000 2aad6520 0000003d 0000003f 0000003a 00426c48
7fb46ef8 00000001
•	        7fb46e28 00000480 00000000 00000002 004f3008 004f5908
00000273 2abf971c
•	        0000002d 00000000 2ac87950 7fb46cb0 7fb46d48 00426c48
20048413 00000351
•	        ...
•	Call Trace:
•	
•	
•	Code: (Bad address in epc)
•	
•	Fatal exception: panic in 5 seconds
•	Kernel panic - not syncing: Fatal exception

Generally we used to get the above error when system call is not
aligned on 32 bit boundary.
But in my case, ‘’’sys_call_table’’’ is .align 3.

MIPS cpuinfo:
=======
system type             : Toshiba RBTX4927/RBTX4937
processor               : 0
cpu model               : TX49xx V3.0  FPU V3.0
BogoMIPS                : 299.00
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 48

Queries:
=====
1. Are there any unaligned instructions in MIPS (Toshiba RBTX4927/RBTX4937)?
2. Is it my MIPS kprobe implementation problem?
3. May I know the tracing flow to resolve these types of issues?


Please give your valuable comments.

Thanks in advance.

Best regards,
Venkappa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists