| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 May 2013 01:29:04 +0200
From: "Rafael J. Wysocki" <rjw@...k.pl>
To: Jonas Heinrich <onny@...ject-insanity.org>
Cc: "H. Peter Anvin" <hpa@...or.com>, len.brown@...el.com,
pavel@....cz, tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@...el.com>
Subject: Re: [Bisected] 3.7-rc1 can't resume (still present in 3.9)
On Thursday, May 02, 2013 08:32:30 PM Jonas Heinrich wrote:
> On 05-02 02:45, Rafael J. Wysocki wrote:
> > On Wednesday, May 01, 2013 11:55:10 AM H. Peter Anvin wrote:
> > > On 05/01/2013 11:51 AM, Jonas Heinrich wrote:
> > > > Well, you could give me instructions on how to debug this (I'll do
> > > > everything ;)) or I could ship you the Thinkpad T43. I guess this
> > > > would worth the effort since this bug is somehow critical.
> > > >
> > > > Best regards, Jonas
> > >
> > > I'll put together a debug patch unless I can trick Rafael into doing
> > > it first...
> >
> > I'm afraid that code has changed quite a bit since I looked at it last time.
> > [Jarkko Sakkinen seems to have worked on it lately, CCed.]
> >
> > Jonas, I wonder what happens if you drop the first hunk of the patch (it just
> > uses a different register, which shouldn't matter)? Does it still help then?
>
> Hello Rafel, first of all, thank you for helping me out :)
> You're right, the patch still solves the suspend bug, after removing the first
> hunk of the patch and applying it (see attachement:
> suspendfix_first_hunk_dropped.patch).
>
> >
> > If so, there are still a few things you can do to it, e.g:
> > (1) drop the
> >
> > - btl $WAKEUP_BEHAVIOR_RESTORE_CR4, %edi
> > - jnc 1f
> >
>
> Still works :) (used suspendfix_1.patch)
>
> > lines,
> > (2) drop the
> >
> > - btl $WAKEUP_BEHAVIOR_RESTORE_EFER, %edi
> > - jnc 1f
> >
> > lines,
>
> Still works :) (used suspendfix_2.patch)
>
> > (3) drop the
> >
> > + jecxz 1f
> >
>
> Still works :) (used suspendfix_3.patch)
>
> > line,
> > (4) drop the
> >
> > + movl %eax, %ecx
> > + orl %edx, %ecx
> > + jz 1f
> >
>
> At this point, the bug reoccurs (used suspendfix_4.patch)!
> But that doesn't mean these lines are the only critical, because the more
> minimal patch
>
> @@ -119,6 +119,9 @@
> jnc 1f
> movl pmode_efer, %eax
> movl pmode_efer + 4, %edx
> + movl %eax, %ecx
> + orl %edx, %ecx
> + jz 1f
> movl $MSR_EFER, %ecx
> wrmsr
> 1:
>
>
> with removing this part
>
> - movl pmode_cr4, %eax
> - movl %eax, %cr4
> + movl pmode_cr4, %ecx
> + movl %ecx, %cr4
>
> also doesn't fix the issue (see suspendfix_5.patch).
>
> > lines and see what the minimal patch needed for things to work again is.
> >
>
> So the most minimal working patch is suspendfix_3.patch.
Thanks for doing that detective work!
The only explanation of why this particular patch can help that seems viable to
us at the moment is that we have a memory corruption in the code region modified
by it and the patch simply changes the alignment of the instructions that don't
get corrupted.
It looks like this may be verified by putting a bunch of nops into the region
in question, so can you please check if the attached patch helps too?
Rafael
--
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.
View attachment "i386-resume-crash-debug.patch" of type "text/x-patch" (695 bytes)
Powered by blists - more mailing lists