lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1487368.CBCgti1nd5@vostro.rjw.lan>
Date:	Fri, 03 May 2013 01:29:04 +0200
From:	"Rafael J. Wysocki" <rjw@...k.pl>
To:	Jonas Heinrich <onny@...ject-insanity.org>
Cc:	"H. Peter Anvin" <hpa@...or.com>, len.brown@...el.com,
	pavel@....cz, tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
	linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
	Jarkko Sakkinen <jarkko.sakkinen@...el.com>
Subject: Re: [Bisected] 3.7-rc1 can't resume (still present in 3.9)

On Thursday, May 02, 2013 08:32:30 PM Jonas Heinrich wrote:
> On 05-02 02:45, Rafael J. Wysocki wrote:
> > On Wednesday, May 01, 2013 11:55:10 AM H. Peter Anvin wrote:
> > > On 05/01/2013 11:51 AM, Jonas Heinrich wrote:
> > > > Well, you could give me instructions on how to debug this (I'll do 
> > > > everything ;)) or I could ship you the Thinkpad T43. I guess this
> > > > would worth the effort since this bug is somehow critical.
> > > > 
> > > > Best regards, Jonas
> > > 
> > > I'll put together a debug patch unless I can trick Rafael into doing
> > > it first...
> > 
> > I'm afraid that code has changed quite a bit since I looked at it last time.
> > [Jarkko Sakkinen seems to have worked on it lately, CCed.]
> > 
> > Jonas, I wonder what happens if you drop the first hunk of the patch (it just
> > uses a different register, which shouldn't matter)?  Does it still help then?
> 
> Hello Rafel, first of all, thank you for helping me out :)
> You're right, the patch still solves the suspend bug, after removing the first 
> hunk of the patch and applying it (see attachement:
> suspendfix_first_hunk_dropped.patch).
> 
> > 
> > If so, there are still a few things you can do to it, e.g:
> > (1) drop the
> > 
> > -       btl     $WAKEUP_BEHAVIOR_RESTORE_CR4, %edi
> > -       jnc     1f
> > 
> 
> Still works :) (used suspendfix_1.patch)
> 
> > lines,
> > (2) drop the
> > 
> > -       btl     $WAKEUP_BEHAVIOR_RESTORE_EFER, %edi
> > -       jnc     1f
> > 
> > lines,
> 
> Still works :) (used suspendfix_2.patch)
> 
> > (3) drop the
> > 
> > +       jecxz   1f
> > 
> 
> Still works :) (used suspendfix_3.patch)
> 
> > line,
> > (4) drop the
> > 
> > +       movl    %eax, %ecx
> > +       orl     %edx, %ecx
> > +       jz      1f
> > 
> 
> At this point, the bug reoccurs (used suspendfix_4.patch)! 
> But that doesn't mean these lines are the only critical, because the more
> minimal patch
> 
> @@ -119,6 +119,9 @@
>         jnc     1f
>         movl    pmode_efer, %eax
>         movl    pmode_efer + 4, %edx
> +       movl    %eax, %ecx
> +       orl     %edx, %ecx
> +       jz      1f
>         movl    $MSR_EFER, %ecx
>         wrmsr
>  1:
> 
> 
> with removing this part
> 
> -       movl    pmode_cr4, %eax
> -       movl    %eax, %cr4
> +       movl    pmode_cr4, %ecx
> +       movl    %ecx, %cr4
> 
> also doesn't fix the issue (see suspendfix_5.patch).
> 
> > lines and see what the minimal patch needed for things to work again is.
> > 
> 
> So the most minimal working patch is suspendfix_3.patch.

Thanks for doing that detective work!

The only explanation of why this particular patch can help that seems viable to
us at the moment is that we have a memory corruption in the code region modified
by it and the patch simply changes the alignment of the instructions that don't
get corrupted.

It looks like this may be verified by putting a bunch of nops into the region
in question, so can you please check if the attached patch helps too?

Rafael


-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.
View attachment "i386-resume-crash-debug.patch" of type "text/x-patch" (695 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ