| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <530AD71E.50800@zytor.com> Date: Sun, 23 Feb 2014 21:22:38 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Vince Weaver <vincent.weaver@...ne.edu> CC: Linux Kernel <linux-kernel@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>, "H.J. Lu" <hjl.tools@...il.com> Subject: Re: perf_fuzzer compiled for x32 causes reboot On 02/23/2014 07:02 PM, Vince Weaver wrote: > On Sun, 23 Feb 2014, Vince Weaver wrote: >> >> and as far as I can tell nothing touches rbp again until the segfault. >> Nothing in _memset_sse2 does as far as I can tell. > > I only know enough about ftrace to be dangerous, but here is what I think > is the trace of the problem: > > perf_fuzzer-11492 [000] 197077.488420: function: perf_output_put_handle > perf_fuzzer-11492 [000] 197077.488421: function: __do_page_fault So we do a write to the buffer rather immediately before this happens, and in particular that will update the head: rb->user_page->data_head = head; However, that doesn't explain what is going on and in particular the write to whatever address was in %rbp. The rest pretty much seems to be the page fault logic. Incidentally, I doubt that this is x32-related in any way; there seems to be absolutely no difference between x86-64 perf and x32 perf; more likely it just makes the error more reproducible because the address space is so much smaller. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists