lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 14 Oct 2014 18:48:55 +0800
From:	Real Name <enjoymindful@...il.com>
To:	linux@...ck-us.net
Cc:	tj@...nel.org, starvik@...s.com, jesper.nilsson@...s.com,
	linux-cris-kernel@...s.com, linux-kernel@...r.kernel.org
Subject: why commit 3189eddbcafc cause crisv32 panic

hi, Guenter
 
http://www.gossamer-threads.com/lists/linux/kernel/2011061

>[PATCH] Revert "percpu: free percpu allocation info for uniprocessor system"
>
> The commit causes a hang with a crisv32 image. This may be an architecture
> problem, but at least for now the revert is necessary to be able to boot a
> crisv32 image. 

Yes, it is a crisv32 specific issue. The crisv32 was paniced on the BUG() macro
in function mark_bootmem. The call path is :

pcpu_free_alloc_info
	-> memblock_free_early
		-> free_bootmem
			-> mark_bootmem
				-> BUG()

The root source is that arch/cris/kernel/setup.c:setup_arch compute start_pfn
and max_pfn from *virtual* address.

|---------- arch/cris/kernel/setup.c:setup_arch -----------------------
|	start_pfn = PFN_UP(memory_start);  /* usually c0000000 + kernel + romfs */
|	max_pfn =   PFN_DOWN((unsigned long)high_memory); /* usually c0000000 + dram size */
|---------- arch/cris/kernel/setup.c:setup_arch -----------------------

So, when memblock_free_early pass the *physical* address of ai to mark_bootmem.
The first if statement of mark_bootmem become ture. And then hit the BUG() macro.

After applied the attached patch, pcpu_free_alloc_info works as expect. It had
been test with your toolchain and patches you provided to me.
http://server.roeck-us.net/qemu/crisv32/

cc'ed Mikael and Jesper, as they are Axis staff.

thanks

View attachment "why_3189eddbcafc_cause_crisv32_panic.patch" of type "text/x-diff" (839 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ