| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141126200023.GC22400@wfg-t540p.sh.intel.com>
Date: Wed, 26 Nov 2014 12:00:23 -0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: "pang.xunlei" <pang.xunlei@...aro.org>
Cc: John Stultz <john.stultz@...aro.org>, LKP <lkp@...org>,
linux-kernel@...r.kernel.org
Subject: [time] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337
update_wall_time()
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361
Author: pang.xunlei <pang.xunlei@...aro.org>
AuthorDate: Wed Oct 8 15:03:34 2014 +0800
Commit: John Stultz <john.stultz@...aro.org>
CommitDate: Fri Nov 21 11:59:56 2014 -0800
time: Avoid possible NTP adjustment mult overflow.
Ideally, __clocksource_updatefreq_scale, selects the largest shift
value possible for a clocksource. This results in the mult memember of
struct clocksource being particularly large, although not so large
that NTP would adjust the clock to cause it to overflow.
That said, nothing actually prohibits an overflow from occuring, its
just that it "shouldn't" occur.
So while very unlikely, and so far never observed, the value of
(cs->mult+cs->maxadj) may have a chance to reach very near 0xFFFFFFFF,
so there is a possibility it may overflow when doing NTP positive
adjustment
See the following detail: When NTP slewes the clock, kernel goes
through update_wall_time()->...->timekeeping_apply_adjustment():
tk->tkr.mult += mult_adj;
Since there is no guard against it, its possible tk->tkr.mult may
overflow during this operation.
This patch avoids any possible mult overflow by judging the overflow
case before adding mult_adj to mult, also adds the WARNING message
when capturing such case.
Signed-off-by: pang.xunlei <pang.xunlei@...aro.org>
[jstultz: Reworded commit message]
Signed-off-by: John Stultz <john.stultz@...aro.org>
+----------------------------------------------------------+------------+------------+---------------+
| | fd866e2b11 | 6067dc5a8c | next-20141125 |
+----------------------------------------------------------+------------+------------+---------------+
| boot_successes | 60 | 0 | 0 |
| boot_failures | 0 | 20 | 12 |
| WARNING:at_kernel/time/timekeeping.c:#update_wall_time() | 0 | 20 | 12 |
| backtrace:acpi_get_devices | 0 | 19 | 12 |
| backtrace:pnpacpi_init | 0 | 19 | 12 |
| backtrace:kernel_init_freeable | 0 | 20 | 12 |
| backtrace:pcibios_assign_resources | 0 | 1 | |
+----------------------------------------------------------+------------+------------+---------------+
[ 0.789871] IOAPIC[0]: Set routing entry (0-12 -> 0x3c -> IRQ 12 Mode:0 Active:0 Dest:1)
[ 0.791002] ------------[ cut here ]------------
[ 0.791002] ------------[ cut here ]------------
[ 0.791002] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337 update_wall_time+0x3a8/0x56f()
[ 0.791002] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337 update_wall_time+0x3a8/0x56f()
[ 0.791002] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.18.0-rc2-g6067dc5 #280
[ 0.791002] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.18.0-rc2-g6067dc5 #280
[ 0.791002] 0000000000000009 ffff880013803e68 ffffffff81a5803b 0000000000000068
git bisect start 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb 5d01410fe4d92081f349b013a2e7a95429e4f2c9 --
git bisect good c9f4ffa0ef6c4c71735e10e20d363b9de90725ac # 10:27 20+ 0 Merge remote-tracking branch 'l2-mtd/master'
git bisect bad 0ac890893dfd6c51841f35b9cada0a002ada075d # 10:33 0- 7 Merge remote-tracking branch 'ftrace/for-next'
git bisect good 4e0bc872f2ddddc08c0c5f18c9de6ef058d8d4fd # 10:59 20+ 0 Merge remote-tracking branch 'battery/master'
git bisect good a86dc53b0ec5196141ee0552805e03e42ba315d2 # 11:05 20+ 0 Merge remote-tracking branch 'trivial/for-next'
git bisect bad 50fa5ed69f4656a571166eac72c5b9108d487e7c # 11:09 0- 5 Merge remote-tracking branch 'tip/auto-latest'
git bisect good 709de16948ef4b4bdc92fa7bff3808367f184075 # 11:59 20+ 0 Merge remote-tracking branch 'devicetree/devicetree/next'
git bisect good daef792655bde9319bdfe5ba04ff42767d7622b4 # 12:05 20+ 0 Merge remote-tracking branch 'spi/for-next'
git bisect bad 0a2b9eac5a4567ca85c5a0daf96196563414765f # 12:15 0- 3 Merge branch 'timers/core'
git bisect good 4e6e311e596eadba30d4f56f64eae7d45611a01c # 12:17 20+ 0 Merge tag 'perf-core-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core
git bisect good 36ce98818a4df66c8134c31fd6e768b4119c7a90 # 12:24 20+ 0 sched/deadline: Introduce start_hrtick_dl() for !CONFIG_SCHED_HRTICK
git bisect good 9ea6c5885681e3d9ce9844ba9dc57371a5cfc6d2 # 12:32 20+ 0 Merge branches 'torture.2014.11.03a', 'cpu.2014.11.03a', 'doc.2014.11.13a', 'fixes.2014.11.13a', 'signal.2014.10.29a' and 'rt.2014.10.29a' into HEAD
git bisect bad 21b6c0512e8aca75ce76365e1aef9fb16e007100 # 12:36 0- 18 time: Remove timekeeping_inject_sleeptime()
git bisect bad 90b6ce9c4066e0b2098dff65e52e6e7df1a51079 # 12:39 0- 1 time: Provide y2038 safe mktime() replacement
git bisect bad 659bc17b80c692e0ccda757e207fc4666d9b3e71 # 12:55 0- 19 time: Complete NTP adjustment threshold judging conditions
git bisect bad 6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361 # 12:58 0- 20 time: Avoid possible NTP adjustment mult overflow.
git bisect good fd866e2b116b01d42428491899fe9925c42c121c # 13:06 20+ 0 time: Rename udelay_test.c to test_udelay.c
# first bad commit: [6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361] time: Avoid possible NTP adjustment mult overflow.
git bisect good fd866e2b116b01d42428491899fe9925c42c121c # 13:09 60+ 0 time: Rename udelay_test.c to test_udelay.c
# extra tests on HEAD of next/master
git bisect bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb # 13:09 0- 12 Add linux-next specific files for 20141125
# extra tests on tree/branch next/master
git bisect bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb # 13:09 0- 12 Add linux-next specific files for 20141125
# extra tests on tree/branch linus/master
git bisect good b914c5b2130239fd378d1a719ab3c53f0c782be9 # 13:16 60+ 0 Merge branch 'for-3.18' of git://linux-nfs.org/~bfields/linux
# extra tests on tree/branch next/master
git bisect bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb # 13:16 0- 12 Add linux-next specific files for 20141125
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu Haswell,+smep,+smap
-kernel $kernel
-initrd $initrd
-m 320
-smp 1
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-kbuild-20:20141126125541:x86_64-randconfig-ha2-1124:3.18.0-rc2-g6067dc5:280" of type "text/plain" (96360 bytes)
View attachment "config-3.18.0-rc2-g6067dc5" of type "text/plain" (88583 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists