| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Sep 2015 09:56:36 +0200
From: Borislav Petkov <bp@...en8.de>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: fix bogus warning about reserved bits
On Tue, Sep 22, 2015 at 11:04:38PM +0200, Paolo Bonzini wrote:
> Let's add more debugging output:
Here you go:
[ 50.474002] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 4, 0xf0000000000f8)
[ 50.484249] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 3, 0xf000000000078)
[ 50.494492] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 2, 0xf000000000078)
[ 50.504767] dump hierarchy:
[ 50.507595] ------ spte 0x416533027 level 4.
[ 50.507595] ------ spte 0x416534027 level 3.
[ 50.507596] ------ spte 0x416535027 level 2.
[ 50.507596] ------ spte 0xffff0000000b8f67 level 1.
[ 50.507597] ------------[ cut here ]------------
[ 50.507616] WARNING: CPU: 4 PID: 3539 at arch/x86/kvm/mmu.c:3396 handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]()
[ 50.507630] Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd amd64_edac_mod k10temp edac_core fam15h_power amdkfd amd_iommu_v2 radeon acpi_cpufreq
[ 50.507632] CPU: 4 PID: 3539 Comm: qemu-system-x86 Not tainted 4.3.0-rc2+ #2
[ 50.507633] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 50.507635] ffffffffa0433932 ffff880416973b78 ffffffff812c758a 0000000000000000
[ 50.507637] ffff880416973bb0 ffffffff810534c1 ffff8804231c0000 000000000000000f
[ 50.507638] 00000000000b8000 0000000000000000 00000000ffffffff ffff880416973bc0
[ 50.507639] Call Trace:
[ 50.507643] [<ffffffff812c758a>] dump_stack+0x4e/0x84
[ 50.507646] [<ffffffff810534c1>] warn_slowpath_common+0x91/0xd0
[ 50.507647] [<ffffffff810535ba>] warn_slowpath_null+0x1a/0x20
[ 50.507657] [<ffffffffa0405aba>] handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]
[ 50.507667] [<ffffffffa040d3d0>] tdp_page_fault+0x2a0/0x2b0 [kvm]
[ 50.507673] [<ffffffff810a282d>] ? __lock_acquire+0x57d/0x17a0
[ 50.507682] [<ffffffffa0407615>] kvm_mmu_page_fault+0x35/0x240 [kvm]
[ 50.507685] [<ffffffffa068d6b8>] pf_interception+0x108/0x1d0 [kvm_amd]
[ 50.507688] [<ffffffffa068fd10>] handle_exit+0x150/0xa40 [kvm_amd]
[ 50.507697] [<ffffffffa03fe398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
[ 50.507706] [<ffffffffa03fe403>] kvm_arch_vcpu_ioctl_run+0x533/0x16f0 [kvm]
[ 50.507715] [<ffffffffa03fe398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
[ 50.507717] [<ffffffff816bd852>] ? mutex_lock_killable_nested+0x312/0x480
[ 50.507724] [<ffffffffa03e5979>] ? kvm_vcpu_ioctl+0x79/0x6f0 [kvm]
[ 50.507726] [<ffffffff8107e133>] ? preempt_count_sub+0xb3/0x110
[ 50.507733] [<ffffffffa03e5c3f>] kvm_vcpu_ioctl+0x33f/0x6f0 [kvm]
[ 50.507735] [<ffffffff811939d7>] do_vfs_ioctl+0x2d7/0x530
[ 50.507737] [<ffffffff8119f889>] ? __fget_light+0x29/0x90
[ 50.507738] [<ffffffff81193c7c>] SyS_ioctl+0x4c/0x90
[ 50.507740] [<ffffffff816c1a9b>] entry_SYSCALL_64_fastpath+0x16/0x73
[ 50.507741] ---[ end trace ff23795fcc279cbd ]---
> Thus same as before.
>
> Just to be safe, can you try using "-cpu host" on the QEMU command
> line and see if it changes anything? This would catch things such
> as an Intel CPUID on an AMD host.
Here's my full qemu command:
qemu-system-x86_64 -enable-kvm -gdb tcp::1234 -cpu host -m 2048 -hda /home/boris/kvm/debian/sid-x86_64.img -hdb /home/boris/kvm/swap.img -boot menu=off,order=c -localtime -net nic,model=rtl8139 -net user,hostfwd=tcp::1235-:22 -usbdevice tablet -kernel /home/boris/kernel/linux-2.6/arch/x86/boot/bzImage -append "root=/dev/sda1 resume=/dev/sdb1 debug ignore_loglevel log_buf_len=16M earlyprintk=ttyS0,115200 console=ttyS0,115200 console=tty0 " -monitor pty -virtfs local,path=/tmp,mount_tag=tmp,security_model=none -serial file:/home/boris/kvm/test-x86_64-1235.log -snapshot -name "Debian x86_64:1235" -smp 8
and that splats too:
[ 146.891735] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 4, 0xf0000000000f8)
[ 146.901981] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 3, 0xf000000000078)
[ 146.912224] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000 (level 2, 0xf000000000078)
[ 146.922496] dump hierarchy:
[ 146.925331] ------ spte 0x37d47027 level 4.
[ 146.925332] ------ spte 0x37d46027 level 3.
[ 146.925332] ------ spte 0xb9faa027 level 2.
[ 146.925333] ------ spte 0xffff0000000b8f67 level 1.
[ 146.925333] ------------[ cut here ]------------
[ 146.925351] WARNING: CPU: 6 PID: 3753 at arch/x86/kvm/mmu.c:3396 handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]()
[ 146.925371] Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd amd64_edac_mod k10temp edac_core fam15h_power amdkfd amd_iommu_v2 radeon acpi_cpufreq
[ 146.925373] CPU: 6 PID: 3753 Comm: qemu-system-x86 Tainted: G W 4.3.0-rc2+ #2
[ 146.925374] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 146.925376] ffffffffa0433932 ffff880423377b78 ffffffff812c758a 0000000000000000
[ 146.925378] ffff880423377bb0 ffffffff810534c1 ffff88042315bf00 000000000000000f
[ 146.925379] 00000000000b8000 0000000000000000 00000000ffffffff ffff880423377bc0
[ 146.925380] Call Trace:
[ 146.925384] [<ffffffff812c758a>] dump_stack+0x4e/0x84
[ 146.925386] [<ffffffff810534c1>] warn_slowpath_common+0x91/0xd0
[ 146.925388] [<ffffffff810535ba>] warn_slowpath_null+0x1a/0x20
[ 146.925397] [<ffffffffa0405aba>] handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]
[ 146.925408] [<ffffffffa040d3d0>] tdp_page_fault+0x2a0/0x2b0 [kvm]
[ 146.925410] [<ffffffff810a282d>] ? __lock_acquire+0x57d/0x17a0
[ 146.925420] [<ffffffffa0407615>] kvm_mmu_page_fault+0x35/0x240 [kvm]
[ 146.925423] [<ffffffffa068d6b8>] pf_interception+0x108/0x1d0 [kvm_amd]
[ 146.925431] [<ffffffffa068fd10>] handle_exit+0x150/0xa40 [kvm_amd]
[ 146.925440] [<ffffffffa03fe398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
[ 146.925449] [<ffffffffa03fe403>] kvm_arch_vcpu_ioctl_run+0x533/0x16f0 [kvm]
[ 146.925458] [<ffffffffa03fe398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
[ 146.925461] [<ffffffff816bd852>] ? mutex_lock_killable_nested+0x312/0x480
[ 146.925467] [<ffffffffa03e5979>] ? kvm_vcpu_ioctl+0x79/0x6f0 [kvm]
[ 146.925469] [<ffffffff8107e133>] ? preempt_count_sub+0xb3/0x110
[ 146.925476] [<ffffffffa03e5c3f>] kvm_vcpu_ioctl+0x33f/0x6f0 [kvm]
[ 146.925478] [<ffffffff811939d7>] do_vfs_ioctl+0x2d7/0x530
[ 146.925480] [<ffffffff8119f889>] ? __fget_light+0x29/0x90
[ 146.925481] [<ffffffff81193c7c>] SyS_ioctl+0x4c/0x90
[ 146.925482] [<ffffffff816c1a9b>] entry_SYSCALL_64_fastpath+0x16/0x73
[ 146.925484] ---[ end trace ff23795fcc279cbe ]---
Thanks.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists