lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56A78292.7010009@linux.intel.com>
Date:	Tue, 26 Jan 2016 15:28:34 +0100
From:	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>
To:	Russell King - ARM Linux <linux@....linux.org.uk>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Intel Graphics Development <intel-gfx@...ts.freedesktop.org>
Subject: Re: [REGRESSION] component: add support for releasing match data

Op 26-01-16 om 15:15 schreef Russell King - ARM Linux:
> On Tue, Jan 26, 2016 at 02:42:16PM +0100, Maarten Lankhorst wrote:
>> Commit ce657b1cddf1f88c56 ("component: add support for releasing match
>> data") causes a general protection fault when unloading snd-hda-intel
>> with the i915 module loaded on a recent skylake machine.
> I'm no good at interpreting x86 oopses.  Can I have some help with
> this one?  What causes a "general protection fault"?  What does the
> code line disassemble to?  What was the code doing at the point
> it caused this fault?  Was it calling mc->release() or was it
> trying to access some data?
Something similar to a segfault. It's trying to call 0x6b6b6b6b6b which is POISON_FREE.

mc appears to be freed already, so calling mc->release would jump to invalid data.
>> This breaks one of the i915 acceptance tests that performs a module
>> unload/reload on snd-hda-intel and i915.
>>
>> # modprobe -r snd-hda-intel
>>
>> [  268.635792] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC 
>> [  268.635879] Modules linked in: fuse snd_hda_codec_hdmi 
>> snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel(-) 
>> snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_seq_midi 
>> snd_seq_midi_event snd_rawmidi snd_seq input_leds intel_rapl led_class 
>> x86_pkg_temp_thermal snd_seq_device snd_timer thermal fan wmi snd 
>> soundcore pinctrl_sunrisepoint pinctrl_intel acpi_cpufreq acpi_pad i915 
>> processor parport_pc ppdev parport efivarfs autofs4
>> [  268.636072] CPU: 3 PID: 2156 Comm: modprobe Tainted: G     U  W       4.5.0-rc1+ #4626
>> [  268.636101] Hardware name: Intel Corporation Skylake Client 
>> platform/Skylake DT DDR4
>> [  268.636142] task: ffff88044242ab80 ti: ffff880089c7c000 task.ti: ffff880089c7c000
>> [  268.636168] RIP: 0010:[<ffffffff8141f865>]  [<ffffffff8141f865>] devm_component_match_release+0x35/0x50
>> [  268.636205] RSP: 0018:ffff880089c7fd88  EFLAGS: 00010202
>> [  268.636224] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000000 RCX: 0000000000000001
>> [  268.636248] RDX: ffff880453b71260 RSI: 6b6b6b6b6b6b6b6b RDI: ffff8804592545b8
>> [  268.636272] RBP: ffff880089c7fda0 R08: ffff88045c0039d0 R09: 0000000000000026
>> [  268.636296] R10: 00000000000000d2 R11: 0000000000002c81 R12: ffff8804592545b8
>> [  268.636320] R13: ffff8804582181b0 R14: 0000000000000002 R15: ffff880089c7fdd0
>> [  268.636345] FS:  00007fc3b6f74700(0000) GS:ffff88046c6c0000(0000) knlGS:0000000000000000
>> [  268.636373] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [  268.636393] CR2: 0000559dae9b10e0 CR3: 000000045566e000 CR4: 00000000003406e0
>> [  268.636417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> [  268.636442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> [  268.636468] Stack:
>> [  268.636477]  ffff880458218188 ffff8804592545b8 ffff880089c7fdd0 ffff880089c7fe08
>> [  268.636509]  ffffffff81428f50 0000000000000286 ffff880459254818 ffffffff00000000
>> [  268.636542]  ffff880459254818 ffff880458218188 ffff880453b71238 ffff8804592545b8
>> [  268.636574] Call Trace:
>> [  268.636587]  [<ffffffff81428f50>] release_nodes+0x120/0x1e0
>> [  268.636608]  [<ffffffff81429107>] devres_release_all+0x37/0x60
>> [  268.636630]  [<ffffffff81424c74>] __device_release_driver+0xa4/0x150
>> [  268.636654]  [<ffffffff8142561c>] driver_detach+0xac/0xb0
>> [  268.636674]  [<ffffffff814247a0>] bus_remove_driver+0x60/0xb0
>> [  268.636695]  [<ffffffff81425bf7>] driver_unregister+0x27/0x50
>> [  268.636717]  [<ffffffff81320535>] pci_unregister_driver+0x25/0x70
>> [  268.636740]  [<ffffffffc022a9a1>] azx_driver_exit+0x10/0x66f [snd_hda_intel]
>> [  268.636767]  [<ffffffff810f445b>] SyS_delete_module+0x17b/0x240
>> [  268.636789]  [<ffffffff817396d7>] entry_SYSCALL_64_fastpath+0x12/0x6a
>> [  268.636811] Code: f5 41 54 49 89 fc 53 31 db 48 83 7e 08 00 74 29 48 
>> 8d 14 80 49 8b 45 10 48 8d 14 d0 48 8b 42 10 48 85 c0 74 08 48 8b 32 4c 
>> 89 e7 <ff> d0 8d 43 01 49 3b 45 08 48 89 c3 72 d7 5b 41 5c 41 5d 
>> 5d c3 
>> [  268.636993] RIP  [<ffffffff8141f865>] devm_component_match_release+0x35/0x50
>> [  268.637021]  RSP <ffff880089c7fd88>
>> [  268.637043] ---[ end trace 31731dfc9d95562b ]---
>>
>> Looking at the code, I see it only happens on newer i915 chips with power well support,
>> so haswell/broadwell/skylake are probably affected in the functions
>> snd_hdac_i915_init and snd_hdac_i915_exit.
>>
>> ~Maarten
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ