| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jan 2016 15:28:34 +0100
From: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>
To: Russell King - ARM Linux <linux@....linux.org.uk>
Cc: LKML <linux-kernel@...r.kernel.org>,
Intel Graphics Development <intel-gfx@...ts.freedesktop.org>
Subject: Re: [REGRESSION] component: add support for releasing match data
Op 26-01-16 om 15:15 schreef Russell King - ARM Linux:
> On Tue, Jan 26, 2016 at 02:42:16PM +0100, Maarten Lankhorst wrote:
>> Commit ce657b1cddf1f88c56 ("component: add support for releasing match
>> data") causes a general protection fault when unloading snd-hda-intel
>> with the i915 module loaded on a recent skylake machine.
> I'm no good at interpreting x86 oopses. Can I have some help with
> this one? What causes a "general protection fault"? What does the
> code line disassemble to? What was the code doing at the point
> it caused this fault? Was it calling mc->release() or was it
> trying to access some data?
Something similar to a segfault. It's trying to call 0x6b6b6b6b6b which is POISON_FREE.
mc appears to be freed already, so calling mc->release would jump to invalid data.
>> This breaks one of the i915 acceptance tests that performs a module
>> unload/reload on snd-hda-intel and i915.
>>
>> # modprobe -r snd-hda-intel
>>
>> [ 268.635792] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
>> [ 268.635879] Modules linked in: fuse snd_hda_codec_hdmi
>> snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel(-)
>> snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_seq_midi
>> snd_seq_midi_event snd_rawmidi snd_seq input_leds intel_rapl led_class
>> x86_pkg_temp_thermal snd_seq_device snd_timer thermal fan wmi snd
>> soundcore pinctrl_sunrisepoint pinctrl_intel acpi_cpufreq acpi_pad i915
>> processor parport_pc ppdev parport efivarfs autofs4
>> [ 268.636072] CPU: 3 PID: 2156 Comm: modprobe Tainted: G U W 4.5.0-rc1+ #4626
>> [ 268.636101] Hardware name: Intel Corporation Skylake Client
>> platform/Skylake DT DDR4
>> [ 268.636142] task: ffff88044242ab80 ti: ffff880089c7c000 task.ti: ffff880089c7c000
>> [ 268.636168] RIP: 0010:[<ffffffff8141f865>] [<ffffffff8141f865>] devm_component_match_release+0x35/0x50
>> [ 268.636205] RSP: 0018:ffff880089c7fd88 EFLAGS: 00010202
>> [ 268.636224] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000000 RCX: 0000000000000001
>> [ 268.636248] RDX: ffff880453b71260 RSI: 6b6b6b6b6b6b6b6b RDI: ffff8804592545b8
>> [ 268.636272] RBP: ffff880089c7fda0 R08: ffff88045c0039d0 R09: 0000000000000026
>> [ 268.636296] R10: 00000000000000d2 R11: 0000000000002c81 R12: ffff8804592545b8
>> [ 268.636320] R13: ffff8804582181b0 R14: 0000000000000002 R15: ffff880089c7fdd0
>> [ 268.636345] FS: 00007fc3b6f74700(0000) GS:ffff88046c6c0000(0000) knlGS:0000000000000000
>> [ 268.636373] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 268.636393] CR2: 0000559dae9b10e0 CR3: 000000045566e000 CR4: 00000000003406e0
>> [ 268.636417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> [ 268.636442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> [ 268.636468] Stack:
>> [ 268.636477] ffff880458218188 ffff8804592545b8 ffff880089c7fdd0 ffff880089c7fe08
>> [ 268.636509] ffffffff81428f50 0000000000000286 ffff880459254818 ffffffff00000000
>> [ 268.636542] ffff880459254818 ffff880458218188 ffff880453b71238 ffff8804592545b8
>> [ 268.636574] Call Trace:
>> [ 268.636587] [<ffffffff81428f50>] release_nodes+0x120/0x1e0
>> [ 268.636608] [<ffffffff81429107>] devres_release_all+0x37/0x60
>> [ 268.636630] [<ffffffff81424c74>] __device_release_driver+0xa4/0x150
>> [ 268.636654] [<ffffffff8142561c>] driver_detach+0xac/0xb0
>> [ 268.636674] [<ffffffff814247a0>] bus_remove_driver+0x60/0xb0
>> [ 268.636695] [<ffffffff81425bf7>] driver_unregister+0x27/0x50
>> [ 268.636717] [<ffffffff81320535>] pci_unregister_driver+0x25/0x70
>> [ 268.636740] [<ffffffffc022a9a1>] azx_driver_exit+0x10/0x66f [snd_hda_intel]
>> [ 268.636767] [<ffffffff810f445b>] SyS_delete_module+0x17b/0x240
>> [ 268.636789] [<ffffffff817396d7>] entry_SYSCALL_64_fastpath+0x12/0x6a
>> [ 268.636811] Code: f5 41 54 49 89 fc 53 31 db 48 83 7e 08 00 74 29 48
>> 8d 14 80 49 8b 45 10 48 8d 14 d0 48 8b 42 10 48 85 c0 74 08 48 8b 32 4c
>> 89 e7 <ff> d0 8d 43 01 49 3b 45 08 48 89 c3 72 d7 5b 41 5c 41 5d
>> 5d c3
>> [ 268.636993] RIP [<ffffffff8141f865>] devm_component_match_release+0x35/0x50
>> [ 268.637021] RSP <ffff880089c7fd88>
>> [ 268.637043] ---[ end trace 31731dfc9d95562b ]---
>>
>> Looking at the code, I see it only happens on newer i915 chips with power well support,
>> so haswell/broadwell/skylake are probably affected in the functions
>> snd_hdac_i915_init and snd_hdac_i915_exit.
>>
>> ~Maarten
>>
Powered by blists - more mailing lists