lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 17 May 2016 13:06:20 +0200
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andy Lutomirski <luto@...capital.net>
Cc:	okhalzov@...m.vestbery.com, Marcelo Tosatti <mtosatti@...hat.com>,
	the arch/x86 maintainers <x86@...nel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Taloth Saldono <talothsaldono@...il.com>
Subject: Re: Please review arch/x86/kernel/pvclock.c to fix Docker/Mono
 crashes in new Kernels



On 16/05/2016 20:56, Linus Torvalds wrote:
> On Mon, May 16, 2016 at 11:37 AM, Andy Lutomirski <luto@...capital.net> wrote:
>>
>> All of those fixes were intended to fix incorrect times being
>> reported, not segfaults.  Weird.
> 
> I'm assuming it's "time going backwards". I can easily see that
> causing segfaults.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1450584 says the
crashes occurs "more frequently on a vbox vm with multiple CPUs
configured".  If vbox tells the VM to use the vdso when it shouldn't
(because the TSC is not stable on the host), bad things could happen.

However, based on the Xamarin bug comments and
http://lists.ximian.com/pipermail/mono-devel-list/2015-August/043181.html,
it looks like vbox after all doesn't use pvclock and the trigger seems
to be https://github.com/torvalds/linux/commit/c70e1b475f37:

   With __always_inline on vread_pvclock, mono crashed. With noinline on
   vread_pvclock, mono doesn't crash. Weirdest part is that the pvclock
   isn't even used during my tests.

Oleg, what is your environment exactly?  You mentioned Docker, but are
you also virtualizing and if so what is your hypervisor?

Taloth, do you know if it can it be reproduced under Xen or KVM or
bare-metal?  I'd trust them more than VirtualBox regarding timekeeping.
 I saw Amazon Linux mentioned in the mono mailing list archives which
would point to Xen.  Xen doesn't use the pvclock vdso code either, though.

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ