lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <578C6220.6050507@huawei.com>
Date:	Mon, 18 Jul 2016 12:59:12 +0800
From:	Xie XiuQi <xiexiuqi@...wei.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:	Qiu Xishi <qiuxishi@...wei.com>
Subject: [BUG] kernel BUG at arch/x86/mm/pageattr.c:216!

Hi all,

I'm getting BUG_ON occurred in a panic at arch/x86/mm/pageattr.c:216! on 3.10.0-327.el7 (RHEL 7.2)
I want to do a test, to expect system will reboot immediately after panic.
But, in drm_fb_helper_panic, may trigger a BUG_ON at arch/x86/mm/pageattr.c:216!

Does anyone has good idea to fix it?

The code is like bellow:
 210 static void cpa_flush_array(unsigned long *start, int numpages, int cache,
 211                             int in_flags, struct page **pages)
 212 {
 213         unsigned int i, level;
 214         unsigned long do_wbinvd = cache && numpages >= 1024; /* 4M threshold */
 215
 216         BUG_ON(irqs_disabled());
 217
 218         on_each_cpu(__cpa_flush_all, (void *) do_wbinvd, 1);
 219
 220         if (!cache || do_wbinvd)
 221                 return;
 222
 223         /*
 224          * We only need to flush on one CPU,
 225          * clflush is a MESI-coherent instruction that
 226          * will cause all other CPUs to flush the same
 227          * cachelines:
 228          */
 229         for (i = 0; i < numpages; i++) {
 230                 unsigned long addr;
 231                 pte_t *pte;
 232
 233                 if (in_flags & CPA_PAGES_ARRAY)
 234                         addr = (unsigned long)page_address(pages[i]);
 235                 else
 236                         addr = start[i];
 237
 238                 pte = lookup_address(addr, &level);
 239
 240                 /*
 241                  * Only flush present addresses:
 242                  */
 243                 if (pte && (pte_val(*pte) & _PAGE_PRESENT))
 244                         clflush_cache_range((void *)addr, PAGE_SIZE);
 245         }
 246 }


--- crash messages ---
[ 1336.567485] test_module: call panic() function in process context 3 times.
[ 1336.567542] Kernel panic - not syncing: call panic() function in process context.

[ 1336.567607] CPU: 0 PID: 9566 Comm: bash Tainted: G           OE  ----V-------   3.10.0-327.el7.x86_64
[ 1336.567699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[ 1336.567789]  ffffffff8116f900 00000000035a0a10 ffff88007adc7e00 ffffffff81638844
[ 1336.567848]  ffff88007adc7e80 ffffffff81632097 0000000000000008 ffff88007adc7e90
[ 1336.567943]  ffff88007adc7e30 00000000035a0a10 8000000000000008 ffff88007ec0d6c8
[ 1336.567992] Call Trace:
[ 1336.567992]  [<ffffffff8116f900>] ? clear_zonelist_oom+0xa0/0xa0
[ 1336.567992]  [<ffffffff81638844>] dump_stack+0x19/0x1b
[ 1336.567992]  [<ffffffff81632097>] panic+0xd8/0x20f
[ 1336.567992]  [<ffffffff8116f900>] ? clear_zonelist_oom+0xa0/0xa0
[ 1336.567992]  [<ffffffffa03ee559>] dev_wr_actions+0x6d9/0xf60 [test_module]
[ 1336.567992]  [<ffffffffa03ef746>] dev_wr_handler+0xa6/0x120 [test_module]
[ 1336.567992]  [<ffffffff811e10cd>] vfs_write+0xbd/0x1e0
[ 1336.567992]  [<ffffffff81644743>] ? trace_do_page_fault+0x43/0x110
[ 1336.567992]  [<ffffffff811e1b6f>] SyS_write+0x7f/0xe0
[ 1336.567992]  [<ffffffff81648e89>] system_call_fastpath+0x16/0x1b
[ 1336.567992] drm_kms_helper: panic occurred, switching back to text console
[ 1336.567992] ------------[ cut here ]------------
[ 1336.567992] kernel BUG at arch/x86/mm/pageattr.c:216!
[ 1336.567992] invalid opcode: 0000 [#1] SMP
[ 1336.567992] Modules linked in: test_module(O) ip6t_rpfilter ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables signo_catch(OV) cirrus ppdev parport_pc parport syscopyarea sysfillrect sysimgblt ttm drm_kms_helper drm serio_raw virtio_balloon i2c_piix4 i2c_core pcspkr xfs libcrc32c sd_mod sr_mod crc_t10dif cdrom crct10dif_common ata_generic pata_acpi virtio_console virtio_scsi ata_piix virtio_pci e1000 libata virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod
[ 1336.567992] CPU: 0 PID: 9566 Comm: bash Tainted: G           O  ------------   3.10.0-327.el7.x86_64
[ 1336.567992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[ 1336.567992] task: ffff88007afef300 ti: ffff88007adc4000 task.ti: ffff88007adc4000
[ 1336.567992] RIP: 0010:[<ffffffff81062a08>]  [<ffffffff81062a08>] change_page_attr_set_clr+0x4c8/0x4d0
[ 1336.567992] RSP: 0018:ffff88007adc7538  EFLAGS: 00010046
[ 1336.567992] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000004
[ 1336.567992] RDX: 0000000000002200 RSI: 0000000000000000 RDI: 0000000080000000
[ 1336.567992] RBP: ffff88007adc75d0 R08: 0000000000000010 R09: ffff880000000000
[ 1336.567992] R10: 0000000000003688 R11: ffffffff811a738f R12: 0000000000000010
[ 1336.567992] R13: 0000000000000000 R14: 0000000000000200 R15: 0000000000000005
[ 1336.567992] FS:  00007fee378b1740(0000) GS:ffff88007ec00000(0000) knlGS:0000000000000000
[ 1336.567992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1336.567992] CR2: 00007fee378b9000 CR3: 0000000078fe6000 CR4: 00000000000006f0
[ 1336.567992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1336.567992] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1336.567992] Stack:
[ 1336.567992]  000000047efbb000 0000000000000000 0000000000000000 ffff8800360aa000
[ 1336.567992]  ffff88007afef300 0000000000000000 0000000000000000 0000000000000010
[ 1336.567992]  0000000000000000 0000000500000001 000000000007aa2f 0000020000000000
[ 1336.567992] Call Trace:
[ 1336.567992]  [<ffffffff81062d56>] _set_pages_array+0xe6/0x130
[ 1336.567992]  [<ffffffff81062dd3>] set_pages_array_wc+0x13/0x20
[ 1336.567992]  [<ffffffffa028c2af>] ttm_set_pages_caching+0x2f/0x70 [ttm]
[ 1336.567992]  [<ffffffffa028c3f4>] ttm_alloc_new_pages.isra.6+0xb4/0x180 [ttm]
[ 1336.567992]  [<ffffffffa028cd63>] ttm_pool_populate+0x3e3/0x500 [ttm]
[ 1336.567992]  [<ffffffffa02ee3ee>] cirrus_ttm_tt_populate+0xe/0x10 [cirrus]
[ 1336.567992]  [<ffffffffa02895a5>] ttm_bo_move_memcpy+0x655/0x6d0 [ttm]
[ 1336.567992]  [<ffffffff811a6b5e>] ? map_vm_area+0x2e/0x40
[ 1336.567992]  [<ffffffffa0285289>] ? ttm_tt_init+0x69/0xb0 [ttm]
[ 1336.567992]  [<ffffffffa02ee398>] cirrus_bo_move+0x18/0x20 [cirrus]
[ 1336.567992]  [<ffffffffa0286cf5>] ttm_bo_handle_move_mem+0x265/0x5b0 [ttm]
[ 1336.567992]  [<ffffffffa0287657>] ? ttm_bo_mem_space+0xe7/0x350 [ttm]
[ 1336.567992]  [<ffffffffa0287d4d>] ttm_bo_validate+0x20d/0x230 [ttm]
[ 1336.567992]  [<ffffffffa02eeb73>] cirrus_bo_push_sysram+0x93/0xe0 [cirrus]
[ 1336.567992]  [<ffffffffa02ecd34>] cirrus_crtc_do_set_base.isra.9.constprop.11+0x84/0x410 [cirrus]
[ 1336.567992]  [<ffffffffa02ed515>] cirrus_crtc_mode_set+0x455/0x4e0 [cirrus]
[ 1336.567992]  [<ffffffffa02a6969>] drm_crtc_helper_set_mode+0x319/0x550 [drm_kms_helper]
[ 1336.567992]  [<ffffffffa02a79d2>] drm_crtc_helper_set_config+0x892/0xab0 [drm_kms_helper]
[ 1336.567992]  [<ffffffffa023ddb7>] drm_mode_set_config_internal+0x67/0x100 [drm]
[ 1336.567992]  [<ffffffffa02b2508>] restore_fbdev_mode+0xc8/0xf0 [drm_kms_helper]
[ 1336.567992]  [<ffffffffa02b26b5>] drm_fb_helper_force_kernel_mode+0x75/0xb0 [drm_kms_helper]
[ 1336.567992]  [<ffffffffa02b33cd>] drm_fb_helper_panic+0x3d/0x50 [drm_kms_helper]
[ 1336.567992]  [<ffffffff8164485c>] notifier_call_chain+0x4c/0x70
[ 1336.567992]  [<ffffffff8116f900>] ? clear_zonelist_oom+0xa0/0xa0
[ 1336.567992]  [<ffffffff816448ba>] atomic_notifier_call_chain+0x1a/0x20
[ 1336.567992]  [<ffffffff816320ce>] panic+0x10f/0x20f
[ 1336.567992]  [<ffffffff8116f900>] ? clear_zonelist_oom+0xa0/0xa0
[ 1336.567992]  [<ffffffffa03ee559>] dev_wr_actions+0x6d9/0xf60 [test_module]
[ 1336.567992]  [<ffffffffa03ef746>] dev_wr_handler+0xa6/0x120 [test_module]
[ 1336.567992]  [<ffffffff811e10cd>] vfs_write+0xbd/0x1e0
[ 1336.567992]  [<ffffffff81644743>] ? trace_do_page_fault+0x43/0x110
[ 1336.567992]  [<ffffffff811e1b6f>] SyS_write+0x7f/0xe0
[ 1336.567992]  [<ffffffff81648e89>] system_call_fastpath+0x16/0x1b
[ 1336.567992] Code: ba 00 00 00 48 c7 c7 82 7d a0 81 44 89 85 78 ff ff ff 89 4d 80 e8 69 8e 01 00 44 8b 85 78 ff ff ff 8b 4d 80 e9 c0 fd ff ff 0f 0b <0f> 0b 0f 0b 0f 1f 40 00 0f 1f 44 00 00 55 31 c0 48 89 e5 48 83
[ 1336.567992] RIP  [<ffffffff81062a08>] change_page_attr_set_clr+0x4c8/0x4d0
[ 1336.567992]  RSP <ffff88007adc7538>
[ 1336.567992] ---[ end trace 19cbe62f0bfc1b34 ]---

_______________________________________________
kernel.openeuler mailing list
kernel.openeuler@...wei.com
http://rnd-openeuler.huawei.com/mailman/listinfo/kernel.openeuler

.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ