lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53e3b52b-f353-63c8-f96f-649d754596bc@oracle.com>
Date:   Mon, 26 Dec 2016 12:31:08 -0500
From:   Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:     Markus Trippelsdorf <markus@...ppelsdorf.de>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Borislav Petkov <bp@...en8.de>
Subject: Re: [GIT pull] smp/hotplug: Removal of notifiers

On 12/26/2016 10:45 AM, Markus Trippelsdorf wrote:
> On 2016.12.26 at 12:06 +0100, Markus Trippelsdorf wrote:
>> On 2016.12.26 at 08:45 +0100, Markus Trippelsdorf wrote:
>>> On 2016.12.25 at 14:39 +0100, Thomas Gleixner wrote:
>>>> Linus,
>>>>
>>>> please pull the latest smp-urgent-for-linus git tree from:
>>>>
>>>>    git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git smp-urgent-for-linus
>>>>
>>>> Thomas Gleixner (11):
>>>>       cpu/hotplug: Prevent overwriting of callbacks
>>> The following commit:
>>>
>>>  commit dc280d93623927570da279e99393879dbbab39e7
>>>  Author: Thomas Gleixner <tglx@...utronix.de>
>>>  Date:   Wed Dec 21 20:19:49 2016 +0100
>>>
>>>      cpu/hotplug: Prevent overwriting of callbacks
>>>
>>> results in an early OOPs during boot on my AMD machine.
>>> I haven't wrote down the entire backtrace, but basically things start to
>>> go wrong in mce_threshold_create_device() from
>>> arch/x86/kernel/cpu/mcheck/mce_amd.c.
>>>
>>> # CONFIG_HOTPLUG_CPU is not set
>>>
>>> Reverting the commit "fixes" the issue for me.
>> CCing Sebastian and Borislav.
> BUG: unable to handle kernel NULL pointer dereference at 000000000000004c
>
> RIP: kobject_get at lib/kobject.c:594
>  (inlined by) kobject_add_internal at lib/kobject.c:214
>
>  ? kobj_to_dev at include/linux/device.h:968 (discriminator 1)
>   (inlined by) get_device at drivers/base/core.c:1796 (discriminator 1)
>
>  ? kobject_add at lib/kobject.c:415
>
>  ? kobject_create_and_add at lib/kobject.c:753
>
>  ? threshold_create_bank at arch/x86/kernel/cpu/mcheck/mce_amd.c:1212
>   (inlined by) mce_threshold_create_device at arch/x86/kernel/cpu/mcheck/mce_amd.c:1348
>
> The comment in arch/x86/kernel/cpu/mcheck/mce_amd.c says:
>
> 1384  * mcheck_init_device should be inited before threshold_init_device to
> 1385  * initialize mce_device, otherwise a NULL ptr dereference will cause panic.


My nightly test hit this as well. AMD only, Intel passed. I haven't
verified whether commit that Markus implicated is the one that caused
this but it's the same BUG signature (but possibly slightly different stack)

[    1.554351] smpboot: CPU0: AMD Engineering Sample (family: 0x10,
model: 0x4, stepping: 0x1)
...
[   33.579949] BUG: unable to handle kernel NULL pointer dereference at
000000000000004c
[   33.588018] IP: kobject_get+0x11/0x80
[   33.591787] PGD 0
[   33.591788]
[   33.595386] Oops: 0000 [#1] SMP
[   33.598620] Modules linked in:
[   33.601765] CPU: 1 PID: 1 Comm: swapper/0 Not tainted
4.10.0-rc1upstream #1
[   33.608936] Hardware name: To Be Filled By O.E.M. To Be Filled By
O.E.M./To be filled by O.E.M., BIOS 080014  07/18/200
8
[   33.620136] task: ffff880216eb6d40 task.stack: ffffc90000c60000
[   33.626235] RIP: 0010:kobject_get+0x11/0x80
[   33.630543] RSP: 0018:ffffc90000c63c98 EFLAGS: 00010202
[   33.635925] RAX: ffffffff81b6ba09 RBX: 0000000000000010 RCX:
0000000000000000
[   33.643276] RDX: 0000000000000000 RSI: 000000000000002f RDI:
0000000000000010
[   33.650627] RBP: ffffc90000c63ca8 R08: 0000000000000001 R09:
0000000000000025
[   33.657978] R10: dead000000000200 R11: dead000000000100 R12:
ffff8802164887c0
[   33.665329] R13: 0000000000000000 R14: 000000000000d538 R15:
ffff88021694c180
[   33.672680] FS:  0000000000000000(0000) GS:ffff88021fc80000(0000)
knlGS:0000000000000000
[   33.681015] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.686933] CR2: 000000000000004c CR3: 0000000001e0a000 CR4:
00000000000006e0
[   33.694284] Call Trace:
[   33.696803]  kobject_add_internal+0x40/0x2e0
[   33.701199]  ? kfree_const+0x1d/0x30
[   33.704878]  kobject_add_varg+0x38/0x60
[   33.708829]  kobject_add+0x44/0x70
[   33.712331]  kobject_create_and_add+0x3e/0x80
[   33.716818]  mce_threshold_create_device+0x128/0x380
[   33.721931]  ? __debugfs_create_file+0xe9/0x130
[   33.726596]  threshold_init_device+0x26/0x56
[   33.730994]  ? severities_debugfs_init+0x3c/0x3c
[   33.735749]  ? severities_debugfs_init+0x3c/0x3c
[   33.740504]  do_one_initcall+0x45/0x170
[   33.744455]  kernel_init_freeable+0x17b/0x214
[   33.748941]  ? kernel_init_freeable+0x214/0x214
[   33.753606]  ? rest_init+0x90/0x90
[   33.757108]  kernel_init+0x9/0x100
[   33.760610]  ret_from_fork+0x25/0x30
[   33.764289] Code: 89 e5 e8 b3 a6 e5 ff c9 c3 90 55 48 89 e5 e8 a7 a6
e5 ff c9 c3 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb
 48 83 ec 08 48 85 ff 74 18 <f6> 47 3c 01 74 1c b8 01 00 00 00 f0 0f c1
43 38 83 c0 01 83 f8
[   33.783741] RIP: kobject_get+0x11/0x80 RSP: ffffc90000c63c98
[   33.789570] CR2: 000000000000004c
[   33.792984] ---[ end trace 861eb820e5b8a9c8 ]---
[   33.797737] Kernel panic - not syncing: Fatal exception
[   33.803132] Kernel Offset: disabled
[   33.806722] ---[ end Kernel panic - not syncing: Fatal exception


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ