lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 5 Jan 2017 12:47:17 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     xinwu.liu@...el.com
Cc:     arnd@...db.de, tytso@....edu, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] random: fix panic caused by system_wq is not
 initialization

On Thu, Jan 05, 2017 at 04:49:50PM +0800, xinwu.liu@...el.com wrote:
> From: "Liu, Xinwu" <xinwu.liu@...el.com>
> 
> While booting kernel on simulation environment(very slow),
> kernel panicked:
> 
> [ 310.837531] BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000102
> [ 310.909223] IP: [<ffffffff810acfcd>] __queue_work+0x2d/0x440
> [ 312.023898] Call Trace:
> [ 312.046346] <IRQ>
> [ 312.064346] [<ffffffff810ad418>] queue_work_on+0x38/0x80
> [ 312.115177] [<ffffffff814b364f>] credit_entropy_bits+0x1bf/0x280
> [ 312.168986] [<ffffffff814b4c62>] ?add_interrupt_randomness+0x1c2/0x200
> [ 312.228023] [<ffffffff814b4c62>] add_interrupt_randomness+0x1c2/0x200
> [ 312.285566] [<ffffffff810e4f51>] handle_irq_event_percpu+0x31/0x60
> [ 312.340869] [<ffffffff810e4fb9>] handle_irq_event+0x39/0x60
> [ 312.390955] [<ffffffff810e8480>] handle_edge_irq+0x90/0x150
> [ 312.441039] [<ffffffff8101e52d>] handle_irq+0xad/0x180
> [ 312.487388] [<ffffffff813cfb67>] ? debug_smp_processor_id+0x17/0x20
> [ 312.543433] [<ffffffff81a4ab37>] do_IRQ+0x57/0xf0
> [ 312.586064] [<ffffffff81a490c9>] common_interrupt+0x89/0x89
> [ 312.636155] [<ffffffff81a4ad9c>] ? __do_softirq+0x5c/0x337
> [ 312.685485] [<ffffffff81a4ae01>] ? __do_softirq+0xc1/0x337
> [ 312.734829] [<ffffffff8109a6d5>] irq_exit+0xa5/0xb0
> [ 312.778935] [<ffffffff81a4ab40>] do_IRQ+0x60/0xf0
> [ 312.821567] [<ffffffff81a490c9>] common_interrupt+0x89/0x89
> [ 312.871612] <EOI>
> [ 312.889628] [<ffffffff813bfda8>] ? delay_tsc+0x38/0xc0
> [ 312.938966] [<ffffffff813bfde0>] ? delay_tsc+0x70/0xc0
> [ 312.985320] [<ffffffff813bfd07>] __const_udelay+0x27/0x30
> [ 313.033907] [<ffffffff82419c35>] timer_irq_works+0x36/0x8f
> [ 313.083244] [<ffffffff8241a5ca>] setup_IO_APIC+0x30e/0x7da
> [ 313.132587] [<ffffffff81041cf9>] ? clear_IO_APIC+0x39/0x60
> [ 313.181929] [<ffffffff82419124>] apic_bsp_setup+0x86/0x94
> [ 313.230517] [<ffffffff8241714f>] native_smp_prepare_cpus+0x26f/0x2e2
> [ 313.287320] [<ffffffff82406fc2>] kernel_init_freeable+0xda/0x227
> [ 313.341127] [<ffffffff81a3f6ce>] kernel_init+0xe/0x100
> [ 313.387481] [<ffffffff81a4897f>] ret_from_fork+0x1f/0x40
> [ 313.435322] [<ffffffff81a3f6c0>] ? rest_init+0x90/0x90
> [ 313.481649] Code: 44 00 00 55 48 89 e5 41 57 41 56 41 89 fe 41 55 49
> 89 d5 41 54 49 89 f4 53 48 83 ec 08 89 7d d4 9c 58 f6 c4 02 0f 85 c4 02
> 00 00 <41> f6 84 24 02 01 00 00 01 0f 85 df 02 00 00 41 83 fe 20 0f 84
> [ 313.743052] RIP [<ffffffff810acfcd>] __queue_work+0x2d/0x440
> [ 313.795369] RSP <ffff880072803c68>
> [ 313.826768] CR2: 0000000000000102
> [ 313.856686] --[ end trace bb738d5d79381553 ]--
> [ 313.897788] Kernel panic - not syncing: Fatal exception in interrupt
> 
> 1. Now, all interrupts will contribute to entropy pool.
> 2. System_wq is initialized by early_initcall, but before that
>    clock event ready long time.
> During this period, if entropy gathering by timer interrupt
> cramming input pool, migration happends but system_wq isn't
> ready, panic hit.
> So, do basically check first to avoid this.
> 
> Signed-off-by: Liu, Xinwu <xinwu.liu@...el.com>
> ---
>  drivers/char/random.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index d6876d5..621fcc9 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -730,7 +730,8 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)
>  		    r->entropy_total >= 2*random_read_wakeup_bits) {
>  			struct entropy_store *other = &blocking_pool;
>  
> -			if (other->entropy_count <=
> +			if (likely(keventd_up()) &&
> +			    other->entropy_count <=
>  			    3 * other->poolinfo->poolfracbits / 4) {
>  				schedule_work(&other->push_work);
>  				r->entropy_total = 0;
> -- 
> 1.9.1

Hasn't this patch been rejected multiple times already?  Why send it
again?

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ