| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170406154216.a4um6ftjyia5wxya@node.shutemov.name>
Date: Thu, 6 Apr 2017 18:42:16 +0300
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Borislav Petkov <bp@...en8.de>
Cc: Wei Yang <richard.weiyang@...il.com>, tglx@...utronix.de,
mingo@...hat.com, hpa@...or.com, tj@...nel.org,
linux-kernel@...r.kernel.org
Subject: Re: [Patch V2 2/2] x86/mm/numa: remove the
numa_nodemask_from_meminfo()
On Thu, Apr 06, 2017 at 04:59:37PM +0200, Borislav Petkov wrote:
> On Thu, Apr 06, 2017 at 03:44:59PM +0300, Kirill A. Shutemov wrote:
> > I've got the crash below on master/tip. Reveting the patch helps.
> >
> > ================================================================================
> > UBSAN: Undefined behaviour in /home/kas/linux/la57/mm/sparse.c:336:9
> > member access within null pointer of type 'struct pglist_data'
> > CPU: 0 PID: 0 Comm: swapper Not tainted 4.11.0-rc5-00604-gf03eaf0479bc #5084
> > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
>
> Oh, qemu, how do you trigger this exactly? .config and qemu cmdline pls?
>
> Alternatively, can you run this debug diff and give me the output?
>
> I'd like to know what is happening and how did I miss that during
> review.
>
> Thanks.
>
> ---
>
>
>
> Oh, qemu, how do you trigger this exactly? .config and qemu cmdline pls?
qemu-system-x86_64 \
-machine "type=q35,accel=kvm:tcg" \
-cpu "kvm64" \
-smp "8" \
-m "32G" \
-chardev "stdio,mux=on,id=stdio,signal=off" \
-mon "chardev=stdio,mode=readline,default" \
-device "isa-serial,chardev=stdio" \
-kernel "/home/kas/var/linus/arch/x86/boot/bzImage" \
-nographic \
-append "console=ttyS0 numa=fake=4 earlyprintk=ttyS0" \
#
Config is attached.
Looks like fake numa is the key.
> Alternatively, can you run this debug diff and give me the output?
>
> I'd like to know what is happening and how did I miss that during review.
...
NUMA: Warning: node ids are out of bound, from=0 to=1 distance=20 [ 0.000000] numa_register_memblks: numa_nodes_parsed: 0
numa_register_memblks: nid: 0
numa_register_memblks: nid: 1
numa_register_memblks: nid: 2
numa_register_memblks: nid: 3
NODE_DATA(0) allocated [mem 0x27ffde000-0x27fffffff]
kvm-clock: Using msrs 4b564d01 and 4b564d00
kvm-clock: cpu 0, msr 8:7bfe0001, primary cpu clock
kvm-clock: using sched offset of 828966599 cycles
clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
sparse_early_usemaps_alloc_pgdat_section: node_id: 0
================================================================================
UBSAN: Undefined behaviour in /home/kas/linux/x86-gup/mm/sparse.c:336:2
member access within null pointer of type 'struct pglist_data'
CPU: 0 PID: 0 Comm: swapper Not tainted 4.11.0-rc5-00604-gf03eaf0479bc-dirty #5093
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014
Call Trace:
dump_stack+0x84/0xb8
ubsan_epilogue+0x12/0x3f
__ubsan_handle_type_mismatch+0x80/0x1a0
sparse_early_usemaps_alloc_node+0x45/0x1ca
alloc_usemap_and_memmap+0x37b/0x390
? alloc_usemap_and_memmap+0x390/0x390
? memblock_virt_alloc_try_nid+0xa4/0xb7
? 0xffffffff81000000
sparse_init+0x5e/0x31a
? 0xffffffff81000000
? 0xffffffff81000000
paging_init+0x18/0x27
setup_arch+0xc92/0xe67
? early_idt_handler_array+0x120/0x120
start_kernel+0x63/0x4e3
x86_64_start_reservations+0x2a/0x2c
x86_64_start_kernel+0x171/0x180
secondary_startup_64+0x9f/0x9f
================================================================================
BUG: unable to handle kernel paging request at 0000000000021a40
IP: sparse_early_usemaps_alloc_node+0x45/0x1ca
PGD 0
P4D 0
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
CPU: 0 PID: 0 Comm: swapper Not tainted 4.11.0-rc5-00604-gf03eaf0479bc-dirty #5093
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014
task: ffffffff82615280 task.stack: ffffffff82600000
RIP: 0010:sparse_early_usemaps_alloc_node+0x45/0x1ca
RSP: 0000:ffffffff82603cf8 EFLAGS: 00010082
RAX: 0000000000000002 RBX: 0000000000000800 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000001
RBP: ffffffff82603d40 R08: 3d3d3d3d3d3d3d3d R09: 3d3d3d3d3d3d3d3d
R10: 000000000401b000 R11: 3d3d3d3d3d3d3d3d R12: 0000000000000050
R13: ffff88087bbdf000 R14: 0000000000000000 R15: 0000000000000050
FS: 0000000000000000(0000) GS:ffffffff83340000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000021a40 CR3: 000000000260a000 CR4: 00000000000006b0
Call Trace:
alloc_usemap_and_memmap+0x37b/0x390
? alloc_usemap_and_memmap+0x390/0x390
? memblock_virt_alloc_try_nid+0xa4/0xb7
? 0xffffffff81000000
sparse_init+0x5e/0x31a
? 0xffffffff81000000
? 0xffffffff81000000
paging_init+0x18/0x27
setup_arch+0xc92/0xe67
? early_idt_handler_array+0x120/0x120
start_kernel+0x63/0x4e3
x86_64_start_reservations+0x2a/0x2c
x86_64_start_kernel+0x171/0x180
secondary_startup_64+0x9f/0x9f
Code: c1 e3 05 48 83 ec 20 48 89 55 c0 e8 b6 25 f1 fd 4e 8b 34 f5 c0 a4 31 83 4d 85 f6 75 0e 31 f6 48 c7 c7 e0 92 96 82 e8 7b af 5b fe <41> 8b 96 40 1a 02 00 48 c7 c6 e0 3d 24 82 48 c7 c7 3c 11 43 82
RIP: sparse_early_usemaps_alloc_node+0x45/0x1ca RSP: ffffffff82603cf8
CR2: 0000000000021a40
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Fatal exception
---[ end Kernel panic - not syncing: Fatal exception
--
Kirill A. Shutemov
View attachment "config" of type "text/plain" (115318 bytes)
Powered by blists - more mailing lists