lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 3 Sep 2017 07:46:16 +0000
From:   "Prakhya, Sai Praneeth" <sai.praneeth.prakhya@...el.com>
To:     Bhupesh Sharma <bhsharma@...hat.com>
CC:     "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Matt Fleming <matt@...eblueprint.co.uk>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        "jlee@...e.com" <jlee@...e.com>, Borislav Petkov <bp@...en8.de>,
        "Luck, Tony" <tony.luck@...el.com>,
        "luto@...nel.org" <luto@...nel.org>,
        "mst@...hat.com" <mst@...hat.com>,
        "Neri, Ricardo" <ricardo.neri@...el.com>,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>
Subject: RE: [PATCH V2 0/3] Use mm_struct and switch_mm() instead of manually

> >
> > Thanks for this v2.
> > Introducing the 'efi_switch_mm() ' helper instead of manually
> > twiddling with %cr3 seems more cleaner.
> >
> > I have tested this patchset on a x86_64 machine with the following
> > configurations:
> >
> > 1. Primary kernel boot with efi=old_map 2. Primary kernel boot with
> > new efi map
> >
> > While it seems that efi=old_map passes, the new efi map boot fails for
> > me on both the two x86 machine (Dell 3050MT and a SGI - UV300 machine.
> >
> > It seems we are hitting a NULL pointer deference in
> > 'efi_call_phys_prolog' while accessing '&efi_mm'.
> >
> > Please see the log below for details:
> >
> > [    0.020006] BUG: unable to handle kernel NULL pointer dereference
> > at           (null)
> > [    0.021000] IP: switch_mm_irqs_off+0x44/0x270
> > [    0.021000] Call Trace:
> > [    0.021000]  switch_mm+0x20/0x30
> > [    0.021000]  efi_switch_mm+0x49/0x60
> > [    0.021000]  efi_call_phys_prolog+0x56/0x1b3
> > [    0.021000]  efi_enter_virtual_mode+0x3a9/0x520
> > [    0.021000]  start_kernel+0x424/0x4c8
> > [    0.021000]  ? set_init_arg+0x5a/0x5a
> > [    0.021000]  ? early_idt_handler_array+0x120/0x120
> > [    0.021000]  x86_64_start_reservations+0x29/0x2b
> > [    0.021000]  x86_64_start_kernel+0x151/0x174
> > [    0.021000]  secondary_startup_64+0x9f/0x9f
> > [    0.021000] Code: 2d 82 51 d9 4f 65 c7 05 0f 65 da 4f 01 00 00 00
> > 48 39 f7 0f 84 14 01 00 00 65 48 89 35 f6 64 da 4f 48 8b 86 e8 02 00
> > 00 45 89 ed <f0> 4c 0f ab 28 bf 00 00 00 80 48 03 7e 50 48 8b 05 27 b0
> > b9 00
> > [    0.021000] RIP: switch_mm_irqs_off+0x44/0x270 RSP: ffffffffb0e035d0
> > [    0.021000] CR2: 0000000000000000
> > [    0.021000] ---[ end trace fb94349305e1cb8b ]---
> > [    0.021000] Kernel panic - not syncing: Fatal exception
> > [    0.021000] ---[ end Kernel panic - not syncing: Fatal exception
> >
> 
> And I forgot to mention that I tried the patchset both with the efi/next and
> linus's trees and saw the same result.
> 
> I would be happy to help in case you need further details of the test environment
> or need help in testing this crash further.
> 
> Regards,
> Bhupesh

Hi Bhupesh,

Thanks for trying the patches and raising the concern.
Could you also please also give a try on qemu? (if reproducible, we will be having a common platform to start debugging)
I have tested this patch set on qemu and real machines (different from one's you tried) in our lab and didn’t notice this issue.

Regards,
Sai

Powered by blists - more mailing lists