lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CALqoU4wTyo8f2fmO_gp79aTjWfqZZCn0M66sj2MEBN6gB9tzYw@mail.gmail.com>
Date:   Mon, 15 Jan 2018 00:12:39 -0800
From:   lepton <ytht.net@...il.com>
To:     linux-kernel@...r.kernel.org
Subject: Re: Some linux kernel with KAISER/KPTI patch can't work under qemu + haxm.

FYI, this was fixed by https://www.spinics.net/lists/stable/msg209612.html

On Tue, Jan 9, 2018 at 5:36 PM, lepton <ytht.net@...il.com> wrote:
> I tried some debug, it seems it crashed after switch CR3:
>
>
> I tried 2 different kernel, so actual crash points are different, but
> they have same pattern.  It crashed when trying to pop %rax after
> switch CR3:
>
> for 4.10 with kaiser patch: it crashed at this point:
>
> Dump of assembler code for function ret_from_fork:
>    0xffffffff8190ad00 <+0>:     push   %rbp
>    0xffffffff8190ad01 <+1>:     mov    %rsp,%rbp
>    0xffffffff8190ad04 <+4>:     mov    %rax,%rdi
>    0xffffffff8190ad07 <+7>:     callq  0xffffffff81083670 <schedule_tail>
>    0xffffffff8190ad0c <+12>:    test   %rbx,%rbx
>    0xffffffff8190ad0f <+15>:    jne    0xffffffff8190ad32 <ret_from_fork+50>
>    0xffffffff8190ad11 <+17>:    lea    0x8(%rsp),%rdi
>    0xffffffff8190ad16 <+22>:    callq  0xffffffff810027a0
> <syscall_return_slowpath>
>    0xffffffff8190ad1b <+27>:    push   %rax
>    0xffffffff8190ad1c <+28>:    mov    %cr3,%rax
>    0xffffffff8190ad1f <+31>:    or     $0x1000,%rax
>    0xffffffff8190ad25 <+37>:    mov    %rax,%cr3
>    0xffffffff8190ad28 <+40>:    pop    %rax
> <-----------------------------------  crashed here
>    0xffffffff8190ad29 <+41>:    swapgs
>    0xffffffff8190ad2c <+44>:    pop    %rbp
>
>
> For 4.4.110:
>
> Dump of assembler code for function opportunistic_sysret_failed:
>    0xffffffff81887165 <+0>: jmp    0xffffffff81887181
> <opportunistic_sysret_failed+28>
>    0xffffffff81887167 <+2>: mov    %cr3,%rax
>    0xffffffff8188716a <+5>: or     %gs:0xf0c0,%rax
>    0xffffffff81887173 <+14>: js     0xffffffff8188717d
> <opportunistic_sysret_failed+24>
>    0xffffffff81887175 <+16>: mov    %al,%gs:0xf0c7
>    0xffffffff8188717d <+24>: mov    %rax,%cr3
>    0xffffffff81887180 <+27>: pop    %rax
> <---------------------------------------- crashed here
>    0xffffffff81887181 <+28>: swapgs
>    0xffffffff81887184 <+31>: jmpq   0xffffffff81887ab0 <restore_c_regs_and_iret>
>    0xffffffff81887189 <+36>: nopl   0x0(%rax)
>
> On Thu, Jan 4, 2018 at 2:13 PM, lepton <ytht.net@...il.com> wrote:
>> It seems for some reason, some linux kernel with KAISER/KPTI patch
>> can't work with qemu + haxm.
>> The mainline kernel from Linus is fine. But the patch to 4.4/4.10 doesn't work.
>>
>> I am not familiar with HAXM and KPTI either. so not sure if this is a
>> qemu bug or KPTI bug or haxm bug.
>>
>> The same kernel works fine under qemu + kvm.
>>
>> This is the way to reproduce it:
>>
>> 1. Download qemu for windows, follow instructions here:
>>
>> https://www.qemu.org/2017/11/22/haxm-usage-windows/
>>
>> 2. Build a kernel with KAISER/KPTI,  I am using kernel here:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.4.y
>> Or follow instruction here to build a 4.10 kernel:
>> https://github.com/IAIK/KAISER/tree/master/KAISER
>>
>> 3. Build an ext2 image which has a simple init:
>> dd of=img count=8192 bs=4096 if=/dev/zero
>> mke2fs img
>> gcc --static -o init init.c
>> debugfs -R "write init init" -w img
>> cat init.c
>> #include <stdio.h>
>> #include <time.h>
>>
>> int main()
>> {
>>         while(1) {
>>                 printf("This is init %d\n", time(NULL));
>>                 sleep(3600);
>>         }
>> }
>>
>> 4. copy kernel and disk image generated from 3 to windows and run it:
>> qemu-system-x86_64.exe -kernel bzImage -hda img -append "init=/init
>> root=/dev/sda" -serial stdio -accel hax
>>
>> You will see kernel panic or "vpu shutdown reqeust" to qemu.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ