lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <e684dd79-7bf9-1685-a06a-438eb8385b28@de.ibm.com>
Date:   Sat, 27 Oct 2018 10:13:35 +0200
From:   Christian Borntraeger <borntraeger@...ibm.com>
To:     Stephen Smith <ischis2@....net>, linux-kernel@...r.kernel.org
Subject: Re: Linux kernel crash



On 10/27/2018 06:07 AM, Stephen Smith wrote:
> On Wednesday, October 24, 2018 10:20:05 PM MST Stephen Smith wrote:
>>
>> Whenever I run "shutdown -h now" or "reboot" I receive an immediate kernel
>> crash with a dump that has:
>>
>> "Code: Bad RIP value"
> 
> I Canonical response noted  the following from the dump:
> 
> [ 42.640541] resource sanity check: requesting [mem 0x000c0000-0x000fffff], 
> which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]
> 
> I've since updated to the latest BIOS at there suggestion.   
> 
> I see the following on the screen when the kernel crashes:
> [   43.115817] WARNING: CPU: 2 PID: 1847 at mm/usercopy.c:81 
> usercopy_warn+0x81/0xa0
> [   43.115818] Modules linked in: binfmt_misc snd_hda_codec_hdmi 
> snd_hda_codec_realtek snd_hda_codec_generic edac_mce_amd snd_hda_intel kvm_amd 
> kvm snd_hda_codec snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul 
> snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event ghash_clmulni_intel 
> snd_rawmidi snd_seq pcbc aesni_intel snd_seq_device snd_timer eeepc_wmi 
> asus_wmi sparse_keymap aes_x86_64 joydev snd video crypto_simd cryptd 
> soundcore wmi_bmof glue_helper input_leds wmi k10temp ccp serio_raw 
> nvidia_uvm(POE) mac_hid sch_fq_codel parport_pc ppdev lp parport ip_tables 
> x_tables autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq 
> async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 
> hid_generic usbhid hid nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) 
> drm_kms_helper syscopyarea
> [   43.115849]  sysfillrect sysimgblt fb_sys_fops drm r8169 ipmi_devintf 
> i2c_piix4 ipmi_msghandler mii ahci libahci gpio_amdpt gpio_generic
> [   43.115856] CPU: 2 PID: 1847 Comm: Xorg Tainted: P           OE     
> 4.18.0-10-generic #11-Ubuntu
> [   43.115857] Hardware name: System manufacturer System Product Name/PRIME 
> B350-PLUS, BIOS 0406 02/07/2017
> [   43.115859] RIP: 0010:usercopy_warn+0x81/0xa0
> [   43.115859] Code: 10 99 41 51 4d 89 d8 48 c7 c0 89 8d 0f 99 49 89 f1 48 89 
> f9 48 0f 45 c2 48 c7 c7 f0 a1 10 99 4c 89 d2 48 89 c6 e8 f1 cf df ff <0f> 0b 
> 48 83 c4 18 c9 c3 48 c7 c6 b2 8a 12 99 49 89 f1 49 89 f3 eb 
> [   43.115875] RSP: 0018:ffffb0c741f07b08 EFLAGS: 00010286
> [   43.115876] RAX: 0000000000000000 RBX: ffff9beec5c42cb0 RCX: 
> 0000000000000006
> [   43.115876] RDX: 0000000000000007 RSI: 0000000000000096 RDI: 
> ffff9beece6964b0
> [   43.115877] RBP: ffffb0c741f07b20 R08: 0000000000000001 R09: 
> 0000000000000392
> [   43.115878] R10: 0000000000000004 R11: 0000000000000000 R12: 
> 0000000000000003
> [   43.115878] R13: 0000000000000001 R14: ffff9beec5c42cb3 R15: 
> ffff9beec5c42cf8
> [   43.115879] FS:  00007f6267654a80(0000) GS:ffff9beece680000(0000) knlGS:
> 0000000000000000
> [   43.115880] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   43.115881] CR2: 00007f6263cc5d20 CR3: 0000000402fb0000 CR4: 
> 00000000003406e0
> [   43.115881] Call Trace:
> [   43.115886]  __check_heap_object+0xc2/0x110
> [   43.115887]  __check_object_size+0x14c/0x178
> [   43.116024]  os_memcpy_to_user+0x26/0x50 [nvidia]
> [   43.116158]  _nv009384rm+0xbf/0xe0 [nvidia]
> [   43.116159] WARNING: kernel stack frame pointer at 00000000e73eb0f3 in 

The newer kernels (like 4.18) have checks regarding copies to userspace for
unwanted kernel memory exposure.
The check fails here. This particular copy was initiated by the binary nvidia 
driver, so unfortunately we cannot help here. So either ask Nvidia for a fix 
or (if that driver was installed with the Ubuntu software updater)  Canonical.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ