| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Feb 2019 07:46:40 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: Martin Schwidefsky <schwidefsky@...ibm.com>
Cc: Heiko Carstens <heiko.carstens@...ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] s390/setup: fix early warning messages
Hi,
On Thu, Feb 14, 2019 at 03:40:56PM +0100, Martin Schwidefsky wrote:
> The setup_lowcore() function creates a new prefix page for the boot CPU.
> The PSW mask for the system_call, external interrupt, i/o interrupt and
> the program check handler have the DAT bit set in this new prefix page.
>
> At the time setup_lowcore is called the system still runs without virtual
> address translation, the paging_init() function creates the kernel page
> table and loads the CR13 with the kernel ASCE.
>
> Any code between setup_lowcore() and the end of paging_init() that has
> a BUG or WARN statement will create a program check that can not be
> handled correctly as there is no kernel page table yet.
>
> To allow early WARN statements initially setup the lowcore with DAT off
> and set the DAT bit only after paging_init() has completed.
>
> Cc: stable@...r.kernel.org
> Signed-off-by: Martin Schwidefsky <schwidefsky@...ibm.com>
This patch causes s390 qemu emulations to crash with a kernel stack overflow.
Reverting the patch fixes the problem. Crash log and bisect results below.
Guenter
---
# bad: [cb916fc5eabf8832e05f73c246eb467259846ef0] Add linux-next specific files for 20190218
# good: [d13937116f1e82bf508a6325111b322c30c85eb9] Linux 5.0-rc6
git bisect start 'HEAD' 'v5.0-rc6'
# bad: [8a076e150433e8623c844aef43b38889df81a503] Merge remote-tracking branch 'nand/nand/next'
git bisect bad 8a076e150433e8623c844aef43b38889df81a503
# bad: [3265789d1e2b7f1e88a8214ec0a22ccfc3b8a6f5] Merge remote-tracking branch 'i2c/i2c/for-next'
git bisect bad 3265789d1e2b7f1e88a8214ec0a22ccfc3b8a6f5
# good: [925a83c234b03380757f0588c11d0d374bbfe33e] Merge remote-tracking branch 'arm-soc/for-next'
git bisect good 925a83c234b03380757f0588c11d0d374bbfe33e
# bad: [53cec47975804529bb2aaaa1fe47b46ab2c2b10f] Merge remote-tracking branch 'btrfs-kdave/for-next'
git bisect bad 53cec47975804529bb2aaaa1fe47b46ab2c2b10f
# good: [4bbc817baaf6ee369dbc445603c6a2bd90d4529a] Merge remote-tracking branch 'mips/mips-next'
git bisect good 4bbc817baaf6ee369dbc445603c6a2bd90d4529a
# bad: [9398ebb7918864be50f2e4ce6c46e3666b50ccf7] Merge remote-tracking branch 's390/features'
git bisect bad 9398ebb7918864be50f2e4ce6c46e3666b50ccf7
# good: [b174b4fb919d118d9ac546b99a69574dfa431f7f] powerpc/powernv: Escalate reset when IODA reset fails
git bisect good b174b4fb919d118d9ac546b99a69574dfa431f7f
# good: [2c856ea847dca32aa7857aa5f54d2f60a5a7e3c8] Merge remote-tracking branch 'parisc-hd/for-next'
git bisect good 2c856ea847dca32aa7857aa5f54d2f60a5a7e3c8
# good: [a0308c1315e72b6fdce7b419c4546dad568b3a83] s390/mmap: take stack_guard_gap into account for mmap_base
git bisect good a0308c1315e72b6fdce7b419c4546dad568b3a83
# good: [058a78515d1229476b1e0641939532801d009f28] s390/jump_label: Use "jdd" constraint on gcc9
git bisect good 058a78515d1229476b1e0641939532801d009f28
# good: [e3d794d555cda31d48c89bdbc96ce862857be93f] riscv: treat cpu devicetree nodes without status as enabled
git bisect good e3d794d555cda31d48c89bdbc96ce862857be93f
# good: [43b2dd07c8e6cc5be50b83dd8bb8846eefdfb696] Merge remote-tracking branch 'risc-v/for-next'
git bisect good 43b2dd07c8e6cc5be50b83dd8bb8846eefdfb696
# bad: [94f85ed3e2f8fa4631868132117c014bcbad4e90] s390/setup: fix early warning messages
git bisect bad 94f85ed3e2f8fa4631868132117c014bcbad4e90
# first bad commit: [94f85ed3e2f8fa4631868132117c014bcbad4e90] s390/setup: fix early warning messages
---
Kernel stack overflow.
CPU: 0 PID: 2 Comm: swapper/0 Not tainted 5.0.0-rc6-next-20190218 #1
Hardware name: QEMU 2827 QEMU (KVM/Linux)
Krnl PSW : 0004c00180000000 0000000000b2c3e2 (pgm_check_handler+0x126/0x22c)
R:0 T:0 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
Krnl GPRS: 81000e08ffff6400 0000000000000000 000000001fea26e8 000000000000008a
0000000000b2c29c 0000000000000000 0000000000000000 0000000000000000
0004c00180000000 0000000000b2c3e2 0000000000b2c342 000003e0000d8178
000000001f84aa00 0000000000000000 000003e0000dbea8 000003e0000d80d8
Krnl Code: 0000000000b2c3d4: b90400db lgr %r13,%r11
0000000000b2c3d8: 41b0f0a0 la %r11,160(%r15)
#0000000000b2c3dc: eb07b0180024 stmg %r0,%r7,24(%r11)
>0000000000b2c3e2: b9820000 xgr %r0,%r0
0000000000b2c3e6: b9820011 xgr %r1,%r1
0000000000b2c3ea: b9820022 xgr %r2,%r2
0000000000b2c3ee: b9820033 xgr %r3,%r3
0000000000b2c3f2: b9820044 xgr %r4,%r4
Call Trace:
addressing exception: 0005 ilc:3 [#1] SMP
Modules linked in:
CPU: 0 PID: 2 Comm: swapper/0 Not tainted 5.0.0-rc6-next-20190218 #1
Hardware name: QEMU 2827 QEMU (KVM/Linux)
Krnl PSW : 0004e00180000000 0000000000114d44 (__dump_trace+0x4c/0x110)
R:0 T:0 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Krnl GPRS: 01000dd4ffffff80 000000001fa48000 0000000000114e90 0000000000000000
0000000000000000 000003e0000d8000 000003e0000dbf48 0000000000114e90
000003e0000dbf60 0000000000000000 000003e0000d80d8 0000000000114e90
000000001f84aa00 0000000000b2cd86 0000000000e2bdd0 0000000000e2bd78
Krnl Code: 0000000000114d36: a76bff48 aghi %r6,-184
0000000000114d3a: a7490000 lghi %r4,0
#0000000000114d3e: e330a0880004 lg %r3,136(%r10)
>0000000000114d44: b9040029 lgr %r2,%r9
0000000000114d48: 0de7 basr %r14,%r7
0000000000114d4a: 1222 ltr %r2,%r2
0000000000114d4c: b90400ca lgr %r12,%r10
0000000000114d50: a7840017 brc 8,114d7e
Call Trace:
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<0000000000114e6e>] dump_trace+0x66/0x88
addressing exception: 0005 ilc:3 [#2] SMP
Modules linked in:
CPU: 0 PID: 2 Comm: swapper/0 Tainted: G D 5.0.0-rc6-next-20190218 #1
Hardware name: QEMU 2827 QEMU (KVM/Linux)
Krnl PSW : 0004e00180000000 00000000001df7c0 (cpuacct_charge+0x40/0x218)
R:0 T:0 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Krnl GPRS: 0000000000014ad4 000003e0000d8000 0000000000003000 0000000000f925f5
fffffffffff00000 ffffffffff34a0cb 0000000000000000 000000001febfe18
0000000000e420a8 000000001f84aa00 000000001f84aa00 0000000000f925f5
0000000000f925f5 0000000000b46d78 000000001fa4bbd0 000000001fa4bb68
Krnl Code: 00000000001df7b2: a78400ef brc 8,1df990
00000000001df7b6: a7293000 lghi %r2,12288
#00000000001df7ba: e3321f500091 llgh %r3,3920(%r2,%r1)
>00000000001df7c0: e330d0000082 xg %r3,0(%r13)
00000000001df7c6: 5430d008 n %r3,8(%r13)
00000000001df7ca: 581003a0 l %r1,928
00000000001df7ce: a71a0001 ahi %r1,1
00000000001df7d2: a7b800ff lhi %r11,255
Call Trace:
([<0000000000000001>] 0x1)
[<00000000001b81ba>] update_curr+0x18a/0x488
[<00000000001be4ac>] task_tick_fair+0x4c/0x7e0
[<00000000001b2c82>] scheduler_tick+0x9a/0x130
[<0000000000230196>] update_process_times+0x56/0x68
[<0000000000243932>] tick_sched_handle.isra.5+0x52/0x78
[<00000000002439bc>] tick_sched_timer+0x64/0xc8
[<0000000000230ffc>] __hrtimer_run_queues+0x144/0x510
[<00000000002321fa>] hrtimer_interrupt+0x102/0x248
[<000000000010dbd4>] do_IRQ+0x6c/0xb0
[<0000000000b2c900>] ext_int_handler+0x130/0x134
[<0000000000b2b34c>] _raw_spin_unlock_irq+0x44/0x60
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<00000000001b81b4>] update_curr+0x184/0x488
Kernel panic - not syncing: Fatal exception in interrupt
Powered by blists - more mailing lists