lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 Apr 2019 23:20:38 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     Vince Weaver <vincent.weaver@...ne.edu>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        linux-kernel@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Namhyung Kim <namhyung@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Jiri Olsa <jolsa@...hat.com>,
        Stephane Eranian <eranian@...gle.com>
Subject: Re: perf: perf_fuzzer crashes on Pentium 4 systems

On Thu, Apr 04, 2019 at 03:01:14PM -0400, Vince Weaver wrote:
> 
> I do have a lot of this automated already from tracking down past bugs, 
> but it turns out that most of the fuzzer-found bugs aren't deterministic 
> so it doesn't always work.
> 
> For example this bug, while I can easily repeat it, doesn't happen at 
> the same time each time.  I suspect something corrupts things, but the
> crash doesn't trigger until a context switch happens.

I fear so, I've readin code around to figure out where it might came
from but without much luck yet.

> For what it's worth I've put code in p4_pmu_enable_all() to see what's 
> going on when the NULL dereference happens, and sure enough the printk is 
> triggered where I'd expect.
> 
> [  138.132889] VMW: p4_pmu_enable_all: idx 4 is NULL
...
> 
> the machine still crashes after this, but not right away.

yes, exactly, if look into disasm code we will see that 0x158
offset points to hwc from event. Vince, gimme some time, probably
the weekend so I would dive into the perf code more deeply and
will try to make some debugging patch for more precise tracking
of events. The kernel you're running is the latest -tip?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ