[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1907200018050.1782@nanos.tec.linutronix.de>
Date: Sat, 20 Jul 2019 00:23:32 +0200 (CEST)
From: Thomas Gleixner <tglx@...utronix.de>
To: Sean Christopherson <sean.j.christopherson@...el.com>
cc: Steven Rostedt <rostedt@...dmis.org>,
Peter Zijlstra <peterz@...radead.org>,
Eiichi Tsukata <devel@...ukata.com>, edwintorok@...il.com,
mingo@...hat.com, bp@...en8.de, hpa@...or.com, x86@...nel.org,
linux-kernel@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>,
Joel Fernandes <joel@...lfernandes.org>
Subject: Re: [PATCH] x86/stacktrace: Do not access user space memory
unnecessarily
On Fri, 19 Jul 2019, Sean Christopherson wrote:
> On Tue, Jul 02, 2019 at 01:39:05PM -0400, Steven Rostedt wrote:
>
> I'm hitting a similar panic that bisects to commit
>
> a0d14b8909de ("x86/mm, tracing: Fix CR2 corruption")
>
> except I'm experiencing death immediately after starting init.
>
> Through sheer dumb luck, I tracked (pun intended) this down to forcing
> context tracking:
>
> CONFIG_CONTEXT_TRACKING=y
> CONFIG_CONTEXT_TRACKING_FORCE=y
> CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
>
> I haven't attempted to debug further and I'll be offline for most of the
> next few days. Hopefully this is enough to root cause the badness.
>
> [ 0.680477] Run /sbin/init as init process
> [ 0.682116] init[1]: segfault at 2926a7ef ip 00007f98a49d9c30 sp 00007fffd83e6af0 error 14 in ld-2.23.so[7f98a49d9000+26000]
That's because the call into the context tracking muck clobbers RDX which
contains the CR2 value on pagefault. So the pagefault resolves to crap and
kills init.
Brute force fix below. That needs to be conditional on read_cr2 but for now
it does the job.
Thanks,
tglx
8<------------
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -887,7 +887,9 @@ apicinterrupt IRQ_WORK_VECTOR irq_work
.if \paranoid == 0
testb $3, CS(%rsp)
jz .Lfrom_kernel_no_context_tracking_\@
+ pushq %rdx
CALL_enter_from_user_mode
+ popq %rdx
.Lfrom_kernel_no_context_tracking_\@:
.endif
Powered by blists - more mailing lists