lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190813090200.h2rz4xphgnb5j5bc@willie-the-truck>
Date:   Tue, 13 Aug 2019 10:02:01 +0100
From:   Will Deacon <will@...nel.org>
To:     Qian Cai <cai@....pw>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: "arm64/for-next/core" causes boot panic

Hi Qian,

Thanks for the report.

On Mon, Aug 12, 2019 at 05:51:35PM -0400, Qian Cai wrote:
> Booting today's linux-next on an arm64 server triggers a panic with
> CONFIG_KASAN_SW_TAGS=y pointing to this line,

Is this the only change on top of defconfig? If not, please can you share
your full .config?

> kfree()->virt_to_head_page()->compound_head()
> 
> unsigned long head = READ_ONCE(page->compound_head);
> 
> The bisect so far indicates one of those could be bad,

I guess that means the issue is reproducible on the arm64 for-next/core
branch. Once I have your .config, I'll give it a go.

> [    0.000000][    T0] Unable to handle kernel paging request at virtual address
> 0030ffe001e01588
> [    0.000000][    T0] Mem abort info:
> [    0.000000][    T0]   ESR = 0x96000004
> [    0.000000][    T0]   EC = 0x25: DABT (current EL), IL = 32 bits
> [    0.000000][    T0]   SET = 0, FnV = 0
> [    0.000000][    T0]   EA = 0, S1PTW = 0
> [    0.000000][    T0] Data abort info:
> [    0.000000][    T0]   ISV = 0, ISS = 0x00000004
> [    0.000000][    T0]   CM = 0, WnR = 0
> [    0.000000][    T0] [0030ffe001e01588] address between user and kernel
> address ranges

Hmm, nice address...

I suppose we're looking at the interaction of 52-bit VA, untagged pointers
and KASAN using sw tags. Lovely.

Thanks, and please keep us updated on the bisection.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ