lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1591570155.2tn9o40h95.none@localhost>
Date:   Sun, 07 Jun 2020 18:53:32 -0400
From:   "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
To:     David Rientjes <rientjes@...gle.com>
Cc:     alsa-devel@...a-project.org, bp@...en8.de, hch@...radead.org,
        hch@....de, hpa@...or.com, linux-kernel@...r.kernel.org,
        mingo@...hat.com, perex@...ex.cz, tglx@...utronix.de,
        tiwai@...e.com, x86@...nel.org, Pavel Machek <pavel@....cz>
Subject: Re: 82fef0ad811f "x86/mm: unencrypted non-blocking DMA allocations
 use coherent pools" was Re: next-0519 on thinkpad x60: sound related? window
 manager crash

Excerpts from David Rientjes's message of June 7, 2020 3:41 pm:
> On Sun, 7 Jun 2020, Pavel Machek wrote:
> 
>> > I have a similar issue, caused between aaa2faab4ed8 and b170290c2836.
>> > 
>> > [   20.263098] BUG: unable to handle page fault for address: ffffb2b582cc2000
>> > [   20.263104] #PF: supervisor write access in kernel mode
>> > [   20.263105] #PF: error_code(0x000b) - reserved bit violation
>> > [   20.263107] PGD 3fd03b067 P4D 3fd03b067 PUD 3fd03c067 PMD 3f8822067 PTE 8000273942ab2163
>> > [   20.263113] Oops: 000b [#1] PREEMPT SMP
>> > [   20.263117] CPU: 3 PID: 691 Comm: mpv Not tainted 5.7.0-11262-gb170290c2836 #1
>> > [   20.263119] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B450 Pro4, BIOS P4.10 03/05/2020
>> > [   20.263125] RIP: 0010:__memset+0x24/0x30
>> > [   20.263128] Code: cc cc cc cc cc cc 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3
>> > [   20.263131] RSP: 0018:ffffb2b583d07e10 EFLAGS: 00010216
>> > [   20.263133] RAX: 0000000000000000 RBX: ffff8b8000102c00 RCX: 0000000000004000
>> > [   20.263134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2b582cc2000
>> > [   20.263136] RBP: ffff8b8000101000 R08: 0000000000000000 R09: ffffb2b582cc2000
>> > [   20.263137] R10: 0000000000005356 R11: ffff8b8000102c18 R12: 0000000000000000
>> > [   20.263139] R13: 0000000000000000 R14: ffff8b8039944200 R15: ffffffff9794daa0
>> > [   20.263141] FS:  00007f41aa4b4200(0000) GS:ffff8b803ecc0000(0000) knlGS:0000000000000000
>> > [   20.263143] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> > [   20.263144] CR2: ffffb2b582cc2000 CR3: 00000003b6731000 CR4: 00000000003406e0
>> > [   20.263146] Call Trace:
>> > [   20.263151]  ? snd_pcm_hw_params+0x3f3/0x47a
>> > [   20.263154]  ? snd_pcm_common_ioctl+0xf2/0xf73
>> > [   20.263158]  ? snd_pcm_ioctl+0x1e/0x29
>> > [   20.263161]  ? ksys_ioctl+0x77/0x91
>> > [   20.263163]  ? __x64_sys_ioctl+0x11/0x14
>> > [   20.263166]  ? do_syscall_64+0x3d/0xf5
>> > [   20.263170]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> > [   20.263173] Modules linked in: uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videodev snd_usb_audio videobuf2_common snd_hwdep snd_usbmidi_lib input_leds snd_rawmidi led_class
>> > [   20.263182] CR2: ffffb2b582cc2000
>> > [   20.263184] ---[ end trace c6b47a774b91f0a0 ]---
>> > [   20.263187] RIP: 0010:__memset+0x24/0x30
>> > [   20.263190] Code: cc cc cc cc cc cc 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3
>> > [   20.263192] RSP: 0018:ffffb2b583d07e10 EFLAGS: 00010216
>> > [   20.263193] RAX: 0000000000000000 RBX: ffff8b8000102c00 RCX: 0000000000004000
>> > [   20.263195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2b582cc2000
>> > [   20.263196] RBP: ffff8b8000101000 R08: 0000000000000000 R09: ffffb2b582cc2000
>> > [   20.263197] R10: 0000000000005356 R11: ffff8b8000102c18 R12: 0000000000000000
>> > [   20.263199] R13: 0000000000000000 R14: ffff8b8039944200 R15: ffffffff9794daa0
>> > [   20.263201] FS:  00007f41aa4b4200(0000) GS:ffff8b803ecc0000(0000) knlGS:0000000000000000
>> > [   20.263202] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> > [   20.263204] CR2: ffffb2b582cc2000 CR3: 00000003b6731000 CR4: 00000000003406e0
>> > 
>> > I bisected this to 82fef0ad811f "x86/mm: unencrypted non-blocking DMA 
>> > allocations use coherent pools". Reverting 1ee18de92927 resolves the 
>> > issue.
>> > 
>> > Looks like Thinkpad X60 doesn't have VT-d, but could still be DMA 
>> > related.
>> 
>> Note that newer -next releases seem to behave okay for me. The commit
>> pointed out by siection is really simple:
>> 
>> AFAIK you could verify it is responsible by turning off
>> CONFIG_AMD_MEM_ENCRYPT on latest kernel...
>> 
>> Best regards,
>> 								Pavel
>> 
>> index 1d6104ea8af0..2bf2222819d3 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1520,6 +1520,7 @@ config X86_CPA_STATISTICS
>>  config AMD_MEM_ENCRYPT
>>         bool "AMD Secure Memory Encryption (SME) support"
>>         depends on X86_64 && CPU_SUP_AMD
>> +       select DMA_COHERENT_POOL
>>         select DYNAMIC_PHYSICAL_MASK
>>         select ARCH_USE_MEMREMAP_PROT
>>         select ARCH_HAS_FORCE_DMA_UNENCRYPTED
> 
> Thanks for the report!
> 
> Besides CONFIG_AMD_MEM_ENCRYPT, do you have CONFIG_DMA_DIRECT_REMAP 
> enabled?  If so, it may be caused by the virtual address passed to the 
> set_memory_{decrypted,encrypted}() functions.
> 
> And I assume you are enabling SME by using mem_encrypt=on on the kernel 
> command line or CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is enabled.
> 
> We likely need an atomic pool for devices that support DMA to addresses in 
> sme_me_mask as well.  I can test this tomorrow, but wanted to get it out 
> early to see if it helps?

This patch doesn't seem to help. I have the same problem (kernel page 
fault, __memset, snd_pcm_hw_params...).

I don't have CONFIG_DMA_DIRECT_REMAP enabled, and AFAICT it doesn't seem 
to be selectable currently on x86, unless there are some patches 
floating around for that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ