lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <mhng-e2ceb9e5-81ae-41b8-96c5-72112854f475@palmerdabbelt-glaptop1>
Date:   Mon, 05 Oct 2020 14:17:43 -0700 (PDT)
From:   Palmer Dabbelt <palmerdabbelt@...gle.com>
To:     atishp@...shpatra.org
CC:     schwab@...ux-m68k.org, tycho@...ho.ws, aou@...s.berkeley.edu,
        nickhu@...estech.com, anup@...infault.org,
        linux-kernel@...r.kernel.org, linux-csky@...r.kernel.org,
        guoren@...ux.alibaba.com, guoren@...nel.org, zong.li@...ive.com,
        Paul Walmsley <paul.walmsley@...ive.com>,
        greentime.hu@...ive.com, tglx@...utronix.de,
        linux-riscv@...ts.infradead.org
Subject:     Re: [PATCH V2 1/3] riscv: Fixup static_obj() fail

On Mon, 05 Oct 2020 14:12:44 PDT (-0700), atishp@...shpatra.org wrote:
> On Mon, Oct 5, 2020 at 12:46 PM Palmer Dabbelt <palmerdabbelt@...gle.com> wrote:
>>
>> On Mon, 05 Oct 2020 11:40:54 PDT (-0700), schwab@...ux-m68k.org wrote:
>> > On Okt 05 2020, Palmer Dabbelt wrote:
>> >
>> >> On Mon, 05 Oct 2020 01:25:22 PDT (-0700), schwab@...ux-m68k.org wrote:
>> >>> On Sep 14 2020, Aurelien Jarno wrote:
>> >>>
>> >>>> How should we proceed to get that fixed in time for 5.9? For the older
>> >>>> branches where it has been backported (so far 5.7 and 5.8), should we
>> >>>> just get that commit reverted instead?
>> >>>
>> >>> Why is this still broken?
>> >>
>> >> Sorry, I hadn't seen this.  I'm not seeing a boot failure on 5.9-rc8 with just
>> >> CONFIG_HARDENED_USERCPOY=y in addition to defconfig (on QEMU, though I doubt
>> >> that's relevant here).
>> >
>> > I don't see a boot failure either, but eventually you will get crashes
>> > like this, and resources are not properly released:
>> >
>> > [ 4560.936645] usercopy: Kernel memory overwrite attempt detected to kernel text (offset 241626, size 16)!
>> > [ 4560.945324] ------------[ cut here ]------------
>> > [ 4560.949954] kernel BUG at mm/usercopy.c:99!
>> > [ 4560.954030] Kernel BUG [#1]
>> > [ 4560.956805] Modules linked in: nfsv3 nfs_acl rfkill mmc_block sf_pdma i2c_ocores virt_dma spi_sifive uio_pdrv_genirq uio loop drm drm_panel_orientation_quirks rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache af_packet mscc macsec macb ptp pps_core phylink of_mdio fixed_phy libphy pwm_sifive mmc_spi crc_itu_t crc7 of_mmc_spi mmc_core spi_bitbang sunrpc sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua
>> > [ 4560.995103] CPU: 2 PID: 23806 Comm: nis Not tainted 5.8.10-1-default #1 openSUSE Tumbleweed (unreleased)
>> > [ 4561.004563] epc: ffffffe00036140e ra : ffffffe00036140e sp : ffffffe004bc7d60
>> > [ 4561.011679]  gp : ffffffe00127ee60 tp : ffffffe1b05d0000 t0 : ffffffe001297ca0
>> > [ 4561.018886]  t1 : ffffffe001297c30 t2 : 0000000000000000 s0 : ffffffe004bc7d80
>> > [ 4561.026093]  s1 : ffffffe00003afda a0 : 000000000000005b a1 : ffffffe1f7d67588
>> > [ 4561.033298]  a2 : ffffffe1f7d6c108 a3 : 0000000000000000 a4 : ffffffe000043e80
>> > [ 4561.040506]  a5 : ffffffe1f7d6be80 a6 : 0000000000000144 a7 : 0000000000000000
>> > [ 4561.047712]  s2 : 0000000000000010 s3 : 0000000000000000 s4 : ffffffe00003afea
>> > [ 4561.054918]  s5 : ffffffe1f7e00e80 s6 : 0000002af4a2c2e0 s7 : fffffffffffff000
>> > [ 4561.062124]  s8 : 0000003ffffff000 s9 : ffffffe19f985400 s10: 0000000000000010
>> > [ 4561.069329]  s11: ffffffe1f7e00e80 t3 : 0000000000038fa8 t4 : 0000000000038fa8
>> > [ 4561.076533]  t5 : 0000000000000001 t6 : ffffffe00128e062
>> > [ 4561.081832] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003
>> > [ 4561.089821] ---[ end trace a7c93e7595e9c2cc ]---
>> > [ 4561.095589] BUG: Bad rss-counter state mm:00000000c54f4c29 type:MM_ANONPAGES val:1
>>
>> Ah, I must have misunderstood.  I guess I just assumed "init crashes" meant on
>> boot, not just at some time later.  I just sent out a patch reverting this, LMK
>> if it fixes the issue.  I have some work stuff to do, but I'll try to find some
>> time tonight to look into fixing both of the bugs -- otherwise I'll just take
>> the revert (assuming it does actually fix the issue for you and passes the
>> tests).
>>
>> I saw Atish post after I started writing this: I agree we need to sort of the
>> kernel's memory map, I just think it's too late for 5.9.
>>
>
> Yes. It is definitely a for-next material. I will try to take a stab
> at this if nobody else has an objection.

WFM.  Thanks!

>
>> > Andreas.
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ