lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220207063748.GA387@xsang-OptiPlex-9020>
Date:   Mon, 7 Feb 2022 14:37:48 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Christophe Leroy <christophe.leroy@...roup.eu>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, "atomlin@...hat.com" <atomlin@...hat.com>,
        Luis Chamberlain <mcgrof@...nel.org>,
        "linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
        Christophe Leroy <christophe.leroy@...roup.eu>
Subject: [modules]  64aee03f98:
 WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault



Greeting,

FYI, we noticed the following commit (built with clang-15):

commit: 64aee03f98360d482e574a3c3ab487af05e84830 ("[RFC PATCH 1/2] modules: Make module_enable_x() independant of CONFIG_ARCH_HAS_STRICT_MODULE_RWX")
url: https://github.com/0day-ci/linux/commits/Christophe-Leroy/modules-Make-module_enable_x-independant-of-CONFIG_ARCH_HAS_STRICT_MODULE_RWX/20220204-042509
base: https://git.kernel.org/cgit/linux/kernel/git/mcgrof/linux.git modules-next
patch link: https://lore.kernel.org/linux-modules/203348805c9ac9851d8939d15cb9802ef047b5e2.1643919758.git.christophe.leroy@csgroup.eu

in testcase: boot

on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-----------------------------------------------------------------+------------+------------+
|                                                                 | a97ac8cb24 | 64aee03f98 |
+-----------------------------------------------------------------+------------+------------+
| WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault    | 0          | 43         |
| EIP:__cpa_process_fault                                         | 0          | 43         |
+-----------------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[ 35.430975][ T206] WARNING: CPU: 0 PID: 206 at arch/x86/mm/pat/set_memory.c:1514 __cpa_process_fault (set_memory.c:?) 
[   35.432157][  T206] Modules linked in: serio_raw parport_pc parport qemu_fw_cfg
[   35.433074][  T206] CPU: 0 PID: 206 Comm: systemd-udevd Tainted: G        W         5.16.0-06526-g64aee03f9836 #1
[   35.434242][  T206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 35.435308][ T206] EIP: __cpa_process_fault (set_memory.c:?) 
[ 35.435965][ T206] Code: 57 31 f6 46 b8 d0 97 5f c2 89 d7 89 f2 31 c9 56 e8 cd fb 0d 00 83 c4 04 8b 03 ff 30 57 68 59 55 02 c2 e8 3b cc 00 00 83 c4 0c <0f> 0b b8 e8 97 5f c2 89 f2 31 c9 56 e8 a7 fb 0d 00 83 c4 04 b8 f2
All code
========
   0:	57                   	push   %rdi
   1:	31 f6                	xor    %esi,%esi
   3:	46 b8 d0 97 5f c2    	rex.RX mov $0xc25f97d0,%eax
   9:	89 d7                	mov    %edx,%edi
   b:	89 f2                	mov    %esi,%edx
   d:	31 c9                	xor    %ecx,%ecx
   f:	56                   	push   %rsi
  10:	e8 cd fb 0d 00       	callq  0xdfbe2
  15:	83 c4 04             	add    $0x4,%esp
  18:	8b 03                	mov    (%rbx),%eax
  1a:	ff 30                	pushq  (%rax)
  1c:	57                   	push   %rdi
  1d:	68 59 55 02 c2       	pushq  $0xffffffffc2025559
  22:	e8 3b cc 00 00       	callq  0xcc62
  27:	83 c4 0c             	add    $0xc,%esp
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	b8 e8 97 5f c2       	mov    $0xc25f97e8,%eax
  31:	89 f2                	mov    %esi,%edx
  33:	31 c9                	xor    %ecx,%ecx
  35:	56                   	push   %rsi
  36:	e8 a7 fb 0d 00       	callq  0xdfbe2
  3b:	83 c4 04             	add    $0x4,%esp
  3e:	b8                   	.byte 0xb8
  3f:	f2                   	repnz

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	b8 e8 97 5f c2       	mov    $0xc25f97e8,%eax
   7:	89 f2                	mov    %esi,%edx
   9:	31 c9                	xor    %ecx,%ecx
   b:	56                   	push   %rsi
   c:	e8 a7 fb 0d 00       	callq  0xdfbb8
  11:	83 c4 04             	add    $0x4,%esp
  14:	b8                   	.byte 0xb8
  15:	f2                   	repnz
[   35.438110][  T206] EAX: 00000040 EBX: f56bfd34 ECX: 00000001 EDX: ffffffff
[   35.438892][  T206] ESI: 00000001 EDI: f7493000 EBP: f56bfc80 ESP: f56bfc50
[   35.439717][  T206] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010296
[   35.440580][  T206] CR0: 80050033 CR2: 02c5a19c CR3: 35202000 CR4: 000406d0
[   35.441410][  T206] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   35.442237][  T206] DR6: fffe0ff0 DR7: 00000400
[   35.442806][  T206] Call Trace:
[ 35.443196][ T206] ? do_raw_spin_lock (fbdev.c:?) 
[ 35.443773][ T206] __change_page_attr_set_clr (set_memory.c:?) 
[ 35.444439][ T206] ? find_held_lock (lockdep.c:?) 
[ 35.444975][ T206] ? _vm_unmap_aliases+0x100/0x140 
[ 35.445581][ T206] ? lock_release (fbdev.c:?) 
[ 35.446160][ T206] ? _vm_unmap_aliases+0x100/0x140 
[ 35.446782][ T206] ? mutex_unlock (fbdev.c:?) 
[ 35.447323][ T206] change_page_attr_set_clr+0x15f/0x1c0 
[ 35.447992][ T206] ? set_memory_nx (fbdev.c:?) 
[ 35.448552][ T206] set_memory_ro (fbdev.c:?) 
[ 35.449154][ T206] frob_text (module.c:?) 
[ 35.449646][ T206] module_enable_ro (module.c:?) 
[ 35.450238][ T206] complete_formation (module.c:?) 
[ 35.450832][ T206] load_module (module.c:?) 
[ 35.451430][ T206] __ia32_sys_finit_module (fbdev.c:?) 
[ 35.452082][ T206] do_int80_syscall_32 (fbdev.c:?) 
[ 35.452735][ T206] ? do_int80_syscall_32 (fbdev.c:?) 
[ 35.453368][ T206] ? irqentry_exit (fbdev.c:?) 
[ 35.453949][ T206] ? exc_page_fault (fbdev.c:?) 
[ 35.454555][ T206] entry_INT80_32 (??:?) 
[   35.455147][  T206] EIP: 0xb7f0fa02
[ 35.455576][ T206] Code: 95 01 00 05 25 36 02 00 83 ec 14 8d 80 e8 99 ff ff 50 6a 02 e8 1f ff 00 00 c7 04 24 7f 00 00 00 e8 7e 87 01 00 66 90 90 cd 80 <c3> 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 1c 24 c3 8d b6 00 00
All code
========
   0:	95                   	xchg   %eax,%ebp
   1:	01 00                	add    %eax,(%rax)
   3:	05 25 36 02 00       	add    $0x23625,%eax
   8:	83 ec 14             	sub    $0x14,%esp
   b:	8d 80 e8 99 ff ff    	lea    -0x6618(%rax),%eax
  11:	50                   	push   %rax
  12:	6a 02                	pushq  $0x2
  14:	e8 1f ff 00 00       	callq  0xff38
  19:	c7 04 24 7f 00 00 00 	movl   $0x7f,(%rsp)
  20:	e8 7e 87 01 00       	callq  0x187a3
  25:	66 90                	xchg   %ax,%ax
  27:	90                   	nop
  28:	cd 80                	int    $0x80
  2a:*	c3                   	retq   		<-- trapping instruction
  2b:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
  31:	8d bc 27 00 00 00 00 	lea    0x0(%rdi,%riz,1),%edi
  38:	8b 1c 24             	mov    (%rsp),%ebx
  3b:	c3                   	retq   
  3c:	8d                   	.byte 0x8d
  3d:	b6 00                	mov    $0x0,%dh
	...

Code starting with the faulting instruction
===========================================
   0:	c3                   	retq   
   1:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
   7:	8d bc 27 00 00 00 00 	lea    0x0(%rdi,%riz,1),%edi
   e:	8b 1c 24             	mov    (%rsp),%ebx
  11:	c3                   	retq   
  12:	8d                   	.byte 0x8d
  13:	b6 00                	mov    $0x0,%dh
	...
[   35.457926][  T206] EAX: ffffffda EBX: 00000007 ECX: b7ea5bb1 EDX: 00000000
[   35.458745][  T206] ESI: 01cdb258 EDI: 01cded88 EBP: 00000000 ESP: bfc6adf8
[   35.459593][  T206] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
[   35.460520][  T206] irq event stamp: 18793
[ 35.461019][ T206] hardirqs last enabled at (18801): __up_console_sem (printk.c:?) 
[ 35.462038][ T206] hardirqs last disabled at (18808): __up_console_sem (printk.c:?) 
[ 35.463061][ T206] softirqs last enabled at (0): copy_process (fork.c:?) 
[ 35.464023][ T206] softirqs last disabled at (0): 0x0 
[   35.464773][  T206] ---[ end trace b87b4723e6116295 ]---
Starting LSB: Load kernel image with kexec...
[  OK  ] Started LSB: Load kernel image with kexec.
LKP: HOSTNAME vm-snb-i386-129, MAC 36:ba:03:08:f1:da, kernel 5.16.0-06526-g64aee03f9836 1, serial console /dev/ttyS0
[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[   36.524289][  T206] ------------[ cut here ]------------
[   36.525031][  T206] CPA: called for zero pte. vaddr = f7493000 cpa->vaddr = f7491000


To reproduce:

        # build kernel
	cd linux
	cp config-5.16.0-06526-g64aee03f9836 .config
	make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.16.0-06526-g64aee03f9836" of type "text/plain" (124586 bytes)

View attachment "job-script" of type "text/plain" (4904 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (15004 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ