lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <232bfdd0-4749-1c8c-3342-ece1c4b33fd5@redhat.com>
Date:   Tue, 19 Apr 2022 15:00:49 +0200
From:   David Hildenbrand <david@...hat.com>
To:     kernel test robot <oliver.sang@...el.com>
Cc:     Johannes Weiner <hannes@...xchg.org>,
        Alexander Gordeev <agordeev@...ux.ibm.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Borislav Petkov <bp@...en8.de>,
        Catalin Marinas <catalin.marinas@....com>,
        Christoph Hellwig <hch@....de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Don Dutile <ddutile@...hat.com>,
        Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Hugh Dickins <hughd@...gle.com>,
        Ingo Molnar <mingo@...hat.com>, Jan Kara <jack@...e.cz>,
        Jann Horn <jannh@...gle.com>, Jason Gunthorpe <jgg@...dia.com>,
        John Hubbard <jhubbard@...dia.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Liang Zhang <zhangliang5@...wei.com>,
        Matthew Wilcox <willy@...radead.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Michal Hocko <mhocko@...nel.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Nadav Amit <namit@...are.com>,
        Oded Gabbay <oded.gabbay@...il.com>,
        Oleg Nesterov <oleg@...hat.com>,
        Paul Mackerras <paulus@...ba.org>,
        Pedro Demarchi Gomes <pedrodemargomes@...il.com>,
        Peter Xu <peterx@...hat.com>, Rik van Riel <riel@...riel.com>,
        Roman Gushchin <guro@...com>,
        Shakeel Butt <shakeelb@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Will Deacon <will@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
        lkp@...el.com
Subject: Re: [x86/pgtable] d1ec551f87: BUG:Bad_page_map_in_process

On 19.04.22 10:36, David Hildenbrand wrote:
> On 19.04.22 10:22, David Hildenbrand wrote:
>> On 19.04.22 09:59, kernel test robot wrote:
>>>
>>>
>>> Greeting,
>>>
>>> FYI, we noticed the following commit (built with clang-15):
>>>
>>> commit: d1ec551f874e1663bfe76b994c0010a4566cf936 ("x86/pgtable: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE")
>>> https://github.com/hnaz/linux-mm master
>>>
>>> in testcase: trinity
>>> version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
>>> with following parameters:
>>>
>>> 	runtime: 300s
>>> 	group: group-01
>>>
>>> test-description: Trinity is a linux system call fuzz tester.
>>> test-url: http://codemonkey.org.uk/projects/trinity/
>>>
>>>
>>> on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
>>>
>>> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>>>
>>>
>>>
>>> If you fix the issue, kindly add following tag
>>> Reported-by: kernel test robot <oliver.sang@...el.com>
>>>
>>>
>>> [   40.201103][ T5099] BUG: Bad page map in process trinity-c7  pte:1713003a pmd:7ff71067
>>> [   40.201999][ T5099] addr:096e7000 vm_flags:00100073 anon_vma:bff0aa00 mapping:00000000 index:96e7
>>> [   40.202718][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
>>> [   40.203229][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Not tainted 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
>>> [   40.203952][ T5099] Call Trace:
>>> [ 40.204195][ T5099] ? dump_stack_lvl (??:?) 
>>> [ 40.204581][ T5099] ? dump_stack (??:?) 
>>> [ 40.204970][ T5099] ? print_bad_pte (memory.c:?) 
>>> [ 40.205384][ T5099] ? unmap_page_range (??:?) 
>>> [ 40.205843][ T5099] ? unmap_single_vma (memory.c:?) 
>>> [ 40.206271][ T5099] ? unmap_vmas (??:?) 
>>> [ 40.206647][ T5099] ? exit_mmap (??:?) 
>>> [ 40.207032][ T5099] ? __mmput (fork.c:?) 
>>> [ 40.207405][ T5099] ? mmput (??:?) 
>>> [ 40.207751][ T5099] ? exit_mm (exit.c:?) 
>>> [ 40.208121][ T5099] ? do_exit (??:?) 
>>> [ 40.208497][ T5099] ? do_group_exit (??:?) 
>>> [ 40.208905][ T5099] ? trace_hardirqs_on (??:?) 
>>> [ 40.209345][ T5099] ? get_signal (??:?) 
>>> [ 40.209750][ T5099] ? arch_do_signal_or_restart (??:?) 
>>> [ 40.210287][ T5099] ? exit_to_user_mode_loop (common.c:?) 
>>> [ 40.210778][ T5099] ? exit_to_user_mode_prepare (common.c:?) 
>>> [ 40.211302][ T5099] ? syscall_exit_to_user_mode (??:?) 
>>> [ 40.211808][ T5099] ? ret_from_fork (??:?) 
>>> [   40.212268][ T5099] Disabling lock debugging due to kernel taint
>>> [   40.231123][ T5097] BUG: Bad page map in process trinity-c5  pte:171e0a3e pmd:0a8d3067
>>> [   40.231770][ T5099] BUG: Bad page map in process trinity-c7  pte:1713023a pmd:7ff71067
>>> [   40.231883][ T5097] addr:36ed5000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:1
>>> [   40.232611][ T5099] addr:096e8000 vm_flags:00100073 anon_vma:bff0ab18 mapping:00000000 index:96e8
>>> [   40.233429][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
>>> [   40.234271][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
>>> [   40.234971][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G    B             5.18.0-rc2-mm1-00053-gd1ec551f874e #1
>>> [   40.236510][ T5097] Call Trace:
>>
>> This is 32bit (i386) I assume. I wonder if something about the 32bit swp
>> layout is special and we have to restrict it to 64bit here.
>>
> 
> Staring at arch/x86/include/asm/pgtable-2level.h, I think that's the case:
> The swp type effectively starts at "_PAGE_BIT_PRESENT + 1" which should be bit 1.

Updated patch in

https://lkml.kernel.org/r/d875c292-46b3-f281-65ae-71d0b0c6f592@redhat.com


-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ