lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <fcf89147-440b-e478-40c9-228c9fe56691@intel.com>
Date:   Wed, 7 Sep 2022 15:32:30 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Peter Zijlstra <peterz@...radead.org>
CC:     <lkp@...ts.01.org>, <lkp@...el.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        <linux-kernel@...r.kernel.org>, <x86@...nel.org>
Subject: [x86/mm] 652c5bf380:
 WARNING:at_arch/x86/mm/pat/set_memory.c:#__change_page_attr

Hi Peter,

According to the commit message, this patch adds a new warning for some
violations, and it is indeed triggered in our test. We understand that
it is kind of expected, and may reveal some existing issues in kernel
code, but we don't have enough knowledge about what could be done in the
next step, so we send this report FYI.

We also spotted similar issues in other testcases after applying this
patch. If this report is useful, we can provide more info for further
analysis.

If you think it's unnecessary for us to send this kind of report, please
let us know, and we will consider refining our report rules. Thanks.

Below is the full report:


Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: 652c5bf380ad018e15006a7f8349800245ddbbad ("x86/mm: Refuse W^X violations")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git x86/mm

in testcase: rcuscale
version:
with following parameters:

	runtime: 300s
	scale_type: srcu

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[   21.523123][    T3] ------------[ cut here ]------------
[   21.523996][    T3] CPA refuse W^X violation: 0000000000000060 -> 0000000000000063 range: 0x00000000bea9f000 - 0x00000000bea9ffff PFN 7ea9f
[   21.525620][    T3] WARNING: CPU: 0 PID: 3 at arch/x86/mm/pat/set_memory.c:600 __change_page_attr+0x245/0x260
[   21.526894][    T3] Modules linked in: torture
[   21.527495][    T3] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 5.19.0-00430-g652c5bf380ad #1
[   21.528698][    T3] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[   21.530114][    T3] Workqueue: events do_free_init
[   21.530828][    T3] EIP: __change_page_attr+0x245/0x260
[   21.531547][    T3] Code: ff ff ff 8d 87 ff 0f 00 00 ff 75 e4 31 d2 50 8b 45 e0 57 52 31 d2 51 52 50 68 78 53 8d 42 c6 05 bc 3e 03 43 01 e8 81 e4 e7 00 <0f> 0b 83 c4 20 e9 40 ff ff ff e8 1c 91 f2 00 8d b4 26 00 00 00 00
[   21.534206][    T3] EAX: 00000077 EBX: 7ea9f060 ECX: 42b03540 EDX: 42b0353c
[   21.535211][    T3] ESI: 43f1fea4 EDI: bea9f000 EBP: 43f1fe4c ESP: 43f1fe0c
[   21.536191][    T3] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010212
[   21.537221][    T3] CR0: 80050033 CR2: 01fbaaa8 CR3: 7ea5e000 CR4: 00040690
[   21.538183][    T3] Call Trace:
[   21.538764][    T3]  ? __change_page_attr_set_clr+0x49/0x170
[   21.539577][    T3]  ? _vm_unmap_aliases+0x101/0x120
[   21.540274][    T3]  ? set_direct_map_default_noflush+0x49/0x60
[   21.541131][    T3]  ? __vunmap+0x192/0x270
[   21.541752][    T3]  ? __vfree+0x20/0x50
[   21.542320][    T3]  ? vfree+0x29/0x60
[   21.542920][    T3]  ? module_memfree+0x1b/0x30
[   21.543599][    T3]  ? do_free_init+0x2c/0x50
[   21.544257][    T3]  ? process_one_work+0x20c/0x480
[   21.544926][    T3]  ? worker_thread+0x166/0x3c0
[   21.545587][    T3]  ? kthread+0xbf/0xe0
[   21.546160][    T3]  ? rescuer_thread+0x310/0x310
[   21.546852][    T3]  ? kthread_complete_and_exit+0x20/0x20
[   21.547632][    T3]  ? ret_from_fork+0x19/0x30
[   21.548284][    T3] irq event stamp: 2399
[   21.548844][    T3] hardirqs last  enabled at (2407): [<410b8aee>] __up_console_sem+0x6e/0x80
[   21.550018][    T3] hardirqs last disabled at (2414): [<410b8ad5>] __up_console_sem+0x55/0x80
[   21.551265][    T3] softirqs last  enabled at (2432): [<41f8f11c>] __do_softirq+0x2ac/0x3b0
[   21.552465][    T3] softirqs last disabled at (2423): [<41023525>] do_softirq_own_stack+0x25/0x30
[   21.553731][    T3] ---[ end trace 0000000000000000 ]---
[   21.566412][  T617] srcu-scale:--- Start of test: nreaders=1 nwriters=1 verbose=1 shutdown=0
[   21.574533][  T617] srcu-torture: Creating rcu_scale_reader task
[   21.578917][  T619] srcu-scale: rcu_scale_reader task started
[   21.579927][  T617] srcu-torture: Creating rcu_scale_writer task
[   21.586634][  T620] srcu-scale: rcu_scale_writer task started
[   21.599081][  T204] BUG: unable to handle page fault for address: b9866400
[   21.600138][  T204] #PF: supervisor write access in kernel mode
[   21.600984][  T204] #PF: error_code(0x0002) - not-present page
[   21.601823][  T204] *pde = 79868063 *pte = 79866060
[   21.602527][  T204] Oops: 0002 [#1]
[   21.603046][  T204] CPU: 0 PID: 204 Comm: systemd-udevd Tainted: G        W         5.19.0-00430-g652c5bf380ad #1
[   21.604459][  T204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[   21.605875][  T204] EIP: pgd_alloc+0x85/0x130
[   21.606460][  T204] Code: ff ff 85 c0 0f 85 ab 00 00 00 b8 a0 00 af 42 8d be 04 04 00 00 e8 5b 9d f3 00 a1 00 04 17 43 83 e7 fc 8d 8e 00 04 00 00 29 f9 <89> 86 00 04 00 00 a1 fc 0f 17 43 89 86 fc 0f 00 00 89 f0 be 00 04
[   21.609008][  T204] EAX: 03957063 EBX: 43f549c0 ECX: fffffffc EDX: ffffffff
[   21.609966][  T204] ESI: b9866000 EDI: b9866404 EBP: bf039dcc ESP: bf039db0
[   21.610914][  T204] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010297
[   21.611938][  T204] CR0: 80050033 CR2: b9866400 CR3: 7e910000 CR4: 00040690
[   21.612924][  T204] Call Trace:
[   21.613380][  T204]  ? mm_init+0x134/0x260
[   21.614115][  T204]  mm_init+0x1b1/0x260
[   21.614804][  T204]  dup_mm+0x41/0xd0
[   21.615308][  T204]  copy_process+0x13c8/0x1660
[   21.615854][  T204]  kernel_clone+0x95/0x480
[   21.616419][  T204]  __ia32_sys_clone+0x6a/0x90
[   21.617040][  T204]  __do_fast_syscall_32+0x71/0xd0
[   21.617703][  T204]  ? lockdep_hardirqs_on_prepare+0x9c/0x150
[   21.618559][  T204]  ? syscall_exit_to_user_mode+0x35/0x50
[   21.619290][  T204]  ? __do_fast_syscall_32+0x7b/0xd0
[   21.619954][  T204]  ? irqentry_exit_to_user_mode+0x23/0x30
[   21.620690][  T204]  ? irqentry_exit+0x5f/0x80
[   21.621305][  T204]  do_fast_syscall_32+0x28/0x60
[   21.621942][  T204]  do_SYSENTER_32+0x15/0x20
[   21.622553][  T204]  entry_SYSENTER_32+0xb0/0x116
[   21.623240][  T204] EIP: 0x37f6c549
[   21.623743][  T204] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   21.626274][  T204] EAX: ffffffda EBX: 01200011 ECX: 00000000 EDX: 00000000
[   21.627248][  T204] ESI: 00000000 EDI: 37c35868 EBP: 3fe5a3a8 ESP: 3fe5a350
[   21.628227][  T204] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[   21.629259][  T204] Modules linked in: rcuscale torture
[   21.629998][  T204] CR2: 00000000b9866400
[   21.630559][  T204] ---[ end trace 0000000000000000 ]---
[   21.631297][  T204] EIP: pgd_alloc+0x85/0x130
[   21.631932][  T204] Code: ff ff 85 c0 0f 85 ab 00 00 00 b8 a0 00 af 42 8d be 04 04 00 00 e8 5b 9d f3 00 a1 00 04 17 43 83 e7 fc 8d 8e 00 04 00 00 29 f9 <89> 86 00 04 00 00 a1 fc 0f 17 43 89 86 fc 0f 00 00 89 f0 be 00 04
[   21.634364][  T204] EAX: 03957063 EBX: 43f549c0 ECX: fffffffc EDX: ffffffff
[   21.635119][  T204] ESI: b9866000 EDI: b9866404 EBP: bf039dcc ESP: bf039db0
[   21.635902][  T204] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010297
[   21.636915][  T204] CR0: 80050033 CR2: b9866400 CR3: 7e910000 CR4: 00040690
[   21.637885][  T204] Kernel panic - not syncing: Fatal exception
[   21.638720][  T204] Kernel Offset: disabled


To reproduce:

         # build kernel
	cd linux
	cp config-5.19.0-00430-g652c5bf380ad .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


         git clone https://github.com/intel/lkp-tests.git
         cd lkp-tests
         bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

         # if come across any failure that blocks the test,
         # please remove ~/.lkp and /lkp dir to run from a clean state.

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-00430-g652c5bf380ad" of type "text/plain" (146139 bytes)

View attachment "job-script" of type "text/plain" (5122 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (16520 bytes)

View attachment "rcuscale" of type "text/plain" (44858 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ