| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202209141701.e293ea84-yujie.liu@intel.com>
Date: Wed, 14 Sep 2022 23:33:02 +0800
From: kernel test robot <yujie.liu@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: <lkp@...ts.01.org>, <lkp@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
<linux-kernel@...r.kernel.org>, <x86@...nel.org>
Subject: [x86/mm] 652c5bf380:
WARNING:at_arch/x86/mm/pat/set_memory.c:#verify_rwx
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 652c5bf380ad018e15006a7f8349800245ddbbad ("x86/mm: Refuse W^X violations")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git x86/mm
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: tasks-tracing
test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
[ 41.673225][ T47] ------------[ cut here ]------------
[ 41.674140][ T47] CPA refuse W^X violation: 0000000000000060 -> 0000000000000063 range: 0x00000000ba578000 - 0x00000000ba578fff PFN 7a578
[ 41.675999][ T47] WARNING: CPU: 0 PID: 47 at arch/x86/mm/pat/set_memory.c:600 verify_rwx+0x50/0x60
[ 41.677367][ T47] Modules linked in: rcutorture(+) torture
[ 41.678250][ T47] CPU: 0 PID: 47 Comm: kworker/0:2 Not tainted 5.19.0-00430-g652c5bf380ad #1 1c07b355cfcb9caa54dfa4f8958371fd19a1da6f
[ 41.680007][ T47] Workqueue: events do_free_init
[ 41.680738][ T47] EIP: verify_rwx+0x50/0x60
[ 41.681406][ T47] Code: 75 2d 8b 4d 0c ff 75 08 c6 05 b7 e3 b7 42 01 c1 e1 0c 8d 4c 0a ff 51 52 31 d2 52 31 d2 50 52 53 68 82 ea 48 42 e8 75 6b a3 00 <0f> 0b 83 c4 20 89 d9 8d 65 f8 89 c8 5b 5e 5d c3 55 89 e5 53 89 c3
[ 41.684425][ T47] EAX: 00000077 EBX: 00000060 ECX: 00000027 EDX: ecfd0db4
[ 41.685600][ T47] ESI: 00000002 EDI: 0007a578 EBP: 44185e00 ESP: 44185dd8
[ 41.686811][ T47] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010212
[ 41.688063][ T47] CR0: 80050033 CR2: 034e7000 CR3: 7e0b6000 CR4: 00000690
[ 41.689089][ T47] Call Trace:
[ 41.689579][ T47] ? __change_page_attr+0x9f/0x172
[ 41.690373][ T47] ? __change_page_attr_set_clr+0x4e/0x120
[ 41.691225][ T47] ? _vm_unmap_aliases+0x13a/0x142
[ 41.692082][ T47] ? page_address+0x15/0x92
[ 41.692755][ T47] ? __mutex_unlock_slowpath+0x32/0x1ce
[ 41.693758][ T47] ? set_direct_map_default_noflush+0x45/0x5c
[ 41.694804][ T47] ? set_direct_map_invalid_noflush+0x5c/0x5c
[ 41.695836][ T47] ? set_area_direct_map+0x28/0x30
[ 41.696705][ T47] ? __vunmap+0xfc/0x160
[ 41.697383][ T47] ? __vfree+0x23/0x25
[ 41.697989][ T47] ? vfree+0x45/0x48
[ 41.698601][ T47] ? module_memfree+0x19/0x1b
[ 41.699293][ T47] ? do_free_init+0x20/0x30
[ 41.699935][ T47] ? process_one_work+0x232/0x3c5
[ 41.700663][ T47] ? worker_thread+0x14e/0x1ea
[ 41.701370][ T47] ? __kthread_parkme+0x36/0x6f
[ 41.702078][ T47] ? kthread+0xbb/0xc0
[ 41.702721][ T47] ? rescuer_thread+0x213/0x213
[ 41.703551][ T47] ? kthread_complete_and_exit+0x16/0x16
[ 41.704475][ T47] ? ret_from_fork+0x19/0x30
[ 41.705258][ T47] irq event stamp: 2305
[ 41.705962][ T47] hardirqs last enabled at (2313): [<41079811>] __up_console_sem+0x3d/0x52
[ 41.707507][ T47] hardirqs last disabled at (2320): [<410797f4>] __up_console_sem+0x20/0x52
[ 41.708781][ T47] softirqs last enabled at (2180): [<41a8819d>] __do_softirq+0x31d/0x34d
[ 41.710000][ T47] softirqs last disabled at (2143): [<41008261>] do_softirq_own_stack+0x21/0x27
[ 41.711324][ T47] ---[ end trace 0000000000000000 ]---
[ 41.761895][ T387] BUG: unable to handle page fault for address: ba57a008
[ 41.763060][ T387] #PF: supervisor read access in kernel mode
[ 41.763923][ T387] #PF: error_code(0x0000) - not-present page
[ 41.764790][ T387] *pde = 7a57c063 *pte = 7a57a060
[ 41.765535][ T387] Oops: 0000 [#1] SMP
[ 41.766152][ T387] CPU: 0 PID: 387 Comm: sed Tainted: G W 5.19.0-00430-g652c5bf380ad #1 1c07b355cfcb9caa54dfa4f8958371fd19a1da6f
[ 41.768202][ T387] EIP: do_anonymous_page+0x126/0x18d
[ 41.768958][ T387] Code: 4b 18 8b 01 e8 4a d2 ff ff 8b 53 0c 89 c7 8b 01 e8 15 d2 ff ff 89 7b 30 89 45 e8 89 f8 31 ff e8 42 e2 93 00 8b 55 e8 89 53 2c <83> 3a 00 75 4e 8b 46 20 89 45 e8 e8 7c c8 ff ff 89 c7 85 c0 75 3d
[ 41.771721][ T387] EAX: bf5a6000 EBX: bf59bf10 ECX: 2314b760 EDX: ba57a008
[ 41.772734][ T387] ESI: be1f6ae0 EDI: 00000000 EBP: bf59beec ESP: bf59bed4
[ 41.773747][ T387] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010282
[ 41.774860][ T387] CR0: 80050033 CR2: ba57a008 CR3: 7e0b6000 CR4: 00000690
[ 41.775874][ T387] Call Trace:
[ 41.776357][ T387] handle_pte_fault+0xda/0xeb
[ 41.777049][ T387] handle_mm_fault+0xf1/0x18f
[ 41.777734][ T387] do_user_addr_fault+0x241/0x3c7
[ 41.778497][ T387] ? trace_hardirqs_off_finish+0x8d/0xc8
[ 41.779318][ T387] exc_page_fault+0x1e7/0x207
[ 41.780006][ T387] ? paravirt_BUG+0xf/0xf
[ 41.780632][ T387] handle_exception+0x133/0x133
[ 41.781339][ T387] EIP: 0x37d86539
[ 41.781873][ T387] Code: fa 8b 74 24 10 8d 0c 38 39 dd 0f 95 c3 83 cf 01 89 4d 30 0f b6 db 83 ca 01 c1 e3 02 09 fb 89 58 04 8d 58 08 8b 86 d8 18 00 00 <89> 51 04 85 c0 0f 84 91 f9 ff ff e9 f6 fa ff ff 8d b4 26 00 00 00
[ 41.784652][ T387] EAX: 00000000 EBX: 037fc148 ECX: 03802ce8 EDX: 0000e319
[ 41.785650][ T387] ESI: 37eca000 EDI: 00006ba9 EBP: 37eca780 ESP: 3fe6f7a0
[ 41.786675][ T387] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00010206
[ 41.787759][ T387] ? paravirt_BUG+0xf/0xf
[ 41.788387][ T387] Modules linked in: rcutorture(+) torture
[ 41.789237][ T387] CR2: 00000000ba57a008
[ 41.789836][ T387] ---[ end trace 0000000000000000 ]---
[ 41.790656][ T387] EIP: do_anonymous_page+0x126/0x18d
[ 41.791430][ T387] Code: 4b 18 8b 01 e8 4a d2 ff ff 8b 53 0c 89 c7 8b 01 e8 15 d2 ff ff 89 7b 30 89 45 e8 89 f8 31 ff e8 42 e2 93 00 8b 55 e8 89 53 2c <83> 3a 00 75 4e 8b 46 20 89 45 e8 e8 7c c8 ff ff 89 c7 85 c0 75 3d
[ 41.794252][ T387] EAX: bf5a6000 EBX: bf59bf10 ECX: 2314b760 EDX: ba57a008
[ 41.795286][ T387] ESI: be1f6ae0 EDI: 00000000 EBP: bf59beec ESP: bf59bed4
[ 41.796310][ T387] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010282
[ 41.797412][ T387] CR0: 80050033 CR2: ba57a008 CR3: 7e0b6000 CR4: 00000690
[ 41.798466][ T387] Kernel panic - not syncing: Fatal exception
[ 41.799578][ T387] Kernel Offset: disabled
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <yujie.liu@...el.com>
Link: https://lore.kernel.org/r/202209141701.e293ea84-yujie.liu@intel.com
To reproduce:
# build kernel
cd linux
cp config-5.19.0-00430-g652c5bf380ad .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-00430-g652c5bf380ad" of type "text/plain" (148493 bytes)
View attachment "job-script" of type "text/plain" (5246 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (18784 bytes)
View attachment "rcutorture" of type "text/plain" (54708 bytes)
Powered by blists - more mailing lists