| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y1pXJheAg+sMj7eG@yujie-X299>
Date: Thu, 27 Oct 2022 18:02:14 +0800
From: Yujie Liu <yujie.liu@...el.com>
To: Andrey Ryabinin <ryabinin.a.a@...il.com>,
Peter Zijlstra <peterz@...radead.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Seth Jenkins <sethjenkins@...gle.com>,
"Kees Cook" <keescook@...omium.org>,
<linux-kernel@...r.kernel.org>, <x86@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
<kasan-dev@...glegroups.com>,
"Yin, Fengwei" <fengwei.yin@...el.com>
Subject: Re: [tip:x86/mm] [x86/mm] 1248fb6a82:
Kernel_panic-not_syncing:kasan_populate_pmd:Failed_to_allocate_page
On Tue, Oct 25, 2022 at 06:39:07PM +0300, Andrey Ryabinin wrote:
>
>
> On 10/25/22 13:33, Peter Zijlstra wrote:
> > On Tue, Oct 25, 2022 at 12:54:40PM +0800, kernel test robot wrote:
> >> Hi Peter,
> >>
> >> We noticed that below commit changed the value of
> >> CPU_ENTRY_AREA_MAP_SIZE. Seems KASAN uses this value to allocate memory,
> >> and failed during initialization after this change, so we send this
> >> mail and Cc KASAN folks. Please kindly check below report for more
> >> details. Thanks.
> >>
> >>
> >> Greeting,
> >>
> >> FYI, we noticed Kernel_panic-not_syncing:kasan_populate_pmd:Failed_to_allocate_page due to commit (built with gcc-11):
> >>
> >> commit: 1248fb6a8201ddac1c86a202f05a0a1765efbfce ("x86/mm: Randomize per-cpu entry area")
> >> https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git x86/mm
> >>
> >> in testcase: boot
> >>
> >> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> >>
> >> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
> >>
> >>
> >> [ 7.114808][ T0] Kernel panic - not syncing: kasan_populate_pmd+0x142/0x1d2: Failed to allocate page, nid=0 from=1000000
> >> [ 7.119742][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 6.1.0-rc1-00001-g1248fb6a8201 #1
> >> [ 7.122122][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
> >> [ 7.124976][ T0] Call Trace:
> >> [ 7.125849][ T0] <TASK>
> >> [ 7.126642][ T0] ? dump_stack_lvl+0x45/0x5d
> >> [ 7.127908][ T0] ? panic+0x21e/0x46a
> >> [ 7.129009][ T0] ? panic_print_sys_info+0x77/0x77
> >> [ 7.130618][ T0] ? memblock_alloc_try_nid_raw+0x106/0x106
> >> [ 7.132224][ T0] ? memblock_alloc_try_nid+0xd9/0x118
> >> [ 7.133717][ T0] ? memblock_alloc_try_nid_raw+0x106/0x106
> >> [ 7.135252][ T0] ? kasan_populate_pmd+0x142/0x1d2
> >> [ 7.136655][ T0] ? early_alloc+0x95/0x9d
> >> [ 7.137738][ T0] ? kasan_populate_pmd+0x142/0x1d2
> >> [ 7.138936][ T0] ? kasan_populate_pud+0x182/0x19f
> >> [ 7.140335][ T0] ? kasan_populate_shadow+0x1e0/0x233
> >> [ 7.141759][ T0] ? kasan_init+0x3be/0x57f
> >> [ 7.142942][ T0] ? setup_arch+0x101d/0x11f0
> >> [ 7.144229][ T0] ? start_kernel+0x6f/0x3d0
> >> [ 7.145449][ T0] ? secondary_startup_64_no_verify+0xe0/0xeb
> >> [ 7.147051][ T0] </TASK>
> >> [ 7.147868][ T0] ---[ end Kernel panic - not syncing: kasan_populate_pmd+0x142/0x1d2: Failed to allocate page, nid=0 from=1000000 ]---
> >
> > Ufff, no idea about what KASAN wants here; Andrey, you have clue?
> >
> > Are you trying to allocate backing space for .5T of vspace and failing
> > that because the kvm thing doesn't have enough memory?
> >
>
> KASAN tries to allocate shadow memory for the whole cpu entry area.
> The size is CPU_ENTRY_AREA_MAP_SIZE/8 and this is obviously fails after your patch.
> The fix this might be something like this:
Hi Andrey,
Thanks for posting the fix. The issue is resolved after applying the fix.
Tested-by: Yujie Liu <yujie.liu@...el.com>
=========================================================================================
compiler/kconfig/rootfs/sleep/tbox_group/testcase:
gcc-11/x86_64-rhel-8.3-kselftests/yocto-i386-minimal-20190520.cgz/1/vm-snb/boot
commit:
v6.1-rc1
1248fb6a8201d ("x86/mm: Randomize per-cpu entry area")
5e25ad77cfd4a ("Fix "KASAN allocate shadow memory for cpu entry area"")
v6.1-rc1 1248fb6a8201ddac1c86a202f05 5e25ad77cfd4a0e089a1f370fbf
---------------- --------------------------- ---------------------------
fail:runs %reproduction fail:runs %reproduction fail:runs
| | | | |
:12 100% 10:10 0% :8 dmesg.Kernel_panic-not_syncing:kasan_populate_pmd:Failed_to_allocate_page,nid=#from=
:12 100% 10:10 0% :8 dmesg.boot_failures
Best Regards,
Yujie
>
>
> ---
> arch/x86/include/asm/kasan.h | 2 ++
> arch/x86/mm/cpu_entry_area.c | 3 +++
> arch/x86/mm/kasan_init_64.c | 16 +++++++++++++---
> 3 files changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
> index 13e70da38bed..77dd8b57f1e2 100644
> --- a/arch/x86/include/asm/kasan.h
> +++ b/arch/x86/include/asm/kasan.h
> @@ -28,9 +28,11 @@
> #ifdef CONFIG_KASAN
> void __init kasan_early_init(void);
> void __init kasan_init(void);
> +void __init kasan_populate_shadow_for_vaddr(void *va, size_t size);
> #else
> static inline void kasan_early_init(void) { }
> static inline void kasan_init(void) { }
> +static inline void kasan_populate_shadow_for_vaddr(void *va, size_t size) { }
> #endif
>
> #endif
> diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c
> index ad1f750517a1..602daa550543 100644
> --- a/arch/x86/mm/cpu_entry_area.c
> +++ b/arch/x86/mm/cpu_entry_area.c
> @@ -9,6 +9,7 @@
> #include <asm/cpu_entry_area.h>
> #include <asm/fixmap.h>
> #include <asm/desc.h>
> +#include <asm/kasan.h>
>
> static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, entry_stack_storage);
>
> @@ -91,6 +92,8 @@ void cea_set_pte(void *cea_vaddr, phys_addr_t pa, pgprot_t flags)
> static void __init
> cea_map_percpu_pages(void *cea_vaddr, void *ptr, int pages, pgprot_t prot)
> {
> + kasan_populate_shadow_for_vaddr(cea_vaddr, pages*PAGE_SIZE);
> +
> for ( ; pages; pages--, cea_vaddr+= PAGE_SIZE, ptr += PAGE_SIZE)
> cea_set_pte(cea_vaddr, per_cpu_ptr_to_phys(ptr), prot);
> }
> diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
> index e7b9b464a82f..dbee52f14700 100644
> --- a/arch/x86/mm/kasan_init_64.c
> +++ b/arch/x86/mm/kasan_init_64.c
> @@ -316,6 +316,19 @@ void __init kasan_early_init(void)
> kasan_map_early_shadow(init_top_pgt);
> }
>
> +void __init kasan_populate_shadow_for_vaddr(void *va, size_t size)
> +{
> + unsigned long shadow_start, shadow_end;
> +
> + shadow_start = (unsigned long)kasan_mem_to_shadow(va);
> + shadow_start = round_down(shadow_start, PAGE_SIZE);
> + shadow_end = (unsigned long)kasan_mem_to_shadow(va + size);
> + shadow_end = round_up(shadow_end, PAGE_SIZE);
> +
> + kasan_populate_shadow(shadow_start, shadow_end,
> + early_pfn_to_nid(__pa(va)));
> +}
> +
> void __init kasan_init(void)
> {
> int i;
> @@ -393,9 +406,6 @@ void __init kasan_init(void)
> kasan_mem_to_shadow((void *)VMALLOC_END + 1),
> shadow_cpu_entry_begin);
>
> - kasan_populate_shadow((unsigned long)shadow_cpu_entry_begin,
> - (unsigned long)shadow_cpu_entry_end, 0);
> -
> kasan_populate_early_shadow(shadow_cpu_entry_end,
> kasan_mem_to_shadow((void *)__START_KERNEL_map));
>
> --
> 2.37.4
>
Powered by blists - more mailing lists