| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Jan 2023 13:26:15 +0800
From: kernel test robot <yujie.liu@...el.com>
To: Georgi Djakov <quic_c_gdjako@...cinc.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
Georgi Djakov <quic_c_gdjako@...cinc.com>,
<linux-doc@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>, <iommu@...ts.linux.dev>,
<catalin.marinas@....com>, <will@...nel.org>,
<dave.hansen@...ux.intel.com>, <luto@...nel.org>,
<peterz@...radead.org>, <tglx@...utronix.de>, <mingo@...hat.com>,
<bp@...en8.de>, <hpa@...or.com>, <hch@....de>,
<m.szyprowski@...sung.com>, <robin.murphy@....com>,
<djakov@...nel.org>
Subject: Re: [RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line
Greeting,
FYI, we noticed BUG:kernel_NULL_pointer_dereference,address due to commit (built with gcc-11):
commit: f7562f00aeee914d2d1fc45c9464826a29f7e823 ("[RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line")
url: https://github.com/intel-lab-lkp/linux/commits/Georgi-Djakov/mm-Allow-ZONE_DMA32-to-be-disabled-via-kernel-command-line/20230128-105803
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20230126164352.17562-1-quic_c_gdjako@quicinc.com/
patch subject: [RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
[ 5.564449][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000690
[ 5.566019][ T1] #PF: supervisor read access in kernel mode
[ 5.567187][ T1] #PF: error_code(0x0000) - not-present page
[ 5.568357][ T1] PGD 0 P4D 0
[ 5.569101][ T1] Oops: 0000 [#1] SMP PTI
[ 5.569997][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc4-00588-gf7562f00aeee #8
[ 5.571695][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 5.573657][ T1] RIP: __dma_direct_alloc_pages+0xf3/0x330
[ 5.575069][ T1] Code: 40 74 ed b8 01 00 00 00 48 d3 e0 48 83 e8 01 48 39 04 24 76 db 48 8b 04 24 48 c1 e8 20 75 1f 49 63 c4 48 8b 04 c5 20 68 d8 82 <48> 83 b8 90 06 00 00 00 0f 95 c0 0f b6 c0 c1 e0 02 41 09 c6 49 8d
All code
========
0: 40 74 ed rex je 0xfffffffffffffff0
3: b8 01 00 00 00 mov $0x1,%eax
8: 48 d3 e0 shl %cl,%rax
b: 48 83 e8 01 sub $0x1,%rax
f: 48 39 04 24 cmp %rax,(%rsp)
13: 76 db jbe 0xfffffffffffffff0
15: 48 8b 04 24 mov (%rsp),%rax
19: 48 c1 e8 20 shr $0x20,%rax
1d: 75 1f jne 0x3e
1f: 49 63 c4 movslq %r12d,%rax
22: 48 8b 04 c5 20 68 d8 mov -0x7d2797e0(,%rax,8),%rax
29: 82
2a:* 48 83 b8 90 06 00 00 cmpq $0x0,0x690(%rax) <-- trapping instruction
31: 00
32: 0f 95 c0 setne %al
35: 0f b6 c0 movzbl %al,%eax
38: c1 e0 02 shl $0x2,%eax
3b: 41 09 c6 or %eax,%r14d
3e: 49 rex.WB
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 48 83 b8 90 06 00 00 cmpq $0x0,0x690(%rax)
7: 00
8: 0f 95 c0 setne %al
b: 0f b6 c0 movzbl %al,%eax
e: c1 e0 02 shl $0x2,%eax
11: 41 09 c6 or %eax,%r14d
14: 49 rex.WB
15: 8d .byte 0x8d
[ 5.578626][ T1] RSP: 0018:ffffc90000013bd8 EFLAGS: 00010247
[ 5.579804][ T1] RAX: 0000000000000000 RBX: 0000000000000cc0 RCX: 0000000000000018
[ 5.581366][ T1] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000000
[ 5.582922][ T1] RBP: ffff8881003b30d0 R08: 0000000000000000 R09: 000fffffffffffff
[ 5.584518][ T1] R10: 0000000000000008 R11: ffff88843ffc6000 R12: 00000000ffffffff
[ 5.586080][ T1] R13: 0000000000001000 R14: 0000000000000cc0 R15: 0000000000001000
[ 5.587644][ T1] FS: 0000000000000000(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000
[ 5.589376][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.590616][ T1] CR2: 0000000000000690 CR3: 000000000280a000 CR4: 00000000000406e0
[ 5.592197][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5.593739][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5.595340][ T1] Call Trace:
[ 5.597097][ T1] <TASK>
[ 5.597778][ T1] ? __vmalloc_node_range (mm/vmalloc.c:3182)
[ 5.598829][ T1] dma_direct_alloc (kernel/dma/direct.c:269)
[ 5.599794][ T1] e1000_setup_tx_resources (drivers/net/ethernet/intel/e1000/e1000_main.c:1514)
[ 5.601912][ T1] e1000_setup_all_tx_resources (drivers/net/ethernet/intel/e1000/e1000_main.c:1574)
[ 5.603106][ T1] e1000_open (drivers/net/ethernet/intel/e1000/e1000_main.c:1367)
[ 5.603998][ T1] ? raw_notifier_call_chain (kernel/notifier.c:92 kernel/notifier.c:455)
[ 5.605069][ T1] __dev_open (net/core/dev.c:1419)
[ 5.605963][ T1] __dev_change_flags (net/core/dev.c:8530)
[ 5.607006][ T1] ? __dev_notify_flags (net/core/dev.c:8574)
[ 5.607959][ T1] dev_change_flags (net/core/dev.c:8602)
[ 5.608915][ T1] ic_open_devs (net/ipv4/ipconfig.c:242)
[ 5.609818][ T1] ip_auto_config (net/ipv4/ipconfig.c:1508)
[ 5.610775][ T1] ? __pfx_ip_auto_config (net/ipv4/ipconfig.c:1471)
[ 5.611816][ T1] do_one_initcall (init/main.c:1306)
[ 5.612782][ T1] do_initcalls (init/main.c:1378 init/main.c:1395)
[ 5.613649][ T1] kernel_init_freeable (init/main.c:1638)
[ 5.614747][ T1] ? __pfx_kernel_init (init/main.c:1514)
[ 5.615771][ T1] kernel_init (init/main.c:1524)
[ 5.616681][ T1] ret_from_fork (arch/x86/entry/entry_64.S:314)
[ 5.617557][ T1] </TASK>
[ 5.618264][ T1] Modules linked in:
[ 5.619088][ T1] CR2: 0000000000000690
[ 5.619963][ T1] ---[ end trace 0000000000000000 ]---
[ 5.621042][ T1] RIP: __dma_direct_alloc_pages+0xf3/0x330
[ 5.622410][ T1] Code: 40 74 ed b8 01 00 00 00 48 d3 e0 48 83 e8 01 48 39 04 24 76 db 48 8b 04 24 48 c1 e8 20 75 1f 49 63 c4 48 8b 04 c5 20 68 d8 82 <48> 83 b8 90 06 00 00 00 0f 95 c0 0f b6 c0 c1 e0 02 41 09 c6 49 8d
All code
========
0: 40 74 ed rex je 0xfffffffffffffff0
3: b8 01 00 00 00 mov $0x1,%eax
8: 48 d3 e0 shl %cl,%rax
b: 48 83 e8 01 sub $0x1,%rax
f: 48 39 04 24 cmp %rax,(%rsp)
13: 76 db jbe 0xfffffffffffffff0
15: 48 8b 04 24 mov (%rsp),%rax
19: 48 c1 e8 20 shr $0x20,%rax
1d: 75 1f jne 0x3e
1f: 49 63 c4 movslq %r12d,%rax
22: 48 8b 04 c5 20 68 d8 mov -0x7d2797e0(,%rax,8),%rax
29: 82
2a:* 48 83 b8 90 06 00 00 cmpq $0x0,0x690(%rax) <-- trapping instruction
31: 00
32: 0f 95 c0 setne %al
35: 0f b6 c0 movzbl %al,%eax
38: c1 e0 02 shl $0x2,%eax
3b: 41 09 c6 or %eax,%r14d
3e: 49 rex.WB
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 48 83 b8 90 06 00 00 cmpq $0x0,0x690(%rax)
7: 00
8: 0f 95 c0 setne %al
b: 0f b6 c0 movzbl %al,%eax
e: c1 e0 02 shl $0x2,%eax
11: 41 09 c6 or %eax,%r14d
14: 49 rex.WB
15: 8d .byte 0x8d
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202301301034.10f83a62-yujie.liu@intel.com
To reproduce:
# build kernel
cd linux
cp config-6.2.0-rc4-00588-gf7562f00aeee .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
View attachment "config-6.2.0-rc4-00588-gf7562f00aeee" of type "text/plain" (167095 bytes)
View attachment "job-script" of type "text/plain" (4915 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (25700 bytes)
Powered by blists - more mailing lists