lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202301301034.10f83a62-yujie.liu@intel.com>
Date:   Mon, 30 Jan 2023 13:26:15 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Georgi Djakov <quic_c_gdjako@...cinc.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        Georgi Djakov <quic_c_gdjako@...cinc.com>,
        <linux-doc@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <iommu@...ts.linux.dev>,
        <catalin.marinas@....com>, <will@...nel.org>,
        <dave.hansen@...ux.intel.com>, <luto@...nel.org>,
        <peterz@...radead.org>, <tglx@...utronix.de>, <mingo@...hat.com>,
        <bp@...en8.de>, <hpa@...or.com>, <hch@....de>,
        <m.szyprowski@...sung.com>, <robin.murphy@....com>,
        <djakov@...nel.org>
Subject: Re: [RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line

Greeting,

FYI, we noticed BUG:kernel_NULL_pointer_dereference,address due to commit (built with gcc-11):

commit: f7562f00aeee914d2d1fc45c9464826a29f7e823 ("[RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line")
url: https://github.com/intel-lab-lkp/linux/commits/Georgi-Djakov/mm-Allow-ZONE_DMA32-to-be-disabled-via-kernel-command-line/20230128-105803
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20230126164352.17562-1-quic_c_gdjako@quicinc.com/
patch subject: [RFC] mm: Allow ZONE_DMA32 to be disabled via kernel command line

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[    5.564449][    T1] BUG: kernel NULL pointer dereference, address: 0000000000000690
[    5.566019][    T1] #PF: supervisor read access in kernel mode
[    5.567187][    T1] #PF: error_code(0x0000) - not-present page
[    5.568357][    T1] PGD 0 P4D 0
[    5.569101][    T1] Oops: 0000 [#1] SMP PTI
[    5.569997][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc4-00588-gf7562f00aeee #8
[    5.571695][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 5.573657][ T1] RIP: __dma_direct_alloc_pages+0xf3/0x330 
[ 5.575069][ T1] Code: 40 74 ed b8 01 00 00 00 48 d3 e0 48 83 e8 01 48 39 04 24 76 db 48 8b 04 24 48 c1 e8 20 75 1f 49 63 c4 48 8b 04 c5 20 68 d8 82 <48> 83 b8 90 06 00 00 00 0f 95 c0 0f b6 c0 c1 e0 02 41 09 c6 49 8d
All code
========
   0:	40 74 ed             	rex je 0xfffffffffffffff0
   3:	b8 01 00 00 00       	mov    $0x1,%eax
   8:	48 d3 e0             	shl    %cl,%rax
   b:	48 83 e8 01          	sub    $0x1,%rax
   f:	48 39 04 24          	cmp    %rax,(%rsp)
  13:	76 db                	jbe    0xfffffffffffffff0
  15:	48 8b 04 24          	mov    (%rsp),%rax
  19:	48 c1 e8 20          	shr    $0x20,%rax
  1d:	75 1f                	jne    0x3e
  1f:	49 63 c4             	movslq %r12d,%rax
  22:	48 8b 04 c5 20 68 d8 	mov    -0x7d2797e0(,%rax,8),%rax
  29:	82 
  2a:*	48 83 b8 90 06 00 00 	cmpq   $0x0,0x690(%rax)		<-- trapping instruction
  31:	00 
  32:	0f 95 c0             	setne  %al
  35:	0f b6 c0             	movzbl %al,%eax
  38:	c1 e0 02             	shl    $0x2,%eax
  3b:	41 09 c6             	or     %eax,%r14d
  3e:	49                   	rex.WB
  3f:	8d                   	.byte 0x8d

Code starting with the faulting instruction
===========================================
   0:	48 83 b8 90 06 00 00 	cmpq   $0x0,0x690(%rax)
   7:	00 
   8:	0f 95 c0             	setne  %al
   b:	0f b6 c0             	movzbl %al,%eax
   e:	c1 e0 02             	shl    $0x2,%eax
  11:	41 09 c6             	or     %eax,%r14d
  14:	49                   	rex.WB
  15:	8d                   	.byte 0x8d
[    5.578626][    T1] RSP: 0018:ffffc90000013bd8 EFLAGS: 00010247
[    5.579804][    T1] RAX: 0000000000000000 RBX: 0000000000000cc0 RCX: 0000000000000018
[    5.581366][    T1] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000000
[    5.582922][    T1] RBP: ffff8881003b30d0 R08: 0000000000000000 R09: 000fffffffffffff
[    5.584518][    T1] R10: 0000000000000008 R11: ffff88843ffc6000 R12: 00000000ffffffff
[    5.586080][    T1] R13: 0000000000001000 R14: 0000000000000cc0 R15: 0000000000001000
[    5.587644][    T1] FS:  0000000000000000(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000
[    5.589376][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.590616][    T1] CR2: 0000000000000690 CR3: 000000000280a000 CR4: 00000000000406e0
[    5.592197][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    5.593739][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    5.595340][    T1] Call Trace:
[    5.597097][    T1]  <TASK>
[ 5.597778][ T1] ? __vmalloc_node_range (mm/vmalloc.c:3182) 
[ 5.598829][ T1] dma_direct_alloc (kernel/dma/direct.c:269) 
[ 5.599794][ T1] e1000_setup_tx_resources (drivers/net/ethernet/intel/e1000/e1000_main.c:1514) 
[ 5.601912][ T1] e1000_setup_all_tx_resources (drivers/net/ethernet/intel/e1000/e1000_main.c:1574) 
[ 5.603106][ T1] e1000_open (drivers/net/ethernet/intel/e1000/e1000_main.c:1367) 
[ 5.603998][ T1] ? raw_notifier_call_chain (kernel/notifier.c:92 kernel/notifier.c:455) 
[ 5.605069][ T1] __dev_open (net/core/dev.c:1419) 
[ 5.605963][ T1] __dev_change_flags (net/core/dev.c:8530) 
[ 5.607006][ T1] ? __dev_notify_flags (net/core/dev.c:8574) 
[ 5.607959][ T1] dev_change_flags (net/core/dev.c:8602) 
[ 5.608915][ T1] ic_open_devs (net/ipv4/ipconfig.c:242) 
[ 5.609818][ T1] ip_auto_config (net/ipv4/ipconfig.c:1508) 
[ 5.610775][ T1] ? __pfx_ip_auto_config (net/ipv4/ipconfig.c:1471) 
[ 5.611816][ T1] do_one_initcall (init/main.c:1306) 
[ 5.612782][ T1] do_initcalls (init/main.c:1378 init/main.c:1395) 
[ 5.613649][ T1] kernel_init_freeable (init/main.c:1638) 
[ 5.614747][ T1] ? __pfx_kernel_init (init/main.c:1514) 
[ 5.615771][ T1] kernel_init (init/main.c:1524) 
[ 5.616681][ T1] ret_from_fork (arch/x86/entry/entry_64.S:314) 
[    5.617557][    T1]  </TASK>
[    5.618264][    T1] Modules linked in:
[    5.619088][    T1] CR2: 0000000000000690
[    5.619963][    T1] ---[ end trace 0000000000000000 ]---
[ 5.621042][ T1] RIP: __dma_direct_alloc_pages+0xf3/0x330 
[ 5.622410][ T1] Code: 40 74 ed b8 01 00 00 00 48 d3 e0 48 83 e8 01 48 39 04 24 76 db 48 8b 04 24 48 c1 e8 20 75 1f 49 63 c4 48 8b 04 c5 20 68 d8 82 <48> 83 b8 90 06 00 00 00 0f 95 c0 0f b6 c0 c1 e0 02 41 09 c6 49 8d
All code
========
   0:	40 74 ed             	rex je 0xfffffffffffffff0
   3:	b8 01 00 00 00       	mov    $0x1,%eax
   8:	48 d3 e0             	shl    %cl,%rax
   b:	48 83 e8 01          	sub    $0x1,%rax
   f:	48 39 04 24          	cmp    %rax,(%rsp)
  13:	76 db                	jbe    0xfffffffffffffff0
  15:	48 8b 04 24          	mov    (%rsp),%rax
  19:	48 c1 e8 20          	shr    $0x20,%rax
  1d:	75 1f                	jne    0x3e
  1f:	49 63 c4             	movslq %r12d,%rax
  22:	48 8b 04 c5 20 68 d8 	mov    -0x7d2797e0(,%rax,8),%rax
  29:	82 
  2a:*	48 83 b8 90 06 00 00 	cmpq   $0x0,0x690(%rax)		<-- trapping instruction
  31:	00 
  32:	0f 95 c0             	setne  %al
  35:	0f b6 c0             	movzbl %al,%eax
  38:	c1 e0 02             	shl    $0x2,%eax
  3b:	41 09 c6             	or     %eax,%r14d
  3e:	49                   	rex.WB
  3f:	8d                   	.byte 0x8d

Code starting with the faulting instruction
===========================================
   0:	48 83 b8 90 06 00 00 	cmpq   $0x0,0x690(%rax)
   7:	00 
   8:	0f 95 c0             	setne  %al
   b:	0f b6 c0             	movzbl %al,%eax
   e:	c1 e0 02             	shl    $0x2,%eax
  11:	41 09 c6             	or     %eax,%r14d
  14:	49                   	rex.WB
  15:	8d                   	.byte 0x8d


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202301301034.10f83a62-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-6.2.0-rc4-00588-gf7562f00aeee .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

View attachment "config-6.2.0-rc4-00588-gf7562f00aeee" of type "text/plain" (167095 bytes)

View attachment "job-script" of type "text/plain" (4915 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (25700 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ