| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2023 13:43:38 +0800
From: Pengfei Xu <pengfei.xu@...el.com>
To: <jgg@...pe.ca>
CC: <baolu.lu@...el.com>, <yi.l.liu@...el.com>, <kevin.tian@...el.com>,
<heng.su@...el.com>, <linux-kernel@...r.kernel.org>
Subject: [Syzkaller & bisect] There was "iommufd_test" WARNING in v6.2 in
guest
Hi Jason,
Greeting!
Platform: ADL-S and x86 platforms
Host kernel 6.2.0-rc7 which doesn't enable iommufd by host kconfig setting as
below:
"# CONFIG_IOMMUFD is not set"
Guest kconfig with iommufd enabled: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/kconfig_origin
Reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/repro.c
v6.2 problem dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/v6.2_c9c3395d5e3dcc6daee66c6908354d47bf98cb0c_dmesg.log
Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/bisect_info.log
There was "iommufd_test" WARNING in v6.2 in guest:
[ 32.012827] ------------[ cut here ]------------
[ 32.013027] WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufd_test+0xb19/0x16f0
[ 32.013410] Modules linked in:
[ 32.013540] CPU: 1 PID: 393 Comm: repro Not tainted 6.2.0-c9c3395d5e3d #1
[ 32.013809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 32.014372] RIP: 0010:iommufd_test+0xb19/0x16f0
[ 32.014566] Code: 94 c4 31 ff 44 89 e6 e8 a5 54 17 ff 45 84 e4 0f 85 bb 0b 00 00 41 be fb ff ff ff e8 31 53 17 ff e9 a0 f7 ff ff e8 27 53 17 ff <0f> 0b 41 be 8
[ 32.015281] RSP: 0018:ffffc90000eabdc0 EFLAGS: 00010246
[ 32.015493] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8214c487
[ 32.015773] RDX: 0000000000000000 RSI: ffff88800f5c8000 RDI: 0000000000000002
[ 32.016053] RBP: ffffc90000eabe48 R08: 0000000000000000 R09: 0000000000000001
[ 32.016333] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000cd2b0000
[ 32.016613] R13: 00000000cd2af000 R14: 0000000000000000 R15: ffffc90000eabe68
[ 32.016894] FS: 00007f94d76d5740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
[ 32.017211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.017447] CR2: 0000000020000043 CR3: 0000000006880006 CR4: 0000000000770ee0
[ 32.017730] PKRU: 55555554
[ 32.017843] Call Trace:
[ 32.017960] <TASK>
[ 32.018054] ? write_comp_data+0x2f/0x90
[ 32.018226] iommufd_fops_ioctl+0x1ef/0x310
[ 32.018408] __x64_sys_ioctl+0x10e/0x160
[ 32.018575] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 32.018773] do_syscall_64+0x3b/0x90
[ 32.018929] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 32.019142] RIP: 0033:0x7f94d77fa59d
[ 32.019292] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 8
[ 32.020005] RSP: 002b:00007fff58b77f18 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[ 32.020305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f94d77fa59d
[ 32.020585] RDX: 0000000020000000 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 32.020865] RBP: 00007fff58b77f30 R08: 00007fff58b78010 R09: 00007fff58b78010
[ 32.021146] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401050
[ 32.021429] R13: 00007fff58b78010 R14: 0000000000000000 R15: 0000000000000000
[ 32.021718] </TASK>
[ 32.021812] irq event stamp: 4817
[ 32.021959] hardirqs last enabled at (4827): [<ffffffff811d4a61>] __up_console_sem+0x91/0xb0
[ 32.022302] hardirqs last disabled at (4834): [<ffffffff811d4a46>] __up_console_sem+0x76/0xb0
[ 32.022644] softirqs last enabled at (4678): [<ffffffff82f9c233>] __do_softirq+0x323/0x48a
[ 32.022972] softirqs last disabled at (4673): [<ffffffff81123152>] irq_exit_rcu+0xd2/0x100
[ 32.023298] ---[ end trace 0000000000000000 ]---
Bisected and found first bad commit:
f4b20bb34c83dceade5470288f48f94ce3598ada
iommufd: Add kernel support for testing iommufd
Reverted above commit on top of v6.2 kernel and made kernel failed.
So could not double confirm the bisect result by revert commit on top of v6.2
for this issue.
---
If you don't need an environment to reproduce the problem or if you already
have one, please ignore the following information.
How to reproduce:
git clone https://gitlab.com/xupengfe/repro_vm_env.git
cd repro_vm_env
tar -xvf repro_vm_env.tar.gz
cd repro_vm_env; ./start3.sh // it needs qemu-system-x86_64 and I used v7.1.0
// start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel
// You could change the bzImage_xxx as you want
In vm and login with root, there is no password for root.
After login vm successfully, you could transfer reproduced binary to the VM by below way, and reproduce the problem:
gcc -pthread -o repro repro.c
scp -P 10023 repro root@...alhost:/root/
Get the bzImage for target kernel:
Please use target kconfig and copy it to kernel_src/.config
make olddefconfig
make -jx bzImage //x should equal or less than cpu num your pc has
Fill the bzImage file into above start3.sh to load the target kernel vm.
Tips:
If you already have qemu-system-x86_64, please ignore below info.
If you want to install qemu v7.1.0 version:
git clone https://github.com/qemu/qemu.git
cd qemu
git checkout -f v7.1.0
mkdir build
cd build
yum install -y ninja-build.x86_64
../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl
make
make install
Thanks!
BR.
Powered by blists - more mailing lists