lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y/hOiilV1wJvu/Hv@xpf.sh.intel.com>
Date:   Fri, 24 Feb 2023 13:43:38 +0800
From:   Pengfei Xu <pengfei.xu@...el.com>
To:     <jgg@...pe.ca>
CC:     <baolu.lu@...el.com>, <yi.l.liu@...el.com>, <kevin.tian@...el.com>,
        <heng.su@...el.com>, <linux-kernel@...r.kernel.org>
Subject: [Syzkaller & bisect] There was "iommufd_test" WARNING in v6.2 in
 guest

Hi Jason,

Greeting!

Platform: ADL-S and x86 platforms
Host kernel 6.2.0-rc7 which doesn't enable iommufd by host kconfig setting as
below:
"# CONFIG_IOMMUFD is not set"

Guest kconfig with iommufd enabled: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/kconfig_origin
Reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/repro.c
v6.2 problem dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/v6.2_c9c3395d5e3dcc6daee66c6908354d47bf98cb0c_dmesg.log
Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/bisect_info.log

There was "iommufd_test" WARNING in v6.2 in guest:
[   32.012827] ------------[ cut here ]------------
[   32.013027] WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufd_test+0xb19/0x16f0
[   32.013410] Modules linked in:
[   32.013540] CPU: 1 PID: 393 Comm: repro Not tainted 6.2.0-c9c3395d5e3d #1
[   32.013809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[   32.014372] RIP: 0010:iommufd_test+0xb19/0x16f0
[   32.014566] Code: 94 c4 31 ff 44 89 e6 e8 a5 54 17 ff 45 84 e4 0f 85 bb 0b 00 00 41 be fb ff ff ff e8 31 53 17 ff e9 a0 f7 ff ff e8 27 53 17 ff <0f> 0b 41 be 8
[   32.015281] RSP: 0018:ffffc90000eabdc0 EFLAGS: 00010246
[   32.015493] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8214c487
[   32.015773] RDX: 0000000000000000 RSI: ffff88800f5c8000 RDI: 0000000000000002
[   32.016053] RBP: ffffc90000eabe48 R08: 0000000000000000 R09: 0000000000000001
[   32.016333] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000cd2b0000
[   32.016613] R13: 00000000cd2af000 R14: 0000000000000000 R15: ffffc90000eabe68
[   32.016894] FS:  00007f94d76d5740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
[   32.017211] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.017447] CR2: 0000000020000043 CR3: 0000000006880006 CR4: 0000000000770ee0
[   32.017730] PKRU: 55555554
[   32.017843] Call Trace:
[   32.017960]  <TASK>
[   32.018054]  ? write_comp_data+0x2f/0x90
[   32.018226]  iommufd_fops_ioctl+0x1ef/0x310
[   32.018408]  __x64_sys_ioctl+0x10e/0x160
[   32.018575]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[   32.018773]  do_syscall_64+0x3b/0x90
[   32.018929]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   32.019142] RIP: 0033:0x7f94d77fa59d
[   32.019292] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 8
[   32.020005] RSP: 002b:00007fff58b77f18 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   32.020305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f94d77fa59d
[   32.020585] RDX: 0000000020000000 RSI: 0000000000003ba0 RDI: 0000000000000003
[   32.020865] RBP: 00007fff58b77f30 R08: 00007fff58b78010 R09: 00007fff58b78010
[   32.021146] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401050
[   32.021429] R13: 00007fff58b78010 R14: 0000000000000000 R15: 0000000000000000
[   32.021718]  </TASK>
[   32.021812] irq event stamp: 4817
[   32.021959] hardirqs last  enabled at (4827): [<ffffffff811d4a61>] __up_console_sem+0x91/0xb0
[   32.022302] hardirqs last disabled at (4834): [<ffffffff811d4a46>] __up_console_sem+0x76/0xb0
[   32.022644] softirqs last  enabled at (4678): [<ffffffff82f9c233>] __do_softirq+0x323/0x48a
[   32.022972] softirqs last disabled at (4673): [<ffffffff81123152>] irq_exit_rcu+0xd2/0x100
[   32.023298] ---[ end trace 0000000000000000 ]---

Bisected and found first bad commit:
f4b20bb34c83dceade5470288f48f94ce3598ada
iommufd: Add kernel support for testing iommufd
Reverted above commit on top of v6.2 kernel and made kernel failed.
So could not double confirm the bisect result by revert commit on top of v6.2
for this issue.

---

If you don't need an environment to reproduce the problem or if you already
have one, please ignore the following information.

How to reproduce:
git clone https://gitlab.com/xupengfe/repro_vm_env.git
cd repro_vm_env
tar -xvf repro_vm_env.tar.gz
cd repro_vm_env; ./start3.sh  // it needs qemu-system-x86_64 and I used v7.1.0
   // start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel
   // You could change the bzImage_xxx as you want
In vm and login with root,  there is no password for root.

After login vm successfully, you could transfer reproduced binary to the VM by below way, and reproduce the problem:
gcc -pthread -o repro repro.c
scp -P 10023 repro root@...alhost:/root/

Get the bzImage for target kernel:
Please use target kconfig and copy it to kernel_src/.config
make olddefconfig
make -jx bzImage           //x should equal or less than cpu num your pc has

Fill the bzImage file into above start3.sh to load the target kernel vm.

Tips:
If you already have qemu-system-x86_64, please ignore below info.
If you want to install qemu v7.1.0 version:
git clone https://github.com/qemu/qemu.git
cd qemu
git checkout -f v7.1.0
mkdir build
cd build
yum install -y ninja-build.x86_64
../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl
make
make install

Thanks!
BR.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ