lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8414a2adfee94b589458766b52f49421@AcuMS.aculab.com>
Date:   Wed, 24 May 2023 12:54:20 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Arnd Bergmann' <arnd@...db.de>,
        Naresh Kamboju <naresh.kamboju@...aro.org>,
        open list <linux-kernel@...r.kernel.org>,
        linux-stable <stable@...r.kernel.org>,
        linux-mm <linux-mm@...ck.org>, "LTP List" <ltp@...ts.linux.it>,
        "lkft-triage@...ts.linaro.org" <lkft-triage@...ts.linaro.org>,
        X86 ML <x86@...nel.org>
CC:     Thomas Gleixner <tglx@...utronix.de>,
        Andy Lutomirski <luto@...nel.org>,
        Ingo Molnar <mingo@...hat.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dan Carpenter <dan.carpenter@...aro.org>,
        Anders Roxell <anders.roxell@...aro.org>
Subject: RE: qemu-x86_64 compat: LTP: controllers: RIP: 0010:__alloc_pages

From: Arnd Bergmann
> Sent: 24 May 2023 12:18
> 
> On Wed, May 24, 2023, at 11:02, Naresh Kamboju wrote:
> > While running LTP controllers following kernel crash noticed on qemu-x86_64
> > compat mode with stable-rc 6.3.4-rc2.
> >
> > Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
> >
> >  Linux version 6.3.4-rc2 (tuxmake@...make) (x86_64-linux-gnu-gcc
> > (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1
> > SMP PREEMPT_DYNAMIC @1684862676
> > ..
> > ./runltp -f controllers
> > ...
> > cpuset_inherit 11 TPASS: cpus: Inherited information is right!
> > cpuset_inherit 13 TPASS: mems: Inherited information is right!
> > <4>[ 1130.117922] int3: 0000 [#1] PREEMPT SMP PTI
> > <4>[ 1130.118132] CPU: 0 PID: 32748 Comm: cpuset_inherit_ Not tainted
> > 6.3.4-rc2 #1
> > <4>[ 1130.118216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> > BIOS 1.14.0-2 04/01/2014
> > <4>[ 1130.118320] RIP: 0010:__alloc_pages+0xeb/0x340
> > <4>[ 1130.118605] Code: 48 c1 e0 04 48 8d 84 01 00 13 00 00 48 89 45
> > a8 8b 05 d9 31 cf 01 85 c0 0f 85 05 02 00 00 89 d8 c1 e8 03 83 e0 03
> > 89 45 c0 66 <90> 41 89 df 41 be 01 00 00 00 f6 c7 04 75 66 44 89 e6 89
> > df e8 ec
> 
> I haven't figured out what is going on here, but I tracked down
> the trapping instruction <90> to the middle of the 'xchg   %ax,%ax'
> two-byte nop in:
> 
> ffffffff814218f4:       83 e0 03                and    $0x3,%eax
> ffffffff814218f7:       89 45 c0                mov    %eax,-0x40(%rbp)
> ffffffff814218fa:       66 90                   xchg   %ax,%ax
> ffffffff814218fc:       41 89 df                mov    %ebx,%r15d
> ffffffff814218ff:       41 be 01 00 00 00       mov    $0x1,%r14d
> 
> which in turn is the cpusets_enabled() check in prepare_alloc_pages().

Does that code actually match the call/return stack?

It is pretty much impossible to get a trap on an 0x90 byte.
I think you'd need to jump to it and then get a page fault.

So I bet that isn't the code that was actually being executed.
So either the fault address is garbage or something horrid(tm)
has happened to the page tables.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ