| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jul 2023 15:02:48 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>,
<oliver.sang@...el.com>
Subject: [linus:master] [gup] a425ac5365:
WARNING:at_mm/gup.c:#__get_user_pages
Hello,
kernel test robot noticed "WARNING:at_mm/gup.c:#__get_user_pages" on:
commit: a425ac5365f6cb3cc47bf83e6bff0213c10445f7 ("gup: add warning if some caller would seem to want stack expansion")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
we noticed this commit 'add a (temporary) warning' for the case that
'anybody actually does anything quite this strange'.
and in our this test, the warning hits. just FYI.
[test failed on linus/master a901a3568fd26ca9c4a82d8bc5ed5b3ed844d451]
[test failed on linux-next/master 296d53d8f84ce50ffaee7d575487058c8d437335]
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-00
nr_groups: 5
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
compiler: clang-15
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202307041023.bcdbbfc0-oliver.sang@intel.com
[ 410.961829][ T3941] WARNING: CPU: 1 PID: 3941 at mm/gup.c:1101 __get_user_pages (mm/gup.c:1101)
[ 410.963037][ T3941] Modules linked in: ipmi_devintf ipmi_msghandler crc32c_intel sha512_ssse3 sg pcspkr evdev floppy tiny_power_button button fuse
[ 410.964888][ T3941] CPU: 1 PID: 3941 Comm: trinity-c2 Not tainted 6.4.0-rc7-00013-ga425ac5365f6 #1
[ 410.966162][ T3941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 410.967315][ T3941] RIP: 0010:__get_user_pages (mm/gup.c:1101)
[ 410.967988][ T3941] Code: f6 ff 49 8b 5e 20 81 e3 00 01 00 00 48 89 dd 48 c1 ed 08 48 c7 c7 40 9c 2a bd 89 ee 31 d2 31 c9 e8 0e cd f3 ff 48 85 db 74 02 <0f> 0b 48 c7 c7 70 9c 2a bd 89 ee 31 d2 31 c9 e8 f5 cc f3 ff 48 8b
All code
========
0: f6 ff idiv %bh
2: 49 8b 5e 20 mov 0x20(%r14),%rbx
6: 81 e3 00 01 00 00 and $0x100,%ebx
c: 48 89 dd mov %rbx,%rbp
f: 48 c1 ed 08 shr $0x8,%rbp
13: 48 c7 c7 40 9c 2a bd mov $0xffffffffbd2a9c40,%rdi
1a: 89 ee mov %ebp,%esi
1c: 31 d2 xor %edx,%edx
1e: 31 c9 xor %ecx,%ecx
20: e8 0e cd f3 ff call 0xfffffffffff3cd33
25: 48 85 db test %rbx,%rbx
28: 74 02 je 0x2c
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 c7 c7 70 9c 2a bd mov $0xffffffffbd2a9c70,%rdi
33: 89 ee mov %ebp,%esi
35: 31 d2 xor %edx,%edx
37: 31 c9 xor %ecx,%ecx
39: e8 f5 cc f3 ff call 0xfffffffffff3cd33
3e: 48 rex.W
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 c7 c7 70 9c 2a bd mov $0xffffffffbd2a9c70,%rdi
9: 89 ee mov %ebp,%esi
b: 31 d2 xor %edx,%edx
d: 31 c9 xor %ecx,%ecx
f: e8 f5 cc f3 ff call 0xfffffffffff3cd09
14: 48 rex.W
15: 8b .byte 0x8b
[ 410.970326][ T3941] RSP: 0018:ffff8881478bfa10 EFLAGS: 00010206
[ 410.971186][ T3941] RAX: 0000000000000000 RBX: 0000000000000100 RCX: 0000000000000000
[ 410.972183][ T3941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 410.973321][ T3941] RBP: 0000000000000001 R08: 0001ffffffffffff R09: 0000000000000000
[ 410.974484][ T3941] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000f69a9000
[ 410.975470][ T3941] R13: 0000000000000000 R14: ffff8881560d7708 R15: 0000000000000000
[ 410.976511][ T3941] FS: 0000000000000000(0000) GS:ffff88842fa00000(0063) knlGS:00000000f7f1c280
[ 410.977654][ T3941] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 410.978442][ T3941] CR2: 00000000f72ae000 CR3: 0000000155633000 CR4: 00000000000406a0
[ 410.979480][ T3941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 410.980467][ T3941] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 410.981514][ T3941] Call Trace:
[ 410.981989][ T3941] <TASK>
[ 410.982436][ T3941] ? __warn (kernel/panic.c:673)
[ 410.983007][ T3941] ? __get_user_pages (mm/gup.c:1101)
[ 410.983719][ T3941] ? report_bug (lib/bug.c:?)
[ 410.984500][ T3941] ? handle_bug (arch/x86/kernel/traps.c:324)
[ 410.985177][ T3941] ? exc_invalid_op (arch/x86/kernel/traps.c:345)
[ 410.985772][ T3941] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568)
[ 410.986410][ T3941] ? __get_user_pages (mm/gup.c:1101)
[ 410.987100][ T3941] ? pvclock_clocksource_read_nowd (arch/x86/include/asm/pvclock.h:36 arch/x86/kernel/pvclock.c:79 arch/x86/kernel/pvclock.c:120)
[ 410.987939][ T3941] __gup_longterm_locked (mm/gup.c:1389)
[ 410.988605][ T3941] ? process_vm_rw (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/linux/mmap_lock.h:35 include/linux/mmap_lock.h:143 mm/process_vm_access.c:104 mm/process_vm_access.c:215 mm/process_vm_access.c:283)
[ 410.989355][ T3941] ? process_vm_rw (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/linux/mmap_lock.h:35 include/linux/mmap_lock.h:143 mm/process_vm_access.c:104 mm/process_vm_access.c:215 mm/process_vm_access.c:283)
[ 410.990202][ T3941] ? is_valid_gup_args (mm/gup.c:2162)
[ 410.991069][ T3941] pin_user_pages_remote (mm/gup.c:3132)
[ 410.991884][ T3941] process_vm_rw (mm/process_vm_access.c:105)
[ 410.992728][ T3941] ? __ct_user_exit (kernel/context_tracking.c:623)
[ 410.993526][ T3941] __ia32_sys_process_vm_readv (mm/process_vm_access.c:295 mm/process_vm_access.c:291 mm/process_vm_access.c:291)
[ 410.994422][ T3941] __do_fast_syscall_32 (arch/x86/entry/common.c:? arch/x86/entry/common.c:178)
[ 410.995197][ T3941] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165)
[ 410.995988][ T3941] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165)
[ 411.000892][ T3941] ? irqentry_exit (kernel/entry/common.c:446)
[ 411.001656][ T3941] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 411.002442][ T3941] do_SYSENTER_32 (arch/x86/entry/common.c:246)
[ 411.003178][ T3941] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:122)
[ 411.004161][ T3941] RIP: 0023:0xf7f21539
[ 411.004859][ T3941] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
4: 10 07 adc %al,(%rdi)
6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
a: 10 08 adc %cl,(%rax)
c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
To reproduce:
# build kernel
cd linux
cp config-6.4.0-rc7-00013-ga425ac5365f6 .config
make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
View attachment "config-6.4.0-rc7-00013-ga425ac5365f6" of type "text/plain" (159429 bytes)
View attachment "job-script" of type "text/plain" (4726 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (21140 bytes)
View attachment "trinity" of type "text/plain" (13146 bytes)
Powered by blists - more mailing lists