lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZUEq9_0vJzmnW5ed@FVFF77S0Q05N>
Date:   Tue, 31 Oct 2023 16:27:35 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Naresh Kamboju <naresh.kamboju@...aro.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        Oliver Upton <oliver.upton@...ux.dev>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        lkft-triage@...ts.linaro.org, Arnd Bergmann <arnd@...db.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Anders Roxell <anders.roxell@...aro.org>,
        Dan Carpenter <dan.carpenter@...aro.org>,
        LTP List <ltp@...ts.linux.it>, Petr Vorel <pvorel@...e.cz>
Subject: Re: qemu-arm64: handle_futex_death - kernel/futex/core.c:661 -
 Unable to handle kernel unknown 43 at virtual address

On Mon, Oct 30, 2023 at 09:14:56AM +0100, Ard Biesheuvel wrote:
> From 97dea432bceadfcece84484609374c277afc2c81 Mon Sep 17 00:00:00 2001
> From: Ard Biesheuvel <ardb@...nel.org>
> Date: Sat, 28 Oct 2023 09:40:29 +0200
> Subject: [PATCH v2] Add missing ESR decoding for level -1 translation faults
> 
> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>

As a heads-up, looking at this some more we'll also need to rework the usage of
of ESR_ELx_FSC_TYPE and ESR_ELx_FSC_LEVEL, since those no longer work correctly
Level -1 xFSC value. ESR_ELx_FSC_TYPE is 0x3c and ESR_ELx_FSC_LEVEL is 0x3, and
work on the basis that the xFSC fault types are encoded as xxxxyy, where the
xxxx is the type and the yy is the level (0 to 3).

That didn't expand naturally to level -1. For example, Level {0,1,2,3}
translation faults get reported as 0b0001xx, where the xx encodes the level,
while Level -1 translation faults get reported as 0b101011.

That ends up affecting:

* All the is_${FOO}_fault() predicat functions, e.g. is_translation_fault(),
  is_el1_permission_fault() and is_spurious_el1_translation_fault().

* Places where we synthesize an xFSC value, e.g. set_thread_esr()

* A bunch of KVM due to the use of kvm_vcpu_trap_get_fault_type()

... and we probably need to remove ESR_ELx_FSC_TYPE and ESR_ELx_FSC_LEVEL
entirely to avoid the possiblity of misuse.

Mark.

> ---
>  arch/arm64/mm/fault.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
> index 2e5d1e238af9..13f192691060 100644
> --- a/arch/arm64/mm/fault.c
> +++ b/arch/arm64/mm/fault.c
> @@ -780,18 +780,18 @@ static const struct fault_info fault_info[] = {
>  	{ do_translation_fault,	SIGSEGV, SEGV_MAPERR,	"level 1 translation fault"	},
>  	{ do_translation_fault,	SIGSEGV, SEGV_MAPERR,	"level 2 translation fault"	},
>  	{ do_translation_fault,	SIGSEGV, SEGV_MAPERR,	"level 3 translation fault"	},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 8"			},
> +	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 0 access flag fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 1 access flag fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 2 access flag fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 3 access flag fault"	},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 12"			},
> +	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 0 permission fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 1 permission fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 2 permission fault"	},
>  	{ do_page_fault,	SIGSEGV, SEGV_ACCERR,	"level 3 permission fault"	},
>  	{ do_sea,		SIGBUS,  BUS_OBJERR,	"synchronous external abort"	},
>  	{ do_tag_check_fault,	SIGSEGV, SEGV_MTESERR,	"synchronous tag check fault"	},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 18"			},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 19"			},
> +	{ do_sea,		SIGKILL, SI_KERNEL,	"level -1 (translation table walk)"	},
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 0 (translation table walk)"	},
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 1 (translation table walk)"	},
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 2 (translation table walk)"	},
> @@ -799,7 +799,7 @@ static const struct fault_info fault_info[] = {
>  	{ do_sea,		SIGBUS,  BUS_OBJERR,	"synchronous parity or ECC error" },	// Reserved when RAS is implemented
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 25"			},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 26"			},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 27"			},
> +	{ do_sea,		SIGKILL, SI_KERNEL,	"level -1 synchronous parity error (translation table walk)"	},	// Reserved when RAS is implemented
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 0 synchronous parity error (translation table walk)"	},	// Reserved when RAS is implemented
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 1 synchronous parity error (translation table walk)"	},	// Reserved when RAS is implemented
>  	{ do_sea,		SIGKILL, SI_KERNEL,	"level 2 synchronous parity error (translation table walk)"	},	// Reserved when RAS is implemented
> @@ -813,9 +813,9 @@ static const struct fault_info fault_info[] = {
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 38"			},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 39"			},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 40"			},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 41"			},
> +	{ do_bad,		SIGKILL, SI_KERNEL,	"level -1 address size fault"	},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 42"			},
> -	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 43"			},
> +	{ do_translation_fault,	SIGSEGV, SEGV_MAPERR,	"level -1 translation fault"	},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 44"			},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 45"			},
>  	{ do_bad,		SIGKILL, SI_KERNEL,	"unknown 46"			},
> -- 
> 2.42.0.820.g83a721a137-goog
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ