lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2f1a5621-1c3b-4c2e-97c4-86e36bc47788@lucifer.local>
Date: Tue, 1 Oct 2024 09:49:50 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: Bert Karwatzki <spasswolf@....de>
Cc: "Liam R . Howlett" <Liam.Howlett@...cle.com>,
        Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v8 14/21] mm/mmap: Avoid zeroing vma tree in mmap_region()

On Tue, Oct 01, 2024 at 10:38:35AM GMT, Bert Karwatzki wrote:
> Am Dienstag, dem 01.10.2024 um 09:02 +0100 schrieb Lorenzo Stoakes:
> > On Tue, Oct 01, 2024 at 04:34:00AM GMT, Bert Karwatzki wrote:
> > > I just noticed (via a bisect between v6.11 and v6.12-rc1) that this patch
> > > (commit f8d112a4e657 in linux-next tree) leads to a severe memory corruption
> > > error under these (rather rare) circumstances:
> > > 1. Start a 32bit windows game via steam (which uses proton, steam's version of wine)
> > > 2. When starting the game you the proton version used has to be updated
> >
> > Yikes. Thanks for the report, very very much appreciated. Will look into
> > this as Liam is out until next week.
> >
> > How repro is this? Is it consistent?
>
> Reproducability is 100%, only the method is weird, you have to switch to an
> older version of proton in the steam settings of the game, start the game and
> then switch back to the new version and start the game again.
>  It might also be possible using standard wine and repeatedly upgrading and
> downgrading wine and (I have not tried this, yet ...)
>

OK that's good.

Actually a quick one if you have a sec - could you try the same thing with tip
of Linus's tree?

This will help eliminate any other possible cause.

Thanks!

And again very grateful for you taking the time to report this/provide details.

> >
> > Can you confirm exactly what commit you are at in the kernel when you
> > generate the below dmesg?
> >
> > If you are able to reliably repro, could you try again with:
>
> Kernel is "commit f8d112a4e657 (HEAD) mm/mmap: avoid zeroing vma tree in
> mmap_region()" in linux-next tree.

Thanks!

>
>
> >
> > CONFIG_DEBUG_VM, CONFIG_DEBUG_VM_MAPLE_TREE and CONFIG_DEBUG_MAPLE_TREE enabled?
> >
> > Might be useful to get CONFIG_KASAN on the go too... and CONFIG_DEBUG_INFO :))
> >
> > Actually CONFIG_LOCKDEP and CONFIG_PROVE_LOCKING would be handy here too...
> >
> > Very much appreciated!
> >
> > >
> > > The effect is the following: The updating process of proton hangs and the game does
> > > not start and even after an exit from steam two processes remain, one of them at
> > > 100% CPU:
> > > $ ps aux | grep rundll
> > > bert      222638  1.7  0.1 2054868 87492 ?       Ss   23:14   0:01 C:\windows\syswow64\rundll32.exe setupapi,InstallHinfSection Wow64Install 128 \\?\Z:\mnt\data\.steam\debian-installation\steamapps\common\Proton - Experimental\files\share\wine\wine.inf
> > > bert      222639 99.8  0.0 2054868 2380 ?        R    23:14   1:01 C:\windows\syswow64\rundll32.exe setupapi,InstallHinfSection Wow64Install 128 \\?\Z:\mnt\data\.steam\debian-installation\steamapps\common\Proton - Experimental\files\share\wine\wine.inf
> >
> > Is there any dmesg at this point? Or not?
>
> As long as I don not try to kill those processes there's no error message (but I
> only have let them run for a few minutes ...)

Ugh ok I'm thinking debug config options should throw things up.

>
> >
> > >
> > > When trying to kill those processes with "killall rundll32.exe", these error happen:
> > >
> > > [ T4313] ------------[ cut here ]------------
> > > [ T4313] WARNING: CPU: 6 PID: 4313 at include/linux/rwsem.h:85 free_pgtables+0x233/0x250
> >
> > That should be rwsem_assert_held_write_nolockdep() if my kernel is not too
> > different from yours, which suggests we're asserting that a write lock is
> > held and it's not...
> >
>
> Yes, that's the warning.

Thanks, that's really crazy though.

Digging further...

>
> Bert Karwatzki
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ