lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZwkjPKKxRKUoJuOE@kernel.org>
Date: Fri, 11 Oct 2024 16:08:12 +0300
From: Mike Rapoport <rppt@...nel.org>
To: kernel test robot <oliver.sang@...el.com>
Cc: oe-lkp@...ts.linux.dev, lkp@...el.com,
	Linux Memory Management List <linux-mm@...ck.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andreas Larsson <andreas@...sler.com>,
	Andy Lutomirski <luto@...nel.org>, Ard Biesheuvel <ardb@...nel.org>,
	Arnd Bergmann <arnd@...db.de>, Borislav Petkov <bp@...en8.de>,
	Brian Cain <bcain@...cinc.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Christophe Leroy <christophe.leroy@...roup.eu>,
	Christoph Hellwig <hch@...radead.org>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Dinh Nguyen <dinguyen@...nel.org>,
	Geert Uytterhoeven <geert@...ux-m68k.org>,
	Guo Ren <guoren@...nel.org>, Helge Deller <deller@....de>,
	Huacai Chen <chenhuacai@...nel.org>, Ingo Molnar <mingo@...hat.com>,
	Johannes Berg <johannes@...solutions.net>,
	John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
	Kent Overstreet <kent.overstreet@...ux.dev>,
	"Liam R. Howlett" <Liam.Howlett@...cle.com>,
	Luis Chamberlain <mcgrof@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Matt Turner <mattst88@...il.com>, Max Filippov <jcmvbkbc@...il.com>,
	Michael Ellerman <mpe@...erman.id.au>,
	Michal Simek <monstr@...str.eu>, Oleg Nesterov <oleg@...hat.com>,
	Palmer Dabbelt <palmer@...belt.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Richard Weinberger <richard@....at>,
	Russell King <linux@...linux.org.uk>, Song Liu <song@...nel.org>,
	Stafford Horne <shorne@...il.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	Uladzislau Rezki <urezki@...il.com>,
	Vineet Gupta <vgupta@...nel.org>, Will Deacon <will@...nel.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [linux-next:master] [x86/module]  6661cae1aa:
 WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault

On Fri, Oct 11, 2024 at 02:30:50PM +0800, kernel test robot wrote:
> 
> 
> Hello,
> 
> kernel test robot noticed "WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault" on:
> 
> commit: 6661cae1aa66d826b7ecd7044d0d76c66c015266 ("x86/module: enable ROX caches for module text")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> 
> [test failed on linux-next/master 0cca97bf23640ff68a6e8a74e9b6659fdc27f48c]
> 
> in testcase: boot
> 
> compiler: gcc-12
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

It would have been nice if the report mentioned it was 32-bit kernel.

This patch disables ROX caches on 32-bit, it should fix the issue.

diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index a0ec99fb9385..8ea2355f701a 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -1065,20 +1065,30 @@ static void execmem_fill_trapping_insns(void *ptr, size_t size, bool writeable)
 struct execmem_info __init *execmem_arch_setup(void)
 {
 	unsigned long start, offset = 0;
+	enum execmem_range_flags flags;
+	pgprot_t pgprot;
 
 	if (kaslr_enabled())
 		offset = get_random_u32_inclusive(1, 1024) * PAGE_SIZE;
 
 	start = MODULES_VADDR + offset;
 
+	if (IS_ENABLED(CONFIG_X86_64)) {
+		pgprot = PAGE_KERNEL_ROX;
+		flags = EXECMEM_KASAN_SHADOW | EXECMEM_ROX_CACHE;
+	} else {
+		pgprot = PAGE_KERNEL;
+		flags = EXECMEM_KASAN_SHADOW;
+	}
+
 	execmem_info = (struct execmem_info){
 		.fill_trapping_insns = execmem_fill_trapping_insns,
 		.ranges = {
 			[EXECMEM_MODULE_TEXT] = {
-				.flags	= EXECMEM_KASAN_SHADOW | EXECMEM_ROX_CACHE,
+				.flags	= flags,
 				.start	= start,
 				.end	= MODULES_END,
-				.pgprot	= PAGE_KERNEL_ROX,
+				.pgprot	= pgprot,
 				.alignment = MODULE_ALIGN,
 			},
 			[EXECMEM_KPROBES ... EXECMEM_BPF] = {
 
> +--------------------------------------------------------------+------------+------------+
> |                                                              | d44c348582 | 6661cae1aa |
> +--------------------------------------------------------------+------------+------------+
> | WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault | 0          | 6          |
> | EIP:__cpa_process_fault                                      | 0          | 6          |
> +--------------------------------------------------------------+------------+------------+
> 
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@...el.com>
> | Closes: https://lore.kernel.org/oe-lkp/202410111408.8fe6f604-lkp@intel.com
> 
> 
> [    8.158938][   T98] ------------[ cut here ]------------
> [    8.161035][   T98] CPA: called for zero pte. vaddr = 0 cpa->vaddr = 0
> [ 8.163217][ T98] WARNING: CPU: 0 PID: 98 at arch/x86/mm/pat/set_memory.c:1620 __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [    8.166598][   T98] Modules linked in:
> [    8.167997][   T98] CPU: 0 UID: 0 PID: 98 Comm: udevd Not tainted 6.12.0-rc2-00142-g6661cae1aa66 #1
> [    8.170966][   T98] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 8.174383][ T98] EIP: __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.176288][ T98] Code: d8 51 89 f9 e8 39 fb ff ff 83 c4 0c 85 c0 0f 89 95 fe ff ff e9 60 fe ff ff 8b 03 ff 30 ff 75 e8 68 e0 05 ff c1 e8 7c a8 00 00 <0f> 0b c7 45 ec f2 ff ff ff 83 c4 0c e9 fb fc ff ff 8d 76 00 55 89
> All code
> ========
>    0:	d8 51 89             	fcoms  -0x77(%rcx)
>    3:	f9                   	stc
>    4:	e8 39 fb ff ff       	call   0xfffffffffffffb42
>    9:	83 c4 0c             	add    $0xc,%esp
>    c:	85 c0                	test   %eax,%eax
>    e:	0f 89 95 fe ff ff    	jns    0xfffffffffffffea9
>   14:	e9 60 fe ff ff       	jmp    0xfffffffffffffe79
>   19:	8b 03                	mov    (%rbx),%eax
>   1b:	ff 30                	push   (%rax)
>   1d:	ff 75 e8             	push   -0x18(%rbp)
>   20:	68 e0 05 ff c1       	push   $0xffffffffc1ff05e0
>   25:	e8 7c a8 00 00       	call   0xa8a6
>   2a:*	0f 0b                	ud2		<-- trapping instruction
>   2c:	c7 45 ec f2 ff ff ff 	movl   $0xfffffff2,-0x14(%rbp)
>   33:	83 c4 0c             	add    $0xc,%esp
>   36:	e9 fb fc ff ff       	jmp    0xfffffffffffffd36
>   3b:	8d 76 00             	lea    0x0(%rsi),%esi
>   3e:	55                   	push   %rbp
>   3f:	89                   	.byte 0x89
> 
> Code starting with the faulting instruction
> ===========================================
>    0:	0f 0b                	ud2
>    2:	c7 45 ec f2 ff ff ff 	movl   $0xfffffff2,-0x14(%rbp)
>    9:	83 c4 0c             	add    $0xc,%esp
>    c:	e9 fb fc ff ff       	jmp    0xfffffffffffffd0c
>   11:	8d 76 00             	lea    0x0(%rsi),%esi
>   14:	55                   	push   %rbp
>   15:	89                   	.byte 0x89
> [    8.182574][   T98] EAX: 00000032 EBX: edb81db0 ECX: 0000021d EDX: 00000000
> [    8.185016][   T98] ESI: edb81d4a EDI: 00000000 EBP: edb81d30 ESP: edb81cf8
> [    8.187433][   T98] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010202
> [    8.190182][   T98] CR0: 80050033 CR2: b7c8e548 CR3: 2db88000 CR4: 00040690
> [    8.192564][   T98] Call Trace:
> [ 8.193877][ T98] ? show_regs (arch/x86/kernel/dumpstack.c:479) 
> [ 8.195475][ T98] ? __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.197352][ T98] ? __warn (kernel/panic.c:748) 
> [ 8.198883][ T98] ? __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.200760][ T98] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
> [ 8.202456][ T98] ? __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.204259][ T98] ? exc_overflow (arch/x86/kernel/traps.c:301) 
> [ 8.205893][ T98] ? handle_bug (arch/x86/kernel/traps.c:260) 
> [ 8.207451][ T98] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
> [ 8.209215][ T98] ? handle_exception (arch/x86/entry/entry_32.S:1047) 
> [ 8.210933][ T98] ? exc_overflow (arch/x86/kernel/traps.c:301) 
> [ 8.212585][ T98] ? __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.214504][ T98] ? exc_overflow (arch/x86/kernel/traps.c:301) 
> [ 8.216170][ T98] ? __cpa_process_fault (arch/x86/mm/pat/set_memory.c:1620 arch/x86/mm/pat/set_memory.c:1583) 
> [ 8.218077][ T98] ? __change_page_attr_set_clr (arch/x86/mm/pat/set_memory.c:1808) 
> [ 8.220025][ T98] __change_page_attr (arch/x86/mm/pat/set_memory.c:1644) 
> [ 8.221883][ T98] __change_page_attr_set_clr (arch/x86/mm/pat/set_memory.c:1808) 
> [ 8.223837][ T98] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:63) 
> [ 8.225669][ T98] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:97 arch/x86/include/asm/irqflags.h:155 include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) 
> [ 8.227684][ T98] ? page_address (mm/highmem.c:778) 
> [ 8.229415][ T98] set_direct_map_valid_noflush (arch/x86/mm/pat/set_memory.c:2453) 
> [ 8.231211][ T98] execmem_set_direct_map_valid (mm/execmem.c:53) 
> [ 8.233327][ T98] execmem_alloc (mm/execmem.c:263 mm/execmem.c:291 mm/execmem.c:335 mm/execmem.c:357) 
> [ 8.234958][ T98] move_module (kernel/module/main.c:1220 kernel/module/main.c:2291) 
> [ 8.236569][ T98] layout_and_allocate+0xe7/0x160 
> [ 8.238634][ T98] load_module (kernel/module/main.c:2955) 
> [ 8.240229][ T98] init_module_from_file (kernel/module/main.c:3262) 
> [ 8.242074][ T98] idempotent_init_module (kernel/module/main.c:3196 kernel/module/main.c:3274) 
> [ 8.243946][ T98] __ia32_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3301 kernel/module/main.c:3283 kernel/module/main.c:3283) 
> [ 8.245807][ T98] ia32_sys_call (arch/x86/entry/syscall_32.c:44) 
> [ 8.247342][ T98] do_int80_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:339) 
> [ 8.249008][ T98] entry_INT80_32 (arch/x86/entry/entry_32.S:944) 
> [    8.250662][   T98] EIP: 0xb7dc0222
> [ 8.252022][ T98] Code: 06 89 8a f0 02 00 00 c3 55 57 56 53 8b 6c 24 2c 8b 7c 24 28 8b 74 24 24 8b 54 24 20 8b 4c 24 1c 8b 5c 24 18 8b 44 24 14 cd 80 <5b> 5e 5f 5d 3d 01 f0 ff ff 0f 83 8f b5 f3 ff c3 66 90 66 90 66 90
> All code
> ========
>    0:	06                   	(bad)
>    1:	89 8a f0 02 00 00    	mov    %ecx,0x2f0(%rdx)
>    7:	c3                   	ret
>    8:	55                   	push   %rbp
>    9:	57                   	push   %rdi
>    a:	56                   	push   %rsi
>    b:	53                   	push   %rbx
>    c:	8b 6c 24 2c          	mov    0x2c(%rsp),%ebp
>   10:	8b 7c 24 28          	mov    0x28(%rsp),%edi
>   14:	8b 74 24 24          	mov    0x24(%rsp),%esi
>   18:	8b 54 24 20          	mov    0x20(%rsp),%edx
>   1c:	8b 4c 24 1c          	mov    0x1c(%rsp),%ecx
>   20:	8b 5c 24 18          	mov    0x18(%rsp),%ebx
>   24:	8b 44 24 14          	mov    0x14(%rsp),%eax
>   28:	cd 80                	int    $0x80
>   2a:*	5b                   	pop    %rbx		<-- trapping instruction
>   2b:	5e                   	pop    %rsi
>   2c:	5f                   	pop    %rdi
>   2d:	5d                   	pop    %rbp
>   2e:	3d 01 f0 ff ff       	cmp    $0xfffff001,%eax
>   33:	0f 83 8f b5 f3 ff    	jae    0xfffffffffff3b5c8
>   39:	c3                   	ret
>   3a:	66 90                	xchg   %ax,%ax
>   3c:	66 90                	xchg   %ax,%ax
>   3e:	66 90                	xchg   %ax,%ax
> 
> Code starting with the faulting instruction
> ===========================================
>    0:	5b                   	pop    %rbx
>    1:	5e                   	pop    %rsi
>    2:	5f                   	pop    %rdi
>    3:	5d                   	pop    %rbp
>    4:	3d 01 f0 ff ff       	cmp    $0xfffff001,%eax
>    9:	0f 83 8f b5 f3 ff    	jae    0xfffffffffff3b59e
>    f:	c3                   	ret
>   10:	66 90                	xchg   %ax,%ax
>   12:	66 90                	xchg   %ax,%ax
>   14:	66 90                	xchg   %ax,%ax
> 
> 
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20241011/202410111408.8fe6f604-lkp@intel.com
> 
> 
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
> 

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ