| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a71e7aba-759b-47aa-9170-a4045c52239a@suse.com>
Date: Wed, 28 May 2025 11:19:19 +0200
From: Juergen Gross <jgross@...e.com>
To: Xin Li <xin@...or.com>, Zijlstra Peter <peterz@...radead.org>
Cc: Gupta Pawan <pawan.kumar.gupta@...ux.intel.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
Hansen Dave <dave.hansen@...ux.intel.com>, alexandre.chartre@...cle.com,
Andrew Cooper <andrew.cooper3@...rix.com>, Zhang Tao1 <tao1.zhang@...el.com>
Subject: Re: [Bug Report] Linux v6.15-rc7 boot failure on Xen-4.17
On 28.05.25 10:57, Jürgen Groß wrote:
> On 28.05.25 10:26, Xin Li wrote:
>> On 5/28/2025 12:27 AM, Xin Li wrote:
>>> On 5/27/2025 11:49 PM, Juergen Gross wrote:
>>>> On 28.05.25 07:11, Jürgen Groß wrote:
>>>>> On 27.05.25 21:29, Andrew Cooper wrote:
>>>>>> On 27/05/2025 8:21 pm, Xin Li wrote:
>>>>>>>> On May 27, 2025, at 11:36 AM, Jürgen Groß <jgross@...e.com> wrote:
>>>>>>>>
>>>>>>>> On 27.05.25 19:54, Xin Li wrote:
>>>>>>>>> On 5/27/2025 10:46 AM, Pawan Gupta wrote:
>>>>>>>>>>> Attached is the serial console log and my kernel config.
>>>>>>>>>> Serial logs aren't telling much. I do not have a Xen setup to test,
>>>>>>>>>> without
>>>>>>>>>> Xen the config that you provided is booting a KVM guest just fine.
>>>>>>>>> Yeah, as I replied to Juergen, the same kernel binary boots fine as
>>>>>>>>> "native".
>>>>>>>>> Unfortunately when booting as dom0 on Xen, it keeps rebooting w/o
>>>>>>>>> helpful log.
>>>>>>>> What about booting Xen on bare metal, i.e. no KVM being involved?
>>>>>>> The same exact problem happens on Intel Simics. And I got to see it’s a
>>>>>>> NX page fault in dom0 kernel during apply alternatives.
>>>>>>
>>>>>> In which case it's likely that there's an opencoded PTE update, rather
>>>>>> than using the hooks (which are suitably paravirt'd).
>>>>>
>>>>> I'd suspect a bug when NOT using 2M pages for execmem.
>>>>>
>>>>> I'll have a look.
>>>>
>>>> Could you have a try using "nohugevmalloc" dom0 kernel boot parameter?
>>>>
>>>
>>> Tried in a KVM guest, still the same problem, and nothing new in the
>>> serial log.
>>
>> Attached is a dom0 log with stack traces.
>>
>> But I really did NOT change anything to make it happen...
>
> Thanks.
>
> I think this might be related to Xen not advertising X86_FEATURE_PSE.
>
> This will use PAGE_KERNEL page protection for execmem_alloc() page protection,
> while with X86_FEATURE_PSE PAGE_KERNEL_ROX is being used.
>
> For the kernel (so not in a module) there is no execmem_restore_rox() call
> involved, so the NX bit will be kept for kernel side ITS thunks.
>
> Peter, can you confirm my suspicion?
I just made a small test on my (rather old) system:
I verified that kernel 6.15 is booting fine as Xen dom0 (ITS mitigation
not needed due to old cpu). Then I modified alternative.c to apply the
ITS mitigations nevertheless, which made the kernel crash as Xen dom0.
With the following additional modification boot was working again:
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index bfa444a7dbb0..fac4f9d26132 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -1090,7 +1090,7 @@ struct execmem_info __init *execmem_arch_setup(void)
pgprot = PAGE_KERNEL_ROX;
flags = EXECMEM_KASAN_SHADOW | EXECMEM_ROX_CACHE;
} else {
- pgprot = PAGE_KERNEL;
+ pgprot = PAGE_KERNEL_EXEC;
flags = EXECMEM_KASAN_SHADOW;
}
Juergen
Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists