| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251119013808.GA1264583@ax162>
Date: Tue, 18 Nov 2025 18:38:08 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Paul Walmsley <pjw@...nel.org>, Jiakai Xu <xujiakai2025@...as.ac.cn>
Cc: linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>, Alexandre Ghiti <alex@...ti.fr>,
namcao@...utronix.de
Subject: Re: Re: [PATCH] riscv: fix KUnit test_kprobes crash when building
with Clang
Hi Paul and Jiakai,
On Tue, Nov 18, 2025 at 01:21:50PM -0700, Paul Walmsley wrote:
> Not all of it, but some edited summary is appropriate. I've queued the
> following revision for v6.18-rc fixes, under the theory that it would be
> good to get the test working for Clang users while the LLVM folks
> investigate. Please let us know ASAP if you think anything in it should
> be changed. I plan to send a PR out later this week.
I spent some time today trying to minimize a small set of configurations
that triggers this issue on top of defconfig since that occasionally
reveals a path to head down for triage and I landed on:
$ cat arch/riscv/configs/repro.config
CONFIG_KPROBES=y
CONFIG_KUNIT=y
CONFIG_RELOCATABLE=y
CONFIG_RISCV_KPROBES_KUNIT=y
$ make -skj"$(nproc)" ARCH=riscv LLVM=1 clean defconfig repro.config Image
$ curl -LSs https://github.com/ClangBuiltLinux/boot-utils/releases/download/20241120-044434/riscv-rootfs.cpio.zst | zstd -d >rootfs.cpio
$ qemu-system-riscv64 \
-display none \
-nodefaults \
-bios default \
-M virt \
-append earlycon \
-kernel arch/riscv/boot/Image \
-initrd rootfs.cpio \
-m 512m \
-serial mon:stdio
...
[ 0.000000] Booting Linux on hartid 0
[ 0.000000] Linux version 6.18.0-rc6-dirty (nathan@...62) (ClangBuiltLinux clang version 21.1.5 (https://github.com/llvm/llvm-project.git 8e2cd28cd4ba46613a46467b0c91b1cabead26cd), ClangBuiltLinux LLD 21.1.5 (https://github.com/llvm/llvm-project.git 8e2cd28cd4ba46613a46467b0c91b1cabead26cd)) #1 SMP Tue Nov 18 17:58:23 MST 2025
...
[ 1.041311] KTAP version 1
[ 1.041433] 1..1
[ 1.042111] KTAP version 1
[ 1.042310] # Subtest: kprobes_riscv
[ 1.042610] # module: kprobes_riscv_kunit
[ 1.042732] 1..1
[ 1.047104] ------------[ cut here ]------------
[ 1.047293] WARNING: CPU: 0 PID: 45 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0x160/0x228
[ 1.047602] Modules linked in:
[ 1.047851] CPU: 0 UID: 0 PID: 45 Comm: kunit_try_catch Tainted: G N 6.18.0-rc6-dirty #1 NONE
[ 1.047933] Tainted: [N]=TEST
[ 1.047948] Hardware name: riscv-virtio,qemu (DT)
[ 1.048024] epc : __alloc_frozen_pages_noprof+0x160/0x228
[ 1.048057] ra : ___kmalloc_large_node+0x52/0x1a0
[ 1.048073] epc : ffffffff8023e2e8 ra : ffffffff80247c26 sp : ff200000001f3c10
[ 1.048086] gp : ffffffff81a25900 tp : ff600000023924c0 t0 : 00000000264163d0
[ 1.048097] t1 : 00000000264163d0 t2 : 00000000000aae60 s0 : ff200000001f3c90
[ 1.048108] s1 : 000000000a83ca20 a0 : 0000000000000001 a1 : ffffffff819e71ba
[ 1.048119] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 000000003b9aca00
[ 1.048130] a5 : 0000000000016698 a6 : ff600000021480d0 a7 : 00000000000aae60
[ 1.048140] s2 : 0000000000000010 s3 : ffffffff8024857a s4 : 0000000000000dc0
[ 1.048151] s5 : ffffffff80018e20 s6 : ff2000000000bb40 s7 : 0000000000000000
[ 1.048161] s8 : 0000000000000000 s9 : 0000000000166e7c s10: 0000000000000000
[ 1.048171] s11: 0000000000000000 t3 : 0000000000000000 t4 : 0000000000000002
[ 1.048181] t5 : ff60000002392580 t6 : 0000000000000001
[ 1.048191] status: 0000000200000120 badaddr: ffffffff8023e2e8 cause: 0000000000000003
[ 1.048281] [<ffffffff8023e2e8>] __alloc_frozen_pages_noprof+0x160/0x228
[ 1.048362] [<ffffffff80247c26>] ___kmalloc_large_node+0x52/0x1a0
[ 1.048374] [<ffffffff80247dd8>] __kmalloc_large_node_noprof+0x1c/0x114
[ 1.048384] [<ffffffff8024857a>] __kmalloc_noprof+0x252/0x450
[ 1.048393] [<ffffffff80018ae6>] test_kprobe_riscv+0x5a/0x210
[ 1.048406] [<ffffffff8050d6a6>] kunit_try_run_case+0x5a/0x15c
[ 1.048417] [<ffffffff8050f69a>] kunit_generic_run_threadfn_adapter+0x1a/0x34
[ 1.048439] [<ffffffff8004fa88>] kthread+0x178/0x1a0
[ 1.048450] [<ffffffff8001311a>] ret_from_fork_kernel+0xe/0x48
[ 1.048464] [<ffffffff80b500f2>] ret_from_fork_kernel_asm+0x16/0x1c
[ 1.048513] ---[ end trace 0000000000000000 ]---
[ 1.056832] # test_kprobe_riscv: EXPECTATION FAILED at arch/riscv/kernel/tests/kprobes/test-kprobes.c:24
[ 1.056832] Expected kp to be true, but is false
[ 1.058370] not ok 1 test_kprobe_riscv
[ 1.058484] not ok 1 kprobes_riscv
...
This appears to happen back to LLVM 15 so I am not sure it is a recent
recent regression on the toolchain side.
Without CONFIG_RELOCATABLE enabled, the test passes:
[ 1.049384] KTAP version 1
[ 1.049656] 1..1
[ 1.050246] KTAP version 1
[ 1.050447] # Subtest: kprobes_riscv
[ 1.050760] # module: kprobes_riscv_kunit
[ 1.050867] 1..1
[ 1.061790] ok 1 test_kprobe_riscv
[ 1.061929] ok 1 kprobes_riscv
Interestingly, if I enable CONFIG_RISCV_KPROBES_KUNIT as a module, I get
a failure when trying to load it in QEMU:
~ # modprobe kprobes_riscv_kunit
[ 42.214642] kprobes_riscv_kunit: The unexpected relocation type 'R_RISCV_ALIGN' from PC = 00000000abb84ce7
[ 42.222778] kprobes_riscv_kunit: The unexpected relocation type 'R_RISCV_ALIGN' from PC = 00000000abb84ce7
modprobe: can't load module kprobes_riscv_kunit (kernel/arch/riscv/kernel/tests/kprobes/kprobes_riscv_kunit.ko): Invalid argument
which is probably unrelated but I figured it was worth mentioning, as it
does not allow me to see if this has something to do with the flags
added to LDFLAGS_vmlinux.
Maybe this is useful for the upstream report and further triage.
Cheers,
Nathan
Powered by blists - more mailing lists