| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202301022358.7f742b86-yujie.liu@intel.com>
Date: Tue, 3 Jan 2023 08:33:22 +0800
From: kernel test robot <yujie.liu@...el.com>
To: Paul Moore <paul@...l-moore.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
Burn Alting <burn.alting@...et.net.au>,
Jiri Olsa <olsajiri@...il.com>, <netdev@...r.kernel.org>,
<bpf@...r.kernel.org>, <linux-perf-users@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <linux-audit@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
"Stanislav Fomichev" <sdf@...gle.com>
Subject: Re: [PATCH v2] bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD
and PERF_BPF_EVENT_PROG_UNLOAD
Hi Paul,
We noticed that there has been a lot of discussion on this patch, and a
new version will be posted soon. Not sure if the problem in this report
has been spotted or not, so we are sending this report FYI. Thanks.
Greetings,
We noticed BUG:unable_to_handle_page_fault_for_address due to commit (built with gcc-11):
commit: 30e779c8882f2f84869405eef26e37785a1849ac ("[PATCH v2] bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD")
url: https://github.com/intel-lab-lkp/linux/commits/Paul-Moore/bpf-restore-the-ebpf-program-ID-for-BPF_AUDIT_UNLOAD-and-PERF_BPF_EVENT_PROG_UNLOAD/20221224-025703
base: https://git.kernel.org/cgit/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/all/20221223185531.222689-1-paul@paul-moore.com/
patch subject: [PATCH v2] bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
[ 83.246474][ T1] BUG: unable to handle page fault for address: ffffc90000026003
[ 83.249440][ T1] #PF: supervisor write access in kernel mode
[ 83.251774][ T1] #PF: error_code(0x0003) - permissions violation
[ 83.254275][ T1] PGD 100000067 P4D 100000067 PUD 100122067 PMD 100123067 PTE 800000014a9c4161
[ 83.257884][ T1] Oops: 0003 [#1] KASAN
[ 83.259578][ T1] CPU: 0 PID: 1 Comm: swapper Tainted: G T 6.1.0-09655-g30e779c8882f #28 fbb398f715584ab16b1be88180e395d344d64436
[ 83.264371][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 83.268137][ T1] RIP: 0010:bpf_prog_load (syscall.c:?)
[ 83.270295][ T1] Code: ff 37 00 45 89 65 20 48 89 fa 48 c1 e0 2a 48 c1 ea 03 8a 14 02 48 89 f8 83 e0 07 ff c0 38 d0 7c 09 84 d2 74 05 e8 78 8c 19 00 <80> 4b 03 40 48 c7 c7 a0 01 36 85 e8 9e 77 28 02 e8 04 7a ff ff 45
All code
========
0: ff 37 pushq (%rdi)
2: 00 45 89 add %al,-0x77(%rbp)
5: 65 20 48 89 and %cl,%gs:-0x77(%rax)
9: fa cli
a: 48 c1 e0 2a shl $0x2a,%rax
e: 48 c1 ea 03 shr $0x3,%rdx
12: 8a 14 02 mov (%rdx,%rax,1),%dl
15: 48 89 f8 mov %rdi,%rax
18: 83 e0 07 and $0x7,%eax
1b: ff c0 inc %eax
1d: 38 d0 cmp %dl,%al
1f: 7c 09 jl 0x2a
21: 84 d2 test %dl,%dl
23: 74 05 je 0x2a
25: e8 78 8c 19 00 callq 0x198ca2
2a:* 80 4b 03 40 orb $0x40,0x3(%rbx) <-- trapping instruction
2e: 48 c7 c7 a0 01 36 85 mov $0xffffffff853601a0,%rdi
35: e8 9e 77 28 02 callq 0x22877d8
3a: e8 04 7a ff ff callq 0xffffffffffff7a43
3f: 45 rex.RB
Code starting with the faulting instruction
===========================================
0: 80 4b 03 40 orb $0x40,0x3(%rbx)
4: 48 c7 c7 a0 01 36 85 mov $0xffffffff853601a0,%rdi
b: e8 9e 77 28 02 callq 0x22877ae
10: e8 04 7a ff ff callq 0xffffffffffff7a19
15: 45 rex.RB
[ 83.277723][ T1] RSP: 0000:ffffc9000001f900 EFLAGS: 00010246
[ 83.280272][ T1] RAX: 0000000000000003 RBX: ffffc90000026000 RCX: 000000007ffffffe
[ 83.283494][ T1] RDX: 1ffff92000004c00 RSI: 0000000000000008 RDI: ffffc90000026002
[ 83.286512][ T1] RBP: ffffc9000001fa88 R08: 0000000000000008 R09: 0000000000000001
[ 83.289897][ T1] R10: ffffed1028b397b6 R11: ffff8881459cbdaf R12: 0000000000000001
[ 83.293058][ T1] R13: ffff88814aad2000 R14: ffffffff83ea1f60 R15: ffff88814aad2000
[ 83.296246][ T1] FS: 0000000000000000(0000) GS:ffffffff84ed4000(0000) knlGS:0000000000000000
[ 83.299784][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 83.302378][ T1] CR2: ffffc90000026003 CR3: 0000000004e3a000 CR4: 00000000000406b0
[ 83.305526][ T1] Call Trace:
[ 83.307004][ T1] <TASK>
[ 83.308267][ T1] ? bpf_prog_get (syscall.c:?)
[ 83.310014][ T1] ? __sys_bpf (syscall.c:?)
[ 83.311820][ T1] ? bpf_link_by_id (syscall.c:?)
[ 83.313794][ T1] ? copy_from_kernel_nofault (??:?)
[ 83.315860][ T1] ? copy_from_bpfptr (syscall.c:?)
[ 83.317717][ T1] ? bpf_obj_memcpy (arraymap.c:?)
[ 83.323880][ T1] __sys_bpf (syscall.c:?)
[ 83.325623][ T1] ? bpf_link_by_id (syscall.c:?)
[ 83.327526][ T1] ? kern_sys_bpf (??:?)
[ 83.329365][ T1] ? find_held_lock (lockdep.c:?)
[ 83.331305][ T1] kern_sys_bpf (??:?)
[ 83.333077][ T1] bpf_load_and_run+0x284/0x3c8
[ 83.335332][ T1] ? iterators_bpf__destroy+0x14d/0x14d
[ 83.337424][ T1] ? kasan_unpoison (??:?)
[ 83.339268][ T1] ? __kasan_slab_alloc (??:?)
[ 83.341334][ T1] ? trace_kmalloc (slab_common.c:?)
[ 83.343249][ T1] ? __kmalloc_node (??:?)
[ 83.345040][ T1] load_skel (bpf_preload_kern.c:?)
[ 83.346671][ T1] ? free_links_and_skel (bpf_preload_kern.c:?)
[ 83.348756][ T1] ? rcu_read_lock_sched_held (??:?)
[ 83.350996][ T1] ? bpf_iter_cgroup (bpf_preload_kern.c:?)
[ 83.352705][ T1] load (bpf_preload_kern.c:?)
[ 83.354259][ T1] do_one_initcall (??:?)
[ 83.356051][ T1] ? rcu_lock_acquire (??:?)
[ 83.358022][ T1] ? rcu_read_lock_sched_held (??:?)
[ 83.360100][ T1] ? rcu_read_lock_bh_held (??:?)
[ 83.362036][ T1] do_initcalls (main.c:?)
[ 83.363846][ T1] kernel_init_freeable (main.c:?)
[ 83.365850][ T1] ? rest_init (main.c:?)
[ 83.367612][ T1] kernel_init (main.c:?)
[ 83.369180][ T1] ret_from_fork (??:?)
[ 83.370863][ T1] </TASK>
[ 83.372036][ T1] Modules linked in:
[ 83.373544][ T1] CR2: ffffc90000026003
[ 83.375076][ T1] ---[ end trace 0000000000000000 ]---
[ 83.377006][ T1] RIP: 0010:bpf_prog_load (syscall.c:?)
[ 83.378816][ T1] Code: ff 37 00 45 89 65 20 48 89 fa 48 c1 e0 2a 48 c1 ea 03 8a 14 02 48 89 f8 83 e0 07 ff c0 38 d0 7c 09 84 d2 74 05 e8 78 8c 19 00 <80> 4b 03 40 48 c7 c7 a0 01 36 85 e8 9e 77 28 02 e8 04 7a ff ff 45
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202301022358.7f742b86-yujie.liu@intel.com
To reproduce:
# build kernel
cd linux
cp config-6.1.0-09655-g30e779c8882f .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
View attachment "config-6.1.0-09655-g30e779c8882f" of type "text/plain" (140730 bytes)
View attachment "job-script" of type "text/plain" (5275 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (46376 bytes)
Powered by blists - more mailing lists