[tip:x86/urgent] [x86/kaslr] dfb3911c36: kernel_BUG_at

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [tip:x86/urgent] [x86/kaslr]  dfb3911c36: kernel_BUG_at_arch/x86/mm/physaddr.c
@ 2024-08-20  7:16 kernel test robot
  2024-08-20 11:57 ` Thomas Gleixner
  0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2024-08-20  7:16 UTC (permalink / raw)
  To: Thomas Gleixner
  Cc: oe-lkp, lkp, linux-kernel, x86, Max Ramanouski, Alistair Popple,
	Dan Williams, Kees Cook, linux-mm, oliver.sang



Hello,

kernel test robot noticed "kernel_BUG_at_arch/x86/mm/physaddr.c" on:

commit: dfb3911c3692e45b027f13c7dca3230921533953 ("x86/kaslr: Expose and use the end of the physical memory address space")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git x86/urgent

[test failed on linux-next/master 469f1bad3c1c6e268059f78c0eec7e9552b3894c]

in testcase: boot

compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+--------------------------------------+------------+------------+
|                                      | 2848ff28d1 | dfb3911c36 |
+--------------------------------------+------------+------------+
| boot_successes                       | 21         | 0          |
| boot_failures                        | 0          | 21         |
| kernel_BUG_at_arch/x86/mm/physaddr.c | 0          | 21         |
| PANIC:early_exception                | 0          | 21         |
| RIP:__phys_addr                      | 0          | 21         |
+--------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202408201529.498d4d4d-lkp@intel.com


[    0.010309][    T0] ------------[ cut here ]------------
[    0.011020][    T0] kernel BUG at arch/x86/mm/physaddr.c:28!
PANIC: early exception 0x06 IP 10:ffffffffb08e3511 error 0 cr2 0xffff888038627ff8
[    0.012655][    T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.11.0-rc3-00003-gdfb3911c3692 #1
[    0.013805][    T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 0.015203][ T0] RIP: 0010:__phys_addr (ld-temp.o:?) 
[ 0.015856][ T0] Code: c3 48 3d 00 00 00 40 73 23 48 03 05 19 8b d4 02 48 89 c3 eb dd 48 c7 c7 d0 02 81 b3 48 89 de 4c 89 f2 e8 c2 26 45 00 eb bb 90 <0f> 0b 90 0f 0b cc cc cc cc cc cc cc cc cc cc 48 8b 05 59 a2 64 03
All code
========
   0:	c3                   	ret
   1:	48 3d 00 00 00 40    	cmp    $0x40000000,%rax
   7:	73 23                	jae    0x2c
   9:	48 03 05 19 8b d4 02 	add    0x2d48b19(%rip),%rax        # 0x2d48b29
  10:	48 89 c3             	mov    %rax,%rbx
  13:	eb dd                	jmp    0xfffffffffffffff2
  15:	48 c7 c7 d0 02 81 b3 	mov    $0xffffffffb38102d0,%rdi
  1c:	48 89 de             	mov    %rbx,%rsi
  1f:	4c 89 f2             	mov    %r14,%rdx
  22:	e8 c2 26 45 00       	call   0x4526e9
  27:	eb bb                	jmp    0xffffffffffffffe4
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	0f 0b                	ud2
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	cc                   	int3
  32:	cc                   	int3
  33:	cc                   	int3
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	cc                   	int3
  38:	cc                   	int3
  39:	48 8b 05 59 a2 64 03 	mov    0x364a259(%rip),%rax        # 0x364a299

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	0f 0b                	ud2
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	cc                   	int3
   9:	cc                   	int3
   a:	cc                   	int3
   b:	cc                   	int3
   c:	cc                   	int3
   d:	cc                   	int3
   e:	cc                   	int3
   f:	48 8b 05 59 a2 64 03 	mov    0x364a259(%rip),%rax        # 0x364a26f
[    0.018297][    T0] RSP: 0000:ffffffffb3603e80 EFLAGS: 00010002 ORIG_RAX: 0000000000000000
[    0.019380][    T0] RAX: 0000000000000001 RBX: 0000010040000000 RCX: 0000000000000028
[    0.020378][    T0] RDX: 000017562bdbd039 RSI: 0000000000000000 RDI: ffffa0d640000000
[    0.021374][    T0] RBP: ffffffffb4808710 R08: 0000000000000000 R09: 0000000000000000
[    0.022382][    T0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffb3603ea8
[    0.023182][    T0] R13: 0000175600000000 R14: 0000000000000028 R15: 0000000000000000
[    0.023800][    T0] FS:  0000000000000000(0000) GS:ffffffffb362f000(0000) knlGS:0000000000000000
[    0.024489][    T0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.024995][    T0] CR2: ffff888038627ff8 CR3: 00000000397c0000 CR4: 00000000000000b0
[    0.025613][    T0] Call Trace:
[    0.025863][    T0]  <TASK>
[ 0.026089][ T0] ? early_fixup_exception (ld-temp.o:?) 
[ 0.026502][ T0] ? early_idt_handler_common (arch/x86/kernel/head_64.S:542) 
[ 0.026951][ T0] ? __phys_addr (ld-temp.o:?) 
[ 0.027298][ T0] ? kernel_randomize_memory (ld-temp.o:?) 
[ 0.027735][ T0] ? setup_arch (ld-temp.o:?) 
[ 0.028082][ T0] ? start_kernel (init/main.c:927) 
[ 0.028433][ T0] ? x86_64_start_reservations (ld-temp.o:?) 
[ 0.028866][ T0] ? x86_64_start_kernel (ld-temp.o:?) 
[ 0.029268][ T0] ? common_startup_64 (arch/x86/kernel/head_64.S:421) 
[    0.029658][    T0]  </TASK>



The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240820/202408201529.498d4d4d-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [tip:x86/urgent] [x86/kaslr]  dfb3911c36: kernel_BUG_at_arch/x86/mm/physaddr.c
  2024-08-20  7:16 [tip:x86/urgent] [x86/kaslr] dfb3911c36: kernel_BUG_at_arch/x86/mm/physaddr.c kernel test robot
@ 2024-08-20 11:57 ` Thomas Gleixner
  2024-08-20 14:37   ` Thomas Gleixner
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Gleixner @ 2024-08-20 11:57 UTC (permalink / raw)
  To: kernel test robot
  Cc: oe-lkp, lkp, linux-kernel, x86, Max Ramanouski, Alistair Popple,
	Dan Williams, Kees Cook, linux-mm, oliver.sang

On Tue, Aug 20 2024 at 15:16, kernel test robot wrote:
> commit: dfb3911c3692e45b027f13c7dca3230921533953 ("x86/kaslr: Expose and use the end of the physical memory address space")
>
> [    0.010309][    T0] ------------[ cut here ]------------
> [    0.011020][    T0] kernel BUG at arch/x86/mm/physaddr.c:28!
> [ 0.026951][ T0] ? __phys_addr (ld-temp.o:?) 
> [ 0.027298][ T0] ? kernel_randomize_memory (ld-temp.o:?)

Sigh. I'm a moron. This obviously needs the fix below.

The end of the region is start + size - 1. So there are two bugs:

    1) It needs to be done before jumping forward to the next PUD.

    2) If the direct map covers the full address space, then
       __pa(vaddr) is wrong because that's the next PUD already.

I'll amend the commit and force push it. Thankfully I did not have time
on sunday to send it to Linus :)

Thanks,

        tglx
---
diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 0f2a3a4a1078..230f1dee4f09 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -141,19 +141,19 @@ void __init kernel_randomize_memory(void)
 		vaddr += entropy;
 		*kaslr_regions[i].base = vaddr;
 
-		/*
-		 * Jump the region and add a minimum padding based on
-		 * randomization alignment.
-		 */
+		/* Calculate the end of the region */
 		vaddr += get_padding(&kaslr_regions[i]);
-		vaddr = round_up(vaddr + 1, PUD_SIZE);
-
 		/*
 		 * KASLR trims the maximum possible size of the
 		 * direct-map. Update the physmem_end boundary.
+		 * No rounding required as the region starts
+		 * PUD aligned and size is in units of TB.
 		 */
 		if (kaslr_regions[i].end)
-			*kaslr_regions[i].end = __pa(vaddr) - 1;
+			*kaslr_regions[i].end = __pa_nodebug(vaddr - 1);
+
+		/* Add a minimum padding based on randomization alignment. */
+		vaddr = round_up(vaddr + 1, PUD_SIZE);
 		remain_entropy -= entropy;
 	}
 }




^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [tip:x86/urgent] [x86/kaslr]  dfb3911c36: kernel_BUG_at_arch/x86/mm/physaddr.c
  2024-08-20 11:57 ` Thomas Gleixner
@ 2024-08-20 14:37   ` Thomas Gleixner
  0 siblings, 0 replies; 3+ messages in thread
From: Thomas Gleixner @ 2024-08-20 14:37 UTC (permalink / raw)
  To: kernel test robot
  Cc: oe-lkp, lkp, linux-kernel, x86, Max Ramanouski, Alistair Popple,
	Dan Williams, Kees Cook, linux-mm, oliver.sang

On Tue, Aug 20 2024 at 13:57, Thomas Gleixner wrote:
> On Tue, Aug 20 2024 at 15:16, kernel test robot wrote:
>  		/*
>  		 * KASLR trims the maximum possible size of the
>  		 * direct-map. Update the physmem_end boundary.
> +		 * No rounding required as the region starts
> +		 * PUD aligned and size is in units of TB.
>  		 */
>  		if (kaslr_regions[i].end)
> -			*kaslr_regions[i].end = __pa(vaddr) - 1;
> +			*kaslr_regions[i].end = __pa_nodebug(vaddr - 1);
> +
> +		/* Add a minimum padding based on randomization alignment. */
> +		vaddr = round_up(vaddr + 1, PUD_SIZE);

Due to the guaranteed PUD alignment of vaddr this round_up() is actually
pointless and just should be

		vaddr += PUD_SIZE;

No?

Thanks,

        tglx




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-08-20 14:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-20  7:16 [tip:x86/urgent] [x86/kaslr] dfb3911c36: kernel_BUG_at_arch/x86/mm/physaddr.c kernel test robot
2024-08-20 11:57 ` Thomas Gleixner
2024-08-20 14:37   ` Thomas Gleixner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox