diff for duplicates of <1500398311.12096.30.camel@nxp.com> diff --git a/a/1.txt b/N1/1.txt index 1ab806d..084929e 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,5 +1,5 @@ On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: -> On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez <leonard.crestez@nxp.com> wrote: +> On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org> wrote: > > > > On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > > > diff --git a/a/content_digest b/N1/content_digest index ecf1f1e..c102a14 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,43 +2,36 @@ "ref\020170615011203.144108-2-thgarnie@google.com\0" "ref\01500388566.11612.74.camel@nxp.com\0" "ref\0CAJcbSZEr8HPBwH1oVaHqPzAY4MS_=yqMoqPhcauuKu3cikB3uQ@mail.gmail.com\0" - "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "ref\0CAJcbSZEr8HPBwH1oVaHqPzAY4MS_=yqMoqPhcauuKu3cikB3uQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org\0" + "From\0Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org>\0" + "Subject\0Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 20:18:31 +0300\0" - "To\0Thomas Garnier <thgarnie@google.com>\0" - "Cc\0Thomas Gleixner <tglx@linutronix.de>" - Ingo Molnar <mingo@redhat.com> - H . Peter Anvin <hpa@zytor.com> - Andy Lutomirski <luto@kernel.org> - Paolo Bonzini <pbonzini@redhat.com> - Rik van Riel <riel@redhat.com> - Oleg Nesterov <oleg@redhat.com> - Josh Poimboeuf <jpoimboe@redhat.com> - Petr Mladek <pmladek@suse.com> - Miroslav Benes <mbenes@suse.cz> - Kees Cook <keescook@chromium.org> - Al Viro <viro@zeniv.linux.org.uk> - Arnd Bergmann <arnd@arndb.de> - Dave Hansen <dave.hansen@intel.com> - David Howells <dhowells@redhat.com> - Russell King <linux@armlinux.org.uk> - Andy Lutomirski <luto@amacapital.net> - Will Drewry <wad@chromium.org> - Will Deacon <will.deacon@arm.com> - Catalin Marinas <catalin.marinas@arm.com> - Mark Rutland <mark.rutland@arm.com> - Pratyush Anand <panand@redhat.com> - Chris Metcalf <cmetcalf@mellanox.com> - Linux API <linux-api@vger.kernel.org> - the arch/x86 maintainers <x86@kernel.org> - LKML <linux-kernel@vger.kernel.org> - linux-arm-kernel@lists.infradead.org - Kernel Hardening <kernel-hardening@lists.openwall.com> - " Octavian Purdila <octavian.purdila@nxp.com>\0" + "To\0Thomas Garnier <thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "Cc\0Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>" + Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + H . Peter Anvin <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org> + Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> + Paolo Bonzini <pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Rik van Riel <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Josh Poimboeuf <jpoimboe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Petr Mladek <pmladek-IBi9RG/b67k@public.gmane.org> + Miroslav Benes <mbenes-AlSwsSmVLrQ@public.gmane.org> + Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> + Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org> + Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org> + Dave Hansen <dave.hansen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> + David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Russell King <linux-I+IVW8TIWO2tmTQ+vhA3Yw@public.gmane.org> + Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> + Will Drewry <wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> + Will Deacon <will.deacon-5wv7dgnIgG8@public.gmane.org> + Catalin Marinas <catalin.marinas-5wv7dgnIgG8@public.gmane.org> + " Mark Rutland <mark.rutland@>\0" "\00:1\0" "b\0" "On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote:\n" - "> On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez <leonard.crestez@nxp.com> wrote:\n" + "> On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org> wrote:\n" "> > \n" "> > On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote:\n" "> > > \n" @@ -191,4 +184,4 @@ "Regards,\n" Leonard -904477adcb47ab1ef1e866a6563244a8856082318a973b0ea0a4d532c6885e74 +7272b68e4cb012ae6166faa0f10e6d74f1a1e3eead6a30ff9dbc0fbcdabdaa06
diff --git a/a/1.txt b/N2/1.txt index 1ab806d..08b15e8 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -16,16 +16,16 @@ On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: > > > to used on a single instruction so adapt ret_fast_syscall. > > > > > > @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) -> > > * Update the trace code with the current status. -> > > */ -> > > trace_hardirqs_off(); +> > > ???????* Update the trace code with the current status. +> > > ???????*/ +> > > ??????trace_hardirqs_off(); > > > + -> > > + /* Check valid user FS if needed */ -> > > + addr_limit_user_check(); +> > > +?????/* Check valid user FS if needed */ +> > > +?????addr_limit_user_check(); > > > + -> > > do { -> > > if (likely(thread_flags & _TIF_NEED_RESCHED)) { -> > > schedule(); +> > > ??????do { +> > > ??????????????if (likely(thread_flags & _TIF_NEED_RESCHED)) { +> > > ??????????????????????schedule(); > > This patch made it's way into linux-next next-20170717 and it seems to > > cause hangs when booting some boards over NFS (found via bisection). I > > don't know exactly what determines the issue but I can reproduce hangs @@ -49,66 +49,66 @@ On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: > > to get a stack with a set_fs call from inside do_work_pending and got > > the following: > > -> > [ 227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332 -> > [ 227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree) -> > [ 227.596275] Backtrace: -> > [ 227.598754] [] (dump_backtrace) from [] (show_stack+0x18/0x1c) -> > [ 227.606339] r7:00000000 r6:60070113 r5:00000000 r4:c105a958 -> > [ 227.612016] [] (show_stack) from [] (dump_stack+0xb4/0xe8) -> > [ 227.619258] [] (dump_stack) from [] (mydbg_set_fs+0x40/0x48) -> > [ 227.626671] r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000 -> > [ 227.634433] [] (mydbg_set_fs) from [] (__probe_kernel_read+0x44/0xd0) -> > [ 227.642629] [] (__probe_kernel_read) from [] (do_alignment+0x8c/0x75c) -> > [ 227.650909] r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0 -> > [ 227.658748] r4:00000000 r3:00000000 -> > [ 227.662338] [] (do_alignment) from [] (do_DataAbort+0x40/0xc0) -> > [ 227.669921] r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001 -> > [ 227.677760] r4:c100dd3c -> > [ 227.680308] [] (do_DataAbort) from [] (__dabt_svc+0x64/0xa0) -> > [ 227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28) -> > [ 227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c -> > [ 227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c -> > [ 227.709158] dc20: 40070113 ffffffff -> > [ 227.712661] r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c -> > [ 227.719382] [] (inet_gro_receive) from [] (dev_gro_receive+0x2f0/0x618) -> > [ 227.727746] r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0 -> > [ 227.735585] r4:c1009f78 -> > [ 227.738132] [] (dev_gro_receive) from [] (napi_gro_receive+0x78/0x1f4) -> > [ 227.746410] r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e -> > [ 227.754249] r4:ee1b20c0 -> > [ 227.756801] [] (napi_gro_receive) from [] (fec_enet_rx_napi+0x39c/0x988) -> > [ 227.765253] r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0 -> > [ 227.773010] [] (fec_enet_rx_napi) from [] (net_rx_action+0x21c/0x474) -> > [ 227.781201] r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001 -> > [ 227.789039] r4:ef085710 -> > [ 227.791593] [] (net_rx_action) from [] (__do_softirq+0x158/0x534) -> > [ 227.799437] r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003 -> > [ 227.807275] r4:c100208c -> > [ 227.809824] [] (__do_softirq) from [] (irq_exit+0xec/0x168) -> > [ 227.817147] r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000 -> > [ 227.824984] r4:c0fa534c -> > [ 227.827534] [] (irq_exit) from [] (__handle_domain_irq+0x74/0xe8) -> > [ 227.835377] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0xbc) -> > [ 227.843742] r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c -> > [ 227.851498] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98) -> > [ 227.858990] Exception stack(0xee1cde80 to 0xee1cdec8) -> > [ 227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60 -> > [ 227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688 -> > [ 227.880434] dec0: 60070013 ffffffff -> > [ 227.883937] r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013 -> > [ 227.891775] r4:c0389688 -> > [ 227.894327] [] (nfs_file_clear_open_context) from [] (nfs_file_release+0x54/0x60) -> > [ 227.903558] r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0 -> > [ 227.909235] [] (nfs_file_release) from [] (__fput+0x94/0x1e0) -> > [ 227.916734] [] (__fput) from [] (____fput+0x10/0x14) -> > [ 227.923448] r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180 -> > [ 227.931286] r4:ef2edbd4 -> > [ 227.933839] [] (____fput) from [] (task_work_run+0xc8/0xec) -> > [ 227.941166] [] (task_work_run) from [] (do_work_pending+0x12c/0x1c4) -> > [ 227.949271] r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000 -> > [ 227.957029] [] (do_work_pending) from [] (slow_work_pending+0xc/0x20) -> > [ 227.965219] r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0 -> > [ 227.973058] r4:b6f76904 +> > [??227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332 +> > [??227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree) +> > [??227.596275] Backtrace: +> > [??227.598754] [] (dump_backtrace) from [] (show_stack+0x18/0x1c) +> > [??227.606339]??r7:00000000 r6:60070113 r5:00000000 r4:c105a958 +> > [??227.612016] [] (show_stack) from [] (dump_stack+0xb4/0xe8) +> > [??227.619258] [] (dump_stack) from [] (mydbg_set_fs+0x40/0x48) +> > [??227.626671]??r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000 +> > [??227.634433] [] (mydbg_set_fs) from [] (__probe_kernel_read+0x44/0xd0) +> > [??227.642629] [] (__probe_kernel_read) from [] (do_alignment+0x8c/0x75c) +> > [??227.650909]??r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0 +> > [??227.658748]??r4:00000000 r3:00000000 +> > [??227.662338] [] (do_alignment) from [] (do_DataAbort+0x40/0xc0) +> > [??227.669921]??r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001 +> > [??227.677760]??r4:c100dd3c +> > [??227.680308] [] (do_DataAbort) from [] (__dabt_svc+0x64/0xa0) +> > [??227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28) +> > [??227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c +> > [??227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c +> > [??227.709158] dc20: 40070113 ffffffff +> > [??227.712661]??r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c +> > [??227.719382] [] (inet_gro_receive) from [] (dev_gro_receive+0x2f0/0x618) +> > [??227.727746]??r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0 +> > [??227.735585]??r4:c1009f78 +> > [??227.738132] [] (dev_gro_receive) from [] (napi_gro_receive+0x78/0x1f4) +> > [??227.746410]??r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e +> > [??227.754249]??r4:ee1b20c0 +> > [??227.756801] [] (napi_gro_receive) from [] (fec_enet_rx_napi+0x39c/0x988) +> > [??227.765253]??r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0 +> > [??227.773010] [] (fec_enet_rx_napi) from [] (net_rx_action+0x21c/0x474) +> > [??227.781201]??r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001 +> > [??227.789039]??r4:ef085710 +> > [??227.791593] [] (net_rx_action) from [] (__do_softirq+0x158/0x534) +> > [??227.799437]??r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003 +> > [??227.807275]??r4:c100208c +> > [??227.809824] [] (__do_softirq) from [] (irq_exit+0xec/0x168) +> > [??227.817147]??r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000 +> > [??227.824984]??r4:c0fa534c +> > [??227.827534] [] (irq_exit) from [] (__handle_domain_irq+0x74/0xe8) +> > [??227.835377] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0xbc) +> > [??227.843742]??r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c +> > [??227.851498] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98) +> > [??227.858990] Exception stack(0xee1cde80 to 0xee1cdec8) +> > [??227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60 +> > [??227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688 +> > [??227.880434] dec0: 60070013 ffffffff +> > [??227.883937]??r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013 +> > [??227.891775]??r4:c0389688 +> > [??227.894327] [] (nfs_file_clear_open_context) from [] (nfs_file_release+0x54/0x60) +> > [??227.903558]??r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0 +> > [??227.909235] [] (nfs_file_release) from [] (__fput+0x94/0x1e0) +> > [??227.916734] [] (__fput) from [] (____fput+0x10/0x14) +> > [??227.923448]??r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180 +> > [??227.931286]??r4:ef2edbd4 +> > [??227.933839] [] (____fput) from [] (task_work_run+0xc8/0xec) +> > [??227.941166] [] (task_work_run) from [] (do_work_pending+0x12c/0x1c4) +> > [??227.949271]??r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000 +> > [??227.957029] [] (do_work_pending) from [] (slow_work_pending+0xc/0x20) +> > [??227.965219]??r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0 +> > [??227.973058]??r4:b6f76904 > > > > Maybe the reason this reproduces easily in this particular setup is > > that ethernet causes lots of alignment faults? @@ -120,20 +120,20 @@ On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: > +++ b/arch/arm/kernel/signal.c > @@ -573,12 +573,11 @@ do_work_pending(struct pt_regs *regs, unsigned > int thread_flags, int syscall) -> */ -> trace_hardirqs_off(); +> ? */ +> ? trace_hardirqs_off(); > > - /* Check valid user FS if needed */ > - addr_limit_user_check(); > - -> do { -> if (likely(thread_flags & _TIF_NEED_RESCHED)) { -> schedule(); +> ? do { +> ? if (likely(thread_flags & _TIF_NEED_RESCHED)) { +> ? schedule(); > + } else if (thread_flags & _TIF_FSCHECK) { > + addr_limit_user_check(); -> } else { -> if (unlikely(!user_mode(regs))) -> return 0; +> ? } else { +> ? if (unlikely(!user_mode(regs))) +> ? return 0; This does seem to work, it no longer hangs on boot in my setup. This is obviously only a very superficial test. diff --git a/a/content_digest b/N2/content_digest index ecf1f1e..fb817c0 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -2,39 +2,10 @@ "ref\020170615011203.144108-2-thgarnie@google.com\0" "ref\01500388566.11612.74.camel@nxp.com\0" "ref\0CAJcbSZEr8HPBwH1oVaHqPzAY4MS_=yqMoqPhcauuKu3cikB3uQ@mail.gmail.com\0" - "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "From\0leonard.crestez@nxp.com (Leonard Crestez)\0" + "Subject\0[PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 20:18:31 +0300\0" - "To\0Thomas Garnier <thgarnie@google.com>\0" - "Cc\0Thomas Gleixner <tglx@linutronix.de>" - Ingo Molnar <mingo@redhat.com> - H . Peter Anvin <hpa@zytor.com> - Andy Lutomirski <luto@kernel.org> - Paolo Bonzini <pbonzini@redhat.com> - Rik van Riel <riel@redhat.com> - Oleg Nesterov <oleg@redhat.com> - Josh Poimboeuf <jpoimboe@redhat.com> - Petr Mladek <pmladek@suse.com> - Miroslav Benes <mbenes@suse.cz> - Kees Cook <keescook@chromium.org> - Al Viro <viro@zeniv.linux.org.uk> - Arnd Bergmann <arnd@arndb.de> - Dave Hansen <dave.hansen@intel.com> - David Howells <dhowells@redhat.com> - Russell King <linux@armlinux.org.uk> - Andy Lutomirski <luto@amacapital.net> - Will Drewry <wad@chromium.org> - Will Deacon <will.deacon@arm.com> - Catalin Marinas <catalin.marinas@arm.com> - Mark Rutland <mark.rutland@arm.com> - Pratyush Anand <panand@redhat.com> - Chris Metcalf <cmetcalf@mellanox.com> - Linux API <linux-api@vger.kernel.org> - the arch/x86 maintainers <x86@kernel.org> - LKML <linux-kernel@vger.kernel.org> - linux-arm-kernel@lists.infradead.org - Kernel Hardening <kernel-hardening@lists.openwall.com> - " Octavian Purdila <octavian.purdila@nxp.com>\0" + "To\0linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" "On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote:\n" @@ -55,16 +26,16 @@ "> > > to used on a single instruction so adapt ret_fast_syscall.\n" "> > > \n" "> > > @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240\302\240* Update the trace code with the current status.\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240\302\240*/\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240trace_hardirqs_off();\n" + "> > > ???????* Update the trace code with the current status.\n" + "> > > ???????*/\n" + "> > > ??????trace_hardirqs_off();\n" "> > > +\n" - "> > > +\302\240\302\240\302\240\302\240\302\240/* Check valid user FS if needed */\n" - "> > > +\302\240\302\240\302\240\302\240\302\240addr_limit_user_check();\n" + "> > > +?????/* Check valid user FS if needed */\n" + "> > > +?????addr_limit_user_check();\n" "> > > +\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240do {\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240if (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" - "> > > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240schedule();\n" + "> > > ??????do {\n" + "> > > ??????????????if (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" + "> > > ??????????????????????schedule();\n" "> > This patch made it's way into linux-next next-20170717 and it seems to\n" "> > cause hangs when booting some boards over NFS (found via bisection). I\n" "> > don't know exactly what determines the issue but I can reproduce hangs\n" @@ -88,66 +59,66 @@ "> > to get a stack with a set_fs call from inside do_work_pending and got\n" "> > the following:\n" "> > \n" - "> > [\302\240\302\240227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332\n" - "> > [\302\240\302\240227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree)\n" - "> > [\302\240\302\240227.596275] Backtrace:\n" - "> > [\302\240\302\240227.598754] [] (dump_backtrace) from [] (show_stack+0x18/0x1c)\n" - "> > [\302\240\302\240227.606339]\302\240\302\240r7:00000000 r6:60070113 r5:00000000 r4:c105a958\n" - "> > [\302\240\302\240227.612016] [] (show_stack) from [] (dump_stack+0xb4/0xe8)\n" - "> > [\302\240\302\240227.619258] [] (dump_stack) from [] (mydbg_set_fs+0x40/0x48)\n" - "> > [\302\240\302\240227.626671]\302\240\302\240r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000\n" - "> > [\302\240\302\240227.634433] [] (mydbg_set_fs) from [] (__probe_kernel_read+0x44/0xd0)\n" - "> > [\302\240\302\240227.642629] [] (__probe_kernel_read) from [] (do_alignment+0x8c/0x75c)\n" - "> > [\302\240\302\240227.650909]\302\240\302\240r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0\n" - "> > [\302\240\302\240227.658748]\302\240\302\240r4:00000000 r3:00000000\n" - "> > [\302\240\302\240227.662338] [] (do_alignment) from [] (do_DataAbort+0x40/0xc0)\n" - "> > [\302\240\302\240227.669921]\302\240\302\240r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001\n" - "> > [\302\240\302\240227.677760]\302\240\302\240r4:c100dd3c\n" - "> > [\302\240\302\240227.680308] [] (do_DataAbort) from [] (__dabt_svc+0x64/0xa0)\n" - "> > [\302\240\302\240227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28)\n" - "> > [\302\240\302\240227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c\n" - "> > [\302\240\302\240227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c\n" - "> > [\302\240\302\240227.709158] dc20: 40070113 ffffffff\n" - "> > [\302\240\302\240227.712661]\302\240\302\240r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c\n" - "> > [\302\240\302\240227.719382] [] (inet_gro_receive) from [] (dev_gro_receive+0x2f0/0x618)\n" - "> > [\302\240\302\240227.727746]\302\240\302\240r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0\n" - "> > [\302\240\302\240227.735585]\302\240\302\240r4:c1009f78\n" - "> > [\302\240\302\240227.738132] [] (dev_gro_receive) from [] (napi_gro_receive+0x78/0x1f4)\n" - "> > [\302\240\302\240227.746410]\302\240\302\240r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e\n" - "> > [\302\240\302\240227.754249]\302\240\302\240r4:ee1b20c0\n" - "> > [\302\240\302\240227.756801] [] (napi_gro_receive) from [] (fec_enet_rx_napi+0x39c/0x988)\n" - "> > [\302\240\302\240227.765253]\302\240\302\240r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0\n" - "> > [\302\240\302\240227.773010] [] (fec_enet_rx_napi) from [] (net_rx_action+0x21c/0x474)\n" - "> > [\302\240\302\240227.781201]\302\240\302\240r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001\n" - "> > [\302\240\302\240227.789039]\302\240\302\240r4:ef085710\n" - "> > [\302\240\302\240227.791593] [] (net_rx_action) from [] (__do_softirq+0x158/0x534)\n" - "> > [\302\240\302\240227.799437]\302\240\302\240r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003\n" - "> > [\302\240\302\240227.807275]\302\240\302\240r4:c100208c\n" - "> > [\302\240\302\240227.809824] [] (__do_softirq) from [] (irq_exit+0xec/0x168)\n" - "> > [\302\240\302\240227.817147]\302\240\302\240r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000\n" - "> > [\302\240\302\240227.824984]\302\240\302\240r4:c0fa534c\n" - "> > [\302\240\302\240227.827534] [] (irq_exit) from [] (__handle_domain_irq+0x74/0xe8)\n" - "> > [\302\240\302\240227.835377] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0xbc)\n" - "> > [\302\240\302\240227.843742]\302\240\302\240r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c\n" - "> > [\302\240\302\240227.851498] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98)\n" - "> > [\302\240\302\240227.858990] Exception stack(0xee1cde80 to 0xee1cdec8)\n" - "> > [\302\240\302\240227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60\n" - "> > [\302\240\302\240227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688\n" - "> > [\302\240\302\240227.880434] dec0: 60070013 ffffffff\n" - "> > [\302\240\302\240227.883937]\302\240\302\240r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013\n" - "> > [\302\240\302\240227.891775]\302\240\302\240r4:c0389688\n" - "> > [\302\240\302\240227.894327] [] (nfs_file_clear_open_context) from [] (nfs_file_release+0x54/0x60)\n" - "> > [\302\240\302\240227.903558]\302\240\302\240r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0\n" - "> > [\302\240\302\240227.909235] [] (nfs_file_release) from [] (__fput+0x94/0x1e0)\n" - "> > [\302\240\302\240227.916734] [] (__fput) from [] (____fput+0x10/0x14)\n" - "> > [\302\240\302\240227.923448]\302\240\302\240r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180\n" - "> > [\302\240\302\240227.931286]\302\240\302\240r4:ef2edbd4\n" - "> > [\302\240\302\240227.933839] [] (____fput) from [] (task_work_run+0xc8/0xec)\n" - "> > [\302\240\302\240227.941166] [] (task_work_run) from [] (do_work_pending+0x12c/0x1c4)\n" - "> > [\302\240\302\240227.949271]\302\240\302\240r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000\n" - "> > [\302\240\302\240227.957029] [] (do_work_pending) from [] (slow_work_pending+0xc/0x20)\n" - "> > [\302\240\302\240227.965219]\302\240\302\240r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0\n" - "> > [\302\240\302\240227.973058]\302\240\302\240r4:b6f76904\n" + "> > [??227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332\n" + "> > [??227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree)\n" + "> > [??227.596275] Backtrace:\n" + "> > [??227.598754] [] (dump_backtrace) from [] (show_stack+0x18/0x1c)\n" + "> > [??227.606339]??r7:00000000 r6:60070113 r5:00000000 r4:c105a958\n" + "> > [??227.612016] [] (show_stack) from [] (dump_stack+0xb4/0xe8)\n" + "> > [??227.619258] [] (dump_stack) from [] (mydbg_set_fs+0x40/0x48)\n" + "> > [??227.626671]??r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000\n" + "> > [??227.634433] [] (mydbg_set_fs) from [] (__probe_kernel_read+0x44/0xd0)\n" + "> > [??227.642629] [] (__probe_kernel_read) from [] (do_alignment+0x8c/0x75c)\n" + "> > [??227.650909]??r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0\n" + "> > [??227.658748]??r4:00000000 r3:00000000\n" + "> > [??227.662338] [] (do_alignment) from [] (do_DataAbort+0x40/0xc0)\n" + "> > [??227.669921]??r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001\n" + "> > [??227.677760]??r4:c100dd3c\n" + "> > [??227.680308] [] (do_DataAbort) from [] (__dabt_svc+0x64/0xa0)\n" + "> > [??227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28)\n" + "> > [??227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c\n" + "> > [??227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c\n" + "> > [??227.709158] dc20: 40070113 ffffffff\n" + "> > [??227.712661]??r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c\n" + "> > [??227.719382] [] (inet_gro_receive) from [] (dev_gro_receive+0x2f0/0x618)\n" + "> > [??227.727746]??r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0\n" + "> > [??227.735585]??r4:c1009f78\n" + "> > [??227.738132] [] (dev_gro_receive) from [] (napi_gro_receive+0x78/0x1f4)\n" + "> > [??227.746410]??r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e\n" + "> > [??227.754249]??r4:ee1b20c0\n" + "> > [??227.756801] [] (napi_gro_receive) from [] (fec_enet_rx_napi+0x39c/0x988)\n" + "> > [??227.765253]??r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0\n" + "> > [??227.773010] [] (fec_enet_rx_napi) from [] (net_rx_action+0x21c/0x474)\n" + "> > [??227.781201]??r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001\n" + "> > [??227.789039]??r4:ef085710\n" + "> > [??227.791593] [] (net_rx_action) from [] (__do_softirq+0x158/0x534)\n" + "> > [??227.799437]??r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003\n" + "> > [??227.807275]??r4:c100208c\n" + "> > [??227.809824] [] (__do_softirq) from [] (irq_exit+0xec/0x168)\n" + "> > [??227.817147]??r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000\n" + "> > [??227.824984]??r4:c0fa534c\n" + "> > [??227.827534] [] (irq_exit) from [] (__handle_domain_irq+0x74/0xe8)\n" + "> > [??227.835377] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0xbc)\n" + "> > [??227.843742]??r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c\n" + "> > [??227.851498] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98)\n" + "> > [??227.858990] Exception stack(0xee1cde80 to 0xee1cdec8)\n" + "> > [??227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60\n" + "> > [??227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688\n" + "> > [??227.880434] dec0: 60070013 ffffffff\n" + "> > [??227.883937]??r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013\n" + "> > [??227.891775]??r4:c0389688\n" + "> > [??227.894327] [] (nfs_file_clear_open_context) from [] (nfs_file_release+0x54/0x60)\n" + "> > [??227.903558]??r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0\n" + "> > [??227.909235] [] (nfs_file_release) from [] (__fput+0x94/0x1e0)\n" + "> > [??227.916734] [] (__fput) from [] (____fput+0x10/0x14)\n" + "> > [??227.923448]??r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180\n" + "> > [??227.931286]??r4:ef2edbd4\n" + "> > [??227.933839] [] (____fput) from [] (task_work_run+0xc8/0xec)\n" + "> > [??227.941166] [] (task_work_run) from [] (do_work_pending+0x12c/0x1c4)\n" + "> > [??227.949271]??r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000\n" + "> > [??227.957029] [] (do_work_pending) from [] (slow_work_pending+0xc/0x20)\n" + "> > [??227.965219]??r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0\n" + "> > [??227.973058]??r4:b6f76904\n" "> > \n" "> > Maybe the reason this reproduces easily in this particular setup is\n" "> > that ethernet causes lots of alignment faults?\n" @@ -159,20 +130,20 @@ "> +++ b/arch/arm/kernel/signal.c\n" "> @@ -573,12 +573,11 @@ do_work_pending(struct pt_regs *regs, unsigned\n" "> int thread_flags, int syscall)\n" - "> \302\240 */\n" - "> \302\240 trace_hardirqs_off();\n" + "> ? */\n" + "> ? trace_hardirqs_off();\n" "> \n" "> - /* Check valid user FS if needed */\n" "> - addr_limit_user_check();\n" "> -\n" - "> \302\240 do {\n" - "> \302\240 if (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" - "> \302\240 schedule();\n" + "> ? do {\n" + "> ? if (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" + "> ? schedule();\n" "> + } else if (thread_flags & _TIF_FSCHECK) {\n" "> + addr_limit_user_check();\n" - "> \302\240 } else {\n" - "> \302\240 if (unlikely(!user_mode(regs)))\n" - "> \302\240 return 0;\n" + "> ? } else {\n" + "> ? if (unlikely(!user_mode(regs)))\n" + "> ? return 0;\n" "\n" "This does seem to work, it no longer hangs on boot in my setup. This is\n" "obviously only a very superficial test.\n" @@ -191,4 +162,4 @@ "Regards,\n" Leonard -904477adcb47ab1ef1e866a6563244a8856082318a973b0ea0a4d532c6885e74 +62bd8ae75271946667d345100a075c8a34791e4abf2bd9db28c667386432a191
diff --git a/a/content_digest b/N3/content_digest index ecf1f1e..677f653 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -3,7 +3,7 @@ "ref\01500388566.11612.74.camel@nxp.com\0" "ref\0CAJcbSZEr8HPBwH1oVaHqPzAY4MS_=yqMoqPhcauuKu3cikB3uQ@mail.gmail.com\0" "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "Subject\0Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 20:18:31 +0300\0" "To\0Thomas Garnier <thgarnie@google.com>\0" "Cc\0Thomas Gleixner <tglx@linutronix.de>" @@ -32,7 +32,7 @@ Linux API <linux-api@vger.kernel.org> the arch/x86 maintainers <x86@kernel.org> LKML <linux-kernel@vger.kernel.org> - linux-arm-kernel@lists.infradead.org + <linux-arm-kernel@lists.infradead.org> Kernel Hardening <kernel-hardening@lists.openwall.com> " Octavian Purdila <octavian.purdila@nxp.com>\0" "\00:1\0" @@ -191,4 +191,4 @@ "Regards,\n" Leonard -904477adcb47ab1ef1e866a6563244a8856082318a973b0ea0a4d532c6885e74 +7aa02283443a3701f9eddfb8e1ee8d22f17d59e7b37a76a562cf84d3c67b5ec9
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.