linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Jeff Chua]

Commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e broke linux boot on x86 
resulting in kernel panic. Here's the console output ...

Net: Registered protocol family 17
Using IPI No-Shortcut mode
RAMDISK: Compressed image found at block 0
VFS: Mounted root (ext2 filesystem (readonly).
Freeing unsued kernel memory: 312k freed
init[1]: segfault at ffffe01c up b7f0dc28 sp bfc26628 error 5 in ld-2.7.90.so[b7f0b000+1c000]
Kernel panic - not syncing: Attempted to kill init!


Thanks,
Jeff.


Please revert this ...

commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e
Author: Suresh Siddha <suresh.b.siddha@intel.com>
Date:   Tue Sep 23 14:00:37 2008 -0700

     x86, cpa: remove USER permission from the very early identity mapping attribute

     remove USER from the PTE/PDE attributes for the very early identity
     mapping. We overwrite these mappings with KERNEL attribute later
     in the boot. Just being paranoid here as there is no need for USER bit
     to be set.

     If this breaks something(don't know the history), then we can simply drop
     this change.

     Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
     Cc: Suresh Siddha <suresh.b.siddha@intel.com>
     Cc: arjan@linux.intel.com
     Cc: venkatesh.pallipadi@intel.com
     Cc: jeremy@goop.org
     Signed-off-by: Ingo Molnar <mingo@elte.hu>

diff --git a/include/asm-x86/pgtable.h b/include/asm-x86/pgtable.h
index 0ff73e7..bbf0f59 100644
--- a/include/asm-x86/pgtable.h
+++ b/include/asm-x86/pgtable.h
@@ -138,8 +138,8 @@
  #ifdef CONFIG_X86_64
  #define __PAGE_KERNEL_IDENT_LARGE_EXEC	__PAGE_KERNEL_LARGE_EXEC
  #else
-#define PTE_IDENT_ATTR	 0x007		/* PRESENT+RW+USER */
-#define PDE_IDENT_ATTR	 0x067		/* PRESENT+RW+USER+DIRTY+ACCESSED */
+#define PTE_IDENT_ATTR	 0x003		/* PRESENT+RW */
+#define PDE_IDENT_ATTR	 0x063		/* PRESENT+RW+DIRTY+ACCESSED */
  #define PGD_IDENT_ATTR	 0x001		/* PRESENT (no other attributes) */
  #endif

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Ingo Molnar]

* Jeff Chua <jeff.chua.linux@gmail.com> wrote:

> Commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e broke linux boot on 
> x86 resulting in kernel panic. Here's the console output ...
>
> Net: Registered protocol family 17
> Using IPI No-Shortcut mode
> RAMDISK: Compressed image found at block 0
> VFS: Mounted root (ext2 filesystem (readonly).
> Freeing unsued kernel memory: 312k freed
> init[1]: segfault at ffffe01c up b7f0dc28 sp bfc26628 error 5 in ld-2.7.90.so[b7f0b000+1c000]
> Kernel panic - not syncing: Attempted to kill init!

hm, ffffe01c is weird - VDSO on some ancient distro perhaps? Do you have 
CONFIG_COMPAT_VDSO=y enabled?

if you have CONFIG_COMPAT_VDSO=y enabled but the read access still 
faults, then the question is, why is ffffe000 not mapped properly? The 
logic in arch/x86/vdso/vdso32-setup.c and map_compat_vdso() / 
arch_setup_additional_pages() seems correct and should result in the 
VDSO being mapped as user-readable.

The revert probably just works around some other bug - it is dangerous 
to keep a generic-sounding page table constant like PTE/PDE_IDENT_ATTR 
with user bits set - if that ever leaks through to user-space, surviving 
pagetable init, we've got a root hole.

	Ingo

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Jeff Chua]

On Wed, Oct 15, 2008 at 7:23 PM, Ingo Molnar <mingo@elte.hu> wrote:
>
> * Jeff Chua <jeff.chua.linux@gmail.com> wrote:
>
>> Commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e broke linux boot on
>> x86 resulting in kernel panic. Here's the console output ...
>>
>> Net: Registered protocol family 17
>> Using IPI No-Shortcut mode
>> RAMDISK: Compressed image found at block 0
>> VFS: Mounted root (ext2 filesystem (readonly).
>> Freeing unsued kernel memory: 312k freed
>> init[1]: segfault at ffffe01c up b7f0dc28 sp bfc26628 error 5 in ld-2.7.90.so[b7f0b000+1c000]
>> Kernel panic - not syncing: Attempted to kill init!
>
> hm, ffffe01c is weird - VDSO on some ancient distro perhaps? Do you have
> CONFIG_COMPAT_VDSO=y enabled?
>
> if you have CONFIG_COMPAT_VDSO=y enabled but the read access still
> faults, then the question is, why is ffffe000 not mapped properly? The
> logic in arch/x86/vdso/vdso32-setup.c and map_compat_vdso() /
> arch_setup_additional_pages() seems correct and should result in the
> VDSO being mapped as user-readable.

Didn't realized that CONFIG_COMPAT_VDSO=y could cause this problem. I
had this set long time ago before upgrading to glibc-2.7

Unsetting CONFIG_COMPAT_VDSO solves the issue.

Thanks for your help, and sorry for the fault alarm. Did take a while
to trace it down to the commit.

Thanks,
Jeff.

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Ingo Molnar]

* Jeff Chua <jeff.chua.linux@gmail.com> wrote:

> On Wed, Oct 15, 2008 at 7:23 PM, Ingo Molnar <mingo@elte.hu> wrote:
> >
> > * Jeff Chua <jeff.chua.linux@gmail.com> wrote:
> >
> >> Commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e broke linux boot on
> >> x86 resulting in kernel panic. Here's the console output ...
> >>
> >> Net: Registered protocol family 17
> >> Using IPI No-Shortcut mode
> >> RAMDISK: Compressed image found at block 0
> >> VFS: Mounted root (ext2 filesystem (readonly).
> >> Freeing unsued kernel memory: 312k freed
> >> init[1]: segfault at ffffe01c up b7f0dc28 sp bfc26628 error 5 in ld-2.7.90.so[b7f0b000+1c000]
> >> Kernel panic - not syncing: Attempted to kill init!
> >
> > hm, ffffe01c is weird - VDSO on some ancient distro perhaps? Do you have
> > CONFIG_COMPAT_VDSO=y enabled?
> >
> > if you have CONFIG_COMPAT_VDSO=y enabled but the read access still
> > faults, then the question is, why is ffffe000 not mapped properly? The
> > logic in arch/x86/vdso/vdso32-setup.c and map_compat_vdso() /
> > arch_setup_additional_pages() seems correct and should result in the
> > VDSO being mapped as user-readable.
> 
> Didn't realized that CONFIG_COMPAT_VDSO=y could cause this problem. I 
> had this set long time ago before upgrading to glibc-2.7
> 
> Unsetting CONFIG_COMPAT_VDSO solves the issue.
> 
> Thanks for your help, and sorry for the fault alarm. Did take a while 
> to trace it down to the commit.

hm, setting the option should not break new glibc so this is a 
regression and we've still got a bug to fix.

	Ingo

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Jeff Chua]

On Wed, Oct 15, 2008 at 8:05 PM, Ingo Molnar <mingo@elte.hu> wrote:
>> Unsetting CONFIG_COMPAT_VDSO solves the issue.
>>
>> Thanks for your help, and sorry for the fault alarm. Did take a while
>> to trace it down to the commit.
>
> hm, setting the option should not break new glibc so this is a
> regression and we've still got a bug to fix.

Something must have triggered the bug. Every single linux git update
has been ok with CONFIG_COMPAT_VDSO=y until now, and I had glibc-2.7
since Dec 2007.

Jeff.

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Suresh Siddha]

On Wed, Oct 15, 2008 at 06:39:39AM -0700, Jeff Chua wrote:
> On Wed, Oct 15, 2008 at 8:05 PM, Ingo Molnar <mingo@elte.hu> wrote:
> >> Unsetting CONFIG_COMPAT_VDSO solves the issue.
> >>
> >> Thanks for your help, and sorry for the fault alarm. Did take a while
> >> to trace it down to the commit.
> >
> > hm, setting the option should not break new glibc so this is a
> > regression and we've still got a bug to fix.
> 
> Something must have triggered the bug. Every single linux git update
> has been ok with CONFIG_COMPAT_VDSO=y until now, and I had glibc-2.7
> since Dec 2007.

Jeff, Does the appended patch fix the issue? Thanks.

---
Subject: x86: include USER bit for the PDE_IDENT_ATTR

Jeff Chua reported that this patch

> -#define PTE_IDENT_ATTR  0x007          /* PRESENT+RW+USER */
> -#define PDE_IDENT_ATTR  0x067          /* PRESENT+RW+USER+DIRTY+ACCESSED */
> +#define PTE_IDENT_ATTR  0x003          /* PRESENT+RW */
> +#define PDE_IDENT_ATTR  0x063          /* PRESENT+RW+DIRTY+ACCESSED */

broke kernels with CONFIG_COMPAT_VDSO set with this panic info:

init[1]: segfault at ffffe01c up b7f0dc28 sp bfc26628 error 5 in ld-2.7.90.so[b7f0b000+1c000]

Include USER bit in the PDE_IDENT_ATTR only, as the protection bits
are combined from the PDE and PTE entries. This will allow the high
mapped VDSO page in the case of CONFIG_COMPAT_VDSO to be user
readable.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
---

diff --git a/include/asm-x86/pgtable.h b/include/asm-x86/pgtable.h
index 182f9d4..88a53b1 100644
--- a/include/asm-x86/pgtable.h
+++ b/include/asm-x86/pgtable.h
@@ -148,8 +148,13 @@
 #ifdef CONFIG_X86_64
 #define __PAGE_KERNEL_IDENT_LARGE_EXEC	__PAGE_KERNEL_LARGE_EXEC
 #else
+/*
+ * For PDE_IDENT_ATTR include USER bit. As the PDE and PTE protection
+ * bits are combined, this will alow user to access the high address mapped
+ * VDSO in the presence of CONFIG_COMPAT_VDSO
+ */
 #define PTE_IDENT_ATTR	 0x003		/* PRESENT+RW */
-#define PDE_IDENT_ATTR	 0x063		/* PRESENT+RW+DIRTY+ACCESSED */
+#define PDE_IDENT_ATTR	 0x067		/* PRESENT+RW+USER+DIRTY+ACCESSED */
 #define PGD_IDENT_ATTR	 0x001		/* PRESENT (no other attributes) */
 #endif
 

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Jeff Chua]

On Wed, Oct 15, 2008 at 10:46 PM, Suresh Siddha
<suresh.b.siddha@intel.com> wrote:

> Jeff, Does the appended patch fix the issue? Thanks.

Yes, it does.

Thanks,
Jeff.

Re: linux 2.6.27 kernel panic on x86 - please revert commit 3a85e770aa77e4f1a4096275c97b64c10cd7323e

[Ingo Molnar]

* Jeff Chua <jeff.chua.linux@gmail.com> wrote:

> On Wed, Oct 15, 2008 at 10:46 PM, Suresh Siddha
> <suresh.b.siddha@intel.com> wrote:
> 
> > Jeff, Does the appended patch fix the issue? Thanks.
> 
> Yes, it does.

applied to tip/x86/urgent, thanks guys!

	Ingo