v5.15.57 regression - boot panic after retbleed backports with CONFIG_KPROBES_SANITY_TEST=y

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: stable@vger.kernel.org
Cc: Peter Zijlstra <peterz@infradead.org>,
	Borislav Petkov <bp@suse.de>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: v5.15.57 regression - boot panic after retbleed backports with CONFIG_KPROBES_SANITY_TEST=y
Date: Fri, 5 Aug 2022 16:04:38 -0400	[thread overview]
Message-ID: <20220805200438.GC42579@windriver.com> (raw)

The panic comes from the sanity test code, but after trying to boil down the
.config differences between the kitchen sink our test team uses, and a
"defconfig", it seems there are at least a couple extra dependencies for
creating a reproducer:

  make defconfig
  echo CONFIG_FUNCTION_TRACER=y >> .config
  echo CONFIG_KPROBES_SANITY_TEST=y >> .config
  echo CONFIG_UNWINDER_FRAME_POINTER=y >> .config
  yes "" | make oldconfig

Note that ftrace is probably just opening the door to CONFIG_KPROBES_ON_FTRACE=y

The report I got was with gcc-11 on an Atom; I was able to reproduce it
with the default gcc-7 found on Ubuntu 18.04 and booting on a Xeon v2 -
so it seems to not be specific to gcc options or processor features.

I don't know if the v5.15 backports were specifically tested to be fully
bisectable, but if we assume they are, a bisect between 56 and 57 says:

   commit 1d61a2988612ac0632134454d5407c63ae0b9d42 (refs/bisect/bad)
   Author: Peter Zijlstra <peterz@infradead.org>
   Date:   Tue Jun 14 23:15:45 2022 +0200
   
       x86: Use return-thunk in asm code
       
       commit aa3d480315ba6c3025a60958e1981072ea37c3df upstream.
       
       Use the return thunk in asm code. If the thunk isn't needed, it will
       get patched into a RET instruction during boot by apply_returns().

Splat follows:

   rcu: Hierarchical SRCU implementation.
   Kprobe smoke test: started
   BUG: unable to handle page fault for address: ffffffffc110f3e7
   #PF: supervisor instruction fetch in kernel mode
   #PF: error_code(0x0010) - not-present page
   PGD b2c60f067 P4D b2c60f067 PUD b2c611067 PMD 0
   Oops: 0010 [#1] SMP NOPTI
   CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.57 #33
   Hardware name: Intel Corporation S2600CP/S2600CP, BIOS SE5C600.86B.02.06.E006.013120181511 01/31/2018
   RIP: 0010:0xffffffffc110f3e7
   Code: Unable to access opcode bytes at RIP 0xffffffffc110f3bd.
   RSP: 0000:ffffae4bc006be38 EFLAGS: 00010246
   RAX: ffffffffb973f310 RBX: 0000000000000000 RCX: 0000000000000000
   RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000005856e7bd
   RBP: ffffae4bc006be60 R08: 0000000000000000 R09: 0000000000000001
   R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
   R13: ffffffffbae38560 R14: 0000000000000000 R15: 0000000000000000
   FS:  0000000000000000(0000) GS:ffff8c92df800000(0000) knlGS:0000000000000000
   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
   CR2: ffffffffc110f3bd CR3: 0000000b2c60c001 CR4: 00000000001706f0
   Call Trace:
    <TASK>
    ? kprobe_target+0x5/0x20
    ? init_test_probes+0x78/0x420
    init_kprobes+0x16c/0x18e
    ? init_optprobes+0x27/0x27
    do_one_initcall+0x43/0x1d0
    kernel_init_freeable+0xf1/0x240
    ? rest_init+0xd0/0xd0
    kernel_init+0x1a/0x120
    ret_from_fork+0x1f/0x30
    </TASK>
   Modules linked in:
   CR2: ffffffffc110f3e7
   ---[ end trace 759f040622219261 ]---

next             reply	other threads:[~2022-08-05 20:05 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-05 20:04 Paul Gortmaker [this message]
2022-08-05 21:13 ` v5.15.57 regression - boot panic after retbleed backports with CONFIG_KPROBES_SANITY_TEST=y Thadeu Lima de Souza Cascardo
2022-08-06  0:11   ` Paul Gortmaker
2022-08-08 13:48     ` Greg Kroah-Hartman
2022-08-16  4:12       ` Paul Gortmaker
2022-08-16  7:29         ` Thadeu Lima de Souza Cascardo
2022-08-16 13:47           ` Paul Gortmaker
2022-08-16  8:26         ` [PATCH 1/3] Revert "x86/ftrace: Use alternative RET encoding" Thadeu Lima de Souza Cascardo
2022-08-16  8:26           ` [PATCH 2/3] x86/ibt,ftrace: Make function-graph play nice Thadeu Lima de Souza Cascardo
2022-08-16  8:26           ` [PATCH 3/3] x86/ftrace: Use alternative RET encoding Thadeu Lima de Souza Cascardo
2022-08-16  9:18           ` [PATCH 1/3] Revert "x86/ftrace: Use alternative RET encoding" Greg KH
2022-08-16 10:16             ` Thadeu Lima de Souza Cascardo
2022-08-16 10:23               ` Greg KH
2022-08-19 11:16           ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220805200438.GC42579@windriver.com \
    --to=paul.gortmaker@windriver.com \
    --cc=bp@suse.de \
    --cc=cascardo@canonical.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jpoimboe@kernel.org \
    --cc=peterz@infradead.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.