From: Stefan Bader <stefan.bader@canonical.com>
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
David Vrabel <david.vrabel@citrix.com>
Subject: Xen PV domain regression with KASLR enabled (kernel 3.16)
Date: Fri, 08 Aug 2014 13:20:33 +0200 [thread overview]
Message-ID: <53E4B281.5050302@canonical.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2972 bytes --]
Unfortunately I have not yet figured out why this happens, but can confirm by
compiling with or without CONFIG_RANDOMIZE_BASE being set that without KASLR all
is ok, but with it enabled there are issues (actually a dom0 does not even boot
as a follow up error).
Details can be seen in [1] but basically this is always some portion of a
vmalloc allocation failing after hitting a freshly allocated PTE space not being
PTE_NONE (usually from a module load triggered by systemd-udevd). In the
non-dom0 case this repeats many times but ends in a guest that allows login. In
the dom0 case there is a more fatal error at some point causing a crash.
I have not tried this for a normal PV guest but for dom0 it also does not help
to add "nokaslr" to the kernel command-line.
-Stefan
19:35:02 [ 2.547049] ------------[ cut here ]------------
19:35:02 [ 2.547065] WARNING: CPU: 0 PID: 97 at
/build/buildd/linux-3.16.0/mm/vmalloc.c:128 vmap_page_range_noflush+0x2d1/0x370()
19:35:02 [ 2.547069] Modules linked in:
19:35:02 [ 2.547073] CPU: 0 PID: 97 Comm: systemd-udevd Not tainted
3.16.0-6-generic #11-Ubuntu
19:35:02 [ 2.547077] 0000000000000009 ffff880002defb98 ffffffff81755538
0000000000000000
19:35:02 [ 2.547082] ffff880002defbd0 ffffffff8106bb0d ffff88000400ec88
0000000000000001
19:35:02 [ 2.547086] ffff880002fcfb00 ffffffffc0391000 0000000000000000
ffff880002defbe0
19:35:02 [ 2.547090] Call Trace:
19:35:02 [ 2.547096] [<ffffffff81755538>] dump_stack+0x45/0x56
19:35:02 [ 2.547101] [<ffffffff8106bb0d>] warn_slowpath_common+0x7d/0xa0
19:35:02 [ 2.547104] [<ffffffff8106bbea>] warn_slowpath_null+0x1a/0x20
19:35:02 [ 2.547108] [<ffffffff81197c31>] vmap_page_range_noflush+0x2d1/0x370
19:35:02 [ 2.547112] [<ffffffff81197cfe>] map_vm_area+0x2e/0x40
19:35:02 [ 2.547115] [<ffffffff8119a058>] __vmalloc_node_range+0x188/0x280
19:35:02 [ 2.547120] [<ffffffff810e92b4>] ? module_alloc_update_bounds+0x14/0x70
19:35:02 [ 2.547124] [<ffffffff810e92b4>] ? module_alloc_update_bounds+0x14/0x70
19:35:02 [ 2.547129] [<ffffffff8104f294>] module_alloc+0x74/0xd0
19:35:02 [ 2.547132] [<ffffffff810e92b4>] ? module_alloc_update_bounds+0x14/0x70
19:35:02 [ 2.547135] [<ffffffff810e92b4>] module_alloc_update_bounds+0x14/0x70
19:35:02 [ 2.547146] [<ffffffff810e9a6c>] layout_and_allocate+0x74c/0xc70
19:35:02 [ 2.547149] [<ffffffff810ea063>] load_module+0xd3/0x1b70
19:35:02 [ 2.547154] [<ffffffff811cfeb1>] ? vfs_read+0xf1/0x170
19:35:02 [ 2.547157] [<ffffffff810e7aa1>] ? copy_module_from_fd.isra.46+0x121/0x180
19:35:02 [ 2.547161] [<ffffffff810ebc76>] SyS_finit_module+0x86/0xb0
19:35:02 [ 2.547167] [<ffffffff8175de7f>] tracesys+0xe1/0xe6
19:35:02 [ 2.547169] ---[ end trace 8a5de7fc66e75fe4 ]---
19:35:02 [ 2.547172] vmalloc: allocation failure, allocated 20480 of 24576 bytes
19:35:02 [ 2.547175] systemd-udevd: page allocation failure: order:0, mode:0xd2
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1350522
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next reply other threads:[~2014-08-08 11:20 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-08 11:20 Stefan Bader [this message]
2014-08-08 12:43 ` [Xen-devel] Xen PV domain regression with KASLR enabled (kernel 3.16) David Vrabel
2014-08-08 14:35 ` Stefan Bader
2014-08-12 17:28 ` Kees Cook
2014-08-12 18:05 ` Stefan Bader
2014-08-12 18:53 ` Kees Cook
2014-08-12 19:07 ` Konrad Rzeszutek Wilk
2014-08-21 16:03 ` Kees Cook
2014-08-22 9:20 ` Stefan Bader
2014-08-26 16:01 ` Konrad Rzeszutek Wilk
2014-08-27 8:03 ` Stefan Bader
2014-08-27 20:49 ` Konrad Rzeszutek Wilk
2014-08-28 18:01 ` [PATCH] Solved the Xen PV/KASLR riddle Stefan Bader
2014-08-28 22:22 ` Kees Cook
2014-08-28 22:42 ` [Xen-devel] " Andrew Cooper
2014-08-28 22:42 ` Andrew Cooper
2014-08-29 8:37 ` [Xen-devel] " Stefan Bader
2014-08-29 14:19 ` Andrew Cooper
2014-08-29 14:32 ` Stefan Bader
2014-08-29 14:43 ` Andrew Cooper
2014-08-29 14:08 ` Konrad Rzeszutek Wilk
2014-08-29 14:27 ` Stefan Bader
2014-08-29 14:31 ` David Vrabel
2014-08-29 14:35 ` Stefan Bader
2014-08-29 14:44 ` [Xen-devel] " Jan Beulich
2014-08-29 14:55 ` Konrad Rzeszutek Wilk
2014-09-01 4:03 ` Juergen Gross
2014-09-02 19:22 ` Konrad Rzeszutek Wilk
2014-09-03 4:07 ` Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53E4B281.5050302@canonical.com \
--to=stefan.bader@canonical.com \
--cc=david.vrabel@citrix.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.