From: Sasha Levin <sasha.levin@oracle.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Ingo Molnar <mingo@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Brian Gerst <brgerst@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andrey Ryabinin <a.ryabinin@samsung.com>
Subject: Re: [PATCH] x86/asm/entry/64: Clean up entry_64.S
Date: Fri, 10 Jul 2015 09:27:57 -0400 [thread overview]
Message-ID: <559FC85D.1010307@oracle.com> (raw)
In-Reply-To: <CALCETrWQe2Vbx6XENKfAv=S6NOaGTdTxJoWXzsE7ts9k79ZrPg@mail.gmail.com>
On 07/08/2015 08:59 PM, Andy Lutomirski wrote:
> Having failed to bisect, let's look at the trace:
>
> On Mon, Jul 6, 2015 at 8:00 AM, Sasha Levin <sasha.levin@oracle.com> wrote:
>> [3157054.661763] ------------[ cut here ]------------
>> [3157054.662552] kernel BUG at arch/x86/kernel/nmi.c:533!
>> [3157054.663277] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
>> [3157054.664164] Dumping ftrace buffer:
>> [3157054.664740] (ftrace buffer empty)
>> [3157054.665274] Modules linked in:
>> [3157054.665768] CPU: 16 PID: 11446 Comm: trinity-main Not tainted 4.1.0-next-20150703-sasha-00040-gd868f14-dirty #2292
>> [3157054.667203] task: ffff880408813000 ti: ffff8803d29c8000 task.ti: ffff8803d29c8000
>> [3157054.668256] RIP: do_nmi (arch/x86/kernel/nmi.c:533 (discriminator 1))
>> [3157054.669378] RSP: 0018:ffff88077800bed8 EFLAGS: 00010006
>> [3157054.670141] ==================================================================
>> [3157054.671268] BUG: KASan: out of bounds on stack in __show_regs+0x7f6/0x940 at addr ffff88077800be50
>
> I bet that__show_regs interacts poorly with KASan for some reason.
> But that's not the underlying bug. In fact, the bad read is quite
> close the RSP, so this is almost certainly a bug in KASan or
> __show_regs.
>
>> [3157054.674604] Read of size 8 by task trinity-main/11446
>> [3157054.676521] page:ffffea001de002c0 count:1 mapcount:0 mapping: (null) index:0x0
>> [3157054.679451] flags: 0x42fffff80000400(reserved)
>> [3157054.681237] page dumped because: kasan: bad access detected
>> [3157054.683326] CPU: 16 PID: 11446 Comm: trinity-main Not tainted 4.1.0-next-20150703-sasha-00040-gd868f14-dirty #2292
>> [3157054.687097] ffff88077800be50 000000009c65e33f ffff88077800b9f8 ffffffffa0ac8938
>> [3157054.690303] 1ffffd4003bc0058 ffff88077800ba88 ffff88077800ba78 ffffffff9759796e
>> [3157054.693365] ffff88077800bab8 ffffffffa0abe0b3 0000000000000082 ffffffffa2fe39e4
>> [3157054.696209] Call Trace:
>> [3157054.697180] <NMI> dump_stack (lib/dump_stack.c:52)
>> [3157054.699390] kasan_report_error (mm/kasan/report.c:132 mm/kasan/report.c:193)
>> [3157054.701663] ? printk (kernel/printk/printk.c:1896)
>> [3157054.703531] ? bitmap_weight (include/linux/bitmap.h:303)
>> [3157054.705553] __asan_report_load8_noabort (mm/kasan/report.c:230 mm/kasan/report.c:251)
>> [3157054.708014] ? __show_regs (arch/x86/kernel/process_64.c:68)
>> [3157054.710046] __show_regs (arch/x86/kernel/process_64.c:68)
>> [3157054.712066] ? printk (kernel/printk/printk.c:1896)
>> [3157054.713878] ? bitmap_weight (include/linux/bitmap.h:303)
>> [3157054.715875] ? start_thread_common.constprop.0 (arch/x86/kernel/process_64.c:58)
>> [3157054.718336] ? dump_stack_print_info (kernel/printk/printk.c:3121)
>> [3157054.720619] show_regs (arch/x86/kernel/dumpstack_64.c:313)
>> [3157054.722530] __die (arch/x86/kernel/dumpstack.c:294)
>> [3157054.724290] die (arch/x86/kernel/dumpstack.c:316)
>> [3157054.725962] do_trap (arch/x86/kernel/traps.c:214 arch/x86/kernel/traps.c:260)
>> [3157054.727805] do_error_trap (arch/x86/kernel/traps.c:298 include/linux/jump_label.h:125 include/linux/context_tracking_state.h:29 include/linux/context_tracking.h:46 arch/x86/kernel/traps.c:302)
>> [3157054.729843] ? do_device_not_available (arch/x86/kernel/traps.c:291)
>> [3157054.732211] ? do_nmi (arch/x86/kernel/nmi.c:533 (discriminator 1))
>> [3157054.734101] ? kvm_clock_read (./arch/x86/include/asm/preempt.h:87 arch/x86/kernel/kvmclock.c:86)
>> [3157054.736165] ? sched_clock (arch/x86/kernel/tsc.c:305)
>> [3157054.738126] ? nmi_handle (arch/x86/kernel/nmi.c:134)
>> [3157054.740133] ? trace_hardirqs_off_thunk (arch/x86/entry/thunk_64.S:40)
>> [3157054.742997] do_invalid_op (arch/x86/kernel/traps.c:313)
>> [3157054.744991] invalid_op (arch/x86/entry/entry_64.S:925)
>
> So we got #UD somewhere...
>
>> [3157054.746873] ? do_nmi (arch/x86/kernel/nmi.c:533 (discriminator 1))
>> [3157054.748769] ? do_nmi (arch/x86/kernel/nmi.c:515 arch/x86/kernel/nmi.c:531)
>> [3157054.750658] end_repeat_nmi (arch/x86/entry/entry_64.S:1435)
>
> ...here, perhaps?
>
> Do you know what line 1435 was in the version you tested? There
> shouldn't be funny instructions in end_repeat_nmi, though. Did we end
> up off an instruction boundary?
Yes, arch/x86/entry/entry_64.S:1435 is 'call do_nmi', do_nmi does nmi_enter(),
which is actually:
? do_nmi (arch/x86/kernel/nmi.c:533
And that has a BUG_ON(in_nmi()); in it.
>
> Here's my wild guess. The repeat_nmi thing is really rare. What if
> there's a CPU or emulator that can't do mov %cr2, %r12 or vice versa?
> mov from cr has a somewhat unusual encoding. What platform is this?
> Does KASan play games that would cause KVM to emulate a mov to or from
> cr2?
It's just a regular KVM guest, I'm not sure about KASan (Andrey Cc'ed).
Thanks,
Sasha
next prev parent reply other threads:[~2015-07-10 13:30 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-08 8:34 [PATCH 0/4] x86: Untangle and standardize x86 system call entry point names Ingo Molnar
2015-06-08 8:34 ` [PATCH 1/4] x86/asm/entry: Rename compat syscall entry points Ingo Molnar
2015-06-08 8:47 ` Borislav Petkov
2015-06-08 8:34 ` [PATCH 2/4] x86/asm/entry: Untangle 'ia32_sysenter_target' into two entry points: entry_SYSENTER_32 and entry_SYSENTER_compat Ingo Molnar
2015-06-09 0:13 ` Andy Lutomirski
2015-06-09 9:33 ` Ingo Molnar
2015-06-09 16:33 ` Andy Lutomirski
2015-06-08 8:35 ` [PATCH 3/4] x86/asm/entry: Untangle 'system_call' into two entry points: entry_SYSCALL_64 and entry_INT80_32 Ingo Molnar
2015-06-08 8:35 ` [PATCH 4/4] x86/asm/entry/32: Clean up entry_32.S Ingo Molnar
2015-06-08 13:14 ` Denys Vlasenko
2015-06-08 18:51 ` [PATCH] x86/asm/entry/64: Clean up entry_64.S Ingo Molnar
2015-07-06 15:00 ` Sasha Levin
2015-07-06 16:07 ` Ingo Molnar
2015-07-06 16:19 ` Sasha Levin
2015-07-06 16:23 ` Ingo Molnar
2015-07-06 16:36 ` Sasha Levin
2015-07-06 16:43 ` Ingo Molnar
2015-07-06 17:02 ` Sasha Levin
2015-07-06 17:20 ` Andy Lutomirski
2015-07-06 17:34 ` Sasha Levin
2015-07-06 17:41 ` Ingo Molnar
2015-07-06 18:35 ` Andy Lutomirski
2015-07-06 18:39 ` Andy Lutomirski
2015-07-08 15:39 ` Sasha Levin
2015-07-07 7:01 ` Ingo Molnar
2015-07-09 0:59 ` Andy Lutomirski
2015-07-10 13:27 ` Sasha Levin [this message]
2015-07-10 15:26 ` Andrey Ryabinin
2015-07-10 15:36 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559FC85D.1010307@oracle.com \
--to=sasha.levin@oracle.com \
--cc=a.ryabinin@samsung.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.