From: Mike Rapoport <rppt@kernel.org>
To: Maurizio Lombardi <mlombard@redhat.com>
Cc: bp@alien8.de, tglx@linutronix.de, x86@kernel.org,
pjones@redhat.com, konrad@kernel.org, george.kennedy@oracle.com,
rafael@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2] iscsi_ibft: fix crash due to KASLR physical memory remapping
Date: Wed, 28 Jul 2021 09:05:16 +0300 [thread overview]
Message-ID: <YQDznBi5NuTIKd+x@kernel.org> (raw)
In-Reply-To: <20210727111446.119561-1-mlombard@redhat.com>
Hi,
On Tue, Jul 27, 2021 at 01:14:46PM +0200, Maurizio Lombardi wrote:
> Starting with commit a799c2bd29d19c565f37fa038b31a0a1d44d0e4d
> memory reservations have been moved earlier during the boot process,
> before the execution of the Kernel Address Space Layout Randomization code.
>
> setup_arch() calls the iscsi_ibft's find_ibft_region() function
> to find and reserve the memory dedicated to the iBFT; this function
> also saves a (virt) pointer to the iBFT table for later use.
^ virtual
> The problem is that if KALSR is active, the physical memory gets
> remapped somewhere else in the virtual address space and the pointer is
> no longer valid, this will cause a kernel panic when the iscsi driver tries
> to dereference it.
Please drop "this patch" and use imperative language, e.g. "Fix this bug
by..."
> This patch fixes the bug by saving the address of the physical location
> of the ibft; later the driver will use isa_bus_to_virt() to get
> the correct virtual address.
>
> It will also simplify the code by renaming find_ibft_region()
> to reserve_ibft_region() and removing all the wrappers.
>
> [ 37.764225] iBFT detected.
It is better to put the crash report close to the problem description as it
actually shows how the issue is manifested.
> [ 37.778877] BUG: unable to handle page fault for address: ffff888000099fd8
> [ 37.816542] #PF: supervisor read access in kernel mode
> [ 37.844304] #PF: error_code(0x0000) - not-present page
> [ 37.872857] PGD 0 P4D 0
> [ 37.886985] Oops: 0000 [#1] SMP PTI
> [ 37.904809] CPU: 46 PID: 1073 Comm: modprobe Tainted: G X --------- --- 5.13.0-0.rc2.19.el9.x86_64 #1
> [ 37.956525] Hardware name: HP ProLiant DL580 G7, BIOS P65 10/01/2013
> [ 37.987170] RIP: 0010:ibft_init+0x3e/0xd42 [iscsi_ibft]
> [ 38.012976] Code: 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 83 3d e1 cc 7e d7 00 74 28 48 c7 c7 21 81 1b c0 e8 b3 10 81 d5 48 8b 05 cc cc 7e d7 <0f> b6 70 08 48 63 50 04 40 80 fe 01 75 5e 31 f6 48 01 c2 eb 6e 83
> [ 38.106835] RSP: 0018:ffffb7d288fc3db0 EFLAGS: 00010246
> [ 38.131341] RAX: ffff888000099fd0 RBX: 0000000000000000 RCX: 0000000000000000
> [ 38.167110] RDX: 0000000000000000 RSI: ffff9ba7efb97c80 RDI: ffff9ba7efb97c80
> [ 38.200777] RBP: ffffffffc01c82be R08: 0000000000000000 R09: ffffb7d288fc3bf0
> [ 38.237188] R10: ffffb7d288fc3be8 R11: ffffffff96de70a8 R12: ffff9ba4059d6400
> [ 38.270940] R13: 000055689f1ac050 R14: 000055689df18962 R15: ffffb7d288fc3e78
> [ 38.307167] FS: 00007f9546720b80(0000) GS:ffff9ba7efb80000(0000) knlGS:0000000000000000
> [ 38.351204] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 38.381034] CR2: ffff888000099fd8 CR3: 000000044175e004 CR4: 00000000000206e0
> [ 38.419938] Call Trace:
> [ 38.432679] ? ibft_create_kobject+0x1d2/0x1d2 [iscsi_ibft]
> [ 38.462584] do_one_initcall+0x44/0x1d0
> [ 38.480856] ? kmem_cache_alloc_trace+0x119/0x220
> [ 38.505554] do_init_module+0x5c/0x270
> [ 38.526578] __do_sys_init_module+0x12e/0x1b0
> [ 38.548699] do_syscall_64+0x40/0x80
> [ 38.565679] entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> v2: fix a comment in linux/iscsi_ibft.h
>
> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
> ---
> arch/x86/kernel/setup.c | 10 -------
> drivers/firmware/iscsi_ibft.c | 10 +++++--
> drivers/firmware/iscsi_ibft_find.c | 48 +++++++++++-------------------
> include/linux/iscsi_ibft.h | 18 +++++------
> 4 files changed, 32 insertions(+), 54 deletions(-)
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2021-07-28 6:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 11:14 [PATCH V2] iscsi_ibft: fix crash due to KASLR physical memory remapping Maurizio Lombardi
2021-07-28 6:05 ` Mike Rapoport [this message]
2021-07-28 9:39 ` Maurizio Lombardi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YQDznBi5NuTIKd+x@kernel.org \
--to=rppt@kernel.org \
--cc=bp@alien8.de \
--cc=george.kennedy@oracle.com \
--cc=konrad@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlombard@redhat.com \
--cc=pjones@redhat.com \
--cc=rafael@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.