* Re: [Bug 203559] New: usercopy_abort triggered by build_test_sglist
[not found] <bug-203559-27@https.bugzilla.kernel.org/>
@ 2019-05-09 22:46 ` Andrew Morton
2019-05-09 23:20 ` Eric Biggers
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Morton @ 2019-05-09 22:46 UTC (permalink / raw)
To: Herbert Xu; +Cc: bugzilla-daemon, linux-crypto, mihai.dontu
(switched to email. Please respond via emailed reply-to-all, not via the
bugzilla web interface).
On Thu, 09 May 2019 09:37:08 +0000 bugzilla-daemon@bugzilla.kernel.org wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=203559
>
> Bug ID: 203559
> Summary: usercopy_abort triggered by build_test_sglist
> Product: Memory Management
> Version: 2.5
> Kernel Version: 5.1
> Hardware: x86-64
> OS: Linux
> Tree: Mainline
> Status: NEW
> Severity: low
> Priority: P1
> Component: Other
> Assignee: akpm@linux-foundation.org
> Reporter: mihai.dontu@gmail.com
> Regression: No
>
> Created attachment 282687
> --> https://bugzilla.kernel.org/attachment.cgi?id=282687&action=edit
> kernel config
>
> I have CONFIG_CRYPTO_FIPS and CONFIG_HARDENED_USERCOPY_PAGESPAN enabled from an
> experiment I forgot about, that started triggering a crash very early at boot
> with kernel 5.1:
>
> usercopy: Kernel memory overwrite attempt detected to spans multiple pages
> (offset 0, size 372)!
> ------------[ cut here]------------
> kernel BUG at mm/usercopy.c:102!
> invalid opcode: 0000 [#1] PREEMPT SMP PTI
> CPU: 0 PID: 42 Comm: cryptomgr_test Trainted: G T 5.1.0-gentoo #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-1.fc28
> 04/01/2014
> RIP: 0010:usercopy_abort+0x87/0x89
> Code: c3 ae 48 c7 c6 c9 9c ba ae 41 55 48 c7 c7 38 9e bb ae 48 0f 45 d1 48 c7
> c1 51
> 9d bb ae 50 48 0f 45 f1 4c 89 e1 e8 fb 50 e8 ff <0f> 0b 49 89 d8 31 c9 44
> 89
> ea 31 f6 48 c7 c7 9a 9d bb ae e8 61 ff
> ...
> Call Trace:
> __check_object_size.cold+0x16/0xa6
> build_test_sglist+0x283/0x370
> ? skcipher_walk_done+0x105/0x220
> ? ecb_crypt+0xa5/0x110
> build_cipher_test_sglist+0xa0/0x120
> test_skcipher_vec_cfg+0x1c4/0x6e0
> ...
>
> The information above is from a screenshot, thus some opcodes or offsets might
> be wrong.
>
> The 5.0.13 kernel does not have this issue.
>
> --
> You are receiving this mail because:
> You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Bug 203559] New: usercopy_abort triggered by build_test_sglist
2019-05-09 22:46 ` [Bug 203559] New: usercopy_abort triggered by build_test_sglist Andrew Morton
@ 2019-05-09 23:20 ` Eric Biggers
0 siblings, 0 replies; 2+ messages in thread
From: Eric Biggers @ 2019-05-09 23:20 UTC (permalink / raw)
To: Andrew Morton
Cc: Herbert Xu, bugzilla-daemon, linux-crypto, mihai.dontu, Kees Cook
[+Kees Cook <keescook@chromium.org>]
On Thu, May 09, 2019 at 03:46:08PM -0700, Andrew Morton wrote:
>
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Thu, 09 May 2019 09:37:08 +0000 bugzilla-daemon@bugzilla.kernel.org wrote:
>
> > https://bugzilla.kernel.org/show_bug.cgi?id=203559
> >
> > Bug ID: 203559
> > Summary: usercopy_abort triggered by build_test_sglist
> > Product: Memory Management
> > Version: 2.5
> > Kernel Version: 5.1
> > Hardware: x86-64
> > OS: Linux
> > Tree: Mainline
> > Status: NEW
> > Severity: low
> > Priority: P1
> > Component: Other
> > Assignee: akpm@linux-foundation.org
> > Reporter: mihai.dontu@gmail.com
> > Regression: No
> >
> > Created attachment 282687
> > --> https://bugzilla.kernel.org/attachment.cgi?id=282687&action=edit
> > kernel config
> >
> > I have CONFIG_CRYPTO_FIPS and CONFIG_HARDENED_USERCOPY_PAGESPAN enabled from an
> > experiment I forgot about, that started triggering a crash very early at boot
> > with kernel 5.1:
> >
> > usercopy: Kernel memory overwrite attempt detected to spans multiple pages
> > (offset 0, size 372)!
> > ------------[ cut here]------------
> > kernel BUG at mm/usercopy.c:102!
> > invalid opcode: 0000 [#1] PREEMPT SMP PTI
> > CPU: 0 PID: 42 Comm: cryptomgr_test Trainted: G T 5.1.0-gentoo #1
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-1.fc28
> > 04/01/2014
> > RIP: 0010:usercopy_abort+0x87/0x89
> > Code: c3 ae 48 c7 c6 c9 9c ba ae 41 55 48 c7 c7 38 9e bb ae 48 0f 45 d1 48 c7
> > c1 51
> > 9d bb ae 50 48 0f 45 f1 4c 89 e1 e8 fb 50 e8 ff <0f> 0b 49 89 d8 31 c9 44
> > 89
> > ea 31 f6 48 c7 c7 9a 9d bb ae e8 61 ff
> > ...
> > Call Trace:
> > __check_object_size.cold+0x16/0xa6
> > build_test_sglist+0x283/0x370
> > ? skcipher_walk_done+0x105/0x220
> > ? ecb_crypt+0xa5/0x110
> > build_cipher_test_sglist+0xa0/0x120
> > test_skcipher_vec_cfg+0x1c4/0x6e0
> > ...
> >
> > The information above is from a screenshot, thus some opcodes or offsets might
> > be wrong.
> >
> > The 5.0.13 kernel does not have this issue.
> >
> > --
> > You are receiving this mail because:
> > You are the assignee for the bug.
There was already a long discussion on this where it was concluded that the
pagespan check is broken. See https://lkml.org/lkml/2019/3/19/279 and
https://lkml.org/lkml/2019/4/14/313
I think CONFIG_HARDENED_USERCOPY_PAGESPAN should be removed or marked 'depends
on BROKEN', until someone can find a way to make it work properly.
- Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-09 23:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-203559-27@https.bugzilla.kernel.org/>
2019-05-09 22:46 ` [Bug 203559] New: usercopy_abort triggered by build_test_sglist Andrew Morton
2019-05-09 23:20 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).