Re: Crash on booth with 6.10

public inbox for linux-parisc@vger.kernel.org
 help / color / mirror / Atom feed

From: Helge Deller <deller@kernel.org>
To: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>,
	Linux Parisc <linux-parisc@vger.kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	matoro <matoro_mailinglist_kernel@matoro.tk>,
	Sam James <sam@gentoo.org>
Subject: Re: Crash on booth with 6.10
Date: Sat, 31 Aug 2024 11:10:13 +0200	[thread overview]
Message-ID: <ZtLd9RUvxaV_SfiX@p100> (raw)
In-Reply-To: <eeb2389b-7ff9-4ee5-b6c9-73cc716c5a81@gmx.de>

* Helge Deller <deller@gmx.de>:
> On 8/30/24 20:18, Christoph Biedl wrote:
> > matoro wrote...
> > 
> > > Hi all, just bumped to the newest mainline starting with 6.10.2 and
> > > immediately ran into a crash on boot.  Fully reproducible, reverting back to
> > > last known good (6.9.8) resolves the issue.  Any clue what's going on here?
> > > I can provide full boot logs, start bisecting, etc if needed...
> > 
> > (...)
> > [   12.383562] sd 1:0:5:0: [sda] Attached SCSI disk
> > [   12.397737] Freeing unused kernel image (initmem) memory: 3072K
> > [   12.406839] Backtrace:
> > [   12.409235]  [<1116535c>] kernel_init+0x80/0x1d4
> > [   12.413911]  [<1040201c>] ret_from_kernel_thread+0x1c/0x24
> > [   12.419448]
> > [   12.422487] Kernel Fault: Code=26 (Data memory access rights trap) at addr 113c5f90
> > [   12.430172] CPU: 0 PID: 1 Comm: swapper Not tainted 6.10.7 #1
> > [   12.435958] Hardware name: 9000/785/C3600
> > [   12.439997]
> > [   12.506373] IASQ: 00000000 00000000 IAOQ: 10599508 1059950c
> > [   12.511980]  IIR: 0f941288    ISR: 00000000  IOR: 113c5f90
> > [   12.517495]  CPU:        0   CR30: 12892d00 CR31: 11111111
> > [   12.523016]  ORIG_R28: 55555555
> > [   12.526185]  IAOQ[0]: jump_label_init_ro+0x98/0xe4
> > [   12.531014]  IAOQ[1]: jump_label_init_ro+0x9c/0xe4
> > [   12.535872]  RP(r2): jump_label_init_ro+0x3c/0xe4
> > [   12.540610] Backtrace:
> > [   12.543000]  [<1116535c>] kernel_init+0x80/0x1d4
> > [   12.547654]  [<1040201c>] ret_from_kernel_thread+0x1c/0x24
> > [   12.553319]
> > [   12.557345] Kernel panic - not syncing: Kernel Fault
> > 
> > .config is attached, I can dig more in the next days.
> 
> I can reproduce.
> 
> The crash happens, because in kernel/jump_label.c: jump_label_init_ro(),
> this static key is accessed but gives a segfault, because this area is already read-only:
> mm/usercopy.c:static DEFINE_STATIC_KEY_FALSE_RO(bypass_usercopy_checks);
> 
> This is the only static key in this parisc kernel which is marked with __ro_after_init.
> The area is marked read-only in free_initmem() [in arch/parisc/mm/init.c],
> which happens before mark_readonly().

The same issue can be reproduced with git head (CONFIG_HARDENED_USERCOPY=y and
CONFIG_JUMP_LABEL=y).

Basically on parisc we write-protect the read-only data section too early.
The patch below fixes it for me.

Maturo, Christoph: Can you please test the patch and report back?

Helge


[PATCH] parisc: Delay write-protection until mark_rodata_ro() call

Do not write protect the data section earlier than before mark_rodata_ro() is
called.  This fixes a boot issue on parisc which was triggered by commit
91a1d97ef482 ("jump_label,module: Don't alloc static_key_mod for
__ro_after_init keys"). That commit may modify static keys contents in the
__ro_after_init section at bootup, so this section needs to be writable at
least until mark_rodata_ro() is called.

Fixes: 91a1d97ef482 ("jump_label,module: Don't alloc static_key_mod for __ro_after_init keys")
Reported-by: matoro <matoro_mailinglist_kernel@matoro.tk>
Reported-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Signed-off-by: Helge Deller <deller@gmx.de>

diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c
index 34d91cb8b259..6ffc6d99cb27 100644
--- a/arch/parisc/mm/init.c
+++ b/arch/parisc/mm/init.c
@@ -459,7 +459,6 @@ void free_initmem(void)
 	unsigned long kernel_end  = (unsigned long)&_end;
 
 	/* Remap kernel text and data, but do not touch init section yet. */
-	kernel_set_to_readonly = true;
 	map_pages(init_end, __pa(init_end), kernel_end - init_end,
 		  PAGE_KERNEL, 0);
 
@@ -493,11 +492,18 @@ void free_initmem(void)
 #ifdef CONFIG_STRICT_KERNEL_RWX
 void mark_rodata_ro(void)
 {
-	/* rodata memory was already mapped with KERNEL_RO access rights by
-           pagetable_init() and map_pages(). No need to do additional stuff here */
-	unsigned long roai_size = __end_ro_after_init - __start_ro_after_init;
+	unsigned long start = (unsigned long) &__start_rodata;
+	unsigned long end = (unsigned long) &__end_rodata;
+
+	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+	       (end - start) >> 10);
+
+	kernel_set_to_readonly = true;
+	map_pages(start, __pa(start), end - start, PAGE_KERNEL, 0);
 
-	pr_info("Write protected read-only-after-init data: %luk\n", roai_size >> 10);
+	/* force the kernel to see the new page table entries */
+	flush_cache_all();
+	flush_tlb_all();
 }
 #endif

next prev parent reply	other threads:[~2024-08-31  9:10 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-29 23:11 Crash on booth with 6.10 matoro
2024-07-30 13:41 ` John David Anglin
2024-07-30 13:50   ` John David Anglin
2024-07-31  0:36     ` Crash on boot with CONFIG_JUMP_LABEL in 6.10 matoro
2024-07-31 11:06       ` Peter Zijlstra
2024-07-31 13:31         ` Sam James
2024-07-31 13:41           ` Greg KH
2024-07-31 17:00             ` Sam James
2024-08-01  1:12               ` matoro
2024-08-30 18:18 ` Crash on booth with 6.10 Christoph Biedl
2024-08-30 23:33   ` Helge Deller
2024-08-31  9:10     ` Helge Deller [this message]
2024-08-31 17:44       ` Christoph Biedl

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:34d91cb8b25 dfblob:6ffc6d99cb2 )
 OR (
bs:"Re: Crash on booth with 6.10" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZtLd9RUvxaV_SfiX@p100 \
    --to=deller@kernel.org \
    --cc=linux-kernel.bfrz@manchmal.in-ulm.de \
    --cc=linux-parisc@vger.kernel.org \
    --cc=matoro_mailinglist_kernel@matoro.tk \
    --cc=peterz@infradead.org \
    --cc=sam@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox