From: Borislav Petkov <bp@alien8.de>
To: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Logan Gunthorpe <logang@deltatee.com>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Brian Gerst <brgerst@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Linux PM list <linux-pm@vger.kernel.org>,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH v3] x86/power/64: Fix kernel text mapping corruption during image restoration
Date: Thu, 30 Jun 2016 11:45:05 +0200 [thread overview]
Message-ID: <20160630094505.GA17833@pd.tnic> (raw)
In-Reply-To: <2398306.qXx6AZtdS5@vostro.rjw.lan>
On Thu, Jun 30, 2016 at 04:20:43AM +0200, Rafael J. Wysocki wrote:
> That's not what Boris was seeing at least.
Well, I had it a couple of times during testing patches. This is all
from the logs:
[ 65.121109] PM: Basic memory bitmaps freed
[ 65.125991] Restarting tasks ...
[ 65.129342] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 65.129585] done.
[ 65.141314] BUG: unable to handle kernel paging request at ffff88042b957e40
[ 65.141316] IP: [<ffff88042b957e40>] 0xffff88042b957e40
[ 65.141318] PGD 2067067 PUD 206a067 PMD 800000042b8001e3
[ 65.141319] Oops: 0011 [#1] PREEMPT SMP
[ 65.141327] Modules linked in: binfmt_misc ipv6 vfat fat amd64_edac_mod edac_mce_amd fuse dm_crypt dm_mod amdkfd kvm_amd kvm amd_iommu_v2 irqbypass crc32_pclmul radeon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd fam15h_power k10temp acpi_cpufreq
[ 65.141328] CPU: 6 PID: 1 Comm: init Not tainted 4.7.0-rc3+ #4
[ 65.141329] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 65.141329] task: ffff88042b958000 ti: ffff88042b954000 task.ti: ffff88042b954000
[ 65.141331] RIP: 0010:[<ffff88042b957e40>] [<ffff88042b957e40>] 0xffff88042b957e40
[ 65.141331] RSP: 0018:ffff88042b957e00 EFLAGS: 00010282
[ 65.141332] RAX: 0000000000000000 RBX: ffff88042b957f58 RCX: 0000000000000000
[ 65.141333] RDX: 0000000000000001 RSI: ffffffff81063b59 RDI: ffffffff8168898c
[ 65.141333] RBP: ffff88042b957ef0 R08: 0000000000000000 R09: 0000000000000002
[ 65.141334] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88042b954000
[ 65.141334] R13: ffff88042b954000 R14: ffff88042b957f58 R15: ffff88042b958000
[ 65.141335] FS: 00007fad32173800(0000) GS:ffff88043dd80000(0000) knlGS:0000000000000000
[ 65.141336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 65.141336] CR2: ffff88042b957e40 CR3: 00000004298e6000 CR4: 00000000000406e0
[ 65.141336] Stack:
[ 65.141338] ffff880037b81000 ffff880037b81000 0000000000000000 ffffffff81181e1e
[ 65.141339] ffffff9c00000002 ffff880429e8c600 ffffffff811782bf 0000000000000011
[ 65.141340] 000000000000049c 0000000000000001 0000000000001180 0000000000000000
[ 65.141340] Call Trace:
[ 65.141344] [<ffffffff81181e1e>] ? getname_flags+0x5e/0x1b0
[ 65.141346] [<ffffffff811782bf>] ? cp_new_stat+0x10f/0x120
[ 65.141348] [<ffffffff810bb33a>] ? ktime_get_ts64+0x4a/0xf0
[ 65.141353] [<ffffffff81185fc7>] ? poll_select_copy_remaining+0xe7/0x130
[ 65.141355] [<ffffffff8100263a>] exit_to_usermode_loop+0x8a/0xb0
[ 65.141356] [<ffffffff81002a6b>] syscall_return_slowpath+0x5b/0x70
[ 65.141358] [<ffffffff81688e72>] entry_SYSCALL_64_fastpath+0xa5/0xa7
[ 65.141374] Code: 00 00 00 1e 1e 18 81 ff ff ff ff 02 00 00 00 9c ff ff ff 00 c6 e8 29 04 88 ff ff bf 82 17 81 ff ff ff ff 11 00 00 00 00 00 00 00 <9c> 04 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 11 00 00 00
[ 65.141375] RIP [<ffff88042b957e40>] 0xffff88042b957e40
[ 65.141376] RSP <ffff88042b957e00>
[ 65.141376] CR2: ffff88042b957e40
[ 65.141378] ---[ end trace 5dc71ecf8d888ee6 ]---
[ 65.141509] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 65.141509]
[ 65.149191] Kernel Offset: disabled
[ 65.449314] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
...
[ 381.835297] Restarting tasks ...
[ 381.838620] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 381.838689] done.
[ 381.850763] BUG: unable to handle kernel paging request at ffff88042b957e40
[ 381.850765] IP: [<ffff88042b957e40>] 0xffff88042b957e40
[ 381.850766] PGD 2065067 PUD 2068067 PMD 800000042b8001e3
[ 381.850767] Oops: 0011 [#1] PREEMPT SMP
[ 381.850778] Modules linked in: binfmt_misc ipv6 vfat fat amd64_edac_mod edac_mce_amd fuse dm_crypt dm_mod amdkfd kvm_amd kvm amd_iommu_v2 radeon irqbypass crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd k10temp fam15h_power acpi_cpufreq
[ 381.850779] CPU: 3 PID: 1 Comm: init Not tainted 4.7.0-rc3+ #1
[ 381.850780] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 381.850781] task: ffff88042b958000 ti: ffff88042b954000 task.ti: ffff88042b954000
[ 381.850782] RIP: 0010:[<ffff88042b957e40>] [<ffff88042b957e40>] 0xffff88042b957e40
[ 381.850783] RSP: 0018:ffff88042b957e00 EFLAGS: 00010282
[ 381.850783] RAX: 0000000000000000 RBX: ffff88042b957f58 RCX: 0000000000000000
[ 381.850784] RDX: 0000000000000001 RSI: ffffffff81062a2d RDI: ffffffff81687d8c
[ 381.850784] RBP: ffff88042b957ef0 R08: 0000000000000000 R09: 0000000000000002
[ 381.850785] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88042b954000
[ 381.850785] R13: ffff88042b954000 R14: ffff88042b957f58 R15: ffff88042b958000
[ 381.850786] FS: 00007f1143649800(0000) GS:ffff88043dcc0000(0000) knlGS:0000000000000000
[ 381.850787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 381.850787] CR2: ffff88042b957e40 CR3: 00000004298af000 CR4: 00000000000406e0
[ 381.850788] Stack:
[ 381.850789] ffff88042b1ed000 ffff88042b1ed000 0000000000000000 ffffffff8117f8ae
[ 381.850790] ffffff9c00000002 ffff88042b09ac00 ffffffff81175d5f 0000000000000011
[ 381.850791] 0000000000001c3d 0000000000000001 0000000000001180 0000000000000000
[ 381.850792] Call Trace:
[ 381.850795] [<ffffffff8117f8ae>] ? getname_flags+0x5e/0x1b0
[ 381.850797] [<ffffffff81175d5f>] ? cp_new_stat+0x10f/0x120
[ 381.850799] [<ffffffff810b9eca>] ? ktime_get_ts64+0x4a/0xf0
[ 381.850800] [<ffffffff81183a57>] ? poll_select_copy_remaining+0xe7/0x130
[ 381.850802] [<ffffffff8100263a>] exit_to_usermode_loop+0x8a/0xb0
[ 381.850804] [<ffffffff81002a6b>] syscall_return_slowpath+0x5b/0x70
[ 381.850806] [<ffffffff81688272>] entry_SYSCALL_64_fastpath+0xa5/0xa7
[ 381.850820] Code: 00 00 00 ae f8 17 81 ff ff ff ff 02 00 00 00 9c ff ff ff 00 ac 09 2b 04 88 ff ff 5f 5d 17 81 ff ff ff ff 11 00 00 00 00 00 00 00 <3d> 1c 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 11 00 00 00
[ 381.850821] RIP [<ffff88042b957e40>] 0xffff88042b957e40
[ 381.850821] RSP <ffff88042b957e00>
[ 381.850821] CR2: ffff88042b957e40
[ 381.850824] ---[ end trace b4f9b4244a59d886 ]---
[ 381.851025] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
...
[ 49.003526] Restarting tasks ...
[ 49.007083] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 49.007237] done.
[ 49.022621] BUG: unable to handle kernel paging request at ffff88042b957e40
[ 49.022624] IP: [<ffff88042b957e40>] 0xffff88042b957e40
[ 49.022627] PGD 2065067 PUD 2068067 PMD 800000042b8001e3
[ 49.022629] Oops: 0011 [#1] PREEMPT SMP
[ 49.022642] Modules linked in: binfmt_misc ipv6 vfat fat amd64_edac_mod edac_mce_amd fuse dm_crypt dm_mod kvm_amd kvm amdkfd irqbypass crc32_pclmul amd_iommu_v2 radeon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd k10temp fam15h_power acpi_cpufreq
[ 49.022645] CPU: 4 PID: 1 Comm: init Not tainted 4.7.0-rc3+ #2
[ 49.022646] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 49.022648] task: ffff88042b958000 ti: ffff88042b954000 task.ti: ffff88042b954000
[ 49.022650] RIP: 0010:[<ffff88042b957e40>] [<ffff88042b957e40>] 0xffff88042b957e40
[ 49.022652] RSP: 0018:ffff88042b957e00 EFLAGS: 00010282
[ 49.022653] RAX: 0000000000000000 RBX: ffff88042b957f58 RCX: 0000000000000000
[ 49.022654] RDX: 0000000000000001 RSI: ffffffff81062a2d RDI: ffffffff81687d8c
[ 49.022655] RBP: ffff88042b957ef0 R08: 0000000000000000 R09: 0000000000000002
[ 49.022657] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88042b954000
[ 49.022658] R13: ffff88042b954000 R14: ffff88042b957f58 R15: ffff88042b958000
[ 49.022660] FS: 00007fe2cd5dc800(0000) GS:ffff88043dd00000(0000) knlGS:0000000000000000
[ 49.022661] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.022662] CR2: ffff88042b957e40 CR3: 0000000429edd000 CR4: 00000000000406e0
[ 49.022663] Stack:
[ 49.022666] ffff88042aca7000 ffff88042aca7000 0000000000000000 ffffffff8117f8ae
[ 49.022668] ffffff9c00000002 ffff880429e6e000 ffffffff81175d5f 0000000000000011
[ 49.022674] 0000000000001c49 0000000000000001 0000000000001180 0000000000000000
[ 49.022675] Call Trace:
[ 49.022680] [<ffffffff8117f8ae>] ? getname_flags+0x5e/0x1b0
[ 49.022683] [<ffffffff81175d5f>] ? cp_new_stat+0x10f/0x120
[ 49.022686] [<ffffffff810b9eca>] ? ktime_get_ts64+0x4a/0xf0
[ 49.022689] [<ffffffff81183a57>] ? poll_select_copy_remaining+0xe7/0x130
[ 49.022692] [<ffffffff8100263a>] exit_to_usermode_loop+0x8a/0xb0
[ 49.022695] [<ffffffff81002a6b>] syscall_return_slowpath+0x5b/0x70
[ 49.022698] [<ffffffff81688272>] entry_SYSCALL_64_fastpath+0xa5/0xa7
[ 49.022725] Code: 00 00 00 ae f8 17 81 ff ff ff ff 02 00 00 00 9c ff ff ff 00 e0 e6 29 04 88 ff ff 5f 5d 17 81 ff ff ff ff 11 00 00 00 00 00 00 00 <49> 1c 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 11 00 00 00
[ 49.022727] RIP [<ffff88042b957e40>] 0xffff88042b957e40
[ 49.022728] RSP <ffff88042b957e00>
[ 49.022729] CR2: ffff88042b957e40
[ 49.022732] ---[ end trace 6694c76b6124dda9 ]---
[ 49.022911] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 49.022911]
[ 49.030807] Kernel Offset: disabled
[ 49.348267] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
...
[ 39.616661] PM: Basic memory bitmaps freed
[ 39.621491] Restarting tasks ...
[ 39.624829] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 39.624908] done.
[ 39.636878] BUG: unable to handle kernel paging request at ffff88042b957e40
[ 39.636880] IP: [<ffff88042b957e40>] 0xffff88042b957e40
[ 39.636882] PGD 2065067 PUD 2068067 PMD 800000042b8001e3
[ 39.636883] Oops: 0011 [#1] PREEMPT SMP
[ 39.636890] Modules linked in: binfmt_misc ipv6 vfat fat amd64_edac_mod edac_mce_amd fuse dm_crypt dm_mod kvm_amd kvm irqbypass crc32_pclmul amdkfd amd_iommu_v2 radeon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd fam15h_power k10temp acpi_cpufreq
[ 39.636892] CPU: 6 PID: 1 Comm: init Not tainted 4.7.0-rc4+ #1
[ 39.636893] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 39.636894] task: ffff88042b958000 ti: ffff88042b954000 task.ti: ffff88042b954000
[ 39.636895] RIP: 0010:[<ffff88042b957e40>] [<ffff88042b957e40>] 0xffff88042b957e40
[ 39.636895] RSP: 0018:ffff88042b957e00 EFLAGS: 00010282
[ 39.636896] RAX: 0000000000000000 RBX: ffff88042b957f58 RCX: 0000000000000000
[ 39.636897] RDX: 0000000000000001 RSI: ffffffff81062a2d RDI: ffffffff81687d8c
[ 39.636897] RBP: ffff88042b957ef0 R08: 0000000000000000 R09: 0000000000000002
[ 39.636898] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88042b954000
[ 39.636898] R13: ffff88042b954000 R14: ffff88042b957f58 R15: ffff88042b958000
[ 39.636899] FS: 00007f45944a4800(0000) GS:ffff88043dd80000(0000) knlGS:0000000000000000
[ 39.636900] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.636900] CR2: ffff88042b957e40 CR3: 0000000429015000 CR4: 00000000000406e0
[ 39.636901] Stack:
[ 39.636902] ffff8800b9ec5000 ffff8800b9ec5000 0000000000000000 ffffffff8117f8be
[ 39.636903] ffffff9c00000002 ffff88042ae8aa80 ffffffff81175d6f 0000000000000011
[ 39.636904] 000000000000284c 0000000000000001 0000000000001180 0000000000000000
[ 39.636905] Call Trace:
[ 39.636908] [<ffffffff8117f8be>] ? getname_flags+0x5e/0x1b0
[ 39.636910] [<ffffffff81175d6f>] ? cp_new_stat+0x10f/0x120
[ 39.636912] [<ffffffff810b9eaa>] ? ktime_get_ts64+0x4a/0xf0
[ 39.636917] [<ffffffff81183a67>] ? poll_select_copy_remaining+0xe7/0x130
[ 39.636919] [<ffffffff8100263a>] exit_to_usermode_loop+0x8a/0xb0
[ 39.636921] [<ffffffff81002a6b>] syscall_return_slowpath+0x5b/0x70
[ 39.636922] [<ffffffff81688272>] entry_SYSCALL_64_fastpath+0xa5/0xa7
[ 39.636939] Code: 00 00 00 be f8 17 81 ff ff ff ff 02 00 00 00 9c ff ff ff 80 aa e8 2a 04 88 ff ff 6f 5d 17 81 ff ff ff ff 11 00 00 00 00 00 00 00 <4c> 28 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 11 00 00 00
[ 39.636939] RIP [<ffff88042b957e40>] 0xffff88042b957e40
[ 39.636940] RSP <ffff88042b957e00>
[ 39.636940] CR2: ffff88042b957e40
[ 39.636943] ---[ end trace 7b732e7484eb8577 ]---
[ 39.637066] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 39.637066]
[ 39.644839] Kernel Offset: disabled
[ 39.944295] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
next prev parent reply other threads:[~2016-06-30 9:45 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160617105435.GB15997@pd.tnic>
[not found] ` <alpine.DEB.2.11.1606171351390.5839@nanos>
[not found] ` <20160617132943.GA3336@nazgul.tnic>
2016-06-17 14:33 ` ktime_get_ts64() splat during resume Borislav Petkov
2016-06-17 15:28 ` Rafael J. Wysocki
2016-06-17 16:12 ` Borislav Petkov
2016-06-17 21:03 ` Rafael J. Wysocki
2016-06-18 1:11 ` Rafael J. Wysocki
2016-06-20 14:38 ` Rafael J. Wysocki
2016-06-20 18:29 ` Linus Torvalds
2016-06-20 21:15 ` Rafael J. Wysocki
2016-06-21 0:05 ` Rafael J. Wysocki
2016-06-21 1:22 ` Rafael J. Wysocki
2016-06-21 4:35 ` Logan Gunthorpe
2016-06-21 11:36 ` Rafael J. Wysocki
2016-06-21 18:04 ` Kees Cook
2016-06-21 23:29 ` Rafael J. Wysocki
2016-06-27 14:24 ` [PATCH v3] x86/power/64: Fix kernel text mapping corruption during image restoration (was: Re: ktime_get_ts64() splat during resume) Rafael J. Wysocki
2016-06-27 20:08 ` Borislav Petkov
2016-06-27 23:33 ` [PATCH v3] x86/power/64: Fix kernel text mapping corruption during image restoration Logan Gunthorpe
2016-06-29 14:48 ` Kees Cook
2016-06-30 1:52 ` Logan Gunthorpe
2016-06-30 2:20 ` Rafael J. Wysocki
2016-06-30 2:55 ` Rafael J. Wysocki
2016-06-30 3:56 ` Logan Gunthorpe
2016-06-30 12:16 ` Rafael J. Wysocki
2016-06-30 9:45 ` Borislav Petkov [this message]
2016-06-30 11:27 ` Rafael J. Wysocki
2016-06-30 13:17 ` [PATCH v4] " Rafael J. Wysocki
2016-06-30 15:05 ` Borislav Petkov
2016-06-30 15:17 ` Rafael J. Wysocki
2016-06-30 15:24 ` Andy Lutomirski
2016-06-30 15:29 ` Rafael J. Wysocki
2016-06-30 17:23 ` Andy Lutomirski
2016-06-30 16:11 ` [PATCH v5] " Rafael J. Wysocki
2016-06-30 17:02 ` Borislav Petkov
2016-06-30 21:47 ` Logan Gunthorpe
2016-06-20 8:17 ` ktime_get_ts64() splat during resume chenyu
2016-06-20 12:21 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160630094505.GA17833@pd.tnic \
--to=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=logang@deltatee.com \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=rjw@rjwysocki.net \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).