From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754520AbcIIPgo (ORCPT ); Fri, 9 Sep 2016 11:36:44 -0400 Received: from mail.kernel.org ([198.145.29.136]:36874 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753934AbcIIPgk (ORCPT ); Fri, 9 Sep 2016 11:36:40 -0400 Date: Fri, 9 Sep 2016 12:36:26 -0300 From: Arnaldo Carvalho de Melo To: Adrian Hunter Cc: Jiri Olsa , Wang Nan , Josh Poimboeuf , Kees Cook , Namhyung Kim , Ingo Molnar , Linux Kernel Mailing List Subject: perf test "object code reading" segfaulting via usercopy check Message-ID: <20160909153626.GD32585@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.7.0 (2016-08-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Adrian, I noticed that 'perf test "object code reading"' is segfaulting here: [root@jouet linux]# perf test -F "object code reading" 21: Test object code reading :Segmentation fault [root@jouet linux]# dmesg output below, trying to figure this out... - Arnaldo [27229.248484] usercopy: kernel memory exposure attempt detected from ffffffffbd064000 () (4096 bytes) [27229.248510] ------------[ cut here ]------------ [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! [27229.250870] invalid opcode: 0000 [#24] SMP [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 i2c_algo_bit drm_kms_helper [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp serio_raw pps_core fjes video [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW (1.14 ) 05/21/2015 [27229.265737] task: ffff96b1b0295880 task.stack: ffff96b146970000 [27229.267187] RIP: 0010:[] [] __check_object_size+0x10c/0x3b6 [27229.268638] RSP: 0018:ffff96b146973da0 EFLAGS: 00010286 [27229.270105] RAX: 0000000000000064 RBX: ffffffffbd064000 RCX: 0000000000000000 [27229.271595] RDX: 0000000000000000 RSI: ffff96b23dc0dfe8 RDI: ffff96b23dc0dfe8 [27229.273068] RBP: ffff96b146973dc0 R08: 000000000003caa4 R09: 0000000000000005 [27229.274568] R10: 0000000000000018 R11: 0000000000000daa R12: 0000000000001000 [27229.276045] R13: 0000000000000001 R14: ffffffffbd065000 R15: ffff96b146973f18 [27229.277511] FS: 00007f5a9f9337c0(0000) GS:ffff96b23dc00000(0000) knlGS:0000000000000000 [27229.278930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [27229.280348] CR2: 00007f5a9f8b3006 CR3: 000000014a06d000 CR4: 00000000003427f0 [27229.281794] DR0: 000000000047eba0 DR1: 000000000047e4c0 DR2: 0000000001fe75f0 [27229.283242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [27229.284662] Stack: [27229.286021] 0000000000001000 0000000000001000 0000000003e76b28 ffffffffbd064000 [27229.287387] ffff96b146973e20 ffffffffbd2ce1e3 0000000000000000 00007ffca1a2c980 [27229.288700] 0000000db0295880 0000000000003000 0000000095f34628 ffff96b233dcc180 [27229.289983] Call Trace: [27229.291244] [] ? kvm_check_and_clear_guest_paused+0x10/0x50 [27229.292465] [] read_kcore+0x263/0x340 [27229.293653] [] proc_reg_read+0x42/0x70 [27229.294824] [] __vfs_read+0x37/0x150 [27229.295959] [] ? security_file_permission+0xa0/0xc0 [27229.297087] [] vfs_read+0x96/0x130 [27229.298205] [] SyS_pread64+0x95/0xb0 [27229.299334] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 [27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89 [27229.301687] RIP [] __check_object_size+0x10c/0x3b6 [27229.302874] RSP [27229.304055] hpet1: lost 3 rtc interrupts [27229.304079] ---[ end trace 60cb58c77b724270 ]--- [root@jouet linux]#