From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Guenter Roeck <linux@roeck-us.net>, Jens Axboe <axboe@kernel.dk>,
Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Peter Anvin <hpa@zytor.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>
Subject: Re: Linux 6.11-rc1
Date: Wed, 31 Jul 2024 11:11:48 +0200 [thread overview]
Message-ID: <20240731091148.GW33588@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20240731082111.GAZqnz97mCll6rDyV-@fat_crate.local>
On Wed, Jul 31, 2024 at 10:21:11AM +0200, Borislav Petkov wrote:
> On Tue, Jul 30, 2024 at 04:54:43PM -0700, Linus Torvalds wrote:
> > You also seemed to say that it only happened with some CPU selections.
> > Maybe there's something wrong with the ALTERNATIVE() cleanups - I'm
> > looking at that new "nested alternatives macros" thing, and the odd
> > games we play with the origin and replacement lengths etc.
> >
> > That all looks entirely crazy. That file was hard to read before, now
> > it's just incomprehensible to me.
>
> I'm sorry to hear that. The reason we did it is because it was starting to
> become really unwieldy to add a yet another alternative choice N in an
> ALTERNATIVE_N call...
>
> Anyway, I'll try to reproduce here. In the meantime, can anyone who can
> reproduce - Guenter, Jens - boot that failing kernel with
>
> debug-alternative=-1
>
> and copy dmesg and vmlinux somewhere for me?
>
> It is a lot of output so make sure to catch it all.
So what I done instead is add: nokaslr to CMDLINE and -S -s to qemu and
am staring at the failing kernel in gdb.
So far all the alternatives in the affected paths look just fine.
Not that any of it is making sense, notably:
Code: bf 1e c2 e9 23 06 00 00 66 90 8d 76 00 fc 6a 00 68 f0 bd 1e c2 e9 11 06 00 00 8d 76 00 fc 6a 00 68 54 c5 1e c2 e9 01 06 00 00 <8d> 76 00 fc 68 b0 e9 1e c2 e9 f3 05 00 00 66 90 8d 76 00 fc 6a 00
decodes to:
0: bf 1e c2 e9 23 mov $0x23e9c21e,%edi
5: 06 (bad)
6: 00 00 add %al,(%rax)
8: 66 90 xchg %ax,%ax
asm_exc_invalid_op:
a: 8d 76 00 lea 0x0(%rsi),%esi
d: fc cld
e: 6a 00 push $0x0
10: 68 f0 bd 1e c2 push $0xffffffffc21ebdf0
15: e9 11 06 00 00 jmp 0x62b
asm_exc_int3:
1a: 8d 76 00 lea 0x0(%rsi),%esi
1d: fc cld
1e: 6a 00 push $0x0
20: 68 54 c5 1e c2 push $0xffffffffc21ec554
25: e9 01 06 00 00 jmp 0x62b
asm_exc_page_fault:
2a:* 8d 76 00 lea 0x0(%rsi),%esi <-- trapping instruction
2d: fc cld
2e: 68 b0 e9 1e c2 push $0xffffffffc21ee9b0
33: e9 f3 05 00 00 jmp 0x62b
38: 66 90 xchg %ax,%ax
asm_exc_machine_check:
3a: 8d 76 00 lea 0x0(%rsi),%esi
3d: fc cld
3e: 6a 00 push $0x0
And that trapping instruction is the CLAC nop (still a nop in the
faulting kernel image):
(gdb) disassemble asm_exc_page_fault
Dump of assembler code for function asm_exc_page_fault:
0xc2200350 <+0>: lea 0x0(%esi),%esi
0xc2200353 <+3>: cld
0xc2200354 <+4>: push $0xc21ee9b0
0xc2200359 <+9>: jmp 0xc2200951 <handle_exception>
End of assembler dump.
And then we have the endless stream of:
asm_exc_int3+0x10/0x10
which really is: asm_exc_page_fault+0x0/0x10, but that cannot be,
because then we'd have #DF much sooner.
The restore_all_switch_stack+0x65/0xe6 thing looks like so in the live
kernel image:
(gdb) disassemble restore_all_switch_stack
Dump of assembler code for function entry_INT80_32:
...
0xc22008c5 <+353>: mov %cr3,%eax
0xc22008c8 <+356>: or $0x1000,%eax
0xc22008cd <+361>: mov %eax,%cr3
0xc22008d0 <+364>: mov %esi,%esi <--- here
0xc22008d2 <+366>: testl $0x2,0x34(%esp)
0xc22008da <+374>: je 0xc22008e8 <entry_INT80_32+388>
0xc22008dc <+376>: mov %cr3,%eax
0xc22008df <+379>: test $0x1000,%eax
0xc22008e4 <+384>: jne 0xc22008e8 <entry_INT80_32+388>
0xc22008e6 <+386>: ud2
0xc22008e8 <+388>: pop %ebx
...
So that is indeed BUG_IF_WRONG_CR3 and the JMP got patched to a NOP2.
Nothing strange there.
So yeah, no clue still.
next prev parent reply other threads:[~2024-07-31 9:11 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-28 21:40 Linux 6.11-rc1 Linus Torvalds
2024-07-29 9:28 ` Build regressions/improvements in v6.11-rc1 Geert Uytterhoeven
2024-07-29 9:35 ` Geert Uytterhoeven
2024-07-29 9:54 ` Arnd Bergmann
2024-07-29 10:07 ` Geert Uytterhoeven
2024-07-29 15:29 ` Linux 6.11-rc1 Guenter Roeck
2024-07-29 19:23 ` Linus Torvalds
2024-07-29 19:50 ` Linus Torvalds
2024-07-29 21:34 ` Arnd Bergmann
2024-07-29 23:47 ` Linus Torvalds
2024-07-30 15:47 ` Arnd Bergmann
2024-07-30 7:54 ` Peter Zijlstra
2024-07-31 15:45 ` Guenter Roeck
2024-07-30 17:04 ` Guenter Roeck
2024-07-30 17:20 ` Jens Axboe
2024-07-30 18:22 ` Guenter Roeck
2024-07-30 18:35 ` Jens Axboe
2024-07-30 18:54 ` Jens Axboe
2024-07-30 18:53 ` Linus Torvalds
2024-07-30 19:22 ` Peter Zijlstra
2024-07-30 19:31 ` Jens Axboe
2024-07-30 19:34 ` Jens Axboe
2024-07-30 19:38 ` Peter Zijlstra
2024-07-30 19:41 ` Linus Torvalds
2024-07-30 20:04 ` Guenter Roeck
2024-07-30 20:09 ` Peter Zijlstra
2024-07-30 21:12 ` Peter Zijlstra
2024-07-30 23:29 ` Guenter Roeck
2024-07-30 23:54 ` Linus Torvalds
2024-07-31 8:21 ` Borislav Petkov
2024-07-31 9:11 ` Peter Zijlstra [this message]
2024-07-31 10:02 ` Borislav Petkov
2024-07-31 14:37 ` Guenter Roeck
2024-07-31 13:24 ` Jens Axboe
2024-07-30 20:13 ` Linus Torvalds
2024-07-30 20:24 ` Guenter Roeck
2024-07-31 12:20 ` Peter Zijlstra
2024-07-31 13:03 ` Thomas Gleixner
2024-07-31 15:55 ` Peter Zijlstra
2024-07-31 16:17 ` Linus Torvalds
2024-07-31 16:31 ` Peter Zijlstra
2024-07-31 16:50 ` Guenter Roeck
2024-07-31 16:51 ` Peter Zijlstra
2024-07-31 17:26 ` Thomas Gleixner
2024-07-31 21:20 ` Peter Zijlstra
2024-07-31 21:23 ` Linus Torvalds
2024-07-31 21:26 ` Peter Zijlstra
2024-07-31 21:41 ` Linus Torvalds
2024-07-31 21:47 ` Thomas Gleixner
2024-07-31 22:22 ` Guenter Roeck
2024-08-01 8:54 ` Peter Zijlstra
2024-08-01 10:55 ` [tip: x86/urgent] x86/mm: Fix pti_clone_pgtable() alignment assumption tip-bot2 for Peter Zijlstra
2024-08-01 13:03 ` tip-bot2 for Peter Zijlstra
2024-07-31 16:49 ` Linux 6.11-rc1 Guenter Roeck
2024-07-31 17:19 ` Thomas Gleixner
2024-07-31 10:33 ` Peter Zijlstra
2024-07-31 14:15 ` Peter Zijlstra
2024-08-02 17:35 ` Linus Walleij
2024-08-02 19:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240731091148.GW33588@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=axboe@kernel.dk \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox