Re: perf_fuzzer compiled for x32 causes reboot

From: H. Peter Anvin
Date: Mon Feb 24 2014 - 13:35:04 EST

Next message: Tejun Heo: "Re: Subject: Warning in workqueue.c"
Previous message: Mike Galbraith: "Re: [RFC PATCH] rcu: move SRCU grace period work to power efficient workqueue"
In reply to: Vince Weaver: "Re: perf_fuzzer compiled for x32 causes reboot"
Next in thread: Steven Rostedt: "Re: perf_fuzzer compiled for x32 causes reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/24/2014 10:07 AM, Vince Weaver wrote:
>>
>> Anyway I've attached the full tail end of the trace if you want to see
>> everything that happens.
>
> and then I note there are *two* kernel page faults.
>
> perf_fuzzer-2979 [000] 161.475924: page_fault_kernel: address=irq_stack_union ip=copy_user_generic_string error_code=0x0
> address=0x1 ip=0xffffffff812a7d9c error_code=0x0
> perf_fuzzer-2979 [000] 161.475924: function: __do_page_fault
> perf_fuzzer-2979 [000] 161.475924: function: bad_area_nosemaphore
> perf_fuzzer-2979 [000] 161.475925: function: __bad_area_nosemaphore
> perf_fuzzer-2979 [000] 161.475925: function: no_context
> perf_fuzzer-2979 [000] 161.475925: function: fixup_exception
> perf_fuzzer-2979 [000] 161.475926: function: search_exception_tables
> perf_fuzzer-2979 [000] 161.475926: function: search_extable
> perf_fuzzer-2979 [000] 161.475927: function: copy_user_handle_tail
> perf_fuzzer-2979 [000] 161.475927: function: trace_do_page_fault
> perf_fuzzer-2979 [000] 161.475928: page_fault_kernel: address=irq_stack_union ip=copy_user_handle_tail error_code=0x0
> address=0x1 ip=0xffffffff812a92bb error_code=0x0
> perf_fuzzer-2979 [000] 161.475928: function: __do_page_fault
> perf_fuzzer-2979 [000] 161.475928: function: bad_area_nosemaphore
> perf_fuzzer-2979 [000] 161.475929: function: __bad_area_nosemaphore
> perf_fuzzer-2979 [000] 161.475929: function: no_context
> perf_fuzzer-2979 [000] 161.475929: function: fixup_exception
> perf_fuzzer-2979 [000] 161.475929: function: search_exception_tables
> perf_fuzzer-2979 [000] 161.475930: function: search_extable
> perf_fuzzer-2979 [000] 161.475931: function: perf_output_begin
> perf_fuzzer-2979 [000] 161.475931: function: perf_output_copy
>
> That second one is in copy_user_handle_tail()
>

Either way, it really seems like we have a case of CR2 leakage out of
the NMI context.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: Subject: Warning in workqueue.c"
Previous message: Mike Galbraith: "Re: [RFC PATCH] rcu: move SRCU grace period work to power efficient workqueue"
In reply to: Vince Weaver: "Re: perf_fuzzer compiled for x32 causes reboot"
Next in thread: Steven Rostedt: "Re: perf_fuzzer compiled for x32 causes reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]