Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752871AbaBXSe6 (ORCPT ); Mon, 24 Feb 2014 13:34:58 -0500 Received: from terminus.zytor.com ([198.137.202.10]:39665 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752604AbaBXSe5 (ORCPT ); Mon, 24 Feb 2014 13:34:57 -0500 Message-ID: <530B90A5.3090302@zytor.com> Date: Mon, 24 Feb 2014 10:34:13 -0800 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Vince Weaver CC: Peter Zijlstra , Linux Kernel , Ingo Molnar , "H.J. Lu" , Steven Rostedt Subject: Re: perf_fuzzer compiled for x32 causes reboot References: <53084317.4090304@zytor.com> <530AD71E.50800@zytor.com> <18f0cea3-7e3b-4477-b433-0269f3de976b@email.android.com> <20140224172536.GD9987@twins.programming.kicks-ass.net> <530B841F.5050803@zytor.com> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/24/2014 10:07 AM, Vince Weaver wrote: >> >> Anyway I've attached the full tail end of the trace if you want to see >> everything that happens. > > and then I note there are *two* kernel page faults. > > perf_fuzzer-2979 [000] 161.475924: page_fault_kernel: address=irq_stack_union ip=copy_user_generic_string error_code=0x0 > address=0x1 ip=0xffffffff812a7d9c error_code=0x0 > perf_fuzzer-2979 [000] 161.475924: function: __do_page_fault > perf_fuzzer-2979 [000] 161.475924: function: bad_area_nosemaphore > perf_fuzzer-2979 [000] 161.475925: function: __bad_area_nosemaphore > perf_fuzzer-2979 [000] 161.475925: function: no_context > perf_fuzzer-2979 [000] 161.475925: function: fixup_exception > perf_fuzzer-2979 [000] 161.475926: function: search_exception_tables > perf_fuzzer-2979 [000] 161.475926: function: search_extable > perf_fuzzer-2979 [000] 161.475927: function: copy_user_handle_tail > perf_fuzzer-2979 [000] 161.475927: function: trace_do_page_fault > perf_fuzzer-2979 [000] 161.475928: page_fault_kernel: address=irq_stack_union ip=copy_user_handle_tail error_code=0x0 > address=0x1 ip=0xffffffff812a92bb error_code=0x0 > perf_fuzzer-2979 [000] 161.475928: function: __do_page_fault > perf_fuzzer-2979 [000] 161.475928: function: bad_area_nosemaphore > perf_fuzzer-2979 [000] 161.475929: function: __bad_area_nosemaphore > perf_fuzzer-2979 [000] 161.475929: function: no_context > perf_fuzzer-2979 [000] 161.475929: function: fixup_exception > perf_fuzzer-2979 [000] 161.475929: function: search_exception_tables > perf_fuzzer-2979 [000] 161.475930: function: search_extable > perf_fuzzer-2979 [000] 161.475931: function: perf_output_begin > perf_fuzzer-2979 [000] 161.475931: function: perf_output_copy > > That second one is in copy_user_handle_tail() > Either way, it really seems like we have a case of CR2 leakage out of the NMI context. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/