Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754001AbdCaG75 (ORCPT <rfc822;w@1wt.eu>);
        Fri, 31 Mar 2017 02:59:57 -0400
Received: from mail-he1eur01on0129.outbound.protection.outlook.com ([104.47.0.129]:39040
        "EHLO EUR01-HE1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752898AbdCaG7z (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 31 Mar 2017 02:59:55 -0400
Authentication-Results: google.com; dkim=none (message not signed)
 header.d=none;google.com; dmarc=none action=none header.from=nokia.com;
Subject: Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!
To: Dave Jones <davej@codemonkey.org.uk>,
        Kees Cook <keescook@chromium.org>, Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>, Laura Abbott <labbott@redhat.com>,
        Ingo Molnar <mingo@kernel.org>, Josh Poimboeuf <jpoimboe@redhat.com>,
        Mark Rutland <mark.rutland@arm.com>,
        Eric Biggers <ebiggers@google.com>
References: <d928849c-e7c3-6b81-e551-a39fa976f341@nokia.com>
 <CAGXu5jKo4gw=RHCmcY3v+GTiUUgteLbmvHDghd-Lrm7RprL8=Q@mail.gmail.com>
 <20170330194143.cbracica3w3ijrcx@codemonkey.org.uk>
 <CAGXu5jK8=g8rBx1J4+gC8-3nwRLe2Va89hHX=S-P6SvvgiVb9A@mail.gmail.com>
 <20170330200100.zcyndf3kimepg77o@codemonkey.org.uk>
 <81379c63-674c-a37f-a6f6-5af385138a25@nokia.com>
From: Tommi Rantala <tommi.t.rantala@nokia.com>
Message-ID: <599c2a8b-81d2-654e-4147-dfe9e5b98fc2@nokia.com>
Date: Fri, 31 Mar 2017 09:59:44 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <81379c63-674c-a37f-a6f6-5af385138a25@nokia.com>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [131.228.2.26]
X-ClientProxiedBy: DB6P191CA0024.EURP191.PROD.OUTLOOK.COM (10.175.236.162) To
 HE1PR0701MB2362.eurprd07.prod.outlook.com (10.168.127.150)
X-MS-Office365-Filtering-Correlation-Id: 0ce15ed1-e1e5-4cd5-3d19-08d4780386d9
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:HE1PR0701MB2362;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2362;3:8znD7rz83UZl9XXda3XDERfa4tBX2wW/DDAwUet/izc2Qjea5DZB3AQMNvOK69ztOOmTo61UgOh+0ZkWDgIp6agz/uMUKape04kPCgePDRrXs4lZ/0oPooNgh0TS8QeNsWUwsGBUM4bUe9Dw1kvW9wXc0N7Hwf1WAPWcLFshVHajvJ+O3MqGPKiv9bymhlZICpivC952bT9Gyo7GntabIPvUjig5AuvPq64zVf85ciaEiXFgOKI3TdyOq2KiXPBPh61evkY7h78qzK5TKqsIdbygwDPqICHnu0TqhN1tp1GJWFNKVZ73tP6Jysf0K/G93cYnKZs8fM6Bm7Jaep9KjT+zDCPoGixHeqkFjbiNmls=;25:ondBfcZkXFSpdTjqV43HY4yokwM2dP935sa85Kw87EtL49COw6NLQYFbGI0poPk5X3/9/LM1l9DKMWyfcN6BRQBnAa7O5+Dha5Kwv9bQSeOQ3/73bwbQAIY76ra4pBs0nRAWvE4gcHufUu/haWKgurodJgyGL6xbYrl1/G5sulRbhOVqkGyt+IM63uK+j4mQhgTPoRCS86tr9ZeaN4AMCxX9nLW9AIBoWDC8PUbfr4dYWxbjT/GblDratt4NWIEWM6c2fce5vACCwP2C5dwcXCMo0TdYAZKMBnxePmFpVXZWRSupyRJV4idtreDV7+1y3oy15JtCJf4xFU2KDfsAD+RbwGtE0GMJzC7Mn0EIB7AYyfxSh98RSnwGlLXI2naNM+imXysHAJAZTzN/KesIqoVADUg9doXtvwwI66gCn55jTRmV+/LrnvRXDZ0kdaBsCjXq3GE9Jv+55hrWETOMjA==
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2362;31:lEAos8wuh55gn7a3xYlkjNjxWTb0ST88cBliDKb38EWdr9Zg1qtL6va6XH48q1JRAr4pSwHp/aVtveQVpdA5mseiAVzdKRCAZrLEmFr7oJ9pJex+KyuTS87vvS75G5vN5ZAgLxAWT+Wgv1ogwe1+9FRdvK6m06Me+1TCVAvnoCwz0ZjjQIe4Xy8xsR20Rg+fJtNrC2QYyGnIQk5qWbUrE0noRwDg1eyDlsxiBL891PUy5S+7wLjVh/fGIjrcrkKfym23zF3Ctw9JGqBHWWUmCSj5L+HCn4t4O7KR0SmrFyc=;20:1nMoLdav7yqR5ZWvvSnamwZbuFc5+6qLdl98uV5+1fd6Jg4nqQnxNpqUDXv7OZBv0WHzpOzx43hYL6uQAlEyddTwZidY2uFDQzmtql77qTDpRehv8Hb8wfxc1Kcqnw0BLE/82wQuJxdsF+hP3METCiTg2lfyDmKsEL2M+SJkzBXMuhdfwZjW7v1xlOj2+9gikNG7kn4Hioe4zjTBq5y7HP/XOhT3lNs9IoXAyYWjwljRA4To4qH+/HIO3waWneuxJ3Y40E168t3ws3W+SMdc3TzDNPuCOi8NpnH5D3PW4LuWc629hlz5iAPRdhsWrhZvd0HNvAuE+qBR68gtT28ZqNeh/J2/wjaj/XkUdedRDif18U2TRbN6eTK9AsFZFf4LYpTJWo9IVXQ8hhzeL7P09nNa1Br6HJ/tBi+cekeFKfeg5/f7R12L1uk1uyoMFu+9dqbH1EK8Xh71q0B7tqJoGqhxowBm1TLGvgciJSuF/nlRtukf+/8f3NDMzmfhmBBIL+wL0mmzSG1RDhQeDmXpKSR1iakyEiY9UrZriOlGaRQ2Dm4kNnZX6Elw1kt/CxEi75ca1Je+yA2YCgwvc0Bw2y6lFLttqNBQn8NXT1zs1Ic=
X-Microsoft-Antispam-PRVS: <HE1PR0701MB23621E7803EF44F2FC0D27AEB4370@HE1PR0701MB2362.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006092)(93001092)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(20161123564025)(20161123560025)(20161123562025)(6072148);SRVR:HE1PR0701MB2362;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0701MB2362;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2362;4:X0JayL98VIPua5lO74YPWOit6AupgUSkJL6QhkTPDCL6HkWdAe+gKZr2/K/ZXs9PiZ40xJGEG28Mmo0iyVAzN3R9QB5wG2Jv5dn5M3BJVe6L5s/7GZ89WCzJczh3zpxRpGCaQC0A0iDnfx+gxphPklAzp7FIceGOxOMNh1ArANEjK89N8j0K1lrWNe0vFde/oMzAvgnSbI814rTc3QIeWtEUaIsFAetfhahTuoyDuYJjYwVjBi81Kb2mgdywy1CLcNWYWN9/DI2PQByDySsLQgn7DMlywq6hLgdu7VFGbbEXDG1FZQUFsZMSos9nKU6GaNEzAJq5U1Lzts7xyIpDYHPbhhdOqtQMQwc9uMS1YmPK5p0obabZ8jSoF8sJcusWwUjxcwNMfT2G8r4RcuGyJKxwwnrcBhsbR2vxV6oSK1v54UnNQKyEoNaKziDtMQvQvQpllfgrZV6KbSoaL6E7ghhneBigVHl5r36AmuWowhbGghLE52V7qi896Ngjb9O9FCOveLGbdeiiGnN1/erCUiFb/nCiKPsYUp/bF/2gzBFJtLvA/u9UirLa12mglAcbc72K+gromEwJvITObOZQpOTQObsBZ2VRgLYCzprlQiR0VShwqkv3DIKkW68/qjHwxym6tLOPB8+zt5CuEjCFN3qYDkDyij4RA+oK6H05F3gNHWke6kh1Uauh6lkwQr//zJ0SaW5b9ncu3i+udaN404SCKDff1bdeS5DE3iGcwgE=
X-Forefront-PRVS: 02638D901B
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(39410400002)(39860400002)(39850400002)(39450400003)(39840400002)(39400400002)(24454002)(42186005)(189998001)(230700001)(23746002)(3846002)(6116002)(8676002)(81166006)(2906002)(33646002)(83506001)(6666003)(50986999)(50466002)(76176999)(54356999)(226693001)(25786009)(53546009)(6486002)(90366009)(77096006)(305945005)(36756003)(66066001)(65956001)(65806001)(2950100002)(64126003)(7736002)(38730400002)(47776003)(6246003)(6306002)(5660300001)(4001350100001)(93886004)(229853002)(86362001)(65826007)(31696002)(31686004)(53936002);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0701MB2362;H:[10.144.182.168];FPR:;SPF:None;MLV:sfv;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;HE1PR0701MB2362;23:uCUKC2oip4YLOWsBfW9FIJFv0mIN+/VGnHF?=
 =?Windows-1252?Q?q5VGmUevS8aXICjDHKiGlytkx0TYBUf4rNb+OgbBTQKL/F18OmWW2yUW?=
 =?Windows-1252?Q?hU9xhV4l83aUqEQIi+E9zZwrz3lC6TnFksC/36nYS0Lmau796bYcYVvW?=
 =?Windows-1252?Q?4w7irnm6KLiIbJ0rAQ+9ddfRIPw4Snlxg4RbkhyWKvfresy3+0ZSLGYi?=
 =?Windows-1252?Q?ae+4ntNO8rqc0xDf2ROYgxQaNH16jPmfKH0o7h2Ow6kvqhjmAdtn1ptc?=
 =?Windows-1252?Q?vZWXasp37TDEIFsKUc2TaVNhVES6FDW1T7TBTEs/5zziyO4YHn6RA/Jh?=
 =?Windows-1252?Q?UhYIyaeKLgs9m8RNK+naBBCAyNU5OjCV2TKayi2wVdUY/ckrdfxSHJ8D?=
 =?Windows-1252?Q?htaPl7YkpOCZOrWEM6YP7XqqRSEmee5/BUuvXc3hcLneOFCqWQ+mDEx/?=
 =?Windows-1252?Q?MP6bPLxc2VEsbPrvWKh8Jpod+nK2e75QQvOUxUd3Xzh3m48evuPrNHVD?=
 =?Windows-1252?Q?T41H/GuAiTz9D0CBR1I1Pmz3a8UxV+GUIfvxgTcjHR38vjxCJ73kxQdw?=
 =?Windows-1252?Q?ygpRvDqSC049MJn43Kc9hbfX/AV2FwmXGP+VEID4WQ4P8CjbSIxGw0+L?=
 =?Windows-1252?Q?4SvZdpmEwBEMIw35WI4TPg3h+WKzX1JOWRMzrCcyfPpxH/0QDClFmXrO?=
 =?Windows-1252?Q?uIlIj6Jeo+cajigSNoxbHamAJd6abmQfXZndt0DgmvBtfEbfMLDIYgOb?=
 =?Windows-1252?Q?47kG62ljckAKWneScKkXSMzEtLOMyhkHERuckUrrwReX/kgftJT/+Ix/?=
 =?Windows-1252?Q?g6/jYhKJ0jVufb7AbC9AjfKO7okY/1vZxMXteQtUKITEVB5IZM2T4a5s?=
 =?Windows-1252?Q?9EeOLeJUtNhf1h/R6W3iX0wBLfNeQfmHFvRJartIHJctEs/Z2l0IqnsO?=
 =?Windows-1252?Q?xStgUdx35GvUr44y78CLyT7L/3VG/TsM5udL4YQLi2JTEPfdXq6+brMd?=
 =?Windows-1252?Q?11mJokxU8vgJwGfWZqtTZ5cMwyW8zsEpe7Y9zghaGHO/+w7bLPzA0Ehy?=
 =?Windows-1252?Q?2Mv7bCM+jZ3KkBf6EvC4Ej2UUjf+2DHbnGg2wx0BJNpfpnJmelsfZDAW?=
 =?Windows-1252?Q?31qlsomFIIV0Ses6fYxHGafK99WJEFyhwU6z7IB9bLsF6NSBdEutG8sQ?=
 =?Windows-1252?Q?Ko98dIOeYW8iBtcx4etsRnGyxtytRK6bALqW/gaNkYO12qKFtZ0wo1jg?=
 =?Windows-1252?Q?uPIAn1BX+3nJzyeH4+UI/9/a55Bgz3iZH69KCTzKD/D7KHeC+sCPcokC?=
 =?Windows-1252?Q?34z4o/RFXVhCeeHN5xApYaNY4wL1lbfItwgSROCmh8n1wjsGOHlfXEt3?=
 =?Windows-1252?Q?e84xbEKIXk5w4Ln+bc9chVC9g3lUzyyLvrewnVrr7ZG5FoQUCpz+0Vss?=
 =?Windows-1252?Q?=3D?=
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2362;6:G0/NXw31K6NZbJMQVyY28t6lbXSfB8oWERuHhUKiEnhzfVGwq/aKEHXFVRvtKJuyy3x+vT2MOX1DmqLmAODGRp0lLnPx06gTIGzFcMYAu5W588UhIpAj+SiCPrDEEcGJH+PTSjNpRW3HMhcLJd1G/glT+ACRct6o5FEycGeube1KIeBv/cPPlGk2TclT/TYKRuICPIlEHdD1cxsGDppDGNS+w0xOLskd/EQqFXC1qKmJOIihPEHU1BQVQ4pKK0qv8aURK4qoiokEcejJ+G0H9cnyu8ic9Z5DIDQsRJ5LUxrZqP07UpoXTrYBNpYSB8X9ssB0Y1a1TR4WFOvL4dlryK4/xFrH6Hk8zeiQS29QVD+WHUMx1Y6LxjpXGagySCdAsl49HEo4gaMpv5EOXUf/L4mhJyZQ5H2gcyrnZoZuWlY=;5:TPuWONAodCp9WGqYclvaoOIq2UKe9LCPVWDPCaUTPLNz+n4uk+mzRfMkpbRffa3iweXxZe8iVJ+VYun+f+pO7BP8TXc5yz7kwBcfNFzaOKFbkxco09ktrfwo2YZJJVdz1m2VRLSXOy/oFtemkEY2uQ==;24:FpuJCjY0ykkR1BjnTVbiPuyyW4IE6lf57ZboFpSrk5pLHk84kWVg1ldS03d+NSsOJCaU2+2RQ5y6fxHjxELL5KKgt0hKit6Hx0HmGqc7Dds=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2362;7:73Sk/+KbXKqYRJ9uAJdIMbC7tQgXdhPD4CiY+PyuNbffX4RbX/m1YgOP+tYBocpHNidTEOq6G5pkL4MKF+acJtIq+Av/v4gIUdu6WQT9h7qKXF6aBYdyrJ014/8wPNhxhMwsFN1BXSNTac6nD0yldFaPzW8B7zRPrK9AY/jABxerA4NULc3xv24oKmSuVm0ifn76EKg/ssr1YF9QY1PVAXUTgrjNPjtuT58J+itKJUqiyme4toc/YAU9ssDNgjgXs9P39OKtAmXy73zNtF6lJ7lw5l6QitkwS5ODmv/soiCSZDNqGgIzaL0u/fSvK/U0VyRE9z5o3CcsxnaqqkBwqw==
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2017 06:59:49.7702 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2362
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3846
Lines: 126

On 31.03.2017 08:40, Tommi Rantala wrote:
>> The only thing that I can think of would be a rogue ptr in the bios
>> table, but that seems unlikely.  Tommi, can you put strace of x86info
>> -mp somewhere?
>> That will confirm/deny whether we're at least asking the kernel to do
>> sane things.
>
> Indeed the bug happens when reading from /dev/mem:
>
> https://pastebin.com/raw/ZEJGQP1X
>
> # strace -f -y x86info -mp
> [...]
> open("/dev/mem", O_RDONLY)              = 3</dev/mem>
> lseek(3</dev/mem>, 1038, SEEK_SET)      = 1038
> read(3</dev/mem>, "\300\235", 2)        = 2
> lseek(3</dev/mem>, 646144, SEEK_SET)    = 646144
> read(3</dev/mem>,
> "\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 1024) = 1024
> lseek(3</dev/mem>, 1043, SEEK_SET)      = 1043
> read(3</dev/mem>, "w\2", 2)             = 2
> lseek(3</dev/mem>, 645120, SEEK_SET)    = 645120
> read(3</dev/mem>,
> "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 1024) = 1024
> lseek(3</dev/mem>, 654336, SEEK_SET)    = 654336
> read(3</dev/mem>,
> "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 1024) = 1024
> lseek(3</dev/mem>, 983040, SEEK_SET)    = 983040
> read(3</dev/mem>,
> "IFE$\245S\0\0\1\0\0\0\0\360y\0\0\360\220\260\30\237{=\23\10\17\0000\276\17\0"...,
> 65536) = 65536
> lseek(3</dev/mem>, 917504, SEEK_SET)    = 917504
> read(3</dev/mem>,
> "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"...,
> 65536) = 65536
> lseek(3</dev/mem>, 524288, SEEK_SET)    = 524288
> read(3</dev/mem>,  <unfinished ...>)    = ?
> +++ killed by SIGSEGV +++

That last read is done in mptable.c:347, trying to read GROPE_AREA1.

# ./x86info --debug
x86info v1.31pre
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 0
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 1
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 2
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 3
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 0
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 1
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 2
get_intel_topology:
         Siblings: 2
         Physical Processor ID: 0
         Processor Core ID: 3
Found 8 identical CPUs
EBDA points to: 9dc0
EBDA segment ptr: 9dc00
Segmentation fault


If I comment out the GROPE_AREA1 read, the same kernel bug still happens 
with the GROPE_AREA2 read.

Removing both GROPE_AREA1 and GROPE_AREA2 reads avoids the crash:

$ git diff
diff --git a/mptable.c b/mptable.c
index 480f19b..00fff35 100644
--- a/mptable.c
+++ b/mptable.c
@@ -342,6 +342,7 @@ static int apic_probe(unsigned long* paddr)
         }

         /* search additional memory */
+       /*
         target = GROPE_AREA1;
         seekEntry(target);
         if (readEntry(buffer, GROPE_SIZE)) {
@@ -371,6 +372,7 @@ static int apic_probe(unsigned long* paddr)
                         return 6;
                 }
         }
+       */

         *paddr = (unsigned long)0;
         return 0;

# ./x86info -mp
x86info v1.31pre
Found 8 identical CPUs
Extended Family: 0 Extended Model: 5 Family: 6 Model: 94 Stepping: 3
Type: 0 (Original OEM)
CPU Model (x86info's best guess): Unknown model.
Processor name string (BIOS programmed): Intel(R) Core(TM) i7-6820HQ CPU 
@ 2.70GHz

Total processor threads: 8
This system has 1 quad-core processor with hyper-threading (2 threads 
per core) running at an estimated 2.70GHz
#

-Tommi