Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp644480imm; Fri, 8 Jun 2018 02:56:25 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLJ4zVyZWJP73llf5+Pln9vVnS1zwq0dmGfcPFx3VEYEfYalv61dRbFEGIIeqY0/9S+HDds X-Received: by 2002:a17:902:7685:: with SMTP id m5-v6mr5893685pll.76.1528451785556; Fri, 08 Jun 2018 02:56:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528451785; cv=none; d=google.com; s=arc-20160816; b=p5WR1Q988guVje7bhV9U+28PNFE3Mi7S7O0yachhUPRWxN6VX5wevYLv59ub/NPuLx h2WTqExeauJ61DShzgl8Xfd5jc/fjvc8kOF2jxZ2+LOD79h6DUK8Nk6+P1j7WdaDbFgK kWIeF85y3x5QG5KzDmTGwIlsZBXKpKsCl7DEmN58IQnsjR10wtWEfXSsza3p9+Bk4p22 UlPyact/l1pMbGbKvi0rtXzn/zUqJJk/zo5+eXS4WxBqbiA6MJZnYUsHqSftEm/7ffI+ EEhnaB4ccydzgGpr07xvAPG1R+FroIkGzKEZeNHSKWDrIBIqzEsXu58cul7EL/CkxMjO ju2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=EYO0vZ1erv6BX3KHgti8Jao7dcT7CUE+D1ALzL5tdWU=; b=JW08SiL+TsoeaGi+sBy3Q4d+PtHQaYJX5XnmpAumm3kiNRsEt2zmPaUcH85mgnD7PY ijfT2iF4otbMfy7c7odnkWSU52NIRLzaT5FQQvFj2ndPdtdV3OI42mnA/YpDvi51hPSU +nR1tVIkfMY2Fl1DSMXcQEhd5JiorXAZ8jjaNqZ7eZ4BYb2GVPuaxqIxsdzpI5RaZNC4 G1+u/rq93eHKJrDbHrLfSEY9vzB3KWoT7MgED89wvJBWDnBZY4bpNhcCb4vm2NyU1Xt+ R9allGh3ZVD6A7dBtyU+PkZXYFrEFtj4JzffASEctbDWHgFifDszxiJRtVMN0h9eShzG w8yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hauMv+Jr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l3-v6si20923653pgp.345.2018.06.08.02.56.11; Fri, 08 Jun 2018 02:56:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hauMv+Jr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752729AbeFHJzI (ORCPT + 99 others); Fri, 8 Jun 2018 05:55:08 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:41099 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751128AbeFHJzG (ORCPT ); Fri, 8 Jun 2018 05:55:06 -0400 Received: by mail-pl0-f66.google.com with SMTP id az12-v6so8008048plb.8 for ; Fri, 08 Jun 2018 02:55:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EYO0vZ1erv6BX3KHgti8Jao7dcT7CUE+D1ALzL5tdWU=; b=hauMv+JrRoQ4nFtVVUdTA3Xb5zKUtR7WpZcRRXy9Cn9AgWNzX23AH1RqsS9wGj85xF hGh7NjDDUlC/Ihb9eamycycoxEEXDSly3t+UZbW8g83aYUHf8f5F1h1YtRzLrwJXOhFB F2HUqXwAm+j05f0YnTqBS00frn9kGXm10q+zH1o3hXYCIhMAQkKLoPb3S61KfPYlnQK9 VsI8IXnXLrTnwVs9ckpx5o716yNf3VUwKAKNFXf6pGXjv09RM9FmP0glrDxpZBu1OCEO qogH6K7c1rR60AJWLqX6QiOg8WiExnWQZYgojnSZ5gjGimcIwbEt/9N9rNh1KlvRe3CG MGYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EYO0vZ1erv6BX3KHgti8Jao7dcT7CUE+D1ALzL5tdWU=; b=Hs5XCPxKp3tNl1dFzXmejiD7VJZGafxnMSma1AN6hwW3KkYjDDGX4/hpQwwYl2cHxq yBEYHMHnlQkn9QJBZOcfx5LZvxoHZDYA0qB+GyTnGZXNP7feB26Clm9UZIy/7SMBAEa4 KNbvK5LPciQNfKQt7/e4x9zTn/VV46YRuesjuxvwXOiiHPlA2ryxEgLk7P83TzOBxggh hI4wtnEpiI1aDmXgmREG4K8YLHXwWXqfiF3LGAJj7Y7miISDKywtJe+wCTHLPFy4xGRG LAS5DbugARsbWtbk9yGXS/7Fr/T9zGvL6Ie8DQ3QAjOW/1DY5SR0pxp8jyMHgv1MV+Pq or1w== X-Gm-Message-State: APt69E3F2I2LEapx2yfPVNIIuKFaOzzUlDpUJfcwhbdJyEwkhGx12D8a 5iMnMnqRRlzQcWWHEFlKOYuqOwDh6dwJ73QgzQiayQ== X-Received: by 2002:a17:902:8486:: with SMTP id c6-v6mr5669884plo.283.1528451705674; Fri, 08 Jun 2018 02:55:05 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:d42:0:0:0:0 with HTTP; Fri, 8 Jun 2018 02:54:45 -0700 (PDT) In-Reply-To: <20180526072203.GA724@sol.localdomain> References: <001a11449aa2faf11805643af581@google.com> <20180202221829.tdiji2332t7orcxj@gmail.com> <20180526072203.GA724@sol.localdomain> From: Dmitry Vyukov Date: Fri, 8 Jun 2018 11:54:45 +0200 Message-ID: Subject: Re: WARNING: kernel stack regs has bad 'bp' value (3) To: Eric Biggers Cc: Ard Biesheuvel , syzbot , Herbert Xu , David Miller , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , LKML , Josh Poimboeuf , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 26, 2018 at 9:22 AM, Eric Biggers wrote: > On Sat, May 12, 2018 at 10:43:08AM +0200, Dmitry Vyukov wrote: >> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers wrote: >> > On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote: >> >> On Fri, Feb 2, 2018 at 2:48 PM, syzbot >> >> wrote: >> >> > Hello, >> >> > >> >> > syzbot hit the following crash on upstream commit >> >> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000) >> >> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide >> >> > >> >> > So far this crash happened 4 times on net-next, upstream. >> >> > C reproducer is attached. >> >> > syzkaller reproducer is attached. >> >> > Raw console output is attached. >> >> > compiler: gcc (GCC) 7.1.1 20170620 >> >> > .config is attached. >> >> >> >> >> >> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers. >> >> >> > >> > Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be >> > updated to not use %ebp/%rbp. >> >> Ard, >> >> This was bisected as introduced by: >> >> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6 >> Author: Ard Biesheuvel >> Date: Fri Jan 19 12:04:34 2018 +0000 >> >> crypto: sha3-generic - rewrite KECCAK transform to help the >> compiler optimize >> >> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt > > Note that syzbot's original C reproducer (from Feb 1) for this actually > triggered the warning through salsa20-asm, which I've just proposed to "fix" by > https://patchwork.kernel.org/patch/10428863/. sha3-generic is apparently > another instance of the same bug, where the %rbp register is used for data. Mailed "crypto: don't optimize keccakf()" to fix this. Amusingly __optimize("O3") always lead to degraded performance as gcc does not inline across different optimizations levels, so keccakf() wasn't inlined into its callers and keccakf_round() wasn't inlined into keccakf().