Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4609816ybi; Sat, 20 Jul 2019 02:35:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqwQzEaWtdD3elWl2l/koLlo+IYU/UYHmZc9me8gjFc4VWxQk+js17hyIUQi3IQQiYUGHxEp X-Received: by 2002:a17:902:a50d:: with SMTP id s13mr62623973plq.12.1563615306959; Sat, 20 Jul 2019 02:35:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563615306; cv=none; d=google.com; s=arc-20160816; b=JBtsUpk3MjTIO9cSkzqLMl253XYoo8NW0o2q4mbrDVRSmWFn3EQM+2TY73YaZYlpHR NDYnCQulLBsRFGxUesgakUuqK8sjju6YCoYfbg/wMjadYny8CBKoQ+DR5obCaMIUcP88 /D1Zs0V4PGyixcPfiav2zTKGqNsZYABV1hymYzT1EHicdAF0uy5vxpROsPLM9V+3SbxE Vx2CKVV3HOnkkTdxCjMe/y0CjVf7CxymdMmITmiSClW/3Ha8b/OogsdwMWFP+9LH4Ip1 BivE5/mWJiJRlcHoKqs9qYThC7DkZGlog2+f2nDZxPBX6V/PM6cw18oJuwzIm1Wj1wne xuZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=RcUgx6kSBRvoWFhrBs+WNtON5Yt5W3BMWWgN+frFXPk=; b=AetL6P8kp6eaMbW084QP3PnZvNrWiy0uqZONb+fede07iTFmzH6axVj6zms3FS3XWm OIyvA+YfqGEl+V9CUwmY0Zx79SbJ/TEsTcw56CJhLeKDR+j9ArOf2ReQQcIB2/TYHNd9 Pl0K6xSfF7cR0jB3+tNtLw0zHEDQc3gtGQvqfojPPaK/ZCmqfOoA7LK24RckEyo8V35M rxLfxm5D2R0dWcO0o+l1ZciLfU3yZPfSw1jAfDSKz/HGzDcjKqrdJanu+p0Xh9w+RyLp rElUXc/1XWW0N8m+xedGKI6Ht9XWJDhPRlSpCFqvi4DIghKk+fQ0sT/E1vJ0IsMHuE1g 4vRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m68si3363335pfm.150.2019.07.20.02.34.51; Sat, 20 Jul 2019 02:35:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732266AbfGSXBe (ORCPT + 99 others); Fri, 19 Jul 2019 19:01:34 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:33178 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728904AbfGSXBe (ORCPT ); Fri, 19 Jul 2019 19:01:34 -0400 Received: from pd9ef1cb8.dip0.t-ipconnect.de ([217.239.28.184] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hobsD-0007B3-2X; Sat, 20 Jul 2019 01:01:09 +0200 Date: Sat, 20 Jul 2019 01:01:08 +0200 (CEST) From: Thomas Gleixner To: Sean Christopherson cc: Steven Rostedt , Peter Zijlstra , Eiichi Tsukata , edwintorok@gmail.com, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org, linux-kernel@vger.kernel.org, Josh Poimboeuf , Joel Fernandes Subject: Re: [PATCH] x86/stacktrace: Do not access user space memory unnecessarily In-Reply-To: Message-ID: References: <20190702053151.26922-1-devel@etsukata.com> <20190702072821.GX3419@hirez.programming.kicks-ass.net> <20190702113355.5be9ebfe@gandalf.local.home> <20190702133905.1482b87e@gandalf.local.home> <20190719202836.GB13680@linux.intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 20 Jul 2019, Thomas Gleixner wrote: > On Fri, 19 Jul 2019, Sean Christopherson wrote: > > On Tue, Jul 02, 2019 at 01:39:05PM -0400, Steven Rostedt wrote: > > > > I'm hitting a similar panic that bisects to commit > > > > a0d14b8909de ("x86/mm, tracing: Fix CR2 corruption") > > > > except I'm experiencing death immediately after starting init. > > > > Through sheer dumb luck, I tracked (pun intended) this down to forcing > > context tracking: > > > > CONFIG_CONTEXT_TRACKING=y > > CONFIG_CONTEXT_TRACKING_FORCE=y > > CONFIG_VIRT_CPU_ACCOUNTING_GEN=y > > > > I haven't attempted to debug further and I'll be offline for most of the > > next few days. Hopefully this is enough to root cause the badness. > > > > [ 0.680477] Run /sbin/init as init process > > [ 0.682116] init[1]: segfault at 2926a7ef ip 00007f98a49d9c30 sp 00007fffd83e6af0 error 14 in ld-2.23.so[7f98a49d9000+26000] > > That's because the call into the context tracking muck clobbers RDX which > contains the CR2 value on pagefault. So the pagefault resolves to crap and > kills init. > > Brute force fix below. That needs to be conditional on read_cr2 but for now > it does the job. But it does it just for the context tracking case. TRACE_IRQS_OFF* will do the same damage. Fix is not pretty, but ... Thanks, tglx 8<----------- --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -876,6 +876,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work .if \read_cr2 GET_CR2_INTO(%rdx); /* can clobber %rax */ + pushq %rdx .endif .if \shift_ist != -1 @@ -885,12 +886,20 @@ apicinterrupt IRQ_WORK_VECTOR irq_work .endif .if \paranoid == 0 + .if \read_cr2 + testb $3, CS + 8(%rsp) + .else testb $3, CS(%rsp) + .endif jz .Lfrom_kernel_no_context_tracking_\@ CALL_enter_from_user_mode .Lfrom_kernel_no_context_tracking_\@: .endif + .if \read_cr2 + popq %rdx + .endif + movq %rsp, %rdi /* pt_regs pointer */ .if \has_error_code