Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp3004974ybc; Mon, 18 Nov 2019 08:04:47 -0800 (PST) X-Google-Smtp-Source: APXvYqzNaOxXnYvBcIu6Ulmm8TJmHmxKWXyNXRTB1YY4UgK30RVkmw7qhYaeKgm2mxRLN5vbb3NH X-Received: by 2002:a5d:6b51:: with SMTP id x17mr20871045wrw.148.1574093087289; Mon, 18 Nov 2019 08:04:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574093087; cv=none; d=google.com; s=arc-20160816; b=BYwYCT0LRhIU6plVnG6sdjTUFWGUPRvMaz8L7Yx5R+YVyYCKdwOnylv4NbH+JRoc8f azUqY8qSrEGy3HDi/er4Kg7TXI2SXnH3NkA1thsl/AE/UxcoMbTIdlnccVMShJtiOOVs WZJIDO5MucFpU98nqV1jRsh1e3I9GayzLLckUsmLWVrStx4NfKUoU+GncQAqw3Z9cGBs ZIlAsW048cFYBZKSH0wuHkxj/LTCeEF/4N4T0Ic9bLltkJiyKXFWjYVqdHg5QEYTv8WC iQ8MQ3OU8hjuSmcPlI1WR5i2IaNQ66hBw6/xD6eUPzAOR4gFnFkGY0GzBRosA3VAmBKo 2mXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=aWBQvoRHIiT9gfZg6X80o74ola6obCU5UQn5MoahYmQ=; b=jHDgM+W2YCKVKP6fVoyQ+Rmll37bsqMPYHSMtRO8tx5TFMCJAefwGiuRbN7ppme0ti adGSFkaWnzXYQ3cvN5ihtHLSWepIxURlHnoQ+EGde3eDYDfyPUSxJA5PQPeQvu0RkB90 XAlt3RfCL45HrMsPpYQsRq6abPXLzjnb7X2HzIqdVTjhGbI1U+qIl4LDllcRyhW3CnW3 m3Z7BCHBGraQ5JgelxzQeH90n/ag0YZpro2mXS5l8y70FG/FcbWed2H8VcO6BvweHubL 0ACteciTFGl05CPmNg4d2GgScyPH3s1rVJFO2K1L+mgKlrMTaJouxJhTuVvRx2SIyQfg 7paw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BBUuJAHx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s38si12640067edd.351.2019.11.18.08.04.22; Mon, 18 Nov 2019 08:04:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BBUuJAHx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727336AbfKRQDM (ORCPT + 99 others); Mon, 18 Nov 2019 11:03:12 -0500 Received: from mail-qk1-f193.google.com ([209.85.222.193]:34596 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726216AbfKRQDL (ORCPT ); Mon, 18 Nov 2019 11:03:11 -0500 Received: by mail-qk1-f193.google.com with SMTP id 205so14884089qkk.1 for ; Mon, 18 Nov 2019 08:03:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aWBQvoRHIiT9gfZg6X80o74ola6obCU5UQn5MoahYmQ=; b=BBUuJAHxnTaCQtYhWDHKIopedJ2DSxm7Mt8/YTZMNemc6ukptakR3HzKcQd36ecTV2 cOy9ujm6taEr7B/sReTtX4PUqmCrwbX/qC90HOOlMGbA6o1UUDa4CZ17Fn2algZPmECL jasCucVi+dKW7hL2qAwDHd9+jDkbDJyHk+zmo1lVDeF33uSj3ZcqbcWmgbEgagaUMb/q A4yF4R6lyKCKdjYuTcP663Y8+qKXvYb0rnzZyIa6Wd+AglAH2U2sg00k93asYm7m3ZfR 4LkqRizlPQe1Lxib4Md1Y3dsGc02n8p5HDScCVVBzMnD2GmkZT9NE1xWcNarlBASCiHb /nVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aWBQvoRHIiT9gfZg6X80o74ola6obCU5UQn5MoahYmQ=; b=dOdzx3V5wCVJqNJ+0s9tFJfTRthabY88FAtzXLq9MKqNOXgNNsBlibUWgeklHffKLX jv3s9g3YTftLf8+mT74olARVFcgnDXprYDdNypyjOyOE9daNqNr7qCusWGsaE9dUhYQ8 Kyda4HN5kzxaVC5uCg5DEFetpjNOZaWfYAtRBIJMpgvieuptDq9llw26+5Y8BaXftlfp GisUTFUArethxCbLF9eV6KWmPNbF7YokaagtSsnyK6dmpdGtGSlmtwTCArKwC9HCPRqx RIPBYNA/UOfF9Z6hfEMd9NZPXTOZ0iQkBt3n/85Vg1EHhuqpV9wEa/ws7zAoYKqjLxYd H/pQ== X-Gm-Message-State: APjAAAXuSHfCvKVSwB5Dv8GDx3TTxhXybOQZafnmIExE2QLuKLhW5BZR Fcnso8o/rp8PIBBSlfx8oYjq0Pd6vAuStsBmq8/Z3w== X-Received: by 2002:a05:620a:1127:: with SMTP id p7mr25770552qkk.250.1574092990186; Mon, 18 Nov 2019 08:03:10 -0800 (PST) MIME-Version: 1.0 References: <20191115191728.87338-1-jannh@google.com> <20191115191728.87338-2-jannh@google.com> <20191118142144.GC6363@zn.tnic> In-Reply-To: <20191118142144.GC6363@zn.tnic> From: Dmitry Vyukov Date: Mon, 18 Nov 2019 17:02:58 +0100 Message-ID: Subject: Re: [PATCH v2 2/3] x86/traps: Print non-canonical address on #GP To: Borislav Petkov Cc: Jann Horn , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , "the arch/x86 maintainers" , Andrey Ryabinin , Alexander Potapenko , kasan-dev , LKML , Andrey Konovalov , Andy Lutomirski , Sean Christopherson Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 18, 2019 at 3:21 PM Borislav Petkov wrote: > > On Fri, Nov 15, 2019 at 08:17:27PM +0100, Jann Horn wrote: > > dotraplinkage void > > do_general_protection(struct pt_regs *regs, long error_code) > > { > > @@ -547,8 +581,15 @@ do_general_protection(struct pt_regs *regs, long error_code) > > return; > > > > if (notify_die(DIE_GPF, desc, regs, error_code, > > - X86_TRAP_GP, SIGSEGV) != NOTIFY_STOP) > > - die(desc, regs, error_code); > > + X86_TRAP_GP, SIGSEGV) == NOTIFY_STOP) > > + return; > > + > > + if (error_code) > > + pr_alert("GPF is segment-related (see error code)\n"); > > + else > > + print_kernel_gp_address(regs); > > + > > + die(desc, regs, error_code); > > Right, this way, those messages appear before the main "general > protection ..." message: > > [ 2.434372] traps: probably dereferencing non-canonical address 0xdfff000000000001 > [ 2.442492] general protection fault: 0000 [#1] PREEMPT SMP > > Can we glue/merge them together? Or is this going to confuse tools too much: > > [ 2.542218] general protection fault while derefing a non-canonical address 0xdfff000000000001: 0000 [#1] PREEMPT SMP > > (and that sentence could be shorter too: > > "general protection fault for non-canonical address 0xdfff000000000001" > > looks ok to me too.) This exact form will confuse syzkaller crash parsing for Linux kernel: https://github.com/google/syzkaller/blob/1daed50ac33511e1a107228a9c3b80e5c4aebb5c/pkg/report/linux.go#L1347 It expects a "general protection fault:" line for these crashes. A graceful way to update kernel crash messages would be to add more tests with the new format here: https://github.com/google/syzkaller/tree/1daed50ac33511e1a107228a9c3b80e5c4aebb5c/pkg/report/testdata/linux/report Update parsing code. Roll out new version. Update all other testing systems that detect and parse kernel crashes. Then commit kernel changes. An unfortunate consequence of offloading testing to third-party systems... > Here's a dirty diff together with a reproducer ontop of yours: > > --- > diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c > index bf796f8c9998..dab702ba28a6 100644 > --- a/arch/x86/kernel/traps.c > +++ b/arch/x86/kernel/traps.c > @@ -515,7 +515,7 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) > * On 64-bit, if an uncaught #GP occurs while dereferencing a non-canonical > * address, print that address. > */ > -static void print_kernel_gp_address(struct pt_regs *regs) > +static unsigned long get_kernel_gp_address(struct pt_regs *regs) > { > #ifdef CONFIG_X86_64 > u8 insn_bytes[MAX_INSN_SIZE]; > @@ -523,7 +523,7 @@ static void print_kernel_gp_address(struct pt_regs *regs) > unsigned long addr_ref; > > if (probe_kernel_read(insn_bytes, (void *)regs->ip, MAX_INSN_SIZE)) > - return; > + return 0; > > kernel_insn_init(&insn, insn_bytes, MAX_INSN_SIZE); > insn_get_modrm(&insn); > @@ -532,22 +532,22 @@ static void print_kernel_gp_address(struct pt_regs *regs) > > /* Bail out if insn_get_addr_ref() failed or we got a kernel address. */ > if (addr_ref >= ~__VIRTUAL_MASK) > - return; > + return 0; > > /* Bail out if the entire operand is in the canonical user half. */ > if (addr_ref + insn.opnd_bytes - 1 <= __VIRTUAL_MASK) > - return; > + return 0; > > - pr_alert("probably dereferencing non-canonical address 0x%016lx\n", > - addr_ref); > + return addr_ref; > #endif > } > > +#define GPFSTR "general protection fault" > dotraplinkage void > do_general_protection(struct pt_regs *regs, long error_code) > { > - const char *desc = "general protection fault"; > struct task_struct *tsk; > + char desc[90]; > > RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU"); > cond_local_irq_enable(regs); > @@ -584,12 +584,18 @@ do_general_protection(struct pt_regs *regs, long error_code) > X86_TRAP_GP, SIGSEGV) == NOTIFY_STOP) > return; > > - if (error_code) > - pr_alert("GPF is segment-related (see error code)\n"); > - else > - print_kernel_gp_address(regs); > + if (error_code) { > + snprintf(desc, 90, "segment-related " GPFSTR); > + } else { > + unsigned long addr_ref = get_kernel_gp_address(regs); > + > + if (addr_ref) > + snprintf(desc, 90, GPFSTR " while derefing a non-canonical address 0x%lx", addr_ref); > + else > + snprintf(desc, 90, GPFSTR); > + } > > - die(desc, regs, error_code); > + die((const char *)desc, regs, error_code); > return; > } > > diff --git a/init/main.c b/init/main.c > index 91f6ebb30ef0..7acc7e660be9 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -1124,6 +1124,9 @@ static int __ref kernel_init(void *unused) > > rcu_end_inkernel_boot(); > > + asm volatile("mov $0xdfff000000000001, %rax\n\t" > + "jmpq *%rax\n\t"); > + > if (ramdisk_execute_command) { > ret = run_init_process(ramdisk_execute_command); > if (!ret) > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20191118142144.GC6363%40zn.tnic.