Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp517169ybh; Sat, 18 Jul 2020 11:03:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzw6l7iT6BJlLOJdI7GDD93IzUoK9MokkFxgvr2JaJ2RA4cJC9/YfkMl4BK1yOtuQikbsSy X-Received: by 2002:a17:906:6d56:: with SMTP id a22mr14418342ejt.440.1595095422409; Sat, 18 Jul 2020 11:03:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595095422; cv=none; d=google.com; s=arc-20160816; b=ArE6wMxw9ODs4STgchB9qZ7fFsiZ1hc5PBHFq5xq2stBlVWAB8daf2nb/7XyuWFGp7 Q6PXNuOxc7l86JHy7pfBHHGj6s/yLUAoZeyMzDwOcBJmljeidK6I0iI+17a3msK1AFHb n+zb8+uFpzan14dl1vCKnEFFbb4UiaI1zSWEWDwhjMcxZ3SQZkUCeRC5ZEVbR5Yva1Ti mPxnuzIuDmxm4CakKHHL5NN8SXC78padFDp0VcEaJOlj8MnhJz2aiga62X67cZ6q8WI8 Z29w6pYR+HJArR8eE92nkRYc1fFoaQ+CW+upm+mjN5kN1k/VPBJ3Teg9ny6UOxN1dFsT /IrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=CuTOHhNZUThBVGxakRYrSps2WAspH0O/z3ioStFCCGE=; b=UK29LwxK7PLQDz1aW5XsoR/R3ozITvQreSOlYxq/m6H+FoRGJFdaNEHwyJRgif4hFa aRlbH7+H5DLWDWCbTPjPTJ+QZViqBGDQhHObJvZBR5vPe/XyLnIoW9GxFJR+UdsT5uZ7 ZRQ3G5w6eoExzkI2MtUAm7U2WnACvEL/5N5J29ZEM26zWljgibtoem9b+G6DYSejACzl TaDs9D+9nsjv3LMvJcGORRj21lVxOK0W29I9gV6IGOzx9Ou9lETji5MXt1d78b4D3PdU onq/iSPspcwvxWRNHh+zaZ/Bi3LkESYAH2i7peKwVCQSGn5b4OqYhmSzZrBBltvX9RK+ Rb/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JmuzoR1T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j5si7393458ejk.74.2020.07.18.11.03.19; Sat, 18 Jul 2020 11:03:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JmuzoR1T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728014AbgGRSAd (ORCPT + 99 others); Sat, 18 Jul 2020 14:00:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:54182 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726604AbgGRSAc (ORCPT ); Sat, 18 Jul 2020 14:00:32 -0400 Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9713A22B48 for ; Sat, 18 Jul 2020 18:00:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595095231; bh=+wToLoKjRiINKFhQyZFsFXnAJYi9t95rRxHIuPFsFQQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=JmuzoR1TT5uu+nLsEaipWnbUip9RmfZGF4ji6XcwBmY+uvhS2byFsimCUKED2nttC SimtWU/U5o9FoGuKRgbFj2T+ubluOamZ/v9hwVihTB+MA2g/RKiENHdCvcNX9p4PCS iKKe+xx7b0jPoCr/NjtDDagTrw/s/iUpQSyAO1ts= Received: by mail-wr1-f46.google.com with SMTP id f18so14194397wrs.0 for ; Sat, 18 Jul 2020 11:00:31 -0700 (PDT) X-Gm-Message-State: AOAM533iWJJjda8c6xftvp/RQB42dyFZCAhgu15kJI1PpfP+SgXLZUW/ cqqDM+74UQXZtc0UnsnevxxVfhjl0MP5F7DHWxADcQ== X-Received: by 2002:adf:f888:: with SMTP id u8mr15668965wrp.18.1595095230100; Sat, 18 Jul 2020 11:00:30 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andy Lutomirski Date: Sat, 18 Jul 2020 11:00:18 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Random shadow stack pointer corruption To: Yu-cheng Yu Cc: LKML , X86 ML , Andy Lutomirski , Borislav Petkov , Dave Hansen , "H.J. Lu" , Ingo Molnar , "Ravi V. Shankar" , Sebastian Andrzej Siewior , Tony Luck , Thomas Gleixner , Peter Zijlstra , Weijiang Yang Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 18, 2020 at 10:58 AM Yu-cheng Yu wrote: > > Hi, > > My shadow stack tests start to have random shadow stack pointer corruption after > v5.7 (excluding). The symptom looks like some locking issue or the kernel is > confused about which CPU a task is on. In later tip/master, this can be > triggered by creating two tasks and each does continuous > pthread_create()/pthread_join(). If the kernel has max_cpus=1, the issue goes > away. I also checked XSAVES/XRSTORS, but this does not seem to be an issue > coming from there. What do you mean "shadow stack pointer corruption"? Is SSP itself corrupt while running in the kernel? Is one of the MSRs getting corrupted? Is the memory to which the shadow stack points getting corrupted? Is the CPU rejecting an attempt to change SSP? --Andy > > The tests I run take a long time to complete, and some commit points in bisect > do not show failures right away. However, the issue can be more easily > triggered after the point of: > > d77290507ab2 x86/entry/32: Convert IRET exception to IDTENTRY_SW > > Can anyone help me find places to look at? > > Thanks, > Yu-cheng >