Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp715528pxb; Wed, 3 Feb 2021 16:20:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJyr4o1zuae2/Mi9BTEwpLFsN4k7rO8TAF7WIbEPToty3TT2LL6dFHedUr8YLoZaptzmfPxh X-Received: by 2002:a17:906:3f97:: with SMTP id b23mr5520767ejj.306.1612398046570; Wed, 03 Feb 2021 16:20:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612398046; cv=none; d=google.com; s=arc-20160816; b=QfoE4Uwcet3SJOLqOb8a5zRBUrTcuejDxzCPqdrL4dFGb+BXaOTPfdZlPd8zagREyN m/njjpPnR5kp2P1NEiecx370he7SquUN7kI7CAksa41dbrxgswhM0SaIJZHMWqxuy60E 21SoitFLxh8GkebsX7MZWrwvbm/a5J461mtl1QnEtzx9Sjvt12/Paa0OXXZgOOhEW9EY Qmuctj+X/f0g8g3abosaX6RFqARHmx6SjiIKMs5aby2bZXFnSll2I2G1XlzY0w4+C2kV pdFuft5iv/ALvVoaTQQ2eAjxIOaFN4aoO5mt5YL+Du6nouNy1+lI7me0tJ1SJR2pcCyQ ediQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=aH1rhNhUTj2RKUZJRdsnzrFvXxO/fmeN1LzVYQPVogc=; b=CrJHnKfo5lAgGQtHi8pzW5/Bnh6yqiTI1cy0VWlLhe/pqFeoIPF3ICTLqwcdykAVem JROjeyyNN88GbrxXsLn5z6DdWGu5DrLb22lwaMI6XnPdbTxkYdsLGHgZQ+zzkAJAVZTj GKu+d3KvxKXt3WKhj6HGwc2FhLg0JdJ3EINoHhMNrvdn1bR71BwwAUpZlthaPXvliupm UJ8Cd0xOWHfYnall1Xukr6qJG0Av+2XfdZR3QAkiB1fOrjNT1zNLZexXL/5S3vMWNci9 +1Ii0FmoMGYOHeQy9EVwEmO2Fpd7rcrUK+xYkD26o3SkGxHmKi39S5PBZhpz8zzaZtFa ttaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="d/pir4wH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a19si2356324eds.49.2021.02.03.16.20.21; Wed, 03 Feb 2021 16:20:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="d/pir4wH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233657AbhBDASv (ORCPT + 99 others); Wed, 3 Feb 2021 19:18:51 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:29061 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233171AbhBDASu (ORCPT ); Wed, 3 Feb 2021 19:18:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612397844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aH1rhNhUTj2RKUZJRdsnzrFvXxO/fmeN1LzVYQPVogc=; b=d/pir4wHrg7ugVssgZGa9XyKhsycP/q3bJWaRLDVi+fByHgQee0RfBRWAbAS/YO+mB29DR SrSlQuKEvYwz2w1tHxx19CBnmbczouFLYcueuTasnoFuAD9lA0QLzT56q4WEs1qGp+CPcE i7RtjDYF+rSFVUfTe20DgCKVlGZ2ZHY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-468-0rp0hcNIPm-QpktHhG4f4g-1; Wed, 03 Feb 2021 19:17:20 -0500 X-MC-Unique: 0rp0hcNIPm-QpktHhG4f4g-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7884A1934110; Thu, 4 Feb 2021 00:17:16 +0000 (UTC) Received: from treble (ovpn-113-81.rdu2.redhat.com [10.10.113.81]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 911A2100AE4D; Thu, 4 Feb 2021 00:17:03 +0000 (UTC) Date: Wed, 3 Feb 2021 18:17:00 -0600 From: Josh Poimboeuf To: Ivan Babrou Cc: Peter Zijlstra , kernel-team , Ignat Korchagin , Hailong liu , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" , Miroslav Benes , Julien Thierry , Jiri Slaby , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, "Steven Rostedt (VMware)" , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , Robert Richter , "Joel Fernandes (Google)" , Mathieu Desnoyers , Linux Kernel Network Developers , bpf@vger.kernel.org, Alexey Kardashevskiy Subject: Re: BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1df5/0x2650 Message-ID: <20210204001700.ry6dpqvavcswyvy7@treble> References: <20210203190518.nlwghesq75enas6n@treble> <20210203232735.nw73kugja56jp4ls@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 03, 2021 at 03:30:35PM -0800, Ivan Babrou wrote: > > > > Can you recreate with this patch, and add "unwind_debug" to the cmdline? > > > > It will spit out a bunch of stack data. > > > > > > Here's the three I'm building: > > > > > > * https://github.com/bobrik/linux/tree/ivan/static-call-5.9 > > > > > > It contains: > > > > > > * v5.9 tag as the base > > > * static_call-2020-10-12 tag > > > * dm-crypt patches to reproduce the issue with KASAN > > > * x86/unwind: Add 'unwind_debug' cmdline option > > > * tracepoint: Fix race between tracing and removing tracepoint > > > > > > The very same issue can be reproduced on 5.10.11 with no patches, > > > but I'm going with 5.9, since it boils down to static call changes. > > > > > > Here's the decoded stack from the kernel with unwind debug enabled: > > > > > > * https://gist.github.com/bobrik/ed052ac0ae44c880f3170299ad4af56b > > > > > > See my first email for the exact commands that trigger this. > > > > Thanks. Do you happen to have the original dmesg, before running it > > through the post-processing script? > > Yes, here it is: > > * https://gist.github.com/bobrik/8c13e6a02555fb21cadabb74cdd6f9ab It appears the unwinder is getting lost in crypto code. No idea what this has to do with static calls though. Or maybe you're seeing multiple issues. Does this fix it? diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile index a31de0c6ccde..36c55341137c 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -2,7 +2,14 @@ # # x86 crypto algorithms -OBJECT_FILES_NON_STANDARD := y +OBJECT_FILES_NON_STANDARD_sha256-avx2-asm.o := y +OBJECT_FILES_NON_STANDARD_sha512-ssse3-asm.o := y +OBJECT_FILES_NON_STANDARD_sha512-avx-asm.o := y +OBJECT_FILES_NON_STANDARD_sha512-avx2-asm.o := y +OBJECT_FILES_NON_STANDARD_crc32c-pcl-intel-asm_64.o := y +OBJECT_FILES_NON_STANDARD_camellia-aesni-avx2-asm_64.o := y +OBJECT_FILES_NON_STANDARD_sha1_avx2_x86_64_asm.o := y +OBJECT_FILES_NON_STANDARD_sha1_ni_asm.o := y obj-$(CONFIG_CRYPTO_GLUE_HELPER_X86) += glue_helper.o diff --git a/arch/x86/crypto/aesni-intel_avx-x86_64.S b/arch/x86/crypto/aesni-intel_avx-x86_64.S index 5fee47956f3b..59c36b88954f 100644 --- a/arch/x86/crypto/aesni-intel_avx-x86_64.S +++ b/arch/x86/crypto/aesni-intel_avx-x86_64.S @@ -237,8 +237,8 @@ define_reg j %j .noaltmacro .endm -# need to push 4 registers into stack to maintain -STACK_OFFSET = 8*4 +# need to push 5 registers into stack to maintain +STACK_OFFSET = 8*5 TMP1 = 16*0 # Temporary storage for AAD TMP2 = 16*1 # Temporary storage for AES State 2 (State 1 is stored in an XMM register) @@ -257,6 +257,8 @@ VARIABLE_OFFSET = 16*8 .macro FUNC_SAVE #the number of pushes must equal STACK_OFFSET + push %rbp + mov %rsp, %rbp push %r12 push %r13 push %r14 @@ -271,12 +273,14 @@ VARIABLE_OFFSET = 16*8 .endm .macro FUNC_RESTORE + add $VARIABLE_OFFSET, %rsp mov %r14, %rsp pop %r15 pop %r14 pop %r13 pop %r12 + pop %rbp .endm # Encryption of a single block