Received: by 2002:a05:6520:3645:b029:c0:f950:43e0 with SMTP id l5csp6262302lki; Thu, 4 Mar 2021 08:42:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJwi5Th/RzxoItkHSCzU5XSiw/GlZdUU+KwDhN7pMoYwCWtnbkwujJRkZXRVzDWHyUPtXcEm X-Received: by 2002:aa7:c497:: with SMTP id m23mr5348674edq.74.1614876144155; Thu, 04 Mar 2021 08:42:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614876144; cv=none; d=google.com; s=arc-20160816; b=lpSP1LaMJsMZ+1niY85xAddXgLGHCD3pXBkJ++Tv47053HiyG+DVb4ZjdHuN0fpjS0 NZFpIITw+SPIjzNZLzOLj/evggbfFmK9JjGWMRcTWnHKtYd5dM+64CN+Niz8q/OnIFJO d1ZyWEgWmOgZ29ipBwdCUNvGvSzTNw4ZSp5htk1aqKpkJcMqXxZ86R3uKhh7Mj/vd3BA qntLietIukbIB60HYQsG7ysaEhAsDy1e21eoe4t/nXGatkaN5zArgY2CCMGkc9ZvUSan sUqFucHbD0Cj3rC+tCNwK0QlN0+AlxRLSzs1p+XwVVqlZpFMh6LakyXwWBQj/AldPeQd HC/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=FH7ph6cwSCi93IJHohvQ0RuLXYukCCGdk/pW1zQYl0k=; b=YjetNUQ541P9TAMPnh6cS/OyPUz+utE7xPRz4GeSIZeXHEDO+lFi/8CvUB3tEsa+nK tzudiUwtlpH/RKHGR40YXtCbyjkaMdVa1cREc+V6v+WWJOtk2YdEzkpKOtVTfnNI7Dce gH1lOb80IvbIlausGLwGZGq0WxxwAv1lnNCwJzV1AH9CYmvvrOYYKr0PfGzilkfQ85cd l9qbOMV1EaDgh7W9pLE1/BlE3WmE9VySfUxd+0SY5q8Zqzv1S4wxyey5+63veWNOctTn O7Zlbc7sc9LD/wlJmA0ws4a+R3qyw1haOTT3Qp195p2l8uJ0hdUTW0kVT0M0Y6fXLHTa wocQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RJPO8rPq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h1si2501783ejf.242.2021.03.04.08.42.01; Thu, 04 Mar 2021 08:42:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RJPO8rPq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239826AbhCDMEB (ORCPT + 99 others); Thu, 4 Mar 2021 07:04:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236806AbhCDMDm (ORCPT ); Thu, 4 Mar 2021 07:03:42 -0500 Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11E99C061574 for ; Thu, 4 Mar 2021 04:03:02 -0800 (PST) Received: by mail-oi1-x234.google.com with SMTP id o3so29790913oic.8 for ; Thu, 04 Mar 2021 04:03:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FH7ph6cwSCi93IJHohvQ0RuLXYukCCGdk/pW1zQYl0k=; b=RJPO8rPq0Qp+et88d/xPSuUyCvz2SNC2e05EPAwzRHG+IiIhFv28Iwn1MpVGR4PA/Z HVV3dKm5Jm0AYKbpTQFb+J925XFh7Da00YkfzWY2L2aQkXPkAEHx5kbKab3zhR7EaAMc L5Tm7hjtDMt0gcJkHOI/xjlfSsRaDZk3JObfMO3C/ibLN0yKOpssn3ghlFKQ8ppjz9zL cjOs2Uw8ROQIK+zZ+OstIEBKtV3KFKesdaZL66D8QXvo/SgjZfs8Trb86dP5dG8vr2mK xknriQIPeSvIVnHiXDD38/fx3SwXKmYNqjvFOIPDH7qt53NowYG4fbw7PaJsmEhXGxk1 R2FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FH7ph6cwSCi93IJHohvQ0RuLXYukCCGdk/pW1zQYl0k=; b=tOsYsoTTvoF+tQHwpv9jVAJPjAa81vdxeEexy90NDazbpXgq3BhbvOJVxRztx8fM0x VXcMdQUSV6ERtSkJ0NnX9llndO/uHMVmTtPT0YyJYI5wrBQEti58sVsGD/988KOYY0Fn dgnLyuivyXnTYhFVvncP7z0wrk42CdyqJEJHCpogUMNMnaSodW2KFgkopPtgCYb2Ee3u sdJ8sbPmnajCgwFDIe7OY/KLu1Ebp846EuCDbc8uaeSN3mws4f2bi/BLkBaOgzXZ1Y8K ZldjtyWncyG2Mohks5wdwrqvOu31jdVGGwlRrXwX3ZdFu/iOkd8n5Bl5NZXVnYaK9BBu dUmA== X-Gm-Message-State: AOAM53149aZCoMtg2h8FOweCkx/C2NvLHZwvASzqgxyc0aSj+Ub6a/qO 9mO1r6rtwDpMpjDyg8L0q5bf7BCl5Wo6XHIJq8kEEA== X-Received: by 2002:a05:6808:10d3:: with SMTP id s19mr2772884ois.70.1614859381258; Thu, 04 Mar 2021 04:03:01 -0800 (PST) MIME-Version: 1.0 References: <51c397a23631d8bb2e2a6515c63440d88bf74afd.1614674144.git.christophe.leroy@csgroup.eu> <08a96c5d-4ae7-03b4-208f-956226dee6bb@csgroup.eu> <7270e1cc-bb6b-99ee-0043-08a027b8d83a@csgroup.eu> <72e31c34-e947-1084-2bd2-f5b80786f827@csgroup.eu> In-Reply-To: <72e31c34-e947-1084-2bd2-f5b80786f827@csgroup.eu> From: Marco Elver Date: Thu, 4 Mar 2021 13:02:49 +0100 Message-ID: Subject: Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32 To: Christophe Leroy Cc: Alexander Potapenko , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , Dmitry Vyukov , LKML , linuxppc-dev@lists.ozlabs.org, kasan-dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 4 Mar 2021 at 13:00, Christophe Leroy wrote: > > > > Le 04/03/2021 =C3=A0 12:48, Christophe Leroy a =C3=A9crit : > > > > > > Le 04/03/2021 =C3=A0 12:31, Marco Elver a =C3=A9crit : > >> On Thu, 4 Mar 2021 at 12:23, Christophe Leroy > >> wrote: > >>> Le 03/03/2021 =C3=A0 11:56, Marco Elver a =C3=A9crit : > >>>> > >>>> Somewhat tangentially, I also note that e.g. show_regs(regs) (which > >>>> was printed along the KFENCE report above) didn't include the top > >>>> frame in the "Call Trace", so this assumption is definitely not > >>>> isolated to KFENCE. > >>>> > >>> > >>> Now, I have tested PPC64 (with the patch I sent yesterday to modify s= ave_stack_trace_regs() > >>> applied), and I get many failures. Any idea ? > >>> > >>> [ 17.653751][ T58] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > >>> [ 17.654379][ T58] BUG: KFENCE: invalid free in .kfence_guarded_f= ree+0x2e4/0x530 > >>> [ 17.654379][ T58] > >>> [ 17.654831][ T58] Invalid free of 0xc00000003c9c0000 (in kfence-= #77): > >>> [ 17.655358][ T58] .kfence_guarded_free+0x2e4/0x530 > >>> [ 17.655775][ T58] .__slab_free+0x320/0x5a0 > >>> [ 17.656039][ T58] .test_double_free+0xe0/0x198 > >>> [ 17.656308][ T58] .kunit_try_run_case+0x80/0x110 > >>> [ 17.656523][ T58] .kunit_generic_run_threadfn_adapter+0x38/0x50 > >>> [ 17.657161][ T58] .kthread+0x18c/0x1a0 > >>> [ 17.659148][ T58] .ret_from_kernel_thread+0x58/0x70 > >>> [ 17.659869][ T58] > >>> [ 17.663954][ T58] kfence-#77 [0xc00000003c9c0000-0xc00000003c9c0= 01f, size=3D32, cache=3Dkmalloc-32] > >>> allocated by task 58: > >>> [ 17.666113][ T58] .__kfence_alloc+0x1bc/0x510 > >>> [ 17.667069][ T58] .__kmalloc+0x280/0x4f0 > >>> [ 17.667452][ T58] .test_alloc+0x19c/0x430 > >>> [ 17.667732][ T58] .test_double_free+0x88/0x198 > >>> [ 17.667971][ T58] .kunit_try_run_case+0x80/0x110 > >>> [ 17.668283][ T58] .kunit_generic_run_threadfn_adapter+0x38/0x50 > >>> [ 17.668553][ T58] .kthread+0x18c/0x1a0 > >>> [ 17.669315][ T58] .ret_from_kernel_thread+0x58/0x70 > >>> [ 17.669711][ T58] > >>> [ 17.669711][ T58] freed by task 58: > >>> [ 17.670116][ T58] .kfence_guarded_free+0x3d0/0x530 > >>> [ 17.670421][ T58] .__slab_free+0x320/0x5a0 > >>> [ 17.670603][ T58] .test_double_free+0xb4/0x198 > >>> [ 17.670827][ T58] .kunit_try_run_case+0x80/0x110 > >>> [ 17.671073][ T58] .kunit_generic_run_threadfn_adapter+0x38/0x50 > >>> [ 17.671410][ T58] .kthread+0x18c/0x1a0 > >>> [ 17.671618][ T58] .ret_from_kernel_thread+0x58/0x70 > >>> [ 17.671972][ T58] > >>> [ 17.672638][ T58] CPU: 0 PID: 58 Comm: kunit_try_catch Tainted: = G B > >>> 5.12.0-rc1-01540-g0783285cc1b8-dirty #4685 > >>> [ 17.673768][ T58] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > >>> [ 17.677031][ T58] # test_double_free: EXPECTATION FAILED at = mm/kfence/kfence_test.c:380 > >>> [ 17.677031][ T58] Expected report_matches(&expect) to be tru= e, but is false > >>> [ 17.684397][ T1] not ok 7 - test_double_free > >>> [ 17.686463][ T59] # test_double_free-memcache: setup_test_ca= che: size=3D32, ctor=3D0x0 > >>> [ 17.688403][ T59] # test_double_free-memcache: test_alloc: s= ize=3D32, gfp=3Dcc0, policy=3Dany, > >>> cache=3D1 > >> > >> Looks like something is prepending '.' to function names. We expect > >> the function name to appear as-is, e.g. "kfence_guarded_free", > >> "test_double_free", etc. > >> > >> Is there something special on ppc64, where the '.' is some convention? > >> > > > > I think so, see https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf6= 4abi.html#FUNC-DES > > > > Also see commit https://github.com/linuxppc/linux/commit/02424d896 > > > > But I'm wondering, if the dot is the problem, how so is the following one= ok ? > > [ 79.574457][ T75] # test_krealloc: test_alloc: size=3D32, gfp=3D= cc0, policy=3Dany, cache=3D0 > [ 79.682728][ T75] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > [ 79.684017][ T75] BUG: KFENCE: use-after-free read in .test_krealloc= +0x4fc/0x5b8 > [ 79.684017][ T75] > [ 79.684955][ T75] Use-after-free read at 0xc00000003d060000 (in kfen= ce-#130): > [ 79.687581][ T75] .test_krealloc+0x4fc/0x5b8 > [ 79.688216][ T75] .test_krealloc+0x4e4/0x5b8 > [ 79.688824][ T75] .kunit_try_run_case+0x80/0x110 > [ 79.689737][ T75] .kunit_generic_run_threadfn_adapter+0x38/0x50 > [ 79.690335][ T75] .kthread+0x18c/0x1a0 > [ 79.691092][ T75] .ret_from_kernel_thread+0x58/0x70 > [ 79.692081][ T75] > [ 79.692671][ T75] kfence-#130 [0xc00000003d060000-0xc00000003d06001f= , size=3D32, > cache=3Dkmalloc-32] allocated by task 75: > [ 79.700977][ T75] .__kfence_alloc+0x1bc/0x510 > [ 79.701812][ T75] .__kmalloc+0x280/0x4f0 > [ 79.702695][ T75] .test_alloc+0x19c/0x430 > [ 79.703051][ T75] .test_krealloc+0xa8/0x5b8 > [ 79.703276][ T75] .kunit_try_run_case+0x80/0x110 > [ 79.703693][ T75] .kunit_generic_run_threadfn_adapter+0x38/0x50 > [ 79.704223][ T75] .kthread+0x18c/0x1a0 > [ 79.704586][ T75] .ret_from_kernel_thread+0x58/0x70 > [ 79.704968][ T75] > [ 79.704968][ T75] freed by task 75: > [ 79.705756][ T75] .kfence_guarded_free+0x3d0/0x530 > [ 79.706754][ T75] .__slab_free+0x320/0x5a0 > [ 79.708575][ T75] .krealloc+0xe8/0x180 > [ 79.708970][ T75] .test_krealloc+0x1c8/0x5b8 > [ 79.709606][ T75] .kunit_try_run_case+0x80/0x110 > [ 79.710204][ T75] .kunit_generic_run_threadfn_adapter+0x38/0x50 > [ 79.710639][ T75] .kthread+0x18c/0x1a0 > [ 79.710996][ T75] .ret_from_kernel_thread+0x58/0x70 > [ 79.711349][ T75] > [ 79.717435][ T75] CPU: 0 PID: 75 Comm: kunit_try_catch Tainted: G = B > 5.12.0-rc1-01540-g0783285cc1b8-dirty #4685 > [ 79.718124][ T75] NIP: c000000000468a40 LR: c000000000468a28 CTR: 0= 000000000000000 > [ 79.727741][ T75] REGS: c000000007dd3830 TRAP: 0300 Tainted: G = B > (5.12.0-rc1-01540-g0783285cc1b8-dirty) > [ 79.733377][ T75] MSR: 8000000002009032 CR= : 28000440 XER: 00000000 > [ 79.738770][ T75] CFAR: c000000000888c7c DAR: c00000003d060000 DSISR= : 40000000 IRQMASK: 0 > [ 79.738770][ T75] GPR00: c000000000468a28 c000000007dd3ad0 c00000000= 1eaad00 c0000000073c3988 > [ 79.738770][ T75] GPR04: c000000007dd3b60 0000000000000001 000000000= 0000000 c00000003d060000 > [ 79.738770][ T75] GPR08: 00000000000002c8 0000000000000001 c00000000= 11bb410 c00000003fe903d8 > [ 79.738770][ T75] GPR12: 0000000028000440 c0000000020f0000 c00000000= 01a6460 c00000000724bb80 > [ 79.738770][ T75] GPR16: 0000000000000000 c00000000731749f c00000000= 11bb278 c00000000731749f > [ 79.738770][ T75] GPR20: 00000001000002c1 0000000000000000 c00000000= 11bb278 c0000000011bb3b8 > [ 79.738770][ T75] GPR24: c0000000073174a0 c0000000011aa7b8 c00000000= 1e35328 c00000000208ad00 > [ 79.738770][ T75] GPR28: 0000000000000000 c0000000011bb0b8 c00000000= 73c3988 c000000007dd3ad0 > [ 79.751744][ T75] NIP [c000000000468a40] .test_krealloc+0x4fc/0x5b8 > [ 79.752243][ T75] LR [c000000000468a28] .test_krealloc+0x4e4/0x5b8 > [ 79.752699][ T75] Call Trace: > [ 79.753027][ T75] [c000000007dd3ad0] [c000000000468a28] .test_kreall= oc+0x4e4/0x5b8 (unreliable) > [ 79.753878][ T75] [c000000007dd3c40] [c0000000008886d0] .kunit_try_r= un_case+0x80/0x110 > [ 79.754641][ T75] [c000000007dd3cd0] [c00000000088a808] > .kunit_generic_run_threadfn_adapter+0x38/0x50 > [ 79.755494][ T75] [c000000007dd3d50] [c0000000001a65ec] .kthread+0x1= 8c/0x1a0 > [ 79.757254][ T75] [c000000007dd3e10] [c00000000000dd68] .ret_from_ke= rnel_thread+0x58/0x70 > [ 79.775521][ T75] Instruction dump: > [ 79.776890][ T75] 68a50001 9b9f00c8 fbdf0090 fbbf00a0 fb5f00b8 48420= 1cd 60000000 e8ff0080 > [ 79.783146][ T75] 3d42ff31 390002c8 394a0710 39200001 <88e70000> 38a= 00000 fb9f00a8 e8fbe80e > [ 79.787563][ T75] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > [ 79.804667][ T1] ok 24 - test_krealloc This one is using pt_regs, and therefore isn't trying to determine how many entries we can skip in the stack trace to avoid showing internals. I'll reply with a potential solution you can test shortly. Thanks, -- Marco