From: Daniel Axtens <dja@axtens.net>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>,
Dmitry Vyukov <dvyukov@google.com>
Cc: Qian Cai <cai@lca.pw>, kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>,
the arch/x86 maintainers <x86@kernel.org>,
Alexander Potapenko <glider@google.com>,
Andy Lutomirski <luto@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Christophe Leroy <christophe.leroy@c-s.fr>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
Vasily Gorbik <gor@linux.ibm.com>
Subject: Re: [PATCH v11 1/4] kasan: support backing vmalloc space with real shadow memory
Date: Fri, 29 Nov 2019 23:29:37 +1100 [thread overview]
Message-ID: <871rtqg91q.fsf@dja-thinkpad.axtens.net> (raw)
In-Reply-To: <56cf8aab-c61b-156c-f681-d2354aed22bb@virtuozzo.com>
>>> Nope, it's vm_map_ram() not being handled
>>
>>
>> Another suspicious one. Related to kasan/vmalloc?
>
> Very likely the same as with ion:
>
> # git grep vm_map_ram|grep xfs
> fs/xfs/xfs_buf.c: * vm_map_ram() will allocate auxiliary structures (e.g.
> fs/xfs/xfs_buf.c: bp->b_addr = vm_map_ram(bp->b_pages, bp->b_page_count,
Aaargh, that's an embarassing miss.
It's a bit intricate because kasan_vmalloc_populate function is
currently set up to take a vm_struct not a vmap_area, but I'll see if I
can get something simple out this evening - I'm away for the first part
of next week.
Do you have to do anything interesting to get it to explode with xfs? Is
it as simple as mounting a drive and doing some I/O? Or do you need to
do something more involved?
Regards,
Daniel
>
>>
>> BUG: unable to handle page fault for address: fffff52005b80000
>> #PF: supervisor read access in kernel mode
>> #PF: error_code(0x0000) - not-present page
>> PGD 7ffcd067 P4D 7ffcd067 PUD 2cd10067 PMD 66d76067 PTE 0
>> Oops: 0000 [#1] PREEMPT SMP KASAN
>> CPU: 2 PID: 9211 Comm: syz-executor.2 Not tainted 5.4.0-next-20191129+ #6
>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
>> rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
>> RIP: 0010:xfs_sb_read_verify+0xe9/0x540 fs/xfs/libxfs/xfs_sb.c:691
>> Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1e 04 00 00 4d 8b ac 24
>> 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6
>> 04 02 84 c0 74 08 3c 03 0f 8e ad 03 00 00 41 8b 45 00 bf 58
>> RSP: 0018:ffffc9000a58f8d0 EFLAGS: 00010a06
>> RAX: dffffc0000000000 RBX: 1ffff920014b1f1d RCX: ffffc9000af42000
>> RDX: 1ffff92005b80000 RSI: ffffffff82914404 RDI: ffff88805cdb1460
>> RBP: ffffc9000a58fab0 R08: ffff8880610cd380 R09: ffffed1005a87045
>> R10: ffffed1005a87044 R11: ffff88802d438223 R12: ffff88805cdb1340
>> R13: ffffc9002dc00000 R14: ffffc9000a58fa88 R15: ffff888061b5c000
>> FS: 00007fb49bda9700(0000) GS:ffff88802d400000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: fffff52005b80000 CR3: 0000000060769006 CR4: 0000000000760ee0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> PKRU: 55555554
>> Call Trace:
>> xfs_buf_ioend+0x228/0xdc0 fs/xfs/xfs_buf.c:1162
>> __xfs_buf_submit+0x38b/0xe50 fs/xfs/xfs_buf.c:1485
>> xfs_buf_submit fs/xfs/xfs_buf.h:268 [inline]
>> xfs_buf_read_uncached+0x15c/0x560 fs/xfs/xfs_buf.c:897
>> xfs_readsb+0x2d0/0x540 fs/xfs/xfs_mount.c:298
>> xfs_fc_fill_super+0x3e6/0x11f0 fs/xfs/xfs_super.c:1415
>> get_tree_bdev+0x444/0x620 fs/super.c:1340
>> xfs_fc_get_tree+0x1c/0x20 fs/xfs/xfs_super.c:1550
>> vfs_get_tree+0x8e/0x300 fs/super.c:1545
>> do_new_mount fs/namespace.c:2822 [inline]
>> do_mount+0x152d/0x1b50 fs/namespace.c:3142
>> ksys_mount+0x114/0x130 fs/namespace.c:3351
>> __do_sys_mount fs/namespace.c:3365 [inline]
>> __se_sys_mount fs/namespace.c:3362 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3362
>> do_syscall_64+0xfa/0x780 arch/x86/entry/common.c:294
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x46736a
>> Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
>> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
>> 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
>> RSP: 002b:00007fb49bda8a78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007fb49bda8af0 RCX: 000000000046736a
>> RDX: 00007fb49bda8ad0 RSI: 0000000020000140 RDI: 00007fb49bda8af0
>> RBP: 00007fb49bda8ad0 R08: 00007fb49bda8b30 R09: 00007fb49bda8ad0
>> R10: 0000000000000000 R11: 0000000000000202 R12: 00007fb49bda8b30
>> R13: 00000000004b1c60 R14: 00000000004b006d R15: 00007fb49bda96bc
>> Modules linked in:
>> Dumping ftrace buffer:
>> (ftrace buffer empty)
>> CR2: fffff52005b80000
>> ---[ end trace eddd8949d4c898df ]---
>> RIP: 0010:xfs_sb_read_verify+0xe9/0x540 fs/xfs/libxfs/xfs_sb.c:691
>> Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1e 04 00 00 4d 8b ac 24
>> 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6
>> 04 02 84 c0 74 08 3c 03 0f 8e ad 03 00 00 41 8b 45 00 bf 58
>> RSP: 0018:ffffc9000a58f8d0 EFLAGS: 00010a06
>> RAX: dffffc0000000000 RBX: 1ffff920014b1f1d RCX: ffffc9000af42000
>> RDX: 1ffff92005b80000 RSI: ffffffff82914404 RDI: ffff88805cdb1460
>> RBP: ffffc9000a58fab0 R08: ffff8880610cd380 R09: ffffed1005a87045
>> R10: ffffed1005a87044 R11: ffff88802d438223 R12: ffff88805cdb1340
>> R13: ffffc9002dc00000 R14: ffffc9000a58fa88 R15: ffff888061b5c000
>> FS: 00007fb49bda9700(0000) GS:ffff88802d400000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: fffff52005b80000 CR3: 0000000060769006 CR4: 0000000000760ee0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> PKRU: 55555554
>>
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/56cf8aab-c61b-156c-f681-d2354aed22bb%40virtuozzo.com.
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Axtens <dja@axtens.net>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>,
Dmitry Vyukov <dvyukov@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
the arch/x86 maintainers <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>,
Alexander Potapenko <glider@google.com>,
Andy Lutomirski <luto@kernel.org>, Qian Cai <cai@lca.pw>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH v11 1/4] kasan: support backing vmalloc space with real shadow memory
Date: Fri, 29 Nov 2019 23:29:37 +1100 [thread overview]
Message-ID: <871rtqg91q.fsf@dja-thinkpad.axtens.net> (raw)
In-Reply-To: <56cf8aab-c61b-156c-f681-d2354aed22bb@virtuozzo.com>
>>> Nope, it's vm_map_ram() not being handled
>>
>>
>> Another suspicious one. Related to kasan/vmalloc?
>
> Very likely the same as with ion:
>
> # git grep vm_map_ram|grep xfs
> fs/xfs/xfs_buf.c: * vm_map_ram() will allocate auxiliary structures (e.g.
> fs/xfs/xfs_buf.c: bp->b_addr = vm_map_ram(bp->b_pages, bp->b_page_count,
Aaargh, that's an embarassing miss.
It's a bit intricate because kasan_vmalloc_populate function is
currently set up to take a vm_struct not a vmap_area, but I'll see if I
can get something simple out this evening - I'm away for the first part
of next week.
Do you have to do anything interesting to get it to explode with xfs? Is
it as simple as mounting a drive and doing some I/O? Or do you need to
do something more involved?
Regards,
Daniel
>
>>
>> BUG: unable to handle page fault for address: fffff52005b80000
>> #PF: supervisor read access in kernel mode
>> #PF: error_code(0x0000) - not-present page
>> PGD 7ffcd067 P4D 7ffcd067 PUD 2cd10067 PMD 66d76067 PTE 0
>> Oops: 0000 [#1] PREEMPT SMP KASAN
>> CPU: 2 PID: 9211 Comm: syz-executor.2 Not tainted 5.4.0-next-20191129+ #6
>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
>> rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
>> RIP: 0010:xfs_sb_read_verify+0xe9/0x540 fs/xfs/libxfs/xfs_sb.c:691
>> Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1e 04 00 00 4d 8b ac 24
>> 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6
>> 04 02 84 c0 74 08 3c 03 0f 8e ad 03 00 00 41 8b 45 00 bf 58
>> RSP: 0018:ffffc9000a58f8d0 EFLAGS: 00010a06
>> RAX: dffffc0000000000 RBX: 1ffff920014b1f1d RCX: ffffc9000af42000
>> RDX: 1ffff92005b80000 RSI: ffffffff82914404 RDI: ffff88805cdb1460
>> RBP: ffffc9000a58fab0 R08: ffff8880610cd380 R09: ffffed1005a87045
>> R10: ffffed1005a87044 R11: ffff88802d438223 R12: ffff88805cdb1340
>> R13: ffffc9002dc00000 R14: ffffc9000a58fa88 R15: ffff888061b5c000
>> FS: 00007fb49bda9700(0000) GS:ffff88802d400000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: fffff52005b80000 CR3: 0000000060769006 CR4: 0000000000760ee0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> PKRU: 55555554
>> Call Trace:
>> xfs_buf_ioend+0x228/0xdc0 fs/xfs/xfs_buf.c:1162
>> __xfs_buf_submit+0x38b/0xe50 fs/xfs/xfs_buf.c:1485
>> xfs_buf_submit fs/xfs/xfs_buf.h:268 [inline]
>> xfs_buf_read_uncached+0x15c/0x560 fs/xfs/xfs_buf.c:897
>> xfs_readsb+0x2d0/0x540 fs/xfs/xfs_mount.c:298
>> xfs_fc_fill_super+0x3e6/0x11f0 fs/xfs/xfs_super.c:1415
>> get_tree_bdev+0x444/0x620 fs/super.c:1340
>> xfs_fc_get_tree+0x1c/0x20 fs/xfs/xfs_super.c:1550
>> vfs_get_tree+0x8e/0x300 fs/super.c:1545
>> do_new_mount fs/namespace.c:2822 [inline]
>> do_mount+0x152d/0x1b50 fs/namespace.c:3142
>> ksys_mount+0x114/0x130 fs/namespace.c:3351
>> __do_sys_mount fs/namespace.c:3365 [inline]
>> __se_sys_mount fs/namespace.c:3362 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3362
>> do_syscall_64+0xfa/0x780 arch/x86/entry/common.c:294
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x46736a
>> Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
>> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
>> 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
>> RSP: 002b:00007fb49bda8a78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007fb49bda8af0 RCX: 000000000046736a
>> RDX: 00007fb49bda8ad0 RSI: 0000000020000140 RDI: 00007fb49bda8af0
>> RBP: 00007fb49bda8ad0 R08: 00007fb49bda8b30 R09: 00007fb49bda8ad0
>> R10: 0000000000000000 R11: 0000000000000202 R12: 00007fb49bda8b30
>> R13: 00000000004b1c60 R14: 00000000004b006d R15: 00007fb49bda96bc
>> Modules linked in:
>> Dumping ftrace buffer:
>> (ftrace buffer empty)
>> CR2: fffff52005b80000
>> ---[ end trace eddd8949d4c898df ]---
>> RIP: 0010:xfs_sb_read_verify+0xe9/0x540 fs/xfs/libxfs/xfs_sb.c:691
>> Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1e 04 00 00 4d 8b ac 24
>> 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6
>> 04 02 84 c0 74 08 3c 03 0f 8e ad 03 00 00 41 8b 45 00 bf 58
>> RSP: 0018:ffffc9000a58f8d0 EFLAGS: 00010a06
>> RAX: dffffc0000000000 RBX: 1ffff920014b1f1d RCX: ffffc9000af42000
>> RDX: 1ffff92005b80000 RSI: ffffffff82914404 RDI: ffff88805cdb1460
>> RBP: ffffc9000a58fab0 R08: ffff8880610cd380 R09: ffffed1005a87045
>> R10: ffffed1005a87044 R11: ffff88802d438223 R12: ffff88805cdb1340
>> R13: ffffc9002dc00000 R14: ffffc9000a58fa88 R15: ffff888061b5c000
>> FS: 00007fb49bda9700(0000) GS:ffff88802d400000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: fffff52005b80000 CR3: 0000000060769006 CR4: 0000000000760ee0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> PKRU: 55555554
>>
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/56cf8aab-c61b-156c-f681-d2354aed22bb%40virtuozzo.com.
next prev parent reply other threads:[~2019-11-29 12:29 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-31 9:39 [PATCH v11 0/4] kasan: support backing vmalloc space with real shadow memory Daniel Axtens
2019-10-31 9:39 ` [PATCH v11 1/4] " Daniel Axtens
2019-11-15 16:36 ` Qian Cai
2019-11-15 16:36 ` Qian Cai
2019-11-18 3:29 ` Daniel Axtens
2019-11-19 9:54 ` Andrey Ryabinin
2019-11-29 10:43 ` Dmitry Vyukov
2019-11-29 10:43 ` Dmitry Vyukov
2019-11-29 10:43 ` Dmitry Vyukov
2019-11-29 10:58 ` Dmitry Vyukov
2019-11-29 10:58 ` Dmitry Vyukov
2019-11-29 10:58 ` Dmitry Vyukov
2019-11-29 11:02 ` Dmitry Vyukov
2019-11-29 11:02 ` Dmitry Vyukov
2019-11-29 11:02 ` Dmitry Vyukov
2019-11-29 11:38 ` Andrey Ryabinin
2019-11-29 11:38 ` Andrey Ryabinin
2019-11-29 11:47 ` Dmitry Vyukov
2019-11-29 11:47 ` Dmitry Vyukov
2019-11-29 11:47 ` Dmitry Vyukov
2019-11-29 11:53 ` Andrey Ryabinin
2019-11-29 11:53 ` Andrey Ryabinin
2019-11-29 12:29 ` Daniel Axtens [this message]
2019-11-29 12:29 ` Daniel Axtens
2019-11-29 12:45 ` Dmitry Vyukov
2019-11-29 12:45 ` Dmitry Vyukov
2019-11-29 12:45 ` Dmitry Vyukov
2019-11-29 15:13 ` Dmitry Vyukov
2019-11-29 15:13 ` Dmitry Vyukov
2019-11-29 15:13 ` Dmitry Vyukov
2019-11-29 15:15 ` XFS check crash (WAS Re: [PATCH v11 1/4] kasan: support backing vmalloc space with real shadow memory) Qian Cai
2019-11-29 15:15 ` Qian Cai
2019-11-29 15:50 ` Daniel Axtens
2019-11-29 15:50 ` Daniel Axtens
2019-11-29 12:09 ` [PATCH v11 1/4] kasan: support backing vmalloc space with real shadow memory Daniel Axtens
2019-11-29 12:09 ` Daniel Axtens
2019-11-29 12:15 ` Dmitry Vyukov
2019-11-29 12:15 ` Dmitry Vyukov
2019-11-29 12:15 ` Dmitry Vyukov
2019-11-20 5:27 ` [PATCH] update to "kasan: support backing vmalloc space with real shadow memory" Daniel Axtens
2019-11-20 5:27 ` Daniel Axtens
2019-10-31 9:39 ` [PATCH v11 2/4] kasan: add test for vmalloc Daniel Axtens
2019-10-31 9:39 ` [PATCH v11 3/4] fork: support VMAP_STACK with KASAN_VMALLOC Daniel Axtens
2019-10-31 9:39 ` [PATCH v11 4/4] x86/kasan: support KASAN_VMALLOC Daniel Axtens
2019-11-08 22:36 ` [PATCH v11 0/4] kasan: support backing vmalloc space with real shadow memory Andrey Ryabinin
2019-11-08 22:36 ` Andrey Ryabinin
2019-12-02 8:07 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rtqg91q.fsf@dja-thinkpad.axtens.net \
--to=dja@axtens.net \
--cc=aryabinin@virtuozzo.com \
--cc=cai@lca.pw \
--cc=christophe.leroy@c-s.fr \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=gor@linux.ibm.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.