From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752071AbeADEqQ (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 3 Jan 2018 23:46:16 -0500
Received: from mail.kernel.org ([198.145.29.99]:50144 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751769AbeADEqO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Jan 2018 23:46:14 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F1AD22193A
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
X-Google-Smtp-Source: ACJfBosGI6G3YY9/92MrXuvVFLNE6Hd9rnwUrNe6hPg+g45GeqU8GmpnmYHnq0a1XY48LaxubnUT8L+omwK6AoUijOk=
MIME-Version: 1.0
In-Reply-To: <CAD3Vwcptxyf+QJO7snZs_-MHGV3ARmLeaFVR49jKM=6MAGMk7Q@mail.gmail.com>
References: <CAD3VwcrHs8W_kMXKyDjKnjNDkkK57-0qFS5ATJYCphJHU0V3ow@mail.gmail.com>
 <20180103084600.GA31648@trogon.sfo.coreos.systems> <20180103092016.GA23772@kroah.com>
 <20180104003303.GA1654@trogon.sfo.coreos.systems> <DE0BC12C-4BA8-46AF-BD90-6904B9F87187@amacapital.net>
 <CAD3Vwcptxyf+QJO7snZs_-MHGV3ARmLeaFVR49jKM=6MAGMk7Q@mail.gmail.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 3 Jan 2018 20:45:52 -0800
X-Gmail-Original-Message-ID: <CALCETrW8NxLd4v_U_g8JyW5XdVXWhM_MZOUn05J8VTuWOwkj-A@mail.gmail.com>
Message-ID: <CALCETrW8NxLd4v_U_g8JyW5XdVXWhM_MZOUn05J8VTuWOwkj-A@mail.gmail.com>
Subject: Re: "bad pmd" errors + oops with KPTI on 4.14.11 after loading X.509 certs
To: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
        linux-mm@kvack.org, stable <stable@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Wed, Jan 3, 2018 at 8:35 PM, Benjamin Gilbert
<benjamin.gilbert@coreos.com> wrote:
> On Wed, Jan 03, 2018 at 04:37:53PM -0800, Andy Lutomirski wrote:
>> Maybe try rebuilding a bad kernel with free_ldt_pgtables() modified
>> to do nothing, and the read /sys/kernel/debug/page_tables/current (or
>> current_kernel, or whatever it's called).  The problem may be obvious.
>
> current_kernel attached.  I have not seen any crashes with
> free_ldt_pgtables() stubbed out.

I haven't reproduced it, but I think I see what's wrong.  KASLR sets
vaddr_end to a totally bogus value.  It should be no larger than
LDT_BASE_ADDR.  I suspect that your vmemmap is getting randomized into
the LDT range.  If it weren't for that, it could just as easily land
in the cpu_entry_area range.  This will need fixing in all versions
that aren't still called KAISER.

Our memory map code is utter shite.  This kind of bug should not be
possible without a giant warning at boot that something is screwed up.

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
MIME-Version: 1.0
In-Reply-To: <CAD3Vwcptxyf+QJO7snZs_-MHGV3ARmLeaFVR49jKM=6MAGMk7Q@mail.gmail.com>
References: <CAD3VwcrHs8W_kMXKyDjKnjNDkkK57-0qFS5ATJYCphJHU0V3ow@mail.gmail.com>
 <20180103084600.GA31648@trogon.sfo.coreos.systems> <20180103092016.GA23772@kroah.com>
 <20180104003303.GA1654@trogon.sfo.coreos.systems> <DE0BC12C-4BA8-46AF-BD90-6904B9F87187@amacapital.net>
 <CAD3Vwcptxyf+QJO7snZs_-MHGV3ARmLeaFVR49jKM=6MAGMk7Q@mail.gmail.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 3 Jan 2018 20:45:52 -0800
Message-ID: <CALCETrW8NxLd4v_U_g8JyW5XdVXWhM_MZOUn05J8VTuWOwkj-A@mail.gmail.com>
Subject: Re: "bad pmd" errors + oops with KPTI on 4.14.11 after loading X.509 certs
To: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, X86 ML <x86@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>, linux-mm@kvack.org,
	stable <stable@vger.kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@kernel.org>, Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-mm@kvack.org
List-ID: <stable.vger.kernel.org>

On Wed, Jan 3, 2018 at 8:35 PM, Benjamin Gilbert
<benjamin.gilbert@coreos.com> wrote:
> On Wed, Jan 03, 2018 at 04:37:53PM -0800, Andy Lutomirski wrote:
>> Maybe try rebuilding a bad kernel with free_ldt_pgtables() modified
>> to do nothing, and the read /sys/kernel/debug/page_tables/current (or
>> current_kernel, or whatever it's called).  The problem may be obvious.
>
> current_kernel attached.  I have not seen any crashes with
> free_ldt_pgtables() stubbed out.

I haven't reproduced it, but I think I see what's wrong.  KASLR sets
vaddr_end to a totally bogus value.  It should be no larger than
LDT_BASE_ADDR.  I suspect that your vmemmap is getting randomized into
the LDT range.  If it weren't for that, it could just as easily land
in the cpu_entry_area range.  This will need fixing in all versions
that aren't still called KAISER.

Our memory map code is utter shite.  This kind of bug should not be
possible without a giant warning at boot that something is screwed up.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>