From: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
To: Kees Cook <kees@kernel.org>, Kees Cook <keescook@chromium.org>
Cc: Guenter Roeck <linux@roeck-us.net>,
Bagas Sanjaya <bagasdotme@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux LLVM <llvm@lists.linux.dev>,
linux-kbuild@vger.kernel.org,
Linux Regressions <regressions@lists.linux.dev>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-hardening@vger.kernel.org
Subject: Re: [CRASH][BISECTED] 6.4.1 crash in boot
Date: Wed, 5 Jul 2023 07:18:32 +0200 [thread overview]
Message-ID: <07629c94-0205-df11-3eec-e99781e3fcfe@alu.unizg.hr> (raw)
In-Reply-To: <DA3FEB08-DF39-406B-89CC-9076CFCF597A@kernel.org>
On 7/5/23 04:09, Kees Cook wrote:
> On July 4, 2023 4:15:20 PM PDT, Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr> wrote:
>> On 7/4/23 23:36, Kees Cook wrote:
>>> On July 4, 2023 10:20:11 AM PDT, Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr> wrote:
>>>> On 7/4/23 01:09, Kees Cook wrote:> On Mon, Jul 03, 2023 at 12:03:23PM -0700, Kees Cook wrote:
>>>>>> Cool. xhci-hub is in your backtrace, and the above patch was made for
>>>>>> something very similar (though, again, I don't see why you're getting a
>>>>>> _crash_, it should _warn_ and continue normally). And, actually, also
>>>>>> include this patch:
>>>>>> https://lore.kernel.org/lkml/20230614181307.gonna.256-kees@kernel.org/
>>>>>
>>>>> This is now in Linus's tree:
>>>>> 09b69dd4378b ("usb: ch9: Replace 1-element array with flexible array")
>>>>>
>>>>> Please also still try with the first patch I mentioned, which is very similar:
>>>>> https://lore.kernel.org/lkml/20230629190900.never.787-kees@kernel.org/
>>>>
>>>> Hi,
>>>>
>>>> I have finally built w both patches (and recommended PSTORE settings were
>>>> default already).
>>>
>>> Were you able to find the crashes saved by pstore?
>>
>> No, only lktdm and invalid opcode crashes ...
>>
>> P.S.
>>
>> Actually, I have recovered some pstore records. Please find them in the attachment:
>>
>>>> This second patch fixes the booting problem, but alas there is still a problem -
>>>
>>> Ah! That's great! They're is still an unexpected crash source, but the trigger is fixed.
>>
>> Glad I could be of help.
>>
>>>> all Wayland and X11.org GUI applications fail to start, with errors like this one:
>>>>
>>>> Jul 4 19:09:07 defiant kernel: [ 40.529719] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
>>>
>>> Hmm, is CONFIG_UBSAN_TRAP set?
>>
>> marvin@defiant:~/linux/kernel/linux_torvalds$ grep CONFIG_UBSAN_TRAP .config
>> CONFIG_UBSAN_TRAP=y
> Ah-ha! Turn that off please. With it off you will get much more useful reports from USBAN.
Will do that. Thanks for the hint.
>> marvin@defiant:~/linux/kernel/linux_torvalds$
>>
>>>> Jul 4 19:09:07 defiant kernel: [ 40.529726] RIP: 0010:alloc_pid+0x46c/0x480
>>>
>>> Hmm, is this patch in your kernel?
>>> https://git.kernel.org/linus/b69f0aeb068980af983d399deafc7477cec8bc04
>>
>> No, it wasn't. I had only these:
>>
>> marvin@defiant:~/linux/kernel/linux_torvalds$ more ../kees-[12].patch
>> ::::::::::::::
>> ../kees-1.patch
>> ::::::::::::::
>> diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h
>> index b17e3a21b15f..82ec6af71a1d 100644
>> --- a/include/uapi/linux/usb/ch9.h
>> +++ b/include/uapi/linux/usb/ch9.h
>> @@ -376,7 +376,10 @@ struct usb_string_descriptor {
>> __u8 bLength;
>> __u8 bDescriptorType;
>> - __le16 wData[1]; /* UTF-16LE encoded */
>> + union {
>> + __le16 legacy_padding;
>> + __DECLARE_FLEX_ARRAY(__le16, wData); /* UTF-16LE encoded */
>> + };
>> } __attribute__ ((packed));
>> /* note that "string" zero is special, it holds language codes that
>> ::::::::::::::
>> ../kees-2.patch
>> ::::::::::::::
>> diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h
>> index b17e3a21b15f..3ff98c7ba7e3 100644
>> --- a/include/uapi/linux/usb/ch9.h
>> +++ b/include/uapi/linux/usb/ch9.h
>> @@ -981,7 +981,11 @@ struct usb_ssp_cap_descriptor {
>> #define USB_SSP_MIN_RX_LANE_COUNT (0xf << 8)
>> #define USB_SSP_MIN_TX_LANE_COUNT (0xf << 12)
>> __le16 wReserved;
>> - __le32 bmSublinkSpeedAttr[1]; /* list of sublink speed attrib entries */
>> + union {
>> + __le32 legacy_padding;
>> + /* list of sublink speed attrib entries */
>> + __DECLARE_FLEX_ARRAY(__le32, bmSublinkSpeedAttr);
>> + };
>> #define USB_SSP_SUBLINK_SPEED_SSID (0xf) /* sublink speed ID */
>> #define USB_SSP_SUBLINK_SPEED_LSE (0x3 << 4) /* Lanespeed exponent */
>> #define USB_SSP_SUBLINK_SPEED_LSE_BPS 0
>> marvin@defiant:~/linux/kernel/linux_torvalds$
>>
>> ---------------------------------------------------------
>>
>> Now it works. Succeeded boot and running of X apps with the new git pull
>> torvalds tree and the kees-2.patch.
>
> Perfect! Okay, so it looks like all the issues are known and fixed. I'll work with Greg to get the other ch9 patch landed.
Yes, maybe it should be tested more widely first. It was an unobvious bug and
I couldn't see what went wrong ...
>> Praise God!
>>
>> This is the git log --oneline:
>>
>> d528014517f2 (HEAD, origin/master, origin/HEAD) Revert ".gitignore: ignore *.cover and *.mbx"
>> 04f2933d375e Merge tag 'core_guards_for_6.5_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue
>> 03275585cabd afs: Fix accidental truncation when storing data
>> 538140ca602b Merge tag 'ovl-update-6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs
>> 94c76955e86a Merge tag 'gfs2-v6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
>> ccf46d853183 Merge tag 'pm-6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
>> b869e9f49964 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
>> 406fb9eb198a Merge tag 'firewire-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
>> f1962207150c module: fix init_module_from_file() error handling
>> 40c565a429d7 Merge branches 'pm-cpufreq' and 'pm-cpuidle'
>> f679e89acdd3 clk: tegra: Avoid calling an uninitialized function
>>
>> So, the included patch is:
>>
>> marvin@defiant:~/linux/kernel/linux_torvalds$ git diff
>> diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h
>> index 82ec6af71a1d..62d318377379 100644
>> --- a/include/uapi/linux/usb/ch9.h
>> +++ b/include/uapi/linux/usb/ch9.h
>> @@ -984,7 +984,11 @@ struct usb_ssp_cap_descriptor {
>> #define USB_SSP_MIN_RX_LANE_COUNT (0xf << 8)
>> #define USB_SSP_MIN_TX_LANE_COUNT (0xf << 12)
>> __le16 wReserved;
>> - __le32 bmSublinkSpeedAttr[1]; /* list of sublink speed attrib entries */
>> + union {
>> + __le32 legacy_padding;
>> + /* list of sublink speed attrib entries */
>> + __DECLARE_FLEX_ARRAY(__le32, bmSublinkSpeedAttr);
>> + };
>> #define USB_SSP_SUBLINK_SPEED_SSID (0xf) /* sublink speed ID */
>> #define USB_SSP_SUBLINK_SPEED_LSE (0x3 << 4) /* Lanespeed exponent */
>> #define USB_SSP_SUBLINK_SPEED_LSE_BPS 0
>> marvin@defiant:~/linux/kernel/linux_torvalds$
>>
>> This means vanilla torvalds tree + https://lore.kernel.org/lkml/20230629190900.never.787-kees@kernel.org/
>> works, but vanilla torvalds tree w/o patch still crashes.
>
> Great, thanks again for testing it all!
No at all, I'm glad I could be of assistance.
Best regards,
Mirsad Todorovac
> -Keed
>
>>
>> I am still rather new to the utilisation of the PSTORE subsystem.
>>
>> Best regards,
>> Mirsad Todorovac
>
next prev parent reply other threads:[~2023-07-05 5:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-02 16:36 [CRASH][BISECTED] 6.4.1 crash in boot Mirsad Goran Todorovac
2023-07-03 1:44 ` Bagas Sanjaya
2023-07-03 3:20 ` Kees Cook
2023-07-03 3:26 ` Guenter Roeck
2023-07-03 3:53 ` Mirsad Goran Todorovac
2023-07-03 4:30 ` Kees Cook
2023-07-03 4:38 ` Guenter Roeck
2023-07-03 4:53 ` Kees Cook
2023-07-03 4:50 ` Mirsad Goran Todorovac
2023-07-03 3:58 ` Guenter Roeck
2023-07-03 5:18 ` Mirsad Goran Todorovac
2023-07-03 5:18 ` Mirsad Goran Todorovac
2023-07-03 5:41 ` Kees Cook
2023-07-03 7:03 ` Mirsad Goran Todorovac
2023-07-03 19:03 ` Kees Cook
2023-07-03 23:09 ` Kees Cook
2023-07-04 17:20 ` Mirsad Todorovac
2023-07-04 21:36 ` Kees Cook
2023-07-04 23:15 ` Mirsad Todorovac
2023-07-05 2:09 ` Kees Cook
2023-07-05 5:18 ` Mirsad Todorovac [this message]
2023-07-05 15:16 ` CONFIG_UBSAN_TRAP #UD error message on x86 [was: Re: [CRASH][BISECTED] 6.4.1 crash in boot] Jann Horn
2023-07-05 21:08 ` Kees Cook
2023-07-05 21:31 ` Peter Zijlstra
2023-07-05 21:54 ` Kees Cook
2023-07-06 5:02 ` [CRASH][BISECTED] 6.4.1 crash in boot Mirsad Todorovac
2023-07-03 3:40 ` Mirsad Goran Todorovac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07629c94-0205-df11-3eec-e99781e3fcfe@alu.unizg.hr \
--to=mirsad.todorovac@alu.unizg.hr \
--cc=bagasdotme@gmail.com \
--cc=kees@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).