linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
@ 2017-06-01 22:46 Richard Weinberger
  2017-06-06 22:46 ` Andy Lutomirski
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Weinberger @ 2017-06-01 22:46 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: linux-x86_64, linux-kernel, Thomas Meyer

[-- Attachment #1: Type: text/plain, Size: 2479 bytes --]

Hi!

UserModeLinux hits the following warning on the host.
I've extracted the evil ptrace() command sequence, please see attached program,
it triggers the warning too.

Fun fact, it happens only when I disable KVM for that qemu instance.
i.e "qemu-system-x86_64 -M pc-q35-2.4 -cpu Broadwell" triggers while
"qemu-system-x86_64 -M pc-q35-2.4,accel=kvm -cpu Broadwell" does not...

[   21.509213] ------------[ cut here ]------------
[   21.510395] WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788 do_debug+0xfe/0x1f0
[   21.510928] Modules linked in:
[   21.511618] CPU: 0 PID: 1752 Comm: sysemu Not tainted 4.12.0-rc3+ #81
[   21.511903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[   21.512453] task: ffff9941f86f4800 task.stack: ffff9c2dc1978000
[   21.512727] RIP: 0010:do_debug+0xfe/0x1f0
[   21.512921] RSP: 0000:ffff9941ffc07f20 EFLAGS: 00000046
[   21.513183] RAX: 0000000000000001 RBX: ffff9941ffc07f58 RCX: 00000000ffffffff
[   21.513491] RDX: ffff9941ffc07ef0 RSI: 0000000000000003 RDI: ffffffff9f84f560
[   21.513797] RBP: ffff9941ffc07f48 R08: 0000000000000000 R09: 0000000000000005
[   21.514103] R10: ffffffffffffff90 R11: 0000000000000346 R12: ffff9941f86f4800
[   21.514408] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   21.514824] FS:  00007fd3c0c74700(0000) GS:ffff9941ffc00000(0000) knlGS:0000000000000000
[   21.515080] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.515243] CR2: 00007fd3c0c7c89c CR3: 00000001787e7000 CR4: 00000000003406f0
[   21.515559] Call Trace:
[   21.516010]  <#DB>
[   21.516290]  debug+0x35/0x70
[   21.516559] RIP: 0010:entry_SYSCALL_64+0x0/0x3
[   21.516686] RSP: 0018:00007ffc5a414c18 EFLAGS: 00000002
[   21.516835] RAX: 00000000000000e7 RBX: 0000000000000000 RCX: 00007fd3c076c2e9
[   21.517024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   21.517211] RBP: 00007fd3c0a53860 R08: 000000000000003c R09: 00000000000000e7
[   21.517408] R10: ffffffffffffff90 R11: 0000000000000346 R12: 00007fd3c0a53860
[   21.517613] R13: 00007fd3c0a58c60 R14: 0000000000000000 R15: 0000000000000000
[   21.517959]  </#DB>
[   21.518060] Code: 00 3d 01 80 00 00 74 b1 65 ff 05 42 16 5f 61 f6 83 91 00 00 00 02 0f 85 97 00 00 00 f6 45 d9 40 74 28 f6 83 88 00 00 00 03 75 1f <0f> ff 49 81 a4 24 28 09 00
00 ff bf ff ff 3e 41 80 0c 24 10 48
[   21.518979] ---[ end trace 0f6aac766f3c1297 ]---

Thanks,
//richard

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: sysemu.c --]
[-- Type: text/x-csrc; name="sysemu.c", Size: 2075 bytes --]

#define _GNU_SOURCE
#include <sys/ptrace.h>
#include <linux/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/syscall.h> 
#include <signal.h>

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

static void ptrace_child(void)
{
	if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {
		fprintf(stderr, "%s: PTRACE_TRACEME failed: %m\n", __func__);
		raise(SIGKILL);
	}
	raise(SIGSTOP);

	getpid();

	exit(0);
}

static int start_ptraced_child(void)
{
	int pid, ret, status;

	pid = fork();
	if (pid == 0)
		ptrace_child();
	else if (pid < 0)
		fprintf(stderr, "%s: fork() failed: %m\n", __func__);

	ret = waitpid(pid, &status, WUNTRACED);
	if (ret < 0)
		fprintf(stderr, "%s: wait() failed: %m\n", __func__);
	if (!WIFSTOPPED(status) || (WSTOPSIG(status) != SIGSTOP))
		fprintf(stderr, "%s: expected SIGSTOP, got status:%#x\n", __func__, status);

	return pid;
}

static void stop_ptraced_child(int pid)
{
	if (ptrace(PTRACE_CONT, pid, 0, 0) < 0) {
		fprintf(stderr, "%s: PTRACE_CONT failed: %m\n", __func__);
		return;
	}

	waitpid(pid, NULL, 0);
}

int main(void)
{
	int pid, n, status, step_count = 0;

	pid = start_ptraced_child();

	if ((ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)PTRACE_O_TRACESYSGOOD) < 0))
		fprintf(stderr, "%s: PTRACE_OLDSETOPTIONS failed: %m\n", __func__);

	while (1) {
		if (ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, 0) < 0)
			exit(1);

		n = waitpid(pid, &status, WUNTRACED);
		if (n < 0)
			fprintf(stderr, "%s: wait() failed: %m\n", __func__);


		if (WIFSTOPPED(status) &&
		    (WSTOPSIG(status) == (SIGTRAP|0x80))) {
			if (!step_count) {
				fprintf(stderr, "SYSEMU_SINGLESTEP doesn't singlestep");
				exit(1);
			}

			/* syscall */

			break;
		} else if (WIFSTOPPED(status) && (WSTOPSIG(status) == SIGTRAP)) {
			/* single step */
			step_count++;
		} else {
			fprintf(stderr, "expected SIGTRAP or (SIGTRAP | 0x80), got status = %d\n", status);
			exit(1);
		}
		step_count++;
	}
	stop_ptraced_child(pid);

	return 0;
}

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
  2017-06-01 22:46 WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788 Richard Weinberger
@ 2017-06-06 22:46 ` Andy Lutomirski
  2017-06-06 23:46   ` Paolo Bonzini
  0 siblings, 1 reply; 4+ messages in thread
From: Andy Lutomirski @ 2017-06-06 22:46 UTC (permalink / raw)
  To: Richard Weinberger, Paolo Bonzini
  Cc: Andy Lutomirski, linux-x86_64, linux-kernel, Thomas Meyer

On Thu, Jun 1, 2017 at 3:46 PM, Richard Weinberger <richard@nod.at> wrote:
> Hi!
>
> UserModeLinux hits the following warning on the host.
> I've extracted the evil ptrace() command sequence, please see attached program,
> it triggers the warning too.

This sounds like a known QEMU bug.  Paolo, did this get fixed in QEMU?
 If so, what version?

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
  2017-06-06 22:46 ` Andy Lutomirski
@ 2017-06-06 23:46   ` Paolo Bonzini
  2017-06-07  7:36     ` Richard Weinberger
  0 siblings, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2017-06-06 23:46 UTC (permalink / raw)
  To: Andy Lutomirski
  Cc: Richard Weinberger, linux-x86 64, linux-kernel, Thomas Meyer



----- Original Message -----
> From: "Andy Lutomirski" <luto@kernel.org>
> To: "Richard Weinberger" <richard@nod.at>, "Paolo Bonzini" <pbonzini@redhat.com>
> Cc: "Andy Lutomirski" <luto@kernel.org>, "linux-x86 64" <linux-x86_64@vger.kernel.org>, linux-kernel@vger.kernel.org,
> "Thomas Meyer" <thomas@m3y3r.de>
> Sent: Wednesday, June 7, 2017 12:46:12 AM
> Subject: Re: WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
> 
> On Thu, Jun 1, 2017 at 3:46 PM, Richard Weinberger <richard@nod.at> wrote:
> > Hi!
> >
> > UserModeLinux hits the following warning on the host.
> > I've extracted the evil ptrace() command sequence, please see attached
> > program,
> > it triggers the warning too.
> 
> This sounds like a known QEMU bug.  Paolo, did this get fixed in QEMU?
> If so, what version?

If I understood what bug you are referring to, 2.9.0.  Commit c52ab08aee
("target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns", 2016-12-22).

Paolo

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
  2017-06-06 23:46   ` Paolo Bonzini
@ 2017-06-07  7:36     ` Richard Weinberger
  0 siblings, 0 replies; 4+ messages in thread
From: Richard Weinberger @ 2017-06-07  7:36 UTC (permalink / raw)
  To: Paolo Bonzini, Andy Lutomirski; +Cc: linux-x86 64, linux-kernel, Thomas Meyer

Andy, Paolo,

Am 07.06.2017 um 01:46 schrieb Paolo Bonzini:
> 
> 
> ----- Original Message -----
>> From: "Andy Lutomirski" <luto@kernel.org>
>> To: "Richard Weinberger" <richard@nod.at>, "Paolo Bonzini" <pbonzini@redhat.com>
>> Cc: "Andy Lutomirski" <luto@kernel.org>, "linux-x86 64" <linux-x86_64@vger.kernel.org>, linux-kernel@vger.kernel.org,
>> "Thomas Meyer" <thomas@m3y3r.de>
>> Sent: Wednesday, June 7, 2017 12:46:12 AM
>> Subject: Re: WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788
>>
>> On Thu, Jun 1, 2017 at 3:46 PM, Richard Weinberger <richard@nod.at> wrote:
>>> Hi!
>>>
>>> UserModeLinux hits the following warning on the host.
>>> I've extracted the evil ptrace() command sequence, please see attached
>>> program,
>>> it triggers the warning too.
>>
>> This sounds like a known QEMU bug.  Paolo, did this get fixed in QEMU?
>> If so, what version?
> 
> If I understood what bug you are referring to, 2.9.0.  Commit c52ab08aee
> ("target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns", 2016-12-22).

This makes sense. I'll update my qemu and test again.

Thanks,
//richard

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-06-07  7:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-01 22:46 WARNING: CPU: 0 PID: 1752 at arch/x86/kernel/traps.c:788 Richard Weinberger
2017-06-06 22:46 ` Andy Lutomirski
2017-06-06 23:46   ` Paolo Bonzini
2017-06-07  7:36     ` Richard Weinberger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).