| Message ID | yrgrhwfbl7rnmgekiolmojutaqf24x5zphyrwijakzma5pjhre@3yncjv5tqvar (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | ptdump: add intermediate directory support | expand |
Hello,
kernel test robot noticed "WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page" on:
commit: 14095f3901f4e6cf7be49ce2b0b6477bcc9613b8 ("[PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP")
url: https://github.com/intel-lab-lkp/linux/commits/Maxwell-Bland/mm-add-ARCH_SUPPORTS_NON_LEAF_PTDUMP/20240626-022827
base: https://git.kernel.org/cgit/linux/kernel/git/arm64/linux.git for-next/core
patch link: https://lore.kernel.org/all/yrgrhwfbl7rnmgekiolmojutaqf24x5zphyrwijakzma5pjhre@3yncjv5tqvar/
patch subject: [PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: srcu
compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-----------------------------------------------------+------------+------------+
| | 39b9075172 | 14095f3901 |
+-----------------------------------------------------+------------+------------+
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 0 | 12 |
| RIP:note_page | 0 | 12 |
+-----------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202407051002.96bf438-oliver.sang@intel.com
[ 12.539216][ T1] ------------[ cut here ]------------
[ 12.539661][ T1] x86/mm: Found insecure W+X mapping at address 0xffff8a0000000000
[ 12.540267][ T1] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:248 note_page (arch/x86/mm/dump_pagetables.c:246)
[ 12.540995][ T1] Modules linked in:
[ 12.541300][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 6.10.0-rc3-00027-g14095f3901f4 #1
[ 12.541987][ T1] RIP: 0010:note_page (arch/x86/mm/dump_pagetables.c:246)
[ 12.542465][ T1] Code: 0d ba e8 2a 28 0a 01 e9 78 fe ff ff e8 a0 17 1a 00 c6 05 e5 bc 72 02 01 90 48 8b 73 58 48 c7 c7 00 91 16 ba e8 08 d2 08 00 90 <0f> 0b 90 90 e9 5f f7 ff ff e8 79 17 1a 00 89 ee 48 c7 c7 f0 34 46
All code
========
0: 0d ba e8 2a 28 or $0x282ae8ba,%eax
5: 0a 01 or (%rcx),%al
7: e9 78 fe ff ff jmp 0xfffffffffffffe84
c: e8 a0 17 1a 00 call 0x1a17b1
11: c6 05 e5 bc 72 02 01 movb $0x1,0x272bce5(%rip) # 0x272bcfd
18: 90 nop
19: 48 8b 73 58 mov 0x58(%rbx),%rsi
1d: 48 c7 c7 00 91 16 ba mov $0xffffffffba169100,%rdi
24: e8 08 d2 08 00 call 0x8d231
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: 90 nop
2e: e9 5f f7 ff ff jmp 0xfffffffffffff792
33: e8 79 17 1a 00 call 0x1a17b1
38: 89 ee mov %ebp,%esi
3a: 48 rex.W
3b: c7 .byte 0xc7
3c: c7 (bad)
3d: f0 34 46 lock xor $0x46,%al
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: 90 nop
4: e9 5f f7 ff ff jmp 0xfffffffffffff768
9: e8 79 17 1a 00 call 0x1a1787
e: 89 ee mov %ebp,%esi
10: 48 rex.W
11: c7 .byte 0xc7
12: c7 (bad)
13: f0 34 46 lock xor $0x46,%al
[ 12.544127][ T1] RSP: 0000:ffffab0600013c40 EFLAGS: 00010293
[ 12.548776][ T1] RAX: ffffffffb85090a7 RBX: ffffab0600013e38 RCX: ffff8a1f806b8000
[ 12.549432][ T1] RDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffba63a550
[ 12.550073][ T1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 12.550737][ T1] R10: 0000000000000000 R11: ffffffffb8ca1100 R12: 0000000000000000
[ 12.551383][ T1] R13: ffff8a0000000000 R14: 0000000000000067 R15: 0000000000000067
[ 12.552048][ T1] FS: 0000000000000000(0000) GS:ffffffffba45f000(0000) knlGS:0000000000000000
[ 12.552780][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 12.553335][ T1] CR2: ffff8a22bffff000 CR3: 0000000102c30000 CR4: 00000000000406b0
[ 12.553993][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 12.554730][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 12.555398][ T1] Call Trace:
[ 12.555676][ T1] <TASK>
[ 12.555924][ T1] ? __warn (kernel/panic.c:239)
[ 12.556257][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:246)
[ 12.556625][ T1] ? report_bug (lib/bug.c:?)
[ 12.557009][ T1] ? handle_bug (arch/x86/kernel/traps.c:239)
[ 12.557371][ T1] ? exc_invalid_op (arch/x86/kernel/traps.c:260)
[ 12.557760][ T1] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 12.558171][ T1] ? io_serial_in (arch/x86/kernel/early_printk.c:121)
[ 12.558591][ T1] ? __warn_printk (include/linux/context_tracking.h:155)
[ 12.559010][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:246)
[ 12.559384][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:252)
[ 12.559751][ T1] ptdump_p4d_entry (mm/ptdump.c:79)
[ 12.560149][ T1] walk_pgd_range (mm/pagewalk.c:250)
[ 12.560567][ T1] ? lock_acquire (kernel/locking/lockdep.c:5754)
[ 12.560941][ T1] walk_page_range_novma (mm/pagewalk.c:589)
[ 12.561367][ T1] ptdump_walk_pgd (mm/ptdump.c:167)
[ 12.561761][ T1] ? rest_init (init/main.c:1459)
[ 12.562131][ T1] ptdump_walk_pgd_level_checkwx (arch/x86/mm/dump_pagetables.c:395 arch/x86/mm/dump_pagetables.c:444)
[ 12.562636][ T1] ? ptdump_walk_pgd_level_core (arch/x86/mm/dump_pagetables.c:276)
[ 12.563115][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:252)
[ 12.563477][ T1] ? rest_init (init/main.c:1459)
[ 12.563839][ T1] kernel_init (init/main.c:1483)
[ 12.564187][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 12.564550][ T1] ? rest_init (init/main.c:1459)
[ 12.564897][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:254)
[ 12.565276][ T1] </TASK>
[ 12.565526][ T1] irq event stamp: 789373
[ 12.565883][ T1] hardirqs last enabled at (789381): console_unlock (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 kernel/printk/printk.c:341 kernel/printk/printk.c:2746 kernel/printk/printk.c:3065)
[ 12.566712][ T1] hardirqs last disabled at (789390): console_unlock (kernel/printk/printk.c:339)
[ 12.567498][ T1] softirqs last enabled at (789142): __irq_exit_rcu (include/linux/sched.h:2189 kernel/softirq.c:620 kernel/softirq.c:639)
[ 12.568260][ T1] softirqs last disabled at (789131): __irq_exit_rcu (include/linux/sched.h:2189 kernel/softirq.c:620 kernel/softirq.c:639)
[ 12.569027][ T1] ---[ end trace 0000000000000000 ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240705/202407051002.96bf438-oliver.sang@intel.com
On Fri, Jul 05, 2024 at 10:52:26AM GMT, kernel test robot wrote: > > > Hello, > > kernel test robot noticed "WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page" on: > > The kernel config and materials to reproduce are available at: > https://download.01.org/0day-ci/archive/20240705/202407051002.96bf438-oliver.sang@intel.com > Note this config has CONFIG_ARCH_SUPPORTS_NON_LEAF_PTDUMP=y, added by this patchset, but x86 does not yet support non-leaf ptdump semantics. x86 support is on my TODOs, but I am caught up in other work (a LSM and/or *.ko preventing dynamically-allocated datastructure write gadgets! (-: ). Regards, Maxwell Bland
diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug index afc72fde0f03..41071539bf9e 100644 --- a/mm/Kconfig.debug +++ b/mm/Kconfig.debug @@ -201,6 +201,14 @@ config PTDUMP_DEBUGFS If in doubt, say N. +config ARCH_SUPPORTS_NON_LEAF_PTDUMP + bool "Include intermediate directory entries in pagetable dumps" + help + Enable the inclusion of intermediate page directory entries in calls + to the ptdump API. Once an architecture defines correct ptdump + behavior for PGD, PUD, P4D, and PMD entries, this config can be + selected. + config HAVE_DEBUG_KMEMLEAK bool diff --git a/mm/ptdump.c b/mm/ptdump.c index 106e1d66e9f9..3c8eea232282 100644 --- a/mm/ptdump.c +++ b/mm/ptdump.c @@ -26,6 +26,11 @@ static inline int note_kasan_page_table(struct mm_walk *walk, } #endif +static inline bool has_non_leaf_ptdump(void) +{ + return IS_ENABLED(CONFIG_ARCH_SUPPORTS_NON_LEAF_PTDUMP); +} + static int ptdump_pgd_entry(pgd_t *pgd, unsigned long addr, unsigned long next, struct mm_walk *walk) { @@ -41,10 +46,11 @@ static int ptdump_pgd_entry(pgd_t *pgd, unsigned long addr, if (st->effective_prot) st->effective_prot(st, 0, pgd_val(val)); - if (pgd_leaf(val)) { + if (has_non_leaf_ptdump() || pgd_leaf(val)) st->note_page(st, addr, 0, pgd_val(val)); + + if (pgd_leaf(val)) walk->action = ACTION_CONTINUE; - } return 0; } @@ -64,10 +70,11 @@ static int ptdump_p4d_entry(p4d_t *p4d, unsigned long addr, if (st->effective_prot) st->effective_prot(st, 1, p4d_val(val)); - if (p4d_leaf(val)) { + if (has_non_leaf_ptdump() || p4d_leaf(val)) st->note_page(st, addr, 1, p4d_val(val)); + + if (p4d_leaf(val)) walk->action = ACTION_CONTINUE; - } return 0; } @@ -87,10 +94,11 @@ static int ptdump_pud_entry(pud_t *pud, unsigned long addr, if (st->effective_prot) st->effective_prot(st, 2, pud_val(val)); - if (pud_leaf(val)) { + if (has_non_leaf_ptdump() || pud_leaf(val)) st->note_page(st, addr, 2, pud_val(val)); + + if (pud_leaf(val)) walk->action = ACTION_CONTINUE; - } return 0; } @@ -108,10 +116,12 @@ static int ptdump_pmd_entry(pmd_t *pmd, unsigned long addr, if (st->effective_prot) st->effective_prot(st, 3, pmd_val(val)); - if (pmd_leaf(val)) { + + if (has_non_leaf_ptdump() || pmd_leaf(val)) st->note_page(st, addr, 3, pmd_val(val)); + + if (pmd_leaf(val)) walk->action = ACTION_CONTINUE; - } return 0; }
Provide a Kconfig option indicating if note_page can be called for intermediate page directories during ptdump. Signed-off-by: Maxwell Bland <mbland@motorola.com> --- mm/Kconfig.debug | 8 ++++++++ mm/ptdump.c | 26 ++++++++++++++++++-------- 2 files changed, 26 insertions(+), 8 deletions(-)