Re: perf_fuzzer compiled for x32 causes reboot
From: H. Peter Anvin
Date: Mon Feb 24 2014 - 11:48:07 EST
Ok, so the obvious question is what is at that kernel address?
On February 24, 2014 8:34:30 AM PST, Vince Weaver <vincent.weaver@xxxxxxxxx> wrote:
>On Mon, 24 Feb 2014, Vince Weaver wrote:
>
>> Just touching the mmap page with a write of a single byte (it doesn't
>
>> matter where) is enough to trigger the bug.
>
>OK, investigating this more.
>
>perf_fuzzer-2971 [000] 154.944114: page_fault_user:
>address=0xf7729000 ip=0x41efab error_code=0x6
>perf_fuzzer-2971 [000] 154.944118: function:
>ip=0xffffffff810d40e7 parent_ip=0xffffffff810d0840
>perf_fuzzer-2971 [000] 154.944119: function:
>ip=0xffffffff812a91a5 parent_ip=0xffffffff81013ff5
>perf_fuzzer-2971 [000] 154.944120: function:
>ip=0xffffffff8153837c parent_ip=0xffffffff81535432
>perf_fuzzer-2971 [000] 154.944121: page_fault_kernel:
>address=0x22e0 ip=0xffffffff812a7d5c error_code=0x0
>
>It looks like there are two page faults. The first is caused by the
>user
>code accessing the mmap'd page. It looks sort of normal and what you'd
>expect if the perf_event mmap ring buffer is being accessed for the
>first
>time.
>
>What follows is a kernel page fault, and this is the one where for
>whatever reason CR2 has obtained the value of the userspace RBP
>register.
>
>Vince
--
Sent from my mobile phone. Please pardon brevity and lack of formatting.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/