perf test "object code reading" segfaulting via usercopy check

From: Arnaldo Carvalho de Melo
Date: Fri Sep 09 2016 - 11:36:47 EST

Next message: Vivek Goyal: "[PATCH] lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE"
Previous message: Greg Kroah-Hartman: "[PATCH 3.14 02/11] be2iscsi: Fix bogus WARN_ON length check"
Next in thread: Jiri Olsa: "Re: perf test "object code reading" segfaulting via usercopy check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Adrian,

I noticed that 'perf test "object code reading"' is segfaulting
here:

[root@jouet linux]# perf test -F "object code reading"
21: Test object code reading :Segmentation fault
[root@jouet linux]#

dmesg output below, trying to figure this out...

- Arnaldo

[27229.248484] usercopy: kernel memory exposure attempt detected from ffffffffbd064000 (<kernel text>) (4096 bytes)
[27229.248510] ------------[ cut here ]------------
[27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75!
[27229.250870] invalid opcode: 0000 [#24] SMP
[27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi
[27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 i2c_algo_bit drm_kms_helper
[27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp serio_raw pps_core fjes video
[27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D 4.8.0-rc5-perf-core-branch_stack_annotate+ #3
[27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW (1.14 ) 05/21/2015
[27229.265737] task: ffff96b1b0295880 task.stack: ffff96b146970000
[27229.267187] RIP: 0010:[<ffffffffbd24992c>] [<ffffffffbd24992c>] __check_object_size+0x10c/0x3b6
[27229.268638] RSP: 0018:ffff96b146973da0 EFLAGS: 00010286
[27229.270105] RAX: 0000000000000064 RBX: ffffffffbd064000 RCX: 0000000000000000
[27229.271595] RDX: 0000000000000000 RSI: ffff96b23dc0dfe8 RDI: ffff96b23dc0dfe8
[27229.273068] RBP: ffff96b146973dc0 R08: 000000000003caa4 R09: 0000000000000005
[27229.274568] R10: 0000000000000018 R11: 0000000000000daa R12: 0000000000001000
[27229.276045] R13: 0000000000000001 R14: ffffffffbd065000 R15: ffff96b146973f18
[27229.277511] FS: 00007f5a9f9337c0(0000) GS:ffff96b23dc00000(0000) knlGS:0000000000000000
[27229.278930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[27229.280348] CR2: 00007f5a9f8b3006 CR3: 000000014a06d000 CR4: 00000000003427f0
[27229.281794] DR0: 000000000047eba0 DR1: 000000000047e4c0 DR2: 0000000001fe75f0
[27229.283242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[27229.284662] Stack:
[27229.286021] 0000000000001000 0000000000001000 0000000003e76b28 ffffffffbd064000
[27229.287387] ffff96b146973e20 ffffffffbd2ce1e3 0000000000000000 00007ffca1a2c980
[27229.288700] 0000000db0295880 0000000000003000 0000000095f34628 ffff96b233dcc180
[27229.289983] Call Trace:
[27229.291244] [<ffffffffbd064000>] ? kvm_check_and_clear_guest_paused+0x10/0x50
[27229.292465] [<ffffffffbd2ce1e3>] read_kcore+0x263/0x340
[27229.293653] [<ffffffffbd2c0302>] proc_reg_read+0x42/0x70
[27229.294824] [<ffffffffbd24d107>] __vfs_read+0x37/0x150
[27229.295959] [<ffffffffbd360400>] ? security_file_permission+0xa0/0xc0
[27229.297087] [<ffffffffbd24e336>] vfs_read+0x96/0x130
[27229.298205] [<ffffffffbd24f9d5>] SyS_pread64+0x95/0xb0
[27229.299334] [<ffffffffbd7ec372>] entry_SYSCALL_64_fastpath+0x1a/0xa4
[27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89
[27229.301687] RIP [<ffffffffbd24992c>] __check_object_size+0x10c/0x3b6
[27229.302874] RSP <ffff96b146973da0>
[27229.304055] hpet1: lost 3 rtc interrupts
[27229.304079] ---[ end trace 60cb58c77b724270 ]---
[root@jouet linux]#

Next message: Vivek Goyal: "[PATCH] lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE"
Previous message: Greg Kroah-Hartman: "[PATCH 3.14 02/11] be2iscsi: Fix bogus WARN_ON length check"
Next in thread: Jiri Olsa: "Re: perf test "object code reading" segfaulting via usercopy check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]