Re: [PATCH v3 16/16] objtool,x86: Rewrite retpoline thunk calls
From: Peter Zijlstra
Date: Wed Jun 02 2021 - 12:57:03 EST
On Wed, Jun 02, 2021 at 05:51:01PM +0200, Lukasz Majczak wrote:
> Hi Peter,
>
> This patch seems to crash on Tigerlake platform (Chromebook delbin), I
> got the following error:
>
> [ 2.103054] pcieport 0000:00:1c.0: PME: Signaling with IRQ 122
> [ 2.110148] pcieport 0000:00:1c.0: pciehp: Slot #7 AttnBtn-
> PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+
> IbPresDis- LLActRep+
> [ 2.126754] pcieport 0000:00:1d.0: PME: Signaling with IRQ 123
> [ 2.133946] ACPI: \_SB_.CP00: Found 3 idle states
> [ 2.139708] BUG: kernel NULL pointer dereference, address: 000000000000012b
> [ 2.140704] #PF: supervisor read access in kernel mode
> [ 2.140704] #PF: error_code(0x0000) - not-present page
> [ 2.140704] PGD 0 P4D 0
> [ 2.140704] Oops: 0000 [#1] PREEMPT SMP NOPTI
> [ 2.140704] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G U
> 5.13.0-rc1 #31
> [ 2.140704] Hardware name: Google Delbin/Delbin, BIOS
> Google_Delbin.13672.156.3 05/14/2021
> [ 2.140704] RIP: 0010:cpuidle_poll_time+0x9/0x6a
> [ 2.140704] Code: 44 00 00 85 f6 78 19 55 48 89 e5 48 8b 05 16 44
> 44 01 4c 8b 58 40 4d 85 db 5d 41 ff d3 66 90 00 c3 0f 1f 44 00 00 55
> 48 89 e5 <48> 8b 46 20 48 85 c0 75 56 4c 63 87 28 04 00 00 b8 24 f49
All code
========
0: 44 00 00 add %r8b,(%rax)
3: 85 f6 test %esi,%esi
5: 78 19 js 0x20
7: 55 push %rbp
8: 48 89 e5 mov %rsp,%rbp
b: 48 8b 05 16 44 44 01 mov 0x1444416(%rip),%rax # 0x1444428
12: 4c 8b 58 40 mov 0x40(%rax),%r11
16: 4d 85 db test %r11,%r11
19: 5d pop %rbp
1a: 41 ff d3 callq *%r11
1d: 66 90 xchg %ax,%ax
1f: 00 c3 add %al,%bl
21: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
26: 55 push %rbp
27: 48 89 e5 mov %rsp,%rbp
2a:* 48 8b 46 20 mov 0x20(%rsi),%rax <-- trapping instruction
2e: 48 85 c0 test %rax,%rax
31: 75 56 jne 0x89
33: 4c 63 87 28 04 00 00 movslq 0x428(%rdi),%r8
3a: b8 .byte 0xb8
3b: 24 49 and $0x49,%al
What does something like:
OBJ=vmlinux.o FUNC=0010:cpuidle_poll_time objdump -wdr $@ $OBJ | awk "/^\$/ { P=0; } /$FUNC[^>]*>:\$/ { P=1; O=strtonum(\"0x\" \$1); } { if (P) { o=strtonum(\"0x\" \$1); printf(\"%04x \", o-O); print \$0; } }"
look like for that build?
The 1d,1f instructions look exactly like what the alternative would've
written.
> [ 2.140704] RSP: 0000:ffffffff9cc03ea8 EFLAGS: 00010282
> [ 2.140704] RAX: 0000000000008e7d RBX: ffffffff9cc1c5fd RCX: 000000007f894e5a
> [ 2.140704] RDX: 000000007f894d4f RSI: 000000000000010b RDI: 0000000002fa1cf6
That said, your RSI is buggered, and 0x20(%rsi) rightfully blows up.