Re: perf_fuzzer compiled for x32 causes reboot

Mon, 24 Feb 2014 10:35:27 -0800 

On 02/24/2014 10:07 AM, Vince Weaver wrote:
>>
>> Anyway I've attached the full tail end of the trace if you want to see 
>> everything that happens.
> 
> and then I note there are *two* kernel page faults.
> 
>      perf_fuzzer-2979  [000]   161.475924: page_fault_kernel:    
> address=irq_stack_union ip=copy_user_generic_string error_code=0x0
> address=0x1 ip=0xffffffff812a7d9c error_code=0x0
>      perf_fuzzer-2979  [000]   161.475924: function:                
> __do_page_fault
>      perf_fuzzer-2979  [000]   161.475924: function:                   
> bad_area_nosemaphore
>      perf_fuzzer-2979  [000]   161.475925: function:                      
> __bad_area_nosemaphore
>      perf_fuzzer-2979  [000]   161.475925: function:                         
> no_context
>      perf_fuzzer-2979  [000]   161.475925: function:                          
>   fixup_exception
>      perf_fuzzer-2979  [000]   161.475926: function:                          
>      search_exception_tables
>      perf_fuzzer-2979  [000]   161.475926: function:                          
>         search_extable
>      perf_fuzzer-2979  [000]   161.475927: function:             
> copy_user_handle_tail
>      perf_fuzzer-2979  [000]   161.475927: function:             
> trace_do_page_fault
>      perf_fuzzer-2979  [000]   161.475928: page_fault_kernel:    
> address=irq_stack_union ip=copy_user_handle_tail error_code=0x0
> address=0x1 ip=0xffffffff812a92bb error_code=0x0
>      perf_fuzzer-2979  [000]   161.475928: function:                
> __do_page_fault
>      perf_fuzzer-2979  [000]   161.475928: function:                   
> bad_area_nosemaphore
>      perf_fuzzer-2979  [000]   161.475929: function:                      
> __bad_area_nosemaphore
>      perf_fuzzer-2979  [000]   161.475929: function:                         
> no_context
>      perf_fuzzer-2979  [000]   161.475929: function:                          
>   fixup_exception
>      perf_fuzzer-2979  [000]   161.475929: function:                          
>      search_exception_tables
>      perf_fuzzer-2979  [000]   161.475930: function:                          
>         search_extable
>      perf_fuzzer-2979  [000]   161.475931: function:             
> perf_output_begin
>      perf_fuzzer-2979  [000]   161.475931: function:             
> perf_output_copy
> 
> That second one is in copy_user_handle_tail()
> 

Either way, it really seems like we have a case of CR2 leakage out of
the NMI context.

        -hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to