Hi, Le 06/10/2023 à 17:43, Eddie James a écrit : > > On 10/6/23 00:21, Christophe Leroy wrote: >> Hi, >> >> Le 05/10/2023 à 21:06, Eddie James a écrit : >>> Hi, >>> >>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes >>> attempting to get into userspace. The init script works, but the first >>> binary (mount) I run results in oops. Can anyone help me to debug this >>> further or suggest anything? >> I can't see anything in your dump suggesting that KUEP is broken, can >> you ? >> >> What I see is that kernel tries to execute user memory, which is wrong. >> And KUEP perfectly works by blocking that access. There is no call >> trace, suggesting that the kernel has jumped in the weed. > > > Right, the function works as intended, but the fact remains that I can't > call anything in userspace (except init) without the kernel trying to > execute that memory. I saw KUEP in the commit history and it seemed > relevant, but I could certainly be mistaken. Can anyone think of > anything else that might cause this? Or how I can debug further? > > > I went ahead and removed the couple of lines of assembly that enabled > KUEP on 44x and tried again. Now I get a crash in load_elf_binary. NIP > is the kfree(elf_phdata) and LR is garbage, so not entirely sure where > it actually crashed...
Which confirms that KUEP is not the culprit. By the way when booting a bamboo defconfig on QEMU I have to problem. Apparently KUEP for 4xx appears in Kernel 5.14. Do you know of a kernel version that works ? Can you check 5.14 (you have to explicitely select KUEP in that version, it is not forced yet) ? Once you have a good version, then what about a bisect ? Christophe > > > Thanks, > > Eddie > > >> >> Christophe >> >>> >>> Thanks, >>> >>> Eddie >>> >>> >>> [ 1.042743] kernel tried to execute user page (b7ee2000) - exploit >>> attempt? ( >>> uid: 0) >>> [ 1.042846] BUG: Unable to handle kernel instruction fetch >>> [ 1.042919] Faulting instruction address: 0xb7ee2000 >>> [ 1.042986] Oops: Kernel access of bad area, sig: 11 [#1] >>> [ 1.043059] BE PAGE_SIZE=4K FSP-2 >>> [ 1.043106] Modules linked in: >>> [ 1.043149] CPU: 0 PID: 61 Comm: mount Not tainted >>> 6.1.55-d23900f.ppcnf-fsp2 >>> #1 >>> [ 1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2 >>> [ 1.043323] NIP: b7ee2000 LR: 8c008000 CTR: 00000000 >>> [ 1.043392] REGS: bffebd83 TRAP: 0400 Not tainted >>> (6.1.55-d23900f.ppcnf-fs >>> p2) >>> [ 1.043491] MSR: 00000030 <IR,DR> CR: 00001000 XER: 20000000 >>> [ 1.043579] >>> [ 1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000 >>> 00001000 0000 >>> 0d12 b7ee2000 >>> [ 1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824 >>> 1016c314 1016 >>> 0000 00000000 >>> [ 1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000 >>> 00000000 1016 >>> 0000 1017f5b0 >>> [ 1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630 >>> 00000000 0000 >>> 0000 1017f4f0 >>> [ 1.044101] NIP [b7ee2000] 0xb7ee2000 >>> [ 1.044153] LR [8c008000] 0x8c008000 >>> [ 1.044204] Call Trace: >>> [ 1.044238] Instruction dump: >>> [ 1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX >>> XXXXXXXX XX >>> XXXXXX >>> [ 1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX >>> XXXXXXXX XX >>> XXXXXX >>> [ 1.044506] ---[ end trace 0000000000000000 ]--- >>> [ 1.044568] >>> [ 1.044590] note: mount[61] exited with irqs disabled >>>