Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFI violations in arch/x86/events/amd #1350

Closed
nathanchance opened this issue Apr 15, 2021 · 2 comments
Closed

CFI violations in arch/x86/events/amd #1350

nathanchance opened this issue Apr 15, 2021 · 2 comments
Assignees
@nathanchance
Labels
[BUG] linux A bug that should be fixed in the mainline kernel. [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity [FIXED][LINUX] 5.13 This bug was fixed in Linux 5.13

Comments

@nathanchance
Copy link
Member 

$ cat /sys/devices/amd_l3/format/umask
config:8-15

$ cat /sys/devices/amd_iommu_1/events/mem_dte_hit
csource=0x0a

$ sudo dmesg
[  107.300630] ------------[ cut here ]------------
[  107.305282] CFI failure (target: __uncore_umask_show.63e0df79ef26b1802056956c287eea5f.cfi_jt+0x0/0x8):
[  107.314620] WARNING: CPU: 25 PID: 1826 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x3d/0x50
[  107.323537] Modules linked in: binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd amd_energy ipmi_ssif kvm_amd mgag200 kvm i2c_algo_bit crct10dif_pclmul drm_kms_helper crc32_pclmul cec rc_core ghash_clmulni_intel sysimgblt aesni_intel acpi_ipmi syscopyarea crypto_simd ipmi_si dell_smbios sysfillrect cryptd fb_sys_fops wmi_bmof dell_wmi_descriptor evbug ipmi_devintf dcdbas drm rapl pcspkr ccp sp5100_tco k10temp wmi ipmi_msghandler tcp_westwood acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi bonding tls ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 multipath linear mpt3sas raid_class ahci xhci_pci nvme libahci nvme_core i40e i2c_piix4 xhci_pci_renesas scsi_transport_sas
[  107.402327] CPU: 25 PID: 1826 Comm: cat Not tainted 5.12.0-rc7+ #6
[  107.408519] Hardware name: Dell Inc. PowerEdge R6515/0R4CNN, BIOS 1.4.8 05/06/2020
[  107.416105] RIP: 0010:__ubsan_handle_cfi_check_fail+0x3d/0x50
[  107.421867] Code: 5c bc 48 c7 c6 63 91 0e bc e8 df ab 41 00 85 c0 75 07 48 83 c4 08 5b 5d c3 48 c7 c7 c8 96 07 bc 48 89 de 31 c0 e8 33 d4 e2 ff <0f> 0b eb e4 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 55 48 89
[  107.440657] RSP: 0018:ffffaacd03dafc38 EFLAGS: 00010292
[  107.445896] RAX: 4fc17552b9f41900 RBX: ffffffffbb43dd40 RCX: 0000000000000000
[  107.453056] RDX: ffff8c713ea69338 RSI: ffff8c713ea59488 RDI: ffff8c713ea59488
[  107.460212] RBP: ffffaacd03dafc48 R08: 0000000000000000 R09: ffff8c713e2a0000
[  107.467368] R10: 00000000ffffbfff R11: 0000000000000000 R12: ffffffffba60a000
[  107.474519] R13: ffffffffbb439e60 R14: ffffffffbc696b50 R15: 992bde5f67ba0608
[  107.481668] FS:  00007f0a434dc540(0000) GS:ffff8c713ea40000(0000) knlGS:0000000000000000
[  107.489773] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.495540] CR2: 00007f0a43013000 CR3: 0000000119b5c000 CR4: 0000000000350ee0
[  107.502692] Call Trace:
[  107.505157]  ? fib4_rule_delete.8a6a314d41c3adaed4b643e34860be78.cfi_jt+0x8/0x8
[  107.512484]  ? khugepaged_defrag_show.965226034198da389dcedcc6479926d2.cfi_jt+0x8/0x8
[  107.520333]  __cfi_check_fail+0x17/0x20
[  107.524187]  __cfi_check+0x50468/0x570c0
[  107.528130]  ? fib4_rule_delete.8a6a314d41c3adaed4b643e34860be78.cfi_jt+0x8/0x8
[  107.535460]  ? __cfi_slowpath_diag+0xd7/0xf0
[  107.539742]  ? khugepaged_defrag_show.965226034198da389dcedcc6479926d2.cfi_jt+0x8/0x8
[  107.547586]  dev_attr_show.e838662ccf5f11af440a274ca8c00c87+0x98/0xa0
[  107.554048]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xc0/0x140
[  107.560940]  ? show_numa_map.e309dac8ef513458decfe2a3789d061e.cfi_jt+0x8/0x8
[  107.568011]  kernfs_seq_show.321396c22fae547781b1d29c056a00a9+0x56/0x80
[  107.574649]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  107.581808]  ? tc_cls_act_is_valid_access.9df757eef4bc0c33d14c1511bc84932c.cfi_jt+0x8/0x8
[  107.590008]  seq_read_iter+0x19d/0x680
[  107.593780]  kernfs_fop_read_iter.321396c22fae547781b1d29c056a00a9+0x69/0x1f0
[  107.600933]  ? tty_write.d999cba6dacd34436cbc67163367f794.cfi_jt+0x8/0x8
[  107.607649]  vfs_read+0x2d0/0x350
[  107.610976]  ksys_read+0x69/0xd0
[  107.614220]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  107.620274]  __x64_sys_read+0x1b/0x20
[  107.624660]  do_syscall_64+0x56/0xe0
[  107.628957]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  107.634727] RIP: 0033:0x7f0a43404461
[  107.639043] Code: fe ff ff 50 48 8d 3d fe d0 09 00 e8 e9 03 02 00 66 0f 1f 84 00 00 00 00 00 48 8d 05 99 62 0d 00 8b 00 85 c0 75 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 57 c3 66 0f 1f 44 00 00 41 54 49 89 d4 55 48
[  107.659259] RSP: 002b:00007fff09252f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  107.667535] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f0a43404461
[  107.675357] RDX: 0000000000020000 RSI: 00007f0a43014000 RDI: 0000000000000003
[  107.683184] RBP: 00007f0a43014000 R08: 00000000ffffffff R09: 0000000000000000
[  107.690982] R10: fffffffffffffb9c R11: 0000000000000246 R12: 00007f0a43014000
[  107.698763] R13: 0000000000000003 R14: 0000000000000fff R15: 0000000000020000
[  107.706528] ---[ end trace d98844657f134138 ]---
[  116.368352] ------------[ cut here ]------------
[  116.373694] CFI failure (target: _iommu_event_show.4082438441b89bbd67ad27a4257733c9.cfi_jt+0x0/0x8):
[  116.383470] WARNING: CPU: 63 PID: 1843 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x3d/0x50
[  116.392977] Modules linked in: binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd amd_energy ipmi_ssif kvm_amd mgag200 kvm i2c_algo_bit crct10dif_pclmul drm_kms_helper crc32_pclmul cec rc_core ghash_clmulni_intel sysimgblt aesni_intel acpi_ipmi syscopyarea crypto_simd ipmi_si dell_smbios sysfillrect cryptd fb_sys_fops wmi_bmof dell_wmi_descriptor evbug ipmi_devintf dcdbas drm rapl pcspkr ccp sp5100_tco k10temp wmi ipmi_msghandler tcp_westwood acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi bonding tls ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 multipath linear mpt3sas raid_class ahci xhci_pci nvme libahci nvme_core i40e i2c_piix4 xhci_pci_renesas scsi_transport_sas
[  116.476916] CPU: 63 PID: 1843 Comm: cat Tainted: G        W         5.12.0-rc7+ #6
[  116.485194] Hardware name: Dell Inc. PowerEdge R6515/0R4CNN, BIOS 1.4.8 05/06/2020
[  116.493465] RIP: 0010:__ubsan_handle_cfi_check_fail+0x3d/0x50
[  116.499909] Code: 5c bc 48 c7 c6 63 91 0e bc e8 df ab 41 00 85 c0 75 07 48 83 c4 08 5b 5d c3 48 c7 c7 c8 96 07 bc 48 89 de 31 c0 e8 33 d4 e2 ff <0f> 0b eb e4 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 55 48 89
[  116.520094] RSP: 0018:ffffaacd01243c38 EFLAGS: 00010292
[  116.526036] RAX: 5c2342287da6dd00 RBX: ffffffffbb43df70 RCX: 0000000000000000
[  116.533890] RDX: ffff8c713f3e9338 RSI: ffff8c713f3d9488 RDI: ffff8c713f3d9488
[  116.541749] RBP: ffffaacd01243c48 R08: 0000000000000000 R09: ffff8c713e2a0000
[  116.549604] R10: 00000000ffffbfff R11: 0000000000000000 R12: ffffffffba60a000
[  116.557450] R13: ffffffffbb439e60 R14: ffffffffbc696b50 R15: 992bde5f67ba0608
[  116.565291] FS:  00007f1e53eed540(0000) GS:ffff8c713f3c0000(0000) knlGS:0000000000000000
[  116.574087] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.580541] CR2: 00007f1e53a24000 CR3: 0000000127786000 CR4: 0000000000350ee0
[  116.588388] Call Trace:
[  116.591583]  ? fib4_rule_delete.8a6a314d41c3adaed4b643e34860be78.cfi_jt+0x8/0x8
[  116.599605]  ? per_cpu_count_show.9aa2f56ad856a8e60a43e51edfd6783e.cfi_jt+0x8/0x8
[  116.607806]  __cfi_check_fail+0x17/0x20
[  116.612349]  __cfi_check+0x50468/0x570c0
[  116.616969]  ? fib4_rule_delete.8a6a314d41c3adaed4b643e34860be78.cfi_jt+0x8/0x8
[  116.624976]  ? __cfi_slowpath_diag+0xd7/0xf0
[  116.629945]  ? per_cpu_count_show.9aa2f56ad856a8e60a43e51edfd6783e.cfi_jt+0x8/0x8
[  116.638139]  dev_attr_show.e838662ccf5f11af440a274ca8c00c87+0x98/0xa0
[  116.645302]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xc0/0x140
[  116.652896]  ? show_numa_map.e309dac8ef513458decfe2a3789d061e.cfi_jt+0x8/0x8
[  116.660669]  kernfs_seq_show.321396c22fae547781b1d29c056a00a9+0x56/0x80
[  116.668018]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  116.675887]  ? tc_cls_act_is_valid_access.9df757eef4bc0c33d14c1511bc84932c.cfi_jt+0x8/0x8
[  116.684848]  seq_read_iter+0x19d/0x680
[  116.689320]  kernfs_fop_read_iter.321396c22fae547781b1d29c056a00a9+0x69/0x1f0
[  116.697176]  ? tty_write.d999cba6dacd34436cbc67163367f794.cfi_jt+0x8/0x8
[  116.704632]  vfs_read+0x2d0/0x350
[  116.708675]  ksys_read+0x69/0xd0
[  116.712621]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  116.718657]  __x64_sys_read+0x1b/0x20
[  116.723041]  do_syscall_64+0x56/0xe0
[  116.727330]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  116.733098] RIP: 0033:0x7f1e53e15461
[  116.737376] Code: fe ff ff 50 48 8d 3d fe d0 09 00 e8 e9 03 02 00 66 0f 1f 84 00 00 00 00 00 48 8d 05 99 62 0d 00 8b 00 85 c0 75 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 57 c3 66 0f 1f 44 00 00 41 54 49 89 d4 55 48
[  116.757548] RSP: 002b:00007ffc148af8a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.765811] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f1e53e15461
[  116.773633] RDX: 0000000000020000 RSI: 00007f1e53a25000 RDI: 0000000000000003
[  116.781437] RBP: 00007f1e53a25000 R08: 00000000ffffffff R09: 0000000000000000
[  116.789232] R10: fffffffffffffb9c R11: 0000000000000246 R12: 00007f1e53a25000
[  116.797004] R13: 0000000000000003 R14: 0000000000000fff R15: 0000000000020000
[  116.804811] ---[ end trace d98844657f134139 ]---

Patches sent: https://lore.kernel.org/r/20210415001112.3024673-1-nathan@kernel.org/
@nathanchance nathanchance added [BUG] linux A bug that should be fixed in the mainline kernel. [PATCH] Submitted A patch has been submitted for review [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity labels Apr 15, 2021
@nathanchance nathanchance self-assigned this Apr 15, 2021
@nathanchance
Copy link
Member Author

Accepted:

https://git.kernel.org/tip/de5bc7b425d4c27ae5faa00ea7eb6b9780b9a355
https://git.kernel.org/tip/5deac80d4571dffb51f452f0027979d72259a1b9

@nathanchance nathanchance added [PATCH] Accepted A submitted patch has been accepted upstream and removed [PATCH] Submitted A patch has been submitted for review labels Apr 16, 2021
@nathanchance
Copy link
Member Author

Merged into mainline:

https://git.kernel.org/torvalds/c/de5bc7b425d4
https://git.kernel.org/torvalds/c/5deac80d4571

@nathanchance nathanchance added [FIXED][LINUX] 5.13 This bug was fixed in Linux 5.13 and removed [PATCH] Accepted A submitted patch has been accepted upstream labels Apr 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nathanchance nathanchance

Labels
[BUG] linux A bug that should be fixed in the mainline kernel. [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity [FIXED][LINUX] 5.13 This bug was fixed in Linux 5.13
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nathanchance