Bug 203559 - usercopy_abort triggered by build_test_sglist
Summary: usercopy_abort triggered by build_test_sglist
Status: NEW
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Other (show other bugs)
Hardware: x86-64 Linux
: P1 low
Assignee: Andrew Morton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-09 09:37 UTC by Mihai Donțu
Modified: 2019-08-16 11:22 UTC (History)
1 user (show)

See Also:
Kernel Version: 5.1
Subsystem:
Regression: No
Bisected commit-id:

Attachments
kernel config (127.68 KB, text/plain)
2019-05-09 09:37 UTC, Mihai Donțu 		Details
Screenshot (778.79 KB, image/jpeg)
2019-05-18 13:11 UTC, Marc B. 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Mihai Donțu 2019-05-09 09:37:08 UTC 
Created attachment 282687 [details]
kernel config

I have CONFIG_CRYPTO_FIPS and CONFIG_HARDENED_USERCOPY_PAGESPAN enabled from an experiment I forgot about, that started triggering a crash very early at boot with kernel 5.1:

usercopy: Kernel memory overwrite attempt detected to spans multiple pages (offset 0, size 372)!
------------[ cut here]------------
kernel BUG at mm/usercopy.c:102!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 0 PID: 42 Comm: cryptomgr_test Trainted: G        T 5.1.0-gentoo #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-1.fc28 04/01/2014
RIP: 0010:usercopy_abort+0x87/0x89
Code: c3 ae 48 c7 c6 c9 9c ba ae 41 55 48 c7 c7 38 9e bb ae 48 0f 45 d1 48 c7 c1 51
      9d bb ae 50 48 0f 45 f1 4c 89 e1 e8 fb 50 e8 ff <0f> 0b 49 89 d8 31 c9 44 89
      ea 31 f6 48 c7 c7 9a 9d bb ae e8 61 ff
...
Call Trace:
 __check_object_size.cold+0x16/0xa6
 build_test_sglist+0x283/0x370
 ? skcipher_walk_done+0x105/0x220
 ? ecb_crypt+0xa5/0x110
 build_cipher_test_sglist+0xa0/0x120
 test_skcipher_vec_cfg+0x1c4/0x6e0
...

The information above is from a screenshot, thus some opcodes or offsets might be wrong.

The 5.0.13 kernel does not have this issue.
Comment 1 Marc B. 2019-05-18 13:11:27 UTC 
Created attachment 282819 [details]
Screenshot

Attached is a screenshot where I probably have the same issue on a P50.
Comment 2 Marc B. 2019-08-16 10:13:51 UTC 
Any progress here?
Comment 3 Marc B. 2019-08-16 11:22:12 UTC 
(In reply to Mihai Donțu from comment #0)

Try

CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y

Kernel boots fine here then.


> Created attachment 282687 [details]
> kernel config
> 
> I have CONFIG_CRYPTO_FIPS and CONFIG_HARDENED_USERCOPY_PAGESPAN enabled from
> an experiment I forgot about, that started triggering a crash very early at
> boot with kernel 5.1:
> 
> usercopy: Kernel memory overwrite attempt detected to spans multiple pages
> (offset 0, size 372)!
> ------------[ cut here]------------
> kernel BUG at mm/usercopy.c:102!
> invalid opcode: 0000 [#1] PREEMPT SMP PTI
> CPU: 0 PID: 42 Comm: cryptomgr_test Trainted: G        T 5.1.0-gentoo #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-1.fc28
> 04/01/2014
> RIP: 0010:usercopy_abort+0x87/0x89
> Code: c3 ae 48 c7 c6 c9 9c ba ae 41 55 48 c7 c7 38 9e bb ae 48 0f 45 d1 48
> c7 c1 51
>       9d bb ae 50 48 0f 45 f1 4c 89 e1 e8 fb 50 e8 ff <0f> 0b 49 89 d8 31 c9
> 44 89
>       ea 31 f6 48 c7 c7 9a 9d bb ae e8 61 ff
> ...
> Call Trace:
>  __check_object_size.cold+0x16/0xa6
>  build_test_sglist+0x283/0x370
>  ? skcipher_walk_done+0x105/0x220
>  ? ecb_crypt+0xa5/0x110
>  build_cipher_test_sglist+0xa0/0x120
>  test_skcipher_vec_cfg+0x1c4/0x6e0
> ...
> 
> The information above is from a screenshot, thus some opcodes or offsets
> might be wrong.
> 
> The 5.0.13 kernel does not have this issue.
Note You need to log in before you can comment on or make changes to this bug.