[+Kees Cook <keescook@xxxxxxxxxxxx>] On Thu, May 09, 2019 at 03:46:08PM -0700, Andrew Morton wrote: > > (switched to email. Please respond via emailed reply-to-all, not via the > bugzilla web interface). > > On Thu, 09 May 2019 09:37:08 +0000 bugzilla-daemon@xxxxxxxxxxxxxxxxxxx wrote: > > > https://bugzilla.kernel.org/show_bug.cgi?id=203559 > > > > Bug ID: 203559 > > Summary: usercopy_abort triggered by build_test_sglist > > Product: Memory Management > > Version: 2.5 > > Kernel Version: 5.1 > > Hardware: x86-64 > > OS: Linux > > Tree: Mainline > > Status: NEW > > Severity: low > > Priority: P1 > > Component: Other > > Assignee: akpm@xxxxxxxxxxxxxxxxxxxx > > Reporter: mihai.dontu@xxxxxxxxx > > Regression: No > > > > Created attachment 282687 > > --> https://bugzilla.kernel.org/attachment.cgi?id=282687&action=edit > > kernel config > > > > I have CONFIG_CRYPTO_FIPS and CONFIG_HARDENED_USERCOPY_PAGESPAN enabled from an > > experiment I forgot about, that started triggering a crash very early at boot > > with kernel 5.1: > > > > usercopy: Kernel memory overwrite attempt detected to spans multiple pages > > (offset 0, size 372)! > > ------------[ cut here]------------ > > kernel BUG at mm/usercopy.c:102! > > invalid opcode: 0000 [#1] PREEMPT SMP PTI > > CPU: 0 PID: 42 Comm: cryptomgr_test Trainted: G T 5.1.0-gentoo #1 > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-1.fc28 > > 04/01/2014 > > RIP: 0010:usercopy_abort+0x87/0x89 > > Code: c3 ae 48 c7 c6 c9 9c ba ae 41 55 48 c7 c7 38 9e bb ae 48 0f 45 d1 48 c7 > > c1 51 > > 9d bb ae 50 48 0f 45 f1 4c 89 e1 e8 fb 50 e8 ff <0f> 0b 49 89 d8 31 c9 44 > > 89 > > ea 31 f6 48 c7 c7 9a 9d bb ae e8 61 ff > > ... > > Call Trace: > > __check_object_size.cold+0x16/0xa6 > > build_test_sglist+0x283/0x370 > > ? skcipher_walk_done+0x105/0x220 > > ? ecb_crypt+0xa5/0x110 > > build_cipher_test_sglist+0xa0/0x120 > > test_skcipher_vec_cfg+0x1c4/0x6e0 > > ... > > > > The information above is from a screenshot, thus some opcodes or offsets might > > be wrong. > > > > The 5.0.13 kernel does not have this issue. > > > > -- > > You are receiving this mail because: > > You are the assignee for the bug. There was already a long discussion on this where it was concluded that the pagespan check is broken. See https://lkml.org/lkml/2019/3/19/279 and https://lkml.org/lkml/2019/4/14/313 I think CONFIG_HARDENED_USERCOPY_PAGESPAN should be removed or marked 'depends on BROKEN', until someone can find a way to make it work properly. - Eric