On Wed, Aug 24, 2022 at 6:06 PM Chang S. Bae <chang.seok.bae@xxxxxxxxx> wrote: > > On 8/24/2022 3:52 PM, Evan Green wrote: > > > > Whatever we ended up landing in the ChromeOS tree (which I think was > > v4 of this series) actively hit this bug in hibernation, which is how > > I found it. I couldn't get a full backtrace because the backtracing > > code tripped over itself as well for some reason. If the next patch in > > this series is different from what we landed in ChromeOS, then maybe > > your description is correct, but I haven't dug in to understand the > > delta. > > So the change from v4 is simply dropping CBC mode. Marvin who reported > another issue told me that he pushed the fix to some Chrome repository. > But I don't know that's the same repo that you mentioned. Are you able > to locate that tree if possible? I see. The only ChromeOS tree I'm aware of where keylocker has landed is our 5.10 tree. This is the change where it landed: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/3373776/12 > > Also, it would be nice to have more detail about that hibernation bug. Here's the log I've got that pointed me down this path: https://pastebin.com/VvR1EHvE Relevant bit pasted below: <6>[43486.263035] Enabling non-boot CPUs ... <6>[43486.263081] x86: Booting SMP configuration: <6>[43486.263082] smpboot: Booting Node 0 Processor 1 APIC 0x1 <2>[43486.264010] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) <1>[43486.264019] BUG: unable to handle page fault for address: ffffffff94b483a6 <1>[43486.264021] #PF: supervisor instruction fetch in kernel mode <1>[43486.264023] #PF: error_code(0x0011) - permissions violation <6>[43486.264025] PGD 391c0e067 P4D 391c0e067 PUD 391c0f063 PMD 10006c063 PTE 8000000392148163 <4>[43486.264031] Oops: 0011 [#1] PREEMPT SMP NOPTI <4>[43486.264035] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G U 5.10.136-19391-gadfe4d4b8c04 #1 b640352a7a0e5f1522aed724296ad63f90c007df <4>[43486.264036] Hardware name: Google Primus/Primus, BIOS Google_Primus.14505.145.0 06/23/2022 <4>[43486.264042] RIP: 0010:load_keylocker+0x0/0x7f <4>[43486.264044] Code: 02 46 0a 0c 07 08 44 0b 24 00 00 00 10 26 00 00 44 d5 e9 ff dd 00 00 00 00 41 0e 10 86 02 43 0d 06 42 8d 03 49 8c 04 02 61 0a <0c> 07 08 48 0b 00 24 00 00 00 38 26 00 00 fc d5 e9 ff ba 00 00 00 <4>[43486.264046] RSP: 0000:ffffb1c7000afe50 EFLAGS: 00010046 <4>[43486.264048] RAX: ffffffff9483a898 RBX: ffff8d64ef855440 RCX: 0000000000310800 <4>[43486.264049] RDX: 0000000000310800 RSI: 0000000000000000 RDI: 00000000003f0ea0 <4>[43486.264051] RBP: ffffb1c7000afe88 R08: 0000000000000000 R09: 0000000000003000 <4>[43486.264052] R10: 0000000000000500 R11: ffffffff92c6c775 R12: ffff8d64ef8554c0 <4>[43486.264053] R13: 0000000000000000 R14: 0000000000000082 R15: ffff8d64ef855460 <4>[43486.264055] FS: 0000000000000000(0000) GS:ffff8d64ef840000(0000) knlGS:0000000000000000 <4>[43486.264057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[43486.264058] CR2: ffffffff94b483a6 CR3: 0000000391c0c001 CR4: 00000000003f0ea0 <4>[43486.264063] invalid opcode: 0000 [#2] PREEMPT SMP NOPTI <4>[43486.264065] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G U 5.10.136-19391-gadfe4d4b8c04 #1 b640352a7a0e5f1522aed724296ad63f90c007df <4>[43486.264066] Hardware name: Google Primus/Primus, BIOS Google_Primus.14505.145.0 06/23/2022 <4>[43486.264069] RIP: 0010:__show_regs+0x2ed/0x338 <4>[43486.264071] Code: 81 fc 00 04 00 00 75 44 48 f7 05 ca 83 90 01 10 00 00 00 0f 84 fa fd ff ff 31 d2 48 f7 05 b7 83 90 01 10 00 00 00 74 07 31 c9 <0f> 01 ee 89 c2 48 c7 c7 90 38 29 94 4c 89 f6 48 83 c4 28 5b 41 5c <4>[43486.264072] RSP: 0000:ffffb1c7000afc90 EFLAGS: 00010046 <4>[43486.264074] RAX: 00000000ffff0ff0 RBX: 0000000000000000 RCX: 0000000000000000 <4>[43486.264075] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff94cf27f4 <4>[43486.264076] RBP: ffffb1c7000afce0 R08: 0000000000000000 R09: 00000000ffffdfff <4>[43486.264078] R10: ffffffff94658600 R11: 3fffffffffffffff R12: 0000000000000400 <4>[43486.264079] R13: ffff8d64ef840000 R14: ffffffff9435d0a9 R15: 00000000ffff0ff0 <4>[43486.264080] FS: 0000000000000000(0000) GS:ffff8d64ef840000(0000) knlGS:0000000000000000 <4>[43486.264082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[43486.264083] CR2: ffffffff94b483a6 CR3: 0000000391c0c001 CR4: 00000000003f0ea0 <4>[43486.264085] invalid opcode: 0000 [#3] PREEMPT SMP NOPTI <4>[43486.264086] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G U 5.10.136-19391-gadfe4d4b8c04 #1 b640352a7a0e5f1522aed724296ad63f90c007df <4>[43486.264088] Hardware name: Google Primus/Primus, BIOS Google_Primus.14505.145.0 06/23/2022 <4>[43486.264089] RIP: 0010:__show_regs+0x2ed/0x338 I landed this change, though I'm still working on verifying the issue goes away with this fix: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/3851401 I don't have direct access to this machine, but I wonder if a simple cpu hotplug might also exercise this path. -Evan > > Thanks, > Chang >