On Mon, Nov 13, 2017 at 5:45 PM, Guenter Roeck <linux@xxxxxxxxxxxx> wrote: > On Tue, Oct 24, 2017 at 08:20:26AM -0700, Kees Cook wrote: >> In preparation for unconditionally passing the struct timer_list pointer to >> all timer callbacks, switch to using the new timer_setup() and from_timer() >> to pass the timer pointer explicitly. One tracking pointer was added, and >> one initialization was cleaned up. >> >> Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@xxxxxxxxxxx> >> Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> >> Cc: Tomi Valkeinen <tomi.valkeinen@xxxxxx> >> Cc: David Lechner <david@xxxxxxxxxxxxxx> >> Cc: Daniel Vetter <daniel.vetter@xxxxxxxx> >> Cc: Sean Paul <seanpaul@xxxxxxxxxxxx> >> Cc: Jean Delvare <jdelvare@xxxxxxx> >> Cc: Hans de Goede <hdegoede@xxxxxxxxxx> >> Cc: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx> >> Cc: linux-fbdev@xxxxxxxxxxxxxxx >> Cc: dri-devel@xxxxxxxxxxxxxxxxxxxxx >> Cc: linux-omap@xxxxxxxxxxxxxxx >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Hi Kees, > > this patch causes a large number of qemu crashes. > > Unable to handle kernel NULL pointer dereference at virtual address 00000194 > pgd = c0004000 > [00000194] *pgd=00000000 > Internal error: Oops: 5 [#1] ARM > Modules linked in: > CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-next-20171113 #1 > Hardware name: ARM-Versatile (Device Tree Support) > task: c04df238 task.stack: c04da000 > PC is at queue_work_on+0x1c/0x48 > ... > [<c00371b0>] (queue_work_on) from [<c01f5504>] (cursor_timer_handler+0x20/0x44) > [<c01f5504>] (cursor_timer_handler) from [<c005bedc>] (call_timer_fn+0x24/0xa0) > [<c005bedc>] (call_timer_fn) from [<c005bfd4>] (expire_timers+0x7c/0x8c) > [<c005bfd4>] (expire_timers) from [<c005c1ac>] (run_timer_softirq+0x88/0x184) > [<c005c1ac>] (run_timer_softirq) from [<c00095f0>] (__do_softirq+0xe0/0x238) > [<c00095f0>] (__do_softirq) from [<c0027634>] (irq_exit+0xb4/0xd0) > [<c0027634>] (irq_exit) from [<c0053b0c>] (__handle_domain_irq+0x50/0xa8) > [<c0053b0c>] (__handle_domain_irq) from [<c0009438>] (vic_handle_irq+0x54/0x94) > [<c0009438>] (vic_handle_irq) from [<c00197a8>] (__irq_svc+0x68/0x84) > > See > http://kerneltests.org/builders/qemu-arm-next/builds/806/steps/qemubuildcommand/logs/stdio > for complete crash logs. > > Reverting the patch fixes the problem. > > Images for various other architectures crash as well in next-20171113, > but I didn't bisect those. It looks like there are additional (possibly irq > related) problems in the latest -next kernel; I don't know if those are > also related to timer changes. I think this is already fixed here: https://marc.info/?l=linux-fbdev&m=151056635200583&w=2 If not, please let me know! :) -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-fbdev" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html