riscv+KASAN does not boot
Dmitry Vyukov
dvyukov at google.com
Thu Jan 14 05:24:07 EST 2021
On Thu, Jan 14, 2021 at 10:23 AM Dmitry Vyukov <dvyukov at google.com> wrote:
>
> On Thu, Jan 14, 2021 at 5:57 AM Palmer Dabbelt <palmerdabbelt at google.com> wrote:
> >
> > On Fri, 25 Dec 2020 09:13:23 PST (-0800), dvyukov at google.com wrote:
> > > On Fri, Dec 25, 2020 at 5:58 PM Andreas Schwab <schwab at linux-m68k.org> wrote:
> > >>
> > >> On Dez 25 2020, Dmitry Vyukov wrote:
> > >>
> > >> > qemu-system-riscv64 \
> > >> > -machine virt -bios default -smp 1 -m 2G \
> > >> > -device virtio-blk-device,drive=hd0 \
> > >> > -drive file=buildroot-riscv64.ext4,if=none,format=raw,id=hd0 \
> > >> > -kernel arch/riscv/boot/Image \
> > >> > -nographic \
> > >> > -device virtio-rng-device,rng=rng0 -object
> > >> > rng-random,filename=/dev/urandom,id=rng0 \
> > >> > -netdev user,id=net0,host=10.0.2.10,hostfwd=tcp::10022-:22 -device
> > >> > virtio-net-device,netdev=net0 \
> > >> > -append "root=/dev/vda earlyprintk=serial console=ttyS0 oops=panic
> > >> > panic_on_warn=1 panic=86400"
> > >>
> > >> Do you get more output with earlycon=sbi?
> > >
> > > Hi Andreas,
> > >
> > > For defconfig+kvm_guest.config+ scripts/config -e KASAN -e
> > > KASAN_INLINE it actually gave me more output:
> > >
> > >
> > > OpenSBI v0.7
> > > ____ _____ ____ _____
> > > / __ \ / ____| _ \_ _|
> > > | | | |_ __ ___ _ __ | (___ | |_) || |
> > > | | | | '_ \ / _ \ '_ \ \___ \| _ < | |
> > > | |__| | |_) | __/ | | |____) | |_) || |_
> > > \____/| .__/ \___|_| |_|_____/|____/_____|
> > > | |
> > > |_|
> > >
> > > Platform Name : QEMU Virt Machine
> > > Platform HART Features : RV64ACDFIMSU
> > > Current Hart : 0
> > > Firmware Base : 0x80000000
> > > Firmware Size : 132 KB
> > > Runtime SBI Version : 0.2
> > >
> > > MIDELEG : 0x0000000000000222
> > > MEDELEG : 0x000000000000b109
> > > PMP0 : 0x0000000080000000-0x000000008003ffff (A)
> > > PMP1 : 0x0000000000000000-0xffffffffffffffff (A,R,W,X)
> > > [ 0.000000] Linux version 5.10.0-01370-g71c5f03154ac
> > > (dvyukov at dvyukov-desk.muc.corp.google.com) (riscv64-linux-gnu-gcc
> > > (Debian 10.2.0-9) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35.1) #17
> > > SMP Fri Dec 25 18:10:12 CET 2020
> > > [ 0.000000] OF: fdt: Ignoring memory range 0x80000000 - 0x80200000
> > > [ 0.000000] earlycon: sbi0 at I/O port 0x0 (options '')
> > > [ 0.000000] printk: bootconsole [sbi0] enabled
> > > [ 0.000000] efi: UEFI not found.
> > > [ 0.000000] Zone ranges:
> > > [ 0.000000] DMA32 [mem 0x0000000080200000-0x00000000ffffffff]
> > > [ 0.000000] Normal empty
> > > [ 0.000000] Movable zone start for each node
> > > [ 0.000000] Early memory node ranges
> > > [ 0.000000] node 0: [mem 0x0000000080200000-0x00000000ffffffff]
> > > [ 0.000000] Initmem setup node 0 [mem 0x0000000080200000-0x00000000ffffffff]
> > > [ 0.000000] SBI specification v0.2 detected
> > > [ 0.000000] SBI implementation ID=0x1 Version=0x7
> > > [ 0.000000] SBI v0.2 TIME extension detected
> > > [ 0.000000] SBI v0.2 IPI extension detected
> > > [ 0.000000] SBI v0.2 RFENCE extension detected
> > > [ 0.000000] software IO TLB: mapped [mem
> > > 0x00000000fa3f9000-0x00000000fe3f9000] (64MB)
> > > [ 0.000000] Unable to handle kernel paging request at virtual
> > > address dfffffc810040000
> > > [ 0.000000] Oops [#1]
> > > [ 0.000000] Modules linked in:
> > > [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
> > > 5.10.0-01370-g71c5f03154ac #17
> > > [ 0.000000] epc: ffffffe00042e3e4 ra : ffffffe000c0462c sp : ffffffe001603ea0
> > > [ 0.000000] gp : ffffffe0016e3c60 tp : ffffffe00160cd40 t0 :
> > > dfffffc810040000
> > > [ 0.000000] t1 : ffffffe000e0a838 t2 : 0000000000000000 s0 :
> > > ffffffe001603f50
> > > [ 0.000000] s1 : ffffffe0016e50a8 a0 : dfffffc810040000 a1 :
> > > 0000000000000000
> > > [ 0.000000] a2 : 000000000ffc0000 a3 : dfffffc820000000 a4 :
> > > 0000000000000000
> > > [ 0.000000] a5 : 000000003e8c6001 a6 : ffffffe000e0a820 a7 :
> > > 0000000000000900
> > > [ 0.000000] s2 : dfffffc820000000 s3 : dfffffc800000000 s4 :
> > > 0000000000000001
> > > [ 0.000000] s5 : ffffffe0016e5108 s6 : fffffffffffff000 s7 :
> > > dfffffc810040000
> > > [ 0.000000] s8 : 0000000000000080 s9 : ffffffffffffffff s10:
> > > ffffffe07a119000
> > > [ 0.000000] s11: 000000000000ffc0 t3 : ffffffe0016eb908 t4 :
> > > 0000000000000001
> > > [ 0.000000] t5 : ffffffc4001c150a t6 : ffffffe001603be8
> > > [ 0.000000] status: 0000000000000100 badaddr: dfffffc810040000
> > > cause: 000000000000000f
> > > [ 0.000000] random: get_random_bytes called from
> > > oops_exit+0x30/0x58 with crng_init=0
> > > [ 0.000000] ---[ end trace 0000000000000000 ]---
> > > [ 0.000000] Kernel panic - not syncing: Fatal exception
> > > [ 0.000000] ---[ end Kernel panic - not syncing: Fatal exception ]---
> > >
> > >
> > > But I first tried with a the kernel image I had in the dir, I think it
> > > was this config (no KASAN):
> > > https://gist.githubusercontent.com/dvyukov/b2b62beccf80493781ab03b41430e616/raw/62e673cff08a8a41656d2871b8a37f74b00f509f/gistfile1.txt
> > >
> > > and earlycon=sbi did not change anything (no output after OpenSBI).
> > > So potentially there are 2 different problems.
> >
> > Thanks for reporting this. Looks like I'd forgotten to add a kasan config to
> > my tests. There's one in there now, and it's passing as of the fix that Nylon
> > posted.
>
> I can boot the KASAN kernel now on riscv/fixes.
>
> Next problem: I've got only to:
>
> [ 90.498967][ T1] Run /sbin/init as init process
> [ 91.164353][ T4022] init[4022]: unhandled signal 11 code 0x1 at
> 0x0000000000000bb0 in busybox[10000+d7000]
> [ 91.179640][ T4022] CPU: 1 PID: 4022 Comm: init Not tainted
> 5.11.0-rc2-00012-g0983834a8393 #19
> [ 91.180853][ T4022] epc: 0000000000000bb0 ra : 0000003fccab09d0 sp
> : 0000003fffa8c7b0
> [ 91.181861][ T4022] gp : 00000000000e8d70 tp : 0000003fccaaf820 t0
> : 000000000000001e
> [ 91.182810][ T4022] t1 : 0000003fccab0bfc t2 : 000000000000000a s0
> : 0000003fffa8c850
> [ 91.183749][ T4022] s1 : 0000003fccab1070 a0 : 0000003fccab1070 a1
> : 0000003fffa8c8c8
> [ 91.184689][ T4022] a2 : 0000000000000001 a3 : 0000000000000020 a4
> : 0000000000000000
> [ 91.185620][ T4022] a5 : 0000000000000000 a6 : 0000003fcc9c4260 a7
> : fffffffffffffffe
> [ 91.186566][ T4022] s2 : 0000000000000000 s3 : 0000003fffa8c8c8 s4
> : 0000003fccab1000
> [ 91.187500][ T4022] s5 : 0000003fccab1078 s6 : 0000003fffa8c8d0 s7
> : 0000000000000010
> [ 91.189672][ T4022] s8 : 0000000000000016 s9 : 0000000000000000
> s10: 0000003fffa8c8c8
> [ 91.190637][ T4022] s11: 0000000000000000 t3 : 0000000000000bb0 t4
> : 0000000000000000
> [ 91.191568][ T4022] t5 : 0000003fffa8c360 t6 : 0000000000000000
> [ 91.192389][ T4022] status: 8000000000004020 badaddr:
> 0000000000000bb0 cause: 000000000000000c
> [ 91.201573][ T1] Kernel panic - not syncing: Attempted to kill
> init! exitcode=0x0000000b
> [ 91.202906][ T1] CPU: 0 PID: 1 Comm: init Not tainted
> 5.11.0-rc2-00012-g0983834a8393 #19
> [ 91.204139][ T1] Call Trace:
> [ 91.204849][ T1] [<ffffffe0000095c0>] walk_stackframe+0x0/0x1d0
> [ 91.206124][ T1] [<ffffffe00458b2d8>] show_stack+0x3a/0x46
> [ 91.207240][ T1] [<ffffffe0045a5b72>] dump_stack+0x11c/0x180
> [ 91.208732][ T1] [<ffffffe00458b6a0>] panic+0x20a/0x5cc
> [ 91.209890][ T1] [<ffffffe00002eea4>] do_exit+0x1846/0x1874
> [ 91.211052][ T1] [<ffffffe00002efdc>] do_group_exit+0xa0/0x192
> [ 91.212224][ T1] [<ffffffe000047d30>] get_signal+0x2d6/0x13dc
> [ 91.213390][ T1] [<ffffffe000007eb0>] do_notify_resume+0xa8/0x912
> [ 91.214567][ T1] [<ffffffe00000559c>] ret_from_exception+0x0/0x14
>
> The image is buildroot on 2020.11.x built with this script:
> https://gist.githubusercontent.com/dvyukov/1a9a01ca2189e35175a021820c95b04d/raw/5c01d755e83f4eab0d56aa7dc84af3b2d5e80423/gistfile1.txt
>
> Readelf for init shows the following (is it that [10000+d7000] address
> is not .text at all?):
>
> $ riscv64-linux-gnu-readelf --sections image/bin/busybox
> There are 27 section headers, starting at offset 0xd7f20:
>
> Section Headers:
> [Nr] Name Type Address Offset
> Size EntSize Flags Link Info Align
> [ 0] NULL 0000000000000000 00000000
> 0000000000000000 0000000000000000 0 0 0
> [ 1] .interp PROGBITS 0000000000010238 00000238
> 0000000000000021 0000000000000000 A 0 0 1
> [ 2] .note.ABI-tag NOTE 000000000001025c 0000025c
> 0000000000000020 0000000000000000 A 0 0 4
> [ 3] .hash HASH 0000000000010280 00000280
> 00000000000009cc 0000000000000004 A 5 0 8
> [ 4] .gnu.hash GNU_HASH 0000000000010c50 00000c50
> 0000000000000ac8 0000000000000000 A 5 0 8
> [ 5] .dynsym DYNSYM 0000000000011718 00001718
> 00000000000021f0 0000000000000018 A 6 1 8
> [ 6] .dynstr STRTAB 0000000000013908 00003908
> 0000000000000c66 0000000000000000 A 0 0 1
> [ 7] .gnu.version VERSYM 000000000001456e 0000456e
> 00000000000002d4 0000000000000002 A 5 0 2
> [ 8] .gnu.version_r VERNEED 0000000000014848 00004848
> 0000000000000050 0000000000000000 A 6 2 8
> [ 9] .rela.dyn RELA 0000000000014898 00004898
> 00000000000000c0 0000000000000018 A 5 0 8
> [10] .rela.plt RELA 0000000000014958 00004958
> 00000000000020a0 0000000000000018 AI 5 22 8
> [11] .plt PROGBITS 0000000000016a00 00006a00
> 00000000000015e0 0000000000000010 AX 0 0 16
> [12] .text PROGBITS 0000000000017fe0 00007fe0
> 00000000000a3668 0000000000000000 AX 0 0 4
> [13] .rodata PROGBITS 00000000000bb648 000ab648
> 000000000002b076 0000000000000000 A 0 0 8
> [14] .sdata2 PROGBITS 00000000000e66c0 000d66c0
> 0000000000000163 0000000000000000 A 0 0 8
> [15] .eh_frame_hdr PROGBITS 00000000000e6824 000d6824
> 0000000000000014 0000000000000000 A 0 0 4
> [16] .eh_frame PROGBITS 00000000000e6838 000d6838
> 000000000000002c 0000000000000000 A 0 0 8
> [17] .preinit_array PREINIT_ARRAY 00000000000e7df8 000d6df8
> 0000000000000008 0000000000000008 WA 0 0 1
> [18] .init_array INIT_ARRAY 00000000000e7e00 000d6e00
> 0000000000000008 0000000000000008 WA 0 0 8
> [19] .fini_array FINI_ARRAY 00000000000e7e08 000d6e08
> 0000000000000008 0000000000000008 WA 0 0 8
> [20] .dynamic DYNAMIC 00000000000e7e10 000d6e10
> 00000000000001f0 0000000000000010 WA 6 0 8
> [21] .data PROGBITS 00000000000e8000 000d7000
> 0000000000000240 0000000000000000 WA 0 0 8
> [22] .got PROGBITS 00000000000e8240 000d7240
> 0000000000000af8 0000000000000008 WA 0 0 8
> [23] .sdata PROGBITS 00000000000e8d38 000d7d38
> 0000000000000101 0000000000000000 WA 0 0 8
> [24] .sbss NOBITS 00000000000e8e40 000d7e39
> 000000000000017f 0000000000000000 WA 0 0 8
> [25] .bss NOBITS 00000000000e8fc0 000d7e39
> 00000000000005b0 0000000000000000 WA 0 0 8
> [26] .shstrtab STRTAB 0000000000000000 000d7e39
> 00000000000000e6 0000000000000000 0 0 1
>
>
> Before I spent more time on this, am I doing anything obviously wrong?
> Is it a known issue? Are there any fresh working recipes?
Humm.. I tried to use 2020.05 which Tobias used here:
https://github.com/google/syzkaller/blob/master/docs/linux/setup_linux-host_qemu-vm_riscv64-kernel.md#image
But there is no make qemu_riscv64_virt_defconfig target... though I
remember I tested these instructions at the time...
To be precise I used 2020.11, I see there is now 2020.11.1 but I don't
see any mentions of riscv in the log.
More information about the linux-riscv
mailing list