FS#77601 - [linux] 6.2 kernel panic at boot in bpf_trampoline when setting retbleed=stuff

Attached to Project: Arch Linux
Opened by Worty (w0rty) - Tuesday, 21 February 2023, 14:58 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:13 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Jan Alexander Steffens (heftig)
David Runge (dvzrv)
Levente Polyak (anthraxx)
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 6
Private No

Details

Description:
Kernel panic immediately after initramfs when setting retbleed=stuff.

Hardware:
Thinkpad E580
Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz

Additional info:
package version: 6.2.arch1-1
cmdline working: root=/dev/mapper/cryptroot rd.luks.name=1863a172-9ae5-422a-84b9-e4e8dd32a306=cryptroot rw quiet bgrt_disable lockdown=integrity intel_iommu=on,igfx_off

cmdline crashing: root=/dev/mapper/cryptroot rd.luks.name=1863a172-9ae5-422a-84b9-e4e8dd32a306=cryptroot rw quiet bgrt_disable lockdown=integrity intel_iommu=on,igfx_off retbleed=stuff

root on ext4
secure boot is on
content of /sys/kernel/security/lockdown: none [integrity] confidentiality

panic attached as picture


   IMG_20230221_153850237.jpg (1.7 MiB)
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:13 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/linux/issues/3
Comment by loqs (loqs) - Tuesday, 21 February 2023, 16:50 GMT
Have you tried applying [1] see also [2]. If that does not resolve the issue please open an upstream bug report on the kernel bugzilla or by replaying to [2] or its parent.

[1] https://lore.kernel.org/all/20230116142533.905102512%40infradead.org/
[2] https://lore.kernel.org/all/20230105214922.250473-1-joanbrugueram%40gmail.com/
Comment by Worty (w0rty) - Friday, 24 February 2023, 09:34 GMT
Thanks for pointing this out to me, because I didn't found it. As it seems as a bug in upstream this can probably be closed here.
Comment by loqs (loqs) - Friday, 24 February 2023, 13:49 GMT
The linked kernel applies the 7 patch series v2 x86 retbleed stuff fixes, referenced in [1] above.

https://drive.google.com/file/d/1u-5YvpOUGfjMbu822ge_ChtGnVj0eKKi/view?usp=share_link linux-6.2.arch1-1.3-x86_64.pkg.tar.zst
https://drive.google.com/file/d/17RkaP1z0OWnweOo-CgQo3rwuOcwuOxcc/view?usp=share_link linux-headers-6.2.arch1-1.3-x86_64.pkg.tar.zst
Comment by Worty (w0rty) - Friday, 24 February 2023, 14:23 GMT
Thanks for the build but even with the patches applied from [1] it is still panicking. I also made myself a clean VM for better testing like Joan did in [2].

[ 1.981191] BUG: unable to handle page fault for address: ffffffffffffff8b
[ 1.982026] #PF: supervisor write access in kernel mode
[ 1.982641] #PF: error_code(0x0002) - not-present page
[ 1.983231] PGD 154e15067 P4D 154e15067 PUD 154e17067 PMD 0
[ 1.983905] Oops: 0002 [#1] PREEMPT SMP PTI
[ 1.984520] CPU: 1 PID: 1 Comm: systemd Not tainted 6.2.0-arch1-1.3 #1 c978e2507d6c27732fe929f8d9c9476a1a63e6cc
[ 1.985983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
[ 1.987116] RIP: 0010:__bpf_tramp_enter+0xc/0x40
[ 1.987807] Code: ff e9 e8 99 ad 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 fb e8 a9 fa ed <ff> 48 8b 83 60 02 00 00 a8 03 75 0a 65 48 ff 00 5b e9 9e 43 ee ff
[ 1.990261] RSP: 0018:ffffacdc8001fc58 EFLAGS: 00010086
[ 1.990920] RAX: 0000000000000000 RBX: ffffffff988dbd88 RCX: 0000000500000000
[ 1.991824] RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffff97fd00e59c00
[ 1.992702] RBP: ffffacdc8001fc90 R08: ffff97fd00229420 R09: ffff97fd0162db40
[ 1.993580] R10: 0000000000000000 R11: 0000000000000002 R12: ffffacdc8001fd90
[ 1.994469] R13: 0000000000000000 R14: ffff97fd03dcae10 R15: ffff97fd03dcae00
[ 1.995350] FS: 00007f4d01e56840(0000) GS:ffff97fd7bc80000(0000) knlGS:0000000000000000
[ 1.996287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.996966] CR2: ffffffffffffff8b CR3: 000000010451e003 CR4: 0000000000370ee0
[ 1.997820] Call Trace:
[ 1.998123] <TASK>
[ 1.998395] ? bpf_trampoline_6442539968_0+0x3d/0x1000
[ 1.999003] ? bpf_lsm_file_open+0x9/0x10
[ 1.999485] ? security_file_open+0x30/0x50
[ 2.000035] ? do_dentry_open+0xf8/0x460
[ 2.000515] ? path_openat+0xd8f/0x1260
[ 2.000963] ? security_inode_alloc+0x53/0x90
[ 2.001499] ? inode_init_always+0x1ea/0x210
[ 2.002017] ? __pfx_shmem_initxattrs+0x10/0x10
[ 2.002563] ? security_inode_init_security+0x107/0x150
[ 2.003770] ? __pfx_shmem_initxattrs+0x10/0x10
[ 2.004438] ? do_filp_open+0xb3/0x160
[ 2.004995] ? do_sys_openat2+0xaf/0x170
[ 2.005553] ? __x64_sys_openat+0x6e/0xa0
[ 2.006046] ? do_syscall_64+0x5f/0x90
[ 2.006509] ? __x86_return_skl+0x35/0x88
[ 2.007001] ? __x86_return_skl+0x2f/0x88
[ 2.007504] ? __x86_return_skl+0x29/0x88
[ 2.007995] ? __x86_return_skl+0x23/0x88
[ 2.008492] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2.009160] </TASK>
[ 2.009426] Modules linked in: bpf_preload qemu_fw_cfg ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 virtio_net net_failover virtio_gpu virtio_rng virtio_console serio_raw atkbd virtio_balloon virtio_blk failover libps2 virtio_dma_buf vivaldi_fmap sr_mod crc32c_intel cdrom virtio_pci virtio_pci_legacy_dev xhci_pci xhci_pci_renesas virtio_pci_modern_dev i8042 serio
[ 2.013305] CR2: ffffffffffffff8b
[ 2.013696] ---[ end trace 0000000000000000 ]---
[ 2.014243] RIP: 0010:__bpf_tramp_enter+0xc/0x40
[ 2.014781] Code: ff e9 e8 99 ad 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 fb e8 a9 fa ed <ff> 48 8b 83 60 02 00 00 a8 03 75 0a 65 48 ff 00 5b e9 9e 43 ee ff
[ 2.016920] RSP: 0018:ffffacdc8001fc58 EFLAGS: 00010086
[ 2.017530] RAX: 0000000000000000 RBX: ffffffff988dbd88 RCX: 0000000500000000
[ 2.018341] RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffff97fd00e59c00
[ 2.019145] RBP: ffffacdc8001fc90 R08: ffff97fd00229420 R09: ffff97fd0162db40
[ 2.019949] R10: 0000000000000000 R11: 0000000000000002 R12: ffffacdc8001fd90
[ 2.020767] R13: 0000000000000000 R14: ffff97fd03dcae10 R15: ffff97fd03dcae00
[ 2.021667] FS: 00007f4d01e56840(0000) GS:ffff97fd7bc80000(0000) knlGS:0000000000000000
[ 2.022661] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.023386] CR2: ffffffffffffff8b CR3: 000000010451e003 CR4: 0000000000370ee0
[ 2.024286] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 2.025312] Kernel Offset: 0x16200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2.026580] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]---
Comment by loqs (loqs) - Friday, 24 February 2023, 14:58 GMT
This looks promising
https://lore.kernel.org/all/20230107051456.8800-1-joanbrugueram%40gmail.com/

https://drive.google.com/file/d/1aZw0w6QDRSpoVPBCJnWQ15Ww4tZL82e-/view?usp=share_link linux-6.2.arch1-1.5-x86_64.pkg.tar.zst
https://drive.google.com/file/d/1wW3NhcNlRMIJ29xioTlNMLvUnGUwqtw7/view?usp=share_link linux-headers-6.2.arch1-1.5-x86_64.pkg.tar.zst
Comment by Worty (w0rty) - Friday, 24 February 2023, 15:17 GMT
Yeah that patch fixed it on my VM and host!

output of lscpu: Retbleed: Mitigation; Stuffing

Thanks for your help! I did some benchmarks and it is a few percent faster.
Hope this patch gets merged before linux hitting core.
Comment by Toolybird (Toolybird) - Saturday, 06 May 2023, 21:38 GMT
Dupe  FS#78425 

Patch hasn't been applied upstream. The Arch patch was dropped when we upgraded to 6.3.x. Maybe @heftig assumed it had been applied? Someone needs to lobby the kernel folks...
Comment by Worty (w0rty) - Monday, 15 May 2023, 22:00 GMT
Yep, can confirm its the same bug again.


Welcome to Arch Linux!

[ 5.141529] BUG: unable to handle page fault for address: ffffffffffffff8c
[ 5.142991] #PF: supervisor write access in kernel mode
[ 5.143642] #PF: error_code(0x0002) - not-present page
[ 5.144281] PGD 5cc25067 P4D 5cc25067 PUD 5cc27067 PMD 0
[ 5.144954] Oops: 0002 [#1] PREEMPT SMP PTI
[ 5.145500] CPU: 7 PID: 1 Comm: systemd Not tainted 6.3.2-arch1-1 #1 44a85077
8a68c42d012ba8e685997cb0375875a4
[ 5.146719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown
unknown
[ 5.147671] RIP: 0010:__bpf_tramp_enter+0xc/0x40
[ 5.148251] Code: ff e9 a8 f3 ad 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 fb e8 09 70 ed <ff> 48 8b 83
60 02 00 00 a8 03 75 0a 65 48 ff 00 5b e9 1e ab ed ff
[ 5.150534] RSP: 0018:ffffa9c10001fc10 EFLAGS: 00010286
[ 5.151184] RAX: 0000000000000001 RBX: ffffffff984d4dc8 RCX: 0000000400000000
[ 5.152067] RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffff8ab54862e400
[ 5.152958] RBP: ffffa9c10001fc48 R08: ffff8ab540a68020 R09: ffff8ab5407c1180
[ 5.154022] R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000000
[ 5.154978] R13: 0000000000000000 R14: ffff8ab548595010 R15: ffffa9c10001fe7c
[ 5.155888] FS: 00007f542617f840(0000) GS:ffff8ab6b7dc0000(0000) knlGS:00000
00000000000
[ 5.156988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.157741] CR2: ffffffffffffff8c CR3: 0000000101320001 CR4: 0000000000370ee0
[ 5.158623] Call Trace:
[ 5.158960] <TASK>
[ 5.159263] ? bpf_trampoline_6442511382_0+0x3d/0x1000
[ 5.159926] ? bpf_lsm_file_open+0x9/0x10
[ 5.160447] ? security_file_open+0x30/0x50
[ 5.160968] ? do_dentry_open+0xf8/0x460
[ 5.161523] ? path_openat+0xd47/0x1170
[ 5.162004] ? terminate_walk+0x61/0x100
[ 5.162506] ? path_parentat+0x49/0x90
[ 5.162974] ? do_filp_open+0xb3/0x160
[ 5.163443] ? do_sys_openat2+0xaf/0x170
[ 5.163973] ? __x64_sys_openat+0x57/0xa0
[ 5.164472] ? do_syscall_64+0x60/0x90
[ 5.164942] ? syscall_exit_to_user_mode+0x1b/0x40
[ 5.165546] ? do_syscall_64+0x6c/0x90
[ 5.166018] ? __irq_exit_rcu+0x4b/0xf0
[ 5.166498] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 5.167147] </TASK>
[ 5.167430] Modules linked in: qemu_fw_cfg ip_tables x_tables virtio_net virt
io_gpu virtio_balloon serio_raw net_failover virtio_console virtio_dma_buf virti
o_rng failover virtio_blk atkbd libps2 vivaldi_fmap i8042 virtio_pci sr_mod xhci
_pci virtio_pci_legacy_dev cdrom virtio_pci_modern_dev xhci_pci_renesas serio bt
rfs blake2b_generic xor raid6_pq libcrc32c crc32c_generic crc32c_intel
[ 5.173484] CR2: ffffffffffffff8c
[ 5.174163] ---[ end trace 0000000000000000 ]---
[ 5.175005] RIP: 0010:__bpf_tramp_enter+0xc/0x40
[ 5.175868] Code: ff e9 a8 f3 ad 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 fb e8 09 70 ed <ff> 48 8b 83
60 02 00 00 a8 03 75 0a 65 48 ff 00 5b e9 1e ab ed ff
[ 5.179191] RSP: 0018:ffffa9c10001fc10 EFLAGS: 00010286
[ 5.180135] RAX: 0000000000000001 RBX: ffffffff984d4dc8 RCX: 0000000400000000
[ 5.181418] RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffff8ab54862e400
[ 5.182704] RBP: ffffa9c10001fc48 R08: ffff8ab540a68020 R09: ffff8ab5407c1180
[ 5.183981] R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000000
[ 5.185288] R13: 0000000000000000 R14: ffff8ab548595010 R15: ffffa9c10001fe7c
[ 5.186584] FS: 00007f542617f840(0000) GS:ffff8ab6b7dc0000(0000) knlGS:00000
00000000000
[ 5.188047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.189142] CR2: ffffffffffffff8c CR3: 0000000101320001 CR4: 0000000000370ee0
[ 5.190452] note: systemd[1] exited with irqs disabled
[ 5.191522] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00
000009
[ 5.193126] Kernel Offset: 0x15e00000 from 0xffffffff81000000 (relocation ran
ge: 0xffffffff80000000-0xffffffffbfffffff)
[ 5.195092] ---[ end Kernel panic - not syncing: Attempted to kill init! exit
code=0x00000009 ]---
Comment by Joplin Huge (Archislove) - Sunday, 02 July 2023, 14:40 GMT
Does anyone know if this has been solved and we can use retbleed=stuff again now that 6.4 has been released?
Comment by GalaxySnail (GalaxySnail) - Sunday, 02 July 2023, 14:45 GMT
Unfortunately no, retbleed=stuff still doesn't work on Linux 6.4.1.arch1.
Comment by Mathias Havdal (matte3560) - Friday, 15 September 2023, 09:16 GMT
Still broken on 6.5.3-arch1-1. Slightly surprising this hasn't been fixed upstream yet, considering this was supposed to be one of the prominent features of 6.2.
Comment by loqs (loqs) - Saturday, 16 September 2023, 21:01 GMT
> Still broken on 6.5.3-arch1-1.
I would suggest replying to [1] to note it is still an issue.

[1] https://lore.kernel.org/all/20230107051456.8800-1-joanbrugueram%40gmail.com/
Comment by Mathias Havdal (matte3560) - Sunday, 17 September 2023, 20:14 GMT
Done. Haven't used a mailing list like that before so hopefully I didn't screw it up...

edit: my reply still isn't showing up on the mailing list so I guess I fucked something up. I definitely sent something though...
Comment by Joplin Huge (Archislove) - Friday, 06 October 2023, 09:10 GMT
Any news on this?

Loading...