OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Steven Johnson - 22.06.2021

FS#3894 - kexec -l crashes 5.4 and 5.10 kernel on mips 32bit target (MT7621)

kexec is crashing the running kernel “loading” the new kernel. I can not get to the point of running `kexec -e` because the image can never load.

I am testing on a MT7621 device.

I have tried 5.4 kernel from 21.02-RC3 and also 5.10.43 from Head. Both exhibit the same failure.

I build and flash my image, and from the build i take `target-mipsel_24kc_musl/linux-ramips_mt7621/vmlinux.elf` which is the kernel in the image, in its original .elf form.

The image boots fine and has no issues.
scp the vmlinux.elf to /tmp

Execute:

# kexec -l –append=”console=ttyS0,115200 rootfstype=squashfs /tmp/vmlinux.elf

Modified cmdline:console=ttyS0,115200 rootfstype=squashfs 
Unable to find /proc/device-tree/chosen/[linux,]stdout-path, printing from purgatory is disabled
[  761.663355] kexec command line truncated to 256 bytes
[  761.668452] usercopy: Kernel memory overwrite attempt detected to kernel text (offset 81844, size 256)!
[  761.677856] Kernel bug detected[#1]:
[  761.681423] CPU: 2 PID: 1755 Comm: kexec Not tainted 5.10.43 #0
[  761.687317] $ 0   : 00000000 00000001 0000005b 00988000
[  761.692545] $ 4   : 805e4408 8101e378 810238f8 822e1ca8
[  761.697770] $ 8   : 00000001 822e1cc0 00000000 000019c8
[  761.702991] $12   : 74206465 ffffff7f 00000001 656b206f
[  761.708214] $16   : 800153b4 00000100 00000000 800154b4
[  761.713435] $20   : 0041e02c 80010000 00000000 00000000
[  761.718656] $24   : 00000000 80314988                  
[  761.723877] $28   : 822e0000 822e1e50 80650000 801507e8
[  761.729100] Hi    : 00000125
[  761.731964] Lo    : 122f2000
[  761.734845] epc   : 801507e8 usercopy_abort+0x94/0x98
[  761.739886] ra    : 801507e8 usercopy_abort+0x94/0x98
[  761.744913] Status: 1100fc03 KERNEL EXL IE 
[  761.749097] Cause : 50800024 (ExcCode 09)
[  761.753086] PrId  : 0001992f (MIPS 1004Kc)
[  761.757161] Modules linked in: mt7915e mt76 mac80211 cfg80211 hwmon crc_ccitt compat sha256_generic libsha256 seqiv jitterentropy_rng drbg hmac cmac leds_gpio gpio_button_hotplug zram zsmalloc
[  761.774316] Process kexec (pid: 1755, threadinfo=c9ceaefe, task=a03f7798, tls=77ef2ec8)
[  761.782284] Stack : 00000100 80568ddc 805b702c 80568f04 8055f414 8055f414 8055f414 00013fb4
[  761.790642]         00000100 8237ce00 00000100 80150940 822e1eb4 80010000 0041e02c 80069818
[  761.798997]         00000100 8237ce00 38e38e39 00000100 80015388 8237ce00 80010000 80014cb8
[  761.807354]         822e1eb0 00000100 00000006 8054f4ba 8237ce00 00000000 807c8ee0 8237ce20
[  761.815709]         00000000 00000003 00000000 800a4498 00000000 8012a078 00000000 815ba758
[  761.824061]         ...
[  761.826505] Call Trace:
[  761.828944] [<801507e8>] usercopy_abort+0x94/0x98
[  761.833632] [<80150940>] __check_object_size+0x154/0x1c4
[  761.838945] [<80014cb8>] machine_kexec_prepare+0x124/0x2c4
[  761.844430] [<800a4498>] sys_kexec_load+0x258/0x388
[  761.849293] [<800135f8>] syscall_common+0x34/0x58
[  761.853980] 
[  761.855461] Code: afa30010  0c01a5fe  24848e80 <000c000d> 3c02805d  8c4293fc  1c40006c  00000000  27bdffd0 
[  761.865209] 
[  761.866973] ---[ end trace 8145ef41fc12390f ]---
[  761.871748] Kernel panic - not syncing: Fatal exception
[  761.876984] Rebooting in 3 seconds..


Steven Johnson commented on 25.06.2021 14:59

this is caused by the kernel option currently set for all kernels:

CONFIG_HARDENED_USERCOPY=y

setting it to "n" lets kexec function normally.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing