[PATCH 0/5 v16] KASan for Arm

Dmitry Osipenko digetx at gmail.com
Mon Nov 2 13:10:27 EST 2020 

29.10.2020 21:10, Ard Biesheuvel пишет:
> On Thu, 29 Oct 2020 at 18:45, Dmitry Osipenko <digetx at gmail.com> wrote:
>>
>> 19.10.2020 11:41, Linus Walleij пишет:
>>> This is the 16th and final (knock on wood) version of
>>> KASan for ARM32.
>>
>> Hi,
>>
>> I tried KASAN on NVIDIA Tegra using next-20201029 and getting a (seems)
>> bogus bug report saying that the bug is in the KASAN code (note
>> udc_irq() belongs to the ChipIdea USB driver), this problem doesn't
>> happen using one of older versions of the KASAN patches.
>>
> 
> That is probably a coincidence. I ran into the same thing:
> 
> https://lore.kernel.org/linux-arm-kernel/20201029001753.717-1-ardb@kernel.org/
> 
> I am not sure this is the right fix, but it does silence the warning for me.

Spotted another similar problem, seems also bogus.

This is what happens on any driver module reload:

==================================================================
BUG: KASAN: global-out-of-bounds in load_module+0xc93/0x2c0c
Write of size 20480 at addr bf819000 by task modprobe/229

CPU: 2 PID: 229 Comm: modprobe Tainted: G        WC
5.10.0-rc1-next-20201102-00072-g37765d4f3395 #4497
Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
[<c01115e5>] (unwind_backtrace) from [<c010c181>] (show_stack+0x11/0x14)
[<c010c181>] (show_stack) from [<c0f38b6b>] (dump_stack+0x8b/0xa0)
[<c0f38b6b>] (dump_stack) from [<c031da9f>]
(print_address_description.constprop.0+0x15f/0x360)
[<c031da9f>] (print_address_description.constprop.0) from [<c031de1f>]
(kasan_report+0x103/0x11c)
[<c031de1f>] (kasan_report) from [<c031e3bb>]
(check_memory_region+0xc3/0x11c)
[<c031e3bb>] (check_memory_region) from [<c031d107>] (memset+0x13/0x24)
[<c031d107>] (memset) from [<c01e001f>] (load_module+0xc93/0x2c0c)
[<c01e001f>] (load_module) from [<c01e220b>] (sys_finit_module+0xd7/0x104)
[<c01e220b>] (sys_finit_module) from [<c01000a1>]
(ret_fast_syscall+0x1/0x24)
Exception stack(0xc377bfa8 to 0xc377bff0)
bfa0:                   0003f3e8 00000001 00000003 0002b744 00000000
b6db4e34
bfc0: 0003f3e8 00000001 6106d000 0000017b 0003f490 00000000 0003f3e8
000401c8
bfe0: b6db4db8 b6db4da8 00022534 aec9f250


Memory state around the buggy address:
 bf81b180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 bf81b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>bf81b280: 00 00 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9
                                            ^
 bf81b300: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 05 f9
 bf81b380: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 00 05 f9
==================================================================
Disabling lock debugging due to kernel taint

More information about the linux-arm-kernel mailing list