[PATCH 0/5 v16] KASan for Arm

Ard Biesheuvel ardb at kernel.org
Thu Oct 29 14:10:47 EDT 2020


On Thu, 29 Oct 2020 at 18:45, Dmitry Osipenko <digetx at gmail.com> wrote:
>
> 19.10.2020 11:41, Linus Walleij пишет:
> > This is the 16th and final (knock on wood) version of
> > KASan for ARM32.
>
> Hi,
>
> I tried KASAN on NVIDIA Tegra using next-20201029 and getting a (seems)
> bogus bug report saying that the bug is in the KASAN code (note
> udc_irq() belongs to the ChipIdea USB driver), this problem doesn't
> happen using one of older versions of the KASAN patches.
>

That is probably a coincidence. I ran into the same thing:

https://lore.kernel.org/linux-arm-kernel/20201029001753.717-1-ardb@kernel.org/

I am not sure this is the right fix, but it does silence the warning for me.


> [   27.700859]
> ==================================================================
> [   27.720575] BUG: KASAN: stack-out-of-bounds in save_trace+0xbf/0xf8
> [   27.740119] Read of size 4 at addr c4dc7038 by task kworker/0:1H/124
>
> [   27.778724] CPU: 0 PID: 124 Comm: kworker/0:1H Tainted: G        W
>      5.10.0-rc1-next-20201029-00144-g367ba7b6ebb4 #4327
> [   27.818361] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
> [   27.838599] Workqueue: mmc_complete mmc_blk_mq_complete_work
> [   27.858795] [<c0111a05>] (unwind_backtrace) from [<c010c26d>]
> (show_stack+0x11/0x14)
> [   27.879038] [<c010c26d>] (show_stack) from [<c0f42e5b>]
> (dump_stack+0x8b/0xa0)
> [   27.899374] [<c0f42e5b>] (dump_stack) from [<c031d8f7>]
> (print_address_description.constprop.0+0x2b/0x360)
> [   27.939249] [<c031d8f7>] (print_address_description.constprop.0) from
> [<c031ddab>] (kasan_report+0x103/0x11c)
> [   27.979769] [<c031ddab>] (kasan_report) from [<c010bddb>]
> (save_trace+0xbf/0xf8)
> [   28.000506] [<c010bddb>] (save_trace) from [<c010bd11>]
> (walk_stackframe+0x19/0x24)
> [   28.021501] [<c010bd11>] (walk_stackframe) from [<c010bf07>]
> (__save_stack_trace+0xf3/0xf8)
> [   28.042658] [<c010bf07>] (__save_stack_trace) from [<c01b8c4d>]
> (stack_trace_save+0x75/0x8c)
> [   28.063740] [<c01b8c4d>] (stack_trace_save) from [<c031d019>]
> (kasan_save_stack+0x11/0x28)
> [   28.084979] [<c031d019>] (kasan_save_stack) from [<c031d04d>]
> (kasan_set_track+0x1d/0x20)
> [   28.106135] [<c031d04d>] (kasan_set_track) from [<c031e461>]
> (kasan_set_free_info+0x19/0x20)
> [   28.127351] [<c031e461>] (kasan_set_free_info) from [<c031cfe5>]
> (__kasan_slab_free+0xa5/0xc8)
> [   28.148491] [<c031cfe5>] (__kasan_slab_free) from [<c0318b7f>]
> (kfree+0x7b/0x374)
> [   28.169910] [<c0318b7f>] (kfree) from [<c09bbe7f>] (udc_irq+0x477/0xe18)
> [   28.191214] [<c09bbe7f>] (udc_irq) from [<c019cb09>]
> (__handle_irq_event_percpu+0x71/0x2d4)
> [   28.212693] [<c019cb09>] (__handle_irq_event_percpu) from
> [<c019cde1>] (handle_irq_event_percpu+0x75/0xb8)
> [   28.255076] [<c019cde1>] (handle_irq_event_percpu) from [<c019ce67>]
> (handle_irq_event+0x43/0x64)
> [   28.277174] [<c019ce67>] (handle_irq_event) from [<c01a1bbb>]
> (handle_fasteoi_irq+0xcf/0x18c)
> [   28.299436] [<c01a1bbb>] (handle_fasteoi_irq) from [<c019bd4b>]
> (generic_handle_irq+0x3b/0x44)
> [   28.321825] [<c019bd4b>] (generic_handle_irq) from [<c019c34b>]
> (__handle_domain_irq+0x5f/0xa8)
> [   28.344383] [<c019c34b>] (__handle_domain_irq) from [<c06b30cf>]
> (gic_handle_irq+0x87/0x9c)
> [   28.367176] [<c06b30cf>] (gic_handle_irq) from [<c0100b23>]
> (__irq_svc+0x63/0xb0)
> [   28.390118] Exception stack(0xc4dc6f58 to 0xc4dc6fa0)
> [   28.413200] 6f40:
>   c1fa88c4 00000000
> [   28.436622] 6f60: c1fa88c4 00000000 c5557800 00000000 00000001
> c5557808 00000001 c1fa88c0
> [   28.460176] 6f80: 00000000 c466c000 b782c97b c4dc6fac c0bdcfa1
> c0bdd51e 60070133 ffffffff
> [   28.484070] [<c0100b23>] (__irq_svc) from [<c0bdd51e>]
> (__qdisc_run+0x6d2/0x7b8)
> [   28.508082] [<c0bdd51e>] (__qdisc_run) from [<c0100155>]
> (ret_from_fork+0x11/0x1c)
> [   28.532185] Exception stack(0xc4dc6ffc to 0xc4dc7044)
> [   28.556578] 6fe0:
>            00000000
> [   28.581249] 7000: c1902d18 c4dc8000 00000000 00000000 00000003
> 00000000 00000000 00000001
> [   28.605909] 7020: 41b58ab3 c1864c40 c0b94e6c 00000800 00000000
> c2c01e00 00000001 c09bbe7f
> [   28.630740] 7040: fffffff4
>
> [   28.679636] The buggy address belongs to the page:
> [   28.704480] page:bc50e6d8 refcount:0 mapcount:0 mapping:00000000
> index:0x0 pfn:0x84dc7
> [   28.729687] flags: 0x0()
> [   28.754372] raw: 00000000 defa7000 defa7000 00000000 00000000
> 00000000 ffffffff 00000000
> [   28.779394] raw: 00000000
> [   28.804339] page dumped because: kasan: bad access detected
>
> [   28.854326] addr c4dc7038 is located in stack of task
> kworker/0:1H/124 at offset 24 in frame:
> [   28.880073]  __dev_queue_xmit+0x0/0x9cc
>
> [   28.931135] this frame has 4 objects:
> [   28.956624]  [32, 36) 'rc'
> [   28.956638]  [48, 52) 'to_free'
> [   28.981922]  [64, 72) '_udphdr'
> [   29.007038]  [96, 116) '_tcphdr'
>
> [   29.081989] Memory state around the buggy address:
> [   29.106884]  c4dc6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [   29.132106]  c4dc6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [   29.157134] >c4dc7000: 00 00 00 00 f1 f1 f1 f1 04 f2 04 f2 00 f2 f2 f2
> [   29.181980]                                 ^
> [   29.206867]  c4dc7080: 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
> [   29.231827]  c4dc7100: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3
> [   29.257034]
> ==================================================================
>



More information about the linux-arm-kernel mailing list