KASan for ARM32
李文杰
liwenjie.liwenjie at bytedance.com
Tue Nov 8 23:55:00 PST 2022
Dear Linus Walleij and All,
1. I am porting the patch of kasan-for-arm32 form kernel v5.11-rc1 to v5.4.
2. I have compiled the patch successfully, but crashed when kernel bringup.
3. My SOC is Qualcomm Cortex-A53 which is 64 bits,but we used as 32
bits with ARMv7.
4. My OS is android R with Linux kernel-5.4. And my compiler is clang
version 11.0.2.
5. From the crash log, it seems that the shadow virtual address not
mapped the physical address in page table,which will lead to Page
Fault in kernel.
6. The crash log is below, could you help me? thanks very much.
[ 0.000000] kasan: Mapping kernel virtual memory block:
c0000000-c5a00000 at shadow: b7000000-b7b40000
[ 0.000000] kasan: Mapping kernel virtual memory block:
c5f10000-c5fff000 at shadow: b7be2000-b7bffe00
[ 0.000000] kasan: Mapping kernel virtual memory block:
c6300000-cab00000 at shadow: b7c60000-b8560000
[ 0.000000] kasan: Mapping kernel virtual memory block:
cff17000-e0000000 at shadow: b8fe2e00-bb000000
[ 0.000000] kasan: Mapping kernel virtual memory block:
e0100000-e0e00000 at shadow: bb020000-bb1c0000
[ 0.000000] kasan: Truncating shadow for memory block at
0x61f00000-0x7ee00000 to lowmem region at 0x78500000
[ 0.000000] kasan: Mapping kernel virtual memory block:
e1f00000-f8500000 at shadow: bb3e0000-be0a0000
[ 0.000000] kasan: Skip highmem block at 0x80000000-0xc0000000
[ 0.000000] kasan: Mapping kernel virtual memory block:
bf000000-c0000000 at shadow: b6e00000-b7000000
[ 0.000000] kasan: Kernel address sanitizer initialized
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.1 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: MIGRATE_INFO_TYPE not supported.
[ 0.000000] psci: SMC Calling Convention v1.1
[ 0.000000] psci: OSI mode supported.
[ 0.000000] psci: Switched to OSI mode.
[ 0.000000] percpu: max_distance=0x54000 too large for vmalloc space 0x0
[ 0.000000] percpu: Embedded 21 pages/cpu s55384 r8192 d22440 u86016
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 489452
[ 0.000000] Kernel command line: rcupdate.rcu_expedited=1
rcu_nocbs=0-7 console=ttyMSM0,115200n8
earlycon=msm_geni_serial,0x4a98000 androidboot.hardware=qcom
androidboot.console=ttyMSM0 androidboot.memcg=1
lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000
msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048
vmalloc=115M loop.max_part=7 iptable_raw.raw_before_defrag=1
ip6table_raw.raw_before_defrag=1 cgroup.memory=nokmem,nosocket
buildvariant=userdebug androidboot.verifiedbootstate=orange
androidboot.keymaster=1
androidboot.vbmeta.device=PARTUUID=b660edb8-6d68-f562-a75e-c0cb0849bb43
androidboot.vbmeta.avb_version=1.0
androidboot.vbmeta.device_state=unlocked
androidboot.vbmeta.hash_alg=sha256 androidboot.vbmeta.size=7296
androidboot.vbmeta.digest=16270a665acc5bf7cd1979131f5a2e50c57310e769a622f67bf50f6bcd79727b
androidboot.vbmeta.invalidate_on_error=yes
androidboot.veritymode=enforcing androidboot.bootdevice=4744000.sdhci
androidboot.fstab_suffix=emmc androidboot.b
[ 0.000000] rcu: rcu_nocbs= bad CPU range, all CPUs set
[ 0.000000] Dentry cache hash table entries: 131072 (order: 7,
524288 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144
bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] Memory: 1673344K/1965920K available (26624K kernel
code, 2220K rwdata, 10272K rodata, 1024K init, 8099K bss, 190176K
reserved, 102400K cma-reserved, 1053696K highmem)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc80000 - 0xfff00000 (2560 kB)
[ 0.000000] vmalloc : 0xf8500000 - 0xff800000 ( 115 MB)
[ 0.000000] lowmem : 0xe1f00000 - 0xf8500000 ( 358 MB)
[ 0.000000] vmalloc : 0xe0e00000 - 0xe1f00000 ( 17 MB)
[ 0.000000] lowmem : 0xe0100000 - 0xe0e00000 ( 13 MB)
[ 0.000000] vmalloc : 0xe0000000 - 0xe0100000 ( 1 MB)
[ 0.000000] lowmem : 0xcff17000 - 0xe0000000 ( 256 MB)
[ 0.000000] vmalloc : 0xcab00000 - 0xcff17000 ( 84 MB)
[ 0.000000] lowmem : 0xc6300000 - 0xcab00000 ( 72 MB)
[ 0.000000] vmalloc : 0xc5fff000 - 0xc6300000 ( 3 MB)
[ 0.000000] lowmem : 0xc5f10000 - 0xc5fff000 ( 0 MB)
[ 0.000000] vmalloc : 0xc5a00000 - 0xc5f10000 ( 5 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc5a00000 ( 90 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0x(ptrval) - 0x(ptrval) (27616 kB)
[ 0.000000] .init : 0x(ptrval) - 0x(ptrval) (1024 kB)
[ 0.000000] .data : 0x(ptrval) - 0x(ptrval) (2221 kB)
[ 0.000000] .bss : 0x(ptrval) - 0x(ptrval) (8100 kB)
[ 0.000000] random: get_random_u32 called from
__kmem_cache_create+0x30/0x53c with crng_init=0
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] kmemleak: Kernel memory leak detector disabled
[ 0.000000] rcu: Preemptible hierarchical RCU implementation.
[ 0.000000] rcu: RCU dyntick-idle grace-period acceleration is enabled.
[ 0.000000] rcu: RCU callback double-/use-after-free debug enabled.
[ 0.000000] All grace periods are expedited (rcu_expedited).
[ 0.000000] Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay
is 10 jiffies.
[ 0.000000] NR_IRQS: 16, nr_irqs: 16, preallocated irqs: 16
[ 0.000000] GICv3: 640 SPIs implemented
[ 0.000000] GICv3: 0 Extended SPIs implemented
[ 0.000000] GICv3: Distributor has no Range Selector support
[ 0.000000] GICv3: 16 PPIs implemented
[ 0.000000] GICv3: no VLPI support, no direct LPI support
[ 0.000000] rcu: Offload RCU callbacks from CPUs: 0-3.
[ 0.000000] arch_timer: cp15 and mmio timer(s) running at 19.20MHz
(virt/virt).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff
max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
[ 0.000011] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps
every 4398046511078ns
[ 0.008238] Switching to timer-based delay loop, resolution 52ns
[ 0.014426] clocksource: Switched to clocksource arch_sys_counter
[ 0.024041] Console: colour dummy device 80x30
[ 0.124502] Calibrating delay loop (skipped), value calculated
using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[ 0.135223] pid_max: default: 32768 minimum: 301
[ 0.140812] LSM: Security Framework initializing
[ 0.145911] SELinux: Initializing.
[ 0.150436] Mount-cache hash table entries: 2048 (order: 1, 8192
bytes, linear)
[ 0.158045] Mountpoint-cache hash table entries: 2048 (order: 1,
8192 bytes, linear)
[ 0.170524] CPU: Testing write buffer coherency:
[ 0.170601] 8<--- cut here ---
[ 0.178597] Unable to handle kernel paging request at virtual
address b7b43a00
[ 0.186030] pgd = (ptrval)
[ 0.188834] [b7b43a00] *pgd=768f2811, *pte=00000000, *ppte=00000000
[ 0.195307] Internal error: Oops: 7 [#1] PREEMPT SMP ARM
[ 0.200781] Modules linked in:
[ 0.203946] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
5.4.134-debug-g6c36c7b2bfe2-dirty #133
[ 0.212624] Hardware name: Qualcomm Technologies, Inc. MONACO
(Flattened Device Tree)
[ 0.220683] PC is at __asan_store4+0x2c/0x74
[ 0.225088] LR is at check_writebuffer+0x24/0x6c
[ 0.229853] pc : [<c03cd4cc>] lr : [<c260a5cc>] psr: 200000d3
[ 0.236310] sp : c2703f68 ip : c03cd4a0 fp : c2703f68
[ 0.241690] r10: 10c0387d r9 : c270e848 r8 : c270e848
[ 0.247072] r7 : c5a1f000 r6 : c5a1d000 r5 : c5a1d000 r4 : c5a1f000
[ 0.253795] r3 : 9f000000 r2 : 18b43a00 r1 : 00000003 r0 : c5a1d000
[ 0.260520] Flags: nzCv IRQs off FIQs off Mode SVC_32 ISA ARM
Segment none
[ 0.268040] Control: 10c0383d Table: 4000406a DAC: 00000051
[ 0.273953] Process swapper/0 (pid: 0, stack limit = 0x(ptrval))
[ 0.280143] Stack: (0xc2703f68 to 0xc2704000)
[ 0.284651] 3f60: c2703f78 c260a5cc 00000001
c2254793 c2703fa0 c260a4f8
[ 0.293079] 3f80: f79cc9e0 3b95544e 3b95544e c292f044 c292f04c
c558f000 c270e845 10c0387d
[ 0.301506] 3fa0: c2703fb0 c260734c 3b95544e 10c0387d c2703ff0
c2600b70 ffffffff ffffffff
[ 0.309933] 3fc0: 00000000 c2600cac c0123e38 c26a2264 3b95544e
00000000 c2600334 00000051
[ 0.318359] 3fe0: 10c0387d 00000000 4538e000 51af8014 00000000
00000000 00000000 00000000
[ 0.326769] Backtrace:
[ 0.329320] [<c0110760>] (dump_backtrace) from [<c0110be0>] (die+0x334/0x368)
[ 0.336667] r7:c2718900 r6:001fff00 r5:c2703f68 r4:c2703f18
[ 0.342505] [<c01108ac>] (die) from [<c011d024>]
(__do_kernel_fault+0x8c/0xa0)
[ 0.349954] r10:c2718900 r9:c2703f18 r8:c270e848 r7:00000000
r6:b7b43a00 r5:c2703f18
[ 0.358002] r4:00000007
[ 0.360632] [<c011cf98>] (__do_kernel_fault) from [<c011d3b4>]
(do_page_fault+0xac/0x408)
[ 0.369055] r7:c271a9d0 r6:c2718900 r5:b7b43a00 r4:c2700000
[ 0.374892] [<c011d3b4>] (do_page_fault) from [<c011d088>]
(do_DataAbort+0x50/0x104)
[ 0.382870] [<c01232a0>] (v7_early_abort) from [<c01019fc>]
(__dabt_svc+0x5c/0xa0)
[ 0.390657] Exception stack(0xc2703ee4 to 0xc2703f2c)
[ 0.395880] 3ee0: c011d088 c2703f10 c02aa424 c2703f10
c03cd4cc 200000d3 ffffffff
[ 0.404305] 3f00: c2703f4c c270e848 c2700000 10c0387d c2703f68
c01019fc c5a1d000 00000003
[ 0.412723] 3f20: 18b43a00 9f000000 c5a1f000
[ 0.417136] [<c268cea8>] (__ARMV7PILongThunk___asan_store4_noabort)
from [<c260a5cc>] (check_writebuffer+0x24/0x6c)
[ 0.427868] [<c260a5a8>] (check_writebuffer) from [<c260a4f8>]
(check_writebuffer_bugs+0xd4/0x184)
[ 0.437079] r5:c2254793 r4:00000001
[ 0.440787] [<c260a424>] (check_writebuffer_bugs) from [<c260734c>]
(check_bugs+0xc/0x30)
[ 0.449215] r10:10c0387d r8:c270e845 r7:c558f000 r6:c292f04c
r5:c292f044 r4:3b95544e
[ 0.457276] [<c2607340>] (check_bugs) from [<c2600b70>]
(start_kernel+0x3d8/0x468)
[ 0.465062] r10:10c0387d r4:3b95544e
More information about the linux-arm-kernel
mailing list