lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 4 Oct 2013 09:40:17 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Russell King <rmk+kernel@....linux.org.uk>
Cc:	linux-kernel@...r.kernel.org, fengguang.wu@...el.com
Subject: [DMA-API] BUG: unable to handle kernel NULL pointer dereference at
 0000000000000248

Hi Russell,

I got the below dmesg and the first bad commit is

commit 2713c99438b00d67b4bd88eaf9713c8645c8daf7
Author: Russell King <rmk+kernel@....linux.org.uk>
Date:   Thu Jun 27 14:14:43 2013 +0100

    DMA-API: dcdbas: update DMA mask handing
    
    dcdbas was explicitly initializing DMA masks thusly:
    	dcdbas_pdev->dev.coherent_dma_mask = DMA_BIT_MASK(32);
    	dcdbas_pdev->dev.dma_mask = &dcdbas_pdev->dev.coherent_dma_mask;
    which bypasses the architecture check.  Moreover, it is creating the
    dcdbas_pdev device itself, and using the platform_device_register_full()
    avoids some of this explicit initialization.
    
    Convert the driver to use platform_device_register_full(), and as it
    makes use of coherent DMA, also call dma_set_coherent_mask() to ensure
    that the architecture gets to check the mask.
    
    Signed-off-by: Russell King <rmk+kernel@....linux.org.uk>

This BUG does not show up in upstream and linux-next, so either the
commit has not been merged or has been fixed somewhere.

[  267.537083] sdhci-pltfm: SDHCI platform and OF driver helper
[  267.602219] ledtrig-cpu: registered to indicate activity on CPUs
[  267.656654] BUG: unable to handle kernel NULL pointer dereference at 0000000000000248
[  267.656689] IP: [<ffffffff810073c9>] dma_supported+0x9/0xa0
[  267.656689] PGD 0 
[  267.656689] Oops: 0000 [#1] PREEMPT 
[  267.656689] CPU: 0 PID: 1 Comm: swapper Not tainted 3.12.0-rc2-00154-g12c6060 #3
[  267.656689] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  267.656689] task: ffff88000d868000 ti: ffff88000d864000 task.ti: ffff88000d864000
[  267.656689] RIP: 0010:[<ffffffff810073c9>]  [<ffffffff810073c9>] dma_supported+0x9/0xa0
[  267.656689] RSP: 0000:ffff88000d865cb0  EFLAGS: 00000202
[  267.656689] RAX: ffffffff814c0b90 RBX: 00000000fffffffb RCX: 0000000000000001
[  267.656689] RDX: 0000000000000780 RSI: 00000000ffffffff RDI: 0000000000000010
[  267.656689] RBP: ffff88000d865cb0 R08: 0000000000000001 R09: 0000000000000001
[  267.656689] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  267.656689] R13: ffff88000f5eb400 R14: ffffffff81c85240 R15: 0000000000000000
[  267.656689] FS:  0000000000000000(0000) GS:ffffffff81a6b000(0000) knlGS:0000000000000000
[  267.656689] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  267.656689] CR2: 0000000000000248 CR3: 0000000001a5c000 CR4: 00000000000006b0
[  267.656689] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  267.656689] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[  267.656689] Stack:
[  267.656689]  ffff88000d865cd8 ffffffff816878d6 ffff88000f5eb410 ffffffff81d00128
[  267.656689]  ffff88000f5eb400 ffff88000d865d08 ffffffff814c0bce ffffffff814bf06e
[  267.656689]  ffff88000f5eb410 ffff88000f5eb410 ffffffff81d00128 ffff88000d865d30
[  267.656689] Call Trace:
[  267.656689]  [<ffffffff816878d6>] dcdbas_probe+0x46/0xb0
[  267.656689]  [<ffffffff814c0bce>] platform_drv_probe+0x3e/0x70
[  267.656689]  [<ffffffff814bf06e>] ? driver_sysfs_add+0x6e/0xa0
[  267.656689]  [<ffffffff814bf495>] really_probe+0xc5/0x1e0
[  267.656689]  [<ffffffff814bf5d0>] ? driver_probe_device+0x20/0x20
[  267.656689]  [<ffffffff814bf625>] __device_attach+0x55/0x70
[  267.656689]  [<ffffffff814bdc6e>] bus_for_each_drv+0x5e/0xb0
[  267.656689]  [<ffffffff814bf328>] device_attach+0x78/0x90
[  267.656689]  [<ffffffff814bdee5>] bus_probe_device+0x35/0xd0
[  267.656689]  [<ffffffff814bbafd>] device_add+0x4ad/0x720
[  267.656689]  [<ffffffff814c11f0>] platform_device_add+0x180/0x210
[  267.656689]  [<ffffffff814c14a0>] platform_device_register_full+0xb0/0x110
[  267.656689]  [<ffffffff81d57880>] ? dcdrbu_init+0x15a/0x15a
[  267.656689]  [<ffffffff81d578a6>] dcdbas_init+0x26/0x51
[  267.656689]  [<ffffffff81d23e62>] do_one_initcall+0x7d/0x115
[  267.656689]  [<ffffffff81d2403d>] kernel_init_freeable+0x143/0x1cf
[  267.656689]  [<ffffffff81d23831>] ? do_early_param+0x8a/0x8a
[  267.656689]  [<ffffffff8174da90>] ? rest_init+0xc0/0xc0
[  267.656689]  [<ffffffff8174da99>] kernel_init+0x9/0x170
[  267.656689]  [<ffffffff817623ca>] ret_from_fork+0x7a/0xb0
[  267.656689]  [<ffffffff8174da90>] ? rest_init+0xc0/0xc0
[  267.656689] Code: 0c 48 0f bd c6 8d 70 01 e8 05 24 0f 00 48 8b 5d f0 4c 8b 65 f8 c9 c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 ff 48 89 e5 74 0c <48> 8b 87 38 02 00 00 48 85 c0 75 0b 48 8b 05 3c e0 a5 00 0f 1f 
[  267.656689] RIP  [<ffffffff810073c9>] dma_supported+0x9/0xa0
[  267.656689]  RSP <ffff88000d865cb0>
[  267.656689] CR2: 0000000000000248
[  267.751209] ---[ end trace a1914743e6b14bdd ]---

git bisect start 12c6060d1380098bb69fad0c26200557d0763355 4a10c2ac2f368583138b774ca41fac4207911983 --
git bisect good 5dd16df0949a73a3dfd7bfb976d68d6ba2e0676e  # 07:52     60+  Merge remote-tracking branch 'rcu/rcu/fixes' into kbuild_tmp
git bisect good 8706fffa0da105de430ae2492c37348c076140fa  # 11:41     60+  DMA-API: usb: use new dma_coerce_mask_and_coherent()
git bisect good f516e2c9ecdcc717d25fe1533805a7960310c186  # 12:49     60+  Merge branch 'bnx2x'
git bisect  bad 55871ea05974c2bbd3082bbae95448eea777873a  # 12:54      0-  ARM: DMA-API: better handing of DMA masks for coherent allocations
git bisect good 067f3c33c61816c4cb34f91f1a73dbd86fe6f867  # 17:37     60+  DMA-API: crypto: remove last references to 'static struct device *dev'
git bisect good cf792a24d10b66d903549fe911084fda0cc78bb9  # 18:46     60+  DMA-API: dma: edma.c: no need to explicitly initialize DMA masks
git bisect  bad aff71e59b441bcef245d86e82903950d5581a3aa  # 18:55      0-  DMA-API: firmware/google/gsmi.c: avoid direct access to DMA masks
git bisect  bad 2713c99438b00d67b4bd88eaf9713c8645c8daf7  # 18:57      0-  DMA-API: dcdbas: update DMA mask handing
git bisect good cf792a24d10b66d903549fe911084fda0cc78bb9  # 00:20    180+  DMA-API: dma: edma.c: no need to explicitly initialize DMA masks
git bisect  bad 12c6060d1380098bb69fad0c26200557d0763355  # 00:20      0-  Merge remote-tracking branch 'arm-soc/to-build' into kbuild_tmp
git bisect good f1ee84840f837a5939f40cf07c3e6bceeb2a5432  # 05:48    180+  Revert "DMA-API: dcdbas: update DMA mask handing"
git bisect good 6d15ee492809d38bd62237b6d0f6a81d4dd12d15  # 06:22    180+  Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
git bisect good a0cf1abc25ac197dd97b857c0f6341066a8cb1cf  # 09:25    180+  Add linux-next specific files for 20130927

Thanks,
Fengguang

View attachment "dmesg-quantal-ant-3:20130924081102:3.12.0-rc2-00154-g12c6060:3" of type "text/plain" (42858 bytes)

Download attachment "bisect-12c6060d1380098bb69fad0c26200557d0763355-x86_64-randconfig-c8-0924-BUG:-unable-to-handle-kernel-NULL-pointer-dereference-at-90445.log" of type "application/octet-stream" (32639 bytes)

View attachment "config-3.12.0-rc2-00154-g12c6060" of type "text/plain" (74449 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ