lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <eb1d1d7d-7ca6-677d-2ae5-911935706516@molgen.mpg.de>
Date:   Fri, 20 Jul 2018 09:49:40 +0200
From:   Paul Menzel <pmenzel+linux-x86@...gen.mpg.de>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org
Subject: UBSAN: Undefined behaviour in arch/x86/events/amd/ibs.c:582:24:
 member access within null pointer of type 'struct perf_event'

Dear Linux folks,


Enabling the undefined behavior sanitizer and building GNU/Linux 
4.18-rc5+ (with some unrelated commits) with GCC 8.1.0 from Debian 
Sid/unstable, the warning below is shown.

> [    2.111913] ================================================================================
> [    2.111917] UBSAN: Undefined behaviour in arch/x86/events/amd/ibs.c:582:24
> [    2.111919] member access within null pointer of type 'struct perf_event'
> [    2.111926] CPU: 0 PID: 144 Comm: udevadm Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
> [    2.111928] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
> [    2.111930] Call Trace:
> [    2.111943]  dump_stack+0x55/0x89
> [    2.111949]  ubsan_epilogue+0xb/0x33
> [    2.111953]  handle_null_ptr_deref+0x7f/0x90
> [    2.111958]  __ubsan_handle_type_mismatch_v1+0x55/0x60
> [    2.111964]  perf_ibs_handle_irq+0x596/0x620
> [    2.111968]  ? perf_output_sample+0x771/0xa90
> [    2.111971]  ? perf_prepare_sample+0x48a/0x8b0
> [    2.111976]  ? sched_clock_cpu+0x13/0x200
> [    2.111978]  ? perf_prepare_sample+0x8b0/0x8b0
> [    2.111982]  ? perf_output_end+0xd/0x10
> [    2.111985]  ? perf_event_output_forward+0x4e/0x70
> [    2.111990]  ? __perf_event_overflow+0x7b/0x1a0
> [    2.111993]  ? perf_event_overflow+0x15/0x20
> [    2.111996]  ? x86_pmu_handle_irq+0x180/0x230
> [    2.112001]  ? x86_pmu_enable_all+0x6c/0x1b0
> [    2.112005]  ? x86_pmu_commit_txn+0xc1/0x190
> [    2.112012]  ? native_sched_clock+0x32/0x120
> [    2.112017]  perf_ibs_nmi_handler+0x2b/0x65
> [    2.112020]  nmi_handle+0x8f/0x240
> [    2.112025]  default_do_nmi+0x4e/0x2e0
> [    2.112028]  do_nmi+0xb7/0x100
> [    2.112032]  nmi+0x51/0x6c
> [    2.112036] EIP: x86_pmu_enable_all+0x6c/0x1b0
> [    2.112037] Code: 10 01 00 00 8b 45 e8 8b 75 e4 81 ca 00 00 40 00 f7 d0 21 d0 8b 93 14 01 00 00 f7 d6 8b 9b 20 01 00 00 21 d6 89 d9 89 f2 0f 30 <0f> 1f 44 00 00 47 39 3d 08 cd 40 d6 0f 8e a1 00 00 00 83 ff 3f 0f 
> [    2.112079] EAX: 00530076 EBX: c0010000 ECX: c0010000 EDX: 00000000
> [    2.112081] ESI: 00000000 EDI: 00000000 EBP: f2cffaf0 ESP: f2cffacc
> [    2.112083] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000046
> [    2.112089]  x86_pmu_enable+0x162/0x480
> [    2.112094]  perf_pmu_enable.part.39+0x14/0x30
> [    2.112097]  ctx_resched+0xa4/0x130
> [    2.112101]  __perf_event_enable+0x1d0/0x390
> [    2.112104]  ? ctx_resched+0x130/0x130
> [    2.112107]  event_function+0xb2/0x1b0
> [    2.112111]  ? task_function_call+0x80/0x80
> [    2.112113]  remote_function+0x45/0x60
> [    2.112118]  flush_smp_call_function_queue+0x6c/0x1e0
> [    2.112123]  generic_smp_call_function_single_interrupt+0x12/0x2a
> [    2.112126]  smp_call_function_single_interrupt+0x3c/0x1c0
> [    2.112129]  call_function_single_interrupt+0x3c/0x44
> [    2.112134] EIP: kmem_cache_alloc+0x65/0x3e0
> [    2.112135] Code: 45 e4 89 da e8 1c d8 f9 ff 85 c0 0f 85 eb 01 00 00 e9 ef 00 00 00 8b 45 e4 89 45 e8 8b 75 e8 85 f6 0f 84 d5 01 00 00 8b 45 e8 <8b> 30 64 8b 4e 04 64 03 35 28 71 51 d6 85 f6 0f 84 e9 02 00 00 8b 
> [    2.112172] EAX: f4c60300 EBX: 00000000 ECX: 00000001 EDX: 00611ac0
> [    2.112174] ESI: f4c60300 EDI: f4c60300 EBP: f2cffc5c ESP: f2cffc28
> [    2.112177] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000286
> [    2.112183]  ? create_object+0x3a/0x3a0
> [    2.112186]  create_object+0x3a/0x3a0
> [    2.112190]  ? create_object+0x270/0x3a0
> [    2.112194]  kmemleak_alloc+0x9b/0xb0
> [    2.112199]  __kmalloc_track_caller+0x18c/0x420
> [    2.112203]  ? __alloc_skb+0x6c/0x2b0
> [    2.112208]  __kmalloc_reserve.isra.16+0x28/0x80
> [    2.112211]  __alloc_skb+0x6c/0x2b0
> [    2.112215]  alloc_uevent_skb+0x4a/0x160
> [    2.112218]  ? add_uevent_var+0x57/0x130
> [    2.112222]  kobject_uevent_env+0x599/0xa10
> [    2.112228]  ? device_get_devnode+0x1a0/0x1a0
> [    2.112231]  kobject_synth_uevent+0x36e/0x515
> [    2.112234]  ? mntput+0x2f/0x60
> [    2.112239]  uevent_store+0x2b/0x70
> [    2.112241]  ? __check_heap_object+0x4c/0x190
> [    2.112244]  ? dev_err+0x50/0x50
> [    2.112247]  dev_attr_store+0x33/0x60
> [    2.112249]  ? dev_uevent_name+0x40/0x40
> [    2.112254]  sysfs_kf_write+0x5e/0x100
> [    2.112257]  ? mutex_lock+0x2a/0x80
> [    2.112260]  ? sysfs_kf_bin_read+0x170/0x170
> [    2.112263]  kernfs_fop_write+0x132/0x250
> [    2.112266]  ? kernfs_fop_open+0x660/0x660
> [    2.112270]  __vfs_write+0x52/0x2d0
> [    2.112273]  ? kmemleak_free+0x6d/0x90
> [    2.112277]  ? kmem_cache_free+0xc6/0x440
> [    2.112281]  vfs_write+0xb0/0x2b0
> [    2.112284]  ? do_sys_open+0x174/0x2a0
> [    2.112287]  ksys_write+0x51/0xc0
> [    2.112291]  sys_write+0x16/0x20
> [    2.112294]  do_fast_syscall_32+0xce/0x3e0
> [    2.112298]  entry_SYSENTER_32+0x4e/0x7c
> [    2.112301] EIP: 0xb7f0fbb5
> [    2.112302] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
> [    2.112339] EAX: ffffffda EBX: 00000003 ECX: bfadbf54 EDX: 00000003
> [    2.112341] ESI: 01f0a640 EDI: 00000003 EBP: bfadaf0c ESP: bfadae80
> [    2.112344] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
> [    2.112347] ================================================================================


Kind regards,

Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ