lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181223193821.GA24922@Red>
Date:   Sun, 23 Dec 2018 20:38:21 +0100
From:   Corentin Labbe <clabbe.montjoie@...il.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [BUG] net: sungem: device driver frees DMA memory with wrong function

Hello

During a boot on a qemu machine, I hit the following problem:
[   21.613659] ------------[ cut here ]------------
[   21.614039] DMA-API: gem 0000:00:0f.0: device driver frees DMA memory with wrong function [device address=0x00000000185c5402] [size=408 bytes] [mapped as page] [unmapped as single]
[   21.615960] WARNING: CPU: 0 PID: 206 at /linux-next/kernel/dma/debug.c:1085 check_unmap+0x1b0/0xd10
[   21.616599] Modules linked in:
[   21.617344] CPU: 0 PID: 206 Comm: dhcpcd Not tainted 4.20.0-rc6-next-20181217+ #12
[   21.617735] NIP:  c00ad4e0 LR: c00ad4e0 CTR: c058a710
[   21.618068] REGS: dfff7cb0 TRAP: 0700   Not tainted  (4.20.0-rc6-next-20181217+)
[   21.618404] MSR:  00021032 <ME,IR,DR,RI>  CR: 28008264  XER: 00000000
[   21.618789] 
[   21.618789] GPR00: c00ad4e0 dfff7d60 d85924c0 000000a8 00000102 00000101 000000fe 5d205b6d 
[   21.618789] GPR08: 00000007 00000000 00000000 000000fe 22008864 100581b4 dfff7f1c de019508 
[   21.618789] GPR16: 00000000 de019000 00000001 c0a67f00 00000004 c0b44018 c0a31fc4 c0b43bdc 
[   21.618789] GPR24: 00009032 c0dadedc c0db0000 c0da999c c0b43bdc c0c0b178 dfff7de0 de076ce8 
[   21.620219] NIP [c00ad4e0] check_unmap+0x1b0/0xd10
[   21.620478] LR [c00ad4e0] check_unmap+0x1b0/0xd10
[   21.620703] Call Trace:
[   21.620963] [dfff7d60] [c00ad4e0] check_unmap+0x1b0/0xd10 (unreliable)
[   21.621379] [dfff7dd0] [c00ae128] debug_dma_unmap_page+0xe8/0x120
[   21.621656] [dfff7e40] [c05a865c] gem_poll+0x1000/0x18fc
[   21.621863] [dfff7f00] [c071f044] net_rx_action+0x1b8/0x41c
[   21.622242] [dfff7f80] [c08a287c] __do_softirq+0x17c/0x3b0
[   21.622495] [dfff7ff0] [c0011378] call_do_softirq+0x24/0x3c
[   21.622697] [d86c9c20] [c000724c] do_softirq_own_stack+0x3c/0x7c
[   21.623008] [d86c9c40] [c004e800] do_softirq.part.1+0x64/0x7c
[   21.623292] [d86c9c60] [c004e8d4] __local_bh_enable_ip+0xbc/0x138
[   21.623526] [d86c9c80] [c071c9b4] __dev_queue_xmit+0x28c/0x874
[   21.623776] [d86c9cf0] [c083ebe8] packet_snd+0x4f8/0x988
[   21.624057] [d86c9d80] [c06eddb8] sock_sendmsg+0x20/0x40
[   21.624410] [d86c9d90] [c06ede94] sock_write_iter+0xbc/0x138
[   21.624636] [d86c9df0] [c018f50c] do_iter_readv_writev+0x1dc/0x1f4
[   21.624872] [d86c9e40] [c01925a8] do_iter_write+0xb4/0x350
[   21.625143] [d86c9e80] [c01928f4] vfs_writev+0x88/0x140
[   21.625446] [d86c9f00] [c0192a1c] do_writev+0x70/0x104
[   21.625621] [d86c9f40] [c001912c] ret_from_syscall+0x0/0x38
[   21.626001] --- interrupt: c01 at 0xfedbd08
[   21.626001]     LR = 0xffbc1f8
[   21.626357] Instruction dump:
[   21.626719] 7eb5ba14 7e95a214 2b940014 419d0970 92c10008 7efcba14 3c60c0a1 7e649b78 
[   21.627152] 38637cac 80d7043c 90c1000c 4bf9d36d <0fe00000> 8261003c 82810040 82a10044 
[   21.627665] ---[ end trace fd53714bd2a5fd06 ]---

After some pr_info, I found that the function triggering this is the pci_unmap_page() in gem_tx().
So clearly this WARNING() is strange since it says "unmapped as single".

The qemu is ran with:
qemu-system-ppc -machine mac99,via=pmu -nographic -net nic,model=sungem,macaddr=52:54:00:12:34:58 -net tap -m 512 -monitor none -append "console=ttyPZ0 root=/dev/ram0" -kernel vmlinux -initrd rootfs.cpio.gz -drive format=qcow2,file=lava-guest.qcow2,media=disk,id=test,if=ide

Regards

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ