lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8134890a-457d-7803-01a4-1832f925f65f@amlogic.com>
Date:   Wed, 20 Mar 2019 11:33:52 +0800
From:   Liang Yang <liang.yang@...ogic.com>
To:     Martin Blumenstingl <martin.blumenstingl@...glemail.com>
CC:     Miquel Raynal <miquel.raynal@...tlin.com>, <mark.rutland@....com>,
        <devicetree@...r.kernel.org>, <jianxin.pan@...ogic.com>,
        <linux-kernel@...r.kernel.org>, <robh+dt@...nel.org>,
        <linux-mtd@...ts.infradead.org>,
        <linux-amlogic@...ts.infradead.org>,
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [RFC PATCH nand-next 0/2] meson-nand: support for older SoCs

Hi Martin,

Thanks for your time.
On 2019/3/20 4:27, Martin Blumenstingl wrote:
> Hello Liang,
> 
> On Sat, Mar 16, 2019 at 11:55 AM Martin Blumenstingl
> <martin.blumenstingl@...glemail.com> wrote:
> [...]
>>> Martin, Now i am not sure whether NFC driver leads to kernel panic when
>>> calling kmem_cache_alloc_trace.
>> thank you for confirming that it works for you on GXL
>>
>> I'm not sure that this is a NFC driver problem.
>> after enabling CONFIG_SLAB_FREELIST_HARDENED in my kernel config the
>> crash moves. it's now crashing in slub.c's kfree() at
>> BUG_ON(!PageCompound(page));
> I added some debug prints in meson_nfc_read_buf() to get some details
> about the info buffer before the crash,
> format is: meson_nfc_read_buf <virtual address> <physical address>
> 
> during my first test three different addresses are used:
> - meson_nfc_read_buf e9e6c640 0x29e6c640 (works fine)
> - meson_nfc_read_buf e9e6c680 0x29e6c680 (works fine)
> - meson_nfc_read_buf ee39a34b 0x2e39a34b (crashes during kfree)
> 
> so I tried playing around with the allocation size (see the attached
> patch) and changed it to:
>    kzalloc(PER_INFO_BYTE + 64, GFP_KERNEL)
> this results in the following addresses being used:
> - meson_nfc_read_buf e9ea4280 0x29ea4280 (works fine)
> - meson_nfc_read_buf e9ea4300 0x29ea4300 (works fine)
> (there is no crash anymore)
> 
> Liang, are there any special requirements on the "info address" like
> the alignment?
It must be 4 bytes alignment. i have met it previously when debugging 
NFC driver on AXG platform, but it is not specified on spec. Now i am 
confused that how to get the no aligned address "xe39a34b" when using 
kmalloc; i think it should return the aligned address. doesn't it?

> also do you know why the PER_INFO_BYTE buffer is allocated dynamically
> in meson_nfc_read_buf() instead of allocating it at initialization?
> I'm not saying that it should be changed! I'm curious because there's
> per-meson_nfc_nand_chip info and data buffers which are allocated at
> initialization time.
> NAND scan or initialization is divided into three stages: 
nand_scan_ident->nand_attach->nand_scan_tail. info and data buffer which 
depend on the result of nand_scan_ident are allocated on nand_attach; so 
nand_scan_ident can not use the info buffer on meson_nfc_nand_chip.
Allocating a fixed size info buffer before nand_scan_ident and attach it 
on the struct meson_nfc; Or considering not use dma for reading data 
less than 8 bytes. Both can reduce kmalloc and kfree calling. Thanks.
> 
> meson_nfc_read_buf debug log with PER_INFO_BYTE allocation:
> [    2.032914] meson_nfc_read_buf e9e6c640 0x29e6c640
> [    2.033005] meson_nfc_dma_buffer_setup 0x29e6c640
> [    2.037717] meson_nfc_read_buf: about to kfree info
> [    2.042535] meson_nfc_read_buf: kfree'd info
> [    2.046794] meson_nfc_read_buf e9e6c640 0x29e6c640
> [    2.051552] meson_nfc_dma_buffer_setup 0x29e6c640
> [    2.056261] meson_nfc_read_buf: about to kfree info
> [    2.061086] meson_nfc_read_buf: kfree'd info
> [    2.065356] meson_nfc_read_buf e9e6c680 0x29e6c680
> [    2.070102] meson_nfc_dma_buffer_setup 0x29e6c680
> [    2.074810] meson_nfc_read_buf: about to kfree info
> [    2.079635] meson_nfc_read_buf: kfree'd info
> [    2.083978] meson_nfc_read_buf e9e6c640 0x29e6c640
> [    2.088684] meson_nfc_dma_buffer_setup 0x29e6c640
> [    2.093334] meson_nfc_read_buf: about to kfree info
> [    2.098199] meson_nfc_read_buf: kfree'd info
> [    2.102446] meson_nfc_read_buf e9e6c640 0x29e6c640
> [    2.107208] meson_nfc_dma_buffer_setup 0x29e6c640
> [    2.111883] meson_nfc_read_buf: about to kfree info
> [    2.116765] meson_nfc_read_buf: kfree'd info
> [    2.120996] meson_nfc_read_buf e9e6c640 0x29e6c640
> [    2.125762] meson_nfc_dma_buffer_setup 0x29e6c640
> [    2.130433] meson_nfc_read_buf: about to kfree info
> [    2.135294] meson_nfc_read_buf: kfree'd info
> [    2.139545] Could not find a valid ONFI parameter page, trying
> bit-wise majority to recover it
> [    2.148173] ONFI parameter recovery failed, aborting
> [    2.153058] meson_nfc_read_buf e9e6c680 0x29e6c680
> [    2.157831] meson_nfc_dma_buffer_setup 0x29e6c680
> [    2.162527] meson_nfc_read_buf: about to kfree info
> [    2.167369] meson_nfc_read_buf: kfree'd info
> [    2.171611] meson_nfc_read_buf ee39a34b 0x2e39a34b
> [    2.176383] meson_nfc_dma_buffer_setup 0x2e39a34b
> [    2.181076] meson_nfc_read_buf: about to kfree info
> [    2.185932] ------------[ cut here ]------------
> [    2.190503] kernel BUG at mm/slub.c:3950!
> [    2.194491] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
> ...
> 
> meson_nfc_read_buf debug log with PER_INFO_BYTE+64 allocation:
> [    2.033019] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.033112] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.037847] meson_nfc_read_buf: about to kfree info
> [    2.042642] meson_nfc_read_buf: kfree'd info
> [    2.046909] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.051659] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.056374] meson_nfc_read_buf: about to kfree info
> [    2.061192] meson_nfc_read_buf: kfree'd info
> [    2.065461] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.070208] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.074922] meson_nfc_read_buf: about to kfree info
> [    2.079742] meson_nfc_read_buf: kfree'd info
> [    2.084087] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.088789] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.093440] meson_nfc_read_buf: about to kfree info
> [    2.098303] meson_nfc_read_buf: kfree'd info
> [    2.102553] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.107316] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.111990] meson_nfc_read_buf: about to kfree info
> [    2.116870] meson_nfc_read_buf: kfree'd info
> [    2.121103] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.125868] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.130540] meson_nfc_read_buf: about to kfree info
> [    2.135400] meson_nfc_read_buf: kfree'd info
> [    2.139652] Could not find a valid ONFI parameter page, trying
> bit-wise majority to recover it
> [    2.148276] ONFI parameter recovery failed, aborting
> [    2.153165] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.157938] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.162634] meson_nfc_read_buf: about to kfree info
> [    2.167475] meson_nfc_read_buf: kfree'd info
> [    2.171717] meson_nfc_read_buf e9ea4280 0x29ea4280
> [    2.176489] meson_nfc_dma_buffer_setup 0x29ea4280
> [    2.181183] meson_nfc_read_buf: about to kfree info
> [    2.186025] meson_nfc_read_buf: kfree'd info
> [    2.190265] nand: device found, Manufacturer ID: 0xad, Chip ID: 0xde
> [    2.196598] nand: Hynix NAND 8GiB 3,3V 8-bit
> [    2.200840] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size:
> 16384, OOB size: 1280
> [    2.208829] meson_nfc_read_buf e9ea4300 0x29ea4300
> [    2.213581] meson_nfc_dma_buffer_setup 0x29ea4300
> [    2.218291] meson_nfc_read_buf: about to kfree info
> [    2.223115] meson_nfc_read_buf: kfree'd info
> [    2.227374] ------------[ cut here ]------------
> [    2.231968] WARNING: CPU: 1 PID: 1 at
> drivers/mtd/nand/raw/nand_base.c:5503 nand_scan_with_ids+0x1718/0x171c
> [    2.241760] No oob scheme defined for oobsize 1280
> ...
> (the "No oob scheme defined for oobsize 1280" message is expected)
> 
miss mtd_set_ooblayout(mtd, &meson_ooblayout_ops) on function 
meson_nand_attach_chip.
> 
> Regards
> Martin
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ