lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH9NwWeDgJTFw0stQ9QnB8dkuc6x9XrJJMdjjB-a7Ov-mgxahw@mail.gmail.com>
Date:   Tue, 29 Oct 2019 22:14:55 +0100
From:   Christian Gmeiner <christian.gmeiner@...il.com>
To:     Lucas Stach <l.stach@...gutronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        David Airlie <airlied@...ux.ie>,
        The etnaviv authors <etnaviv@...ts.freedesktop.org>,
        stable@...r.kernel.org,
        DRI mailing list <dri-devel@...ts.freedesktop.org>,
        Daniel Vetter <daniel@...ll.ch>,
        Russell King <linux+etnaviv@...linux.org.uk>
Subject: Re: [PATCH] etnaviv: fix dumping of iommuv2

Hi Lucas,

Am Di., 29. Okt. 2019 um 18:18 Uhr schrieb Lucas Stach <l.stach@...gutronix.de>:
>
> Hi Christian,
>
> On Fr, 2019-10-25 at 12:39 +0200, Christian Gmeiner wrote:
> > etnaviv_iommuv2_dump_size(..) returns the number of PTE * SZ_4K but etnaviv_iommuv2_dump(..)
> > increments buf pointer even if there is no PTE. This results in a bad buf pointer which gets
> > used for memcpy(..).
> >
> > [  264.408474] 8<--- cut here ---
> > [  264.412048] Unable to handle kernel paging request at virtual address f1a2c268
> > [  264.419321] pgd = e5846004
> > [  264.422069] [f1a2c268] *pgd=00000000
> > [  264.425702] Internal error: Oops: 805 [#1] SMP ARM
> > [  264.430520] Modules linked in:
> > [  264.433616] CPU: 2 PID: 130 Comm: kworker/2:2 Tainted: G        W         5.4.0-rc4 #10
> > [  264.441643] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
> > [  264.448227] Workqueue: events drm_sched_job_timedout
> > [  264.453237] PC is at memcpy+0x50/0x330
> > [  264.457012] LR is at 0x2
> > [  264.459572] pc : [<c0c04650>]    lr : [<00000002>]    psr: 200f0013
> > [  264.465863] sp : ec96fe64  ip : 00000002  fp : 00000140
> > [  264.471112] r10: 00003000  r9 : ec688040  r8 : 00000002
> > [  264.476364] r7 : 00000002  r6 : 00000002  r5 : 00000002  r4 : 00000002
> > [  264.482917] r3 : 00000002  r2 : 00000f60  r1 : f162a020  r0 : f1a2c268
> > [  264.489472] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> > [  264.496635] Control: 10c5387d  Table: 3d26804a  DAC: 00000051
> > [  264.502407] Process kworker/2:2 (pid: 130, stack limit = 0xe8f69f3d)
> > [  264.508786] Stack: (0xec96fe64 to 0xec970000)
> > [  264.513180] fe60:          f1622000 f162218c f162c000 414e5445 f1a2c268 00000ffc c0655a8c
> > [  264.521394] fe80: 00000000 0000012a f162c268 c064fd78 c0657350 c0187f64 00000001 00000000
> > [  264.529606] fea0: ed0f9c00 00000001 00000002 435d587d ec688140 ec688100 ed0f9c00 ec688040
> > [  264.537818] fec0: ed0f9c00 c1308b28 ec96ff1c c13e55b0 c13e41c8 c0657358 ec688260 ed0f9c18
> > [  264.546029] fee0: ec688100 c0641278 ec688260 ec2f6180 ee1ba700 ee1bda00 c1308b28 c0149b98
> > [  264.554240] ff00: 00000001 00000000 c0149ae4 c0c21fb0 00000000 00000000 c014a194 c1a4be34
> > [  264.562452] ff20: c1870740 00000000 c1015384 435d587d ffffe000 ec2f6180 ec2f6194 ee1ba700
> > [  264.570663] ff40: 00000008 ee1ba734 c1305900 ee1ba700 ffffe000 c014a0e4 ec9537a4 c0c28e64
> > [  264.578874] ff60: ec96e000 00000000 ec2be780 ec2f99c0 ec96e000 ec2f6180 c014a0b8 ec13fe90
> > [  264.587086] ff80: ec2be7b8 c0152890 ec96e000 ec2f99c0 c0152750 00000000 00000000 00000000
> > [  264.595296] ffa0: 00000000 00000000 00000000 c01010b4 00000000 00000000 00000000 00000000
> > [  264.603506] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> > [  264.611716] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
> > [  264.619944] [<c0c04650>] (memcpy) from [<c0655a8c>] (etnaviv_iommuv2_dump+0x58/0x60)
> > [  264.627738] [<c0655a8c>] (etnaviv_iommuv2_dump) from [<c064fd78>] (etnaviv_core_dump+0x140/0x45c)
> > [  264.636658] [<c064fd78>] (etnaviv_core_dump) from [<c0657358>] (etnaviv_sched_timedout_job+0x8c/0xb8)
> > [  264.645923] [<c0657358>] (etnaviv_sched_timedout_job) from [<c0641278>] (drm_sched_job_timedout+0x38/0x88)
> > [  264.655631] [<c0641278>] (drm_sched_job_timedout) from [<c0149b98>] (process_one_work+0x2c4/0x7e4)
> > [  264.664633] [<c0149b98>] (process_one_work) from [<c014a0e4>] (worker_thread+0x2c/0x59c)
> > [  264.672765] [<c014a0e4>] (worker_thread) from [<c0152890>] (kthread+0x140/0x158)
> > [  264.680200] [<c0152890>] (kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20)
> > [  264.687448] Exception stack(0xec96ffb0 to 0xec96fff8)
> > [  264.692530] ffa0:                                     00000000 00000000 00000000 00000000
> > [  264.700741] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> > [  264.708949] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
> > [  264.715599] Code: f5d1f05c f5d1f07c e8b151f8 e2522020 (e8a051f8)
> > [  264.721727] ---[ end trace 8afcd79e9e2725b3 ]---
>
> Code change is fine, but the commit message has a lot of lines over 80
> characters and generally the kernel trace is mostly noise. I trimmed it
> out and applied it to my fixes branch. If you don't agree with my
> changes, please shout now as I'm planning on sending the fixes pull
> tomorrow.
>

I am fine with that!

-- 
thanks
--
Christian Gmeiner, MSc

https://christian-gmeiner.info/privacypolicy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ