lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2020 16:07:14 +0800 From: Hanjun Guo <guohanjun@...wei.com> To: Will Deacon <will@...nel.org>, <lorenzo.pieralisi@....com> CC: <rjw@...ysocki.net>, <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>, <mark.rutland@....com> Subject: Re: arm64/acpi: NULL dereference reports from UBSAN at boot Hi Will, On 2020/5/21 18:09, Will Deacon wrote: > Hi folks, > > I just tried booting the arm64 for-kernelci branch under QEMU (version > 4.2.50 (v4.2.0-779-g4354edb6dcc7)) with UBSAN enabled, and I see a couple > of NULL pointer dereferences reported at boot. I think they're both GIC > related (log below). I don't see a panic with UBSAN disabled, so something's > fishy here. > > Please can you take a look when you get a chance? I haven't had time to see > if this is a regression or not, but I don't think it's particularly serious > as I have all sorts of horrible stuff enabled in my .config, since I'm > trying to chase down another bug: > > https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/plain/arch/arm64/configs/fuzzing.config?h=fuzzing/arm64-kernelci-20200519&id=c149cf6a51aa4f72d53fc681c6661094e93ef660 > > (on top of defconfig) > > CONFIG_FAIL_PAGE_ALLOC may be to blame. I enabled UBSAN and CONFIG_FAIL_PAGE_ALLOC on top of defconfig, testing against the for-kernelci branch on the D06 board, I can see some UBSAN warnings from megaraid_sas driver [0], but not from any other subsystem including ACPI, I will try all your configs above to see if I can get more warnings. Thanks Hanjun [0]: [ 18.244272] ================================================================================ [ 18.252673] UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:104:32 [ 18.261244] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' [ 18.267313] CPU: 0 PID: 656 Comm: kworker/0:1 Not tainted 5.7.0-rc6-1-14703-gf4582661223d-dirty #20 [ 18.276314] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B210.01 03/12/2020 [ 18.285151] Workqueue: events work_for_cpu_fn [ 18.289488] Call trace: [ 18.291925] dump_backtrace+0x0/0x248 [ 18.295572] show_stack+0x18/0x28 [ 18.298873] dump_stack+0xc0/0x10c [ 18.302261] ubsan_epilogue+0x10/0x58 [ 18.305905] __ubsan_handle_out_of_bounds+0x8c/0xa8 [ 18.310763] mr_update_load_balance_params+0x118/0x120 [ 18.315877] MR_ValidateMapInfo+0x300/0xb00 [ 18.320040] megasas_get_map_info+0x134/0x1f8 [ 18.324377] megasas_init_adapter_fusion+0xba8/0x10a0 [ 18.329403] megasas_probe_one+0x6e0/0x1b70 [ 18.333569] local_pci_probe+0x40/0xb0 [ 18.337299] work_for_cpu_fn+0x1c/0x30 [ 18.341031] process_one_work+0x1f8/0x378 [ 18.345022] worker_thread+0x21c/0x4c0 [ 18.348753] kthread+0x150/0x158 [ 18.351967] ret_from_fork+0x10/0x18 [ 18.355529] ================================================================================ [ 18.592274] ================================================================================ [ 18.600672] UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:141:9 [ 18.609155] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' [ 18.615221] CPU: 0 PID: 656 Comm: kworker/0:1 Not tainted 5.7.0-rc6-1-14703-gf4582661223d-dirty #20 [ 18.624222] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B210.01 03/12/2020 [ 18.633050] Workqueue: events work_for_cpu_fn [ 18.637387] Call trace: [ 18.639822] dump_backtrace+0x0/0x248 [ 18.643467] show_stack+0x18/0x28 [ 18.646767] dump_stack+0xc0/0x10c [ 18.650152] ubsan_epilogue+0x10/0x58 [ 18.653796] __ubsan_handle_out_of_bounds+0x8c/0xa8 [ 18.658652] MR_GetLDTgtId+0x58/0x60 [ 18.662211] megasas_sync_map_info+0xd0/0x1c0 [ 18.666547] megasas_init_adapter_fusion+0xd60/0x10a0 [ 18.671574] megasas_probe_one+0x6e0/0x1b70 [ 18.675736] local_pci_probe+0x40/0xb0 [ 18.679466] work_for_cpu_fn+0x1c/0x30 [ 18.683197] process_one_work+0x1f8/0x378 [ 18.687188] worker_thread+0x21c/0x4c0 [ 18.690920] kthread+0x150/0x158 [ 18.694123] ret_from_fork+0x10/0x18 [ 18.697683] ================================================================================
Powered by blists - more mailing lists