lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 23 May 2020 06:21:01 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Heikki Krogerus <heikki.krogerus@...ux.intel.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org,
        Naresh Kamboju <naresh.kamboju@...aro.org>,
        kernel test robot <rong.a.chen@...el.com>,
        Brendan Higgins <brendanhiggins@...gle.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>
Subject: Re: [PATCH] kobject: Make sure the parent does not get released
 before its children

On Wed, May 13, 2020 at 06:18:40PM +0300, Heikki Krogerus wrote:
> In the function kobject_cleanup(), kobject_del(kobj) is
> called before the kobj->release(). That makes it possible to
> release the parent of the kobject before the kobject itself.
> 
> To fix that, adding function __kboject_del() that does

s/kboject/kobject/

> everything that kobject_del() does except release the parent
> reference. kobject_cleanup() then calls __kobject_del()
> instead of kobject_del(), and separately decrements the
> reference count of the parent kobject after kobj->release()
> has been called.
> 
> Reported-by: Naresh Kamboju <naresh.kamboju@...aro.org>
> Reported-by: kernel test robot <rong.a.chen@...el.com>
> Fixes: 7589238a8cf3 ("Revert "software node: Simplify software_node_release() function"")
> Cc: Brendan Higgins <brendanhiggins@...gle.com>
> Cc: Randy Dunlap <rdunlap@...radead.org>
> Suggested-by: "Rafael J. Wysocki" <rafael@...nel.org>
> Signed-off-by: Heikki Krogerus <heikki.krogerus@...ux.intel.com>
> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
> Reviewed-by: Brendan Higgins <brendanhiggins@...gle.com>
> Tested-by: Brendan Higgins <brendanhiggins@...gle.com>
> Acked-by: Randy Dunlap <rdunlap@...radead.org>
> Tested-by: Randy Dunlap <rdunlap@...radead.org>

All my arm64be (arm64 big endian) boot tests crash with this patch
applied. Reverting it fixes the problem. Crash log and bisect results
(from pending-fixes branch) below.

Guenter

---
[   14.944149] ------------[ cut here ]------------
[   14.946182] Unable to handle kernel paging request at virtual address 006b6b6b6b6b6b6b
[   14.946194] Mem abort info:
[   14.946197]   ESR = 0x96000004
[   14.946200]   EC = 0x25: DABT (current EL), IL = 32 bits
[   14.946203]   SET = 0, FnV = 0
[   14.946205]   EA = 0, S1PTW = 0
[   14.946208] Data abort info:
[   14.946210]   ISV = 0, ISS = 0x00000004
[   14.946213]   CM = 0, WnR = 0
[   14.946216] [006b6b6b6b6b6b6b] address between user and kernel address ranges
[   14.946218] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[   14.946229] Modules linked in:
[   14.946239] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc6-00275-gdbacbfd47d67 #1
[   14.946242] Hardware name: linux,dummy-virt (DT)
[   14.946245] pstate: 00000085 (nzcv daIf -PAN -UAO)
[   14.946247] pc : string_nocheck+0x14/0x90
[   14.946250] lr : string+0x5c/0x70
[   14.946252] sp : ffff80001000b580
[   14.946255] x29: ffff80001000b580 x28: ffff800012d04fa4
[   14.946262] x27: ffff800011702686 x26: 0000000000000020
[   14.946269] x25: 00000000000003e0 x24: ffff800011702686
[   14.946275] x23: ffff800012d04f98 x22: 00000000ffffffd0
[   14.946282] x21: 04ffffff000affff x20: 6b6b6b6b6b6b6b6b
[   14.946289] x19: ffff800012d05378 x18: 0000000000000010
[   14.946296] x17: 0000000000001800 x16: 0000000000001000
[   14.946302] x15: 00000000ffffffff x14: ffff800011fa0a48
[   14.946309] x13: ffff80009000b5d7 x12: ffff800011fc45e0
[   14.946316] x11: ffff80001000b930 x10: ffff80001000b930
[   14.946322] x9 : ffff80001000b930 x8 : ffff80001000b930
[   14.946329] x7 : ffff80001000b930 x6 : 00000000ffffffff
[   14.946336] x5 : 0000000000000000 x4 : 0000000000000000
[   14.946343] x3 : 04ffffff000affff x2 : 6b6b6b6b6b6b6b6b
[   14.946349] x1 : ffff800012d05378 x0 : ffff800012d04fa4
[   14.946356] Call trace:
[   14.946359]  string_nocheck+0x14/0x90
[   14.946361]  string+0x5c/0x70
[   14.946364]  vsnprintf+0x340/0x700
[   14.946366]  vscnprintf+0x30/0x58
[   14.946369]  vprintk_store+0x64/0x230
[   14.946371]  vprintk_emit+0xd4/0x358
[   14.946374]  vprintk_default+0x3c/0x48
[   14.946376]  vprintk_func+0xec/0x230
[   14.946378]  vprintk+0x28/0x38
[   14.946381]  __warn_printk+0x7c/0xa0
[   14.946383]  kobject_put+0xe4/0x138
[   14.946386]  put_device+0x14/0x28
[   14.946388]  put_i2c_dev+0x9c/0xb0
[   14.946391]  i2cdev_detach_adapter.part.5+0x20/0x30
[   14.946394]  i2cdev_notifier_call+0x80/0x88
[   14.946396]  notifier_call_chain+0x54/0x98
[   14.946399]  blocking_notifier_call_chain+0x5c/0x80
[   14.946401]  device_del+0x84/0x3b0
[   14.946404]  device_unregister+0x18/0x38
[   14.946406]  i2c_del_adapter+0x1e0/0x238
[   14.946409]  i2c_mux_del_adapters+0xa0/0xf0
[   14.946412]  unittest_i2c_mux_remove+0x14/0x28
[   14.946414]  i2c_device_remove+0x54/0xe0
[   14.946417]  device_release_driver_internal+0xf8/0x1d0
[   14.946419]  driver_detach+0x50/0xe0
[   14.946422]  bus_remove_driver+0x58/0xb0
[   14.946424]  driver_unregister+0x30/0x60
[   14.946427]  i2c_del_driver+0x28/0x38
[   14.946429]  of_unittest+0x269c/0x2c00
[   14.946432]  do_one_initcall+0x88/0x418
[   14.946434]  kernel_init_freeable+0x29c/0x314
[   14.946437]  kernel_init+0x14/0x108
[   14.946439]  ret_from_fork+0x10/0x1c
[   14.946442] Code: a9bf7bfd 13003c66 910003fd 34000306 (39400045)
[   14.950079] ---[ end trace 793dbb9150f3d51a ]---

---
# bad: [dbacbfd47d67736d5ebd724391a8d0d82f36d30f] Merge remote-tracking branch 'drm-misc-fixes/for-linux-next-fixes'
# good: [fb33c6510d5595144d585aa194d377cf74d31911] Linux 5.6-rc6
git bisect start 'HEAD' 'v5.6-rc6'
# good: [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm
git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6
# good: [9c94b39560c3a013de5886ea21ef1eaf21840cb9] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
git bisect good 9c94b39560c3a013de5886ea21ef1eaf21840cb9
# good: [c0259664c6879e1045d6d6703f37501690f6760f] netlabel: Kconfig: Update reference for NetLabel Tools project
git bisect good c0259664c6879e1045d6d6703f37501690f6760f
# good: [d5fef88ccbd3a2d3674e6cc868804a519ef9e5b6] Merge tag 'renesas-fixes-for-v5.7-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel into arm/fixes
git bisect good d5fef88ccbd3a2d3674e6cc868804a519ef9e5b6
# good: [ce24729667cf8aaebf290613a6026a50a22c3eee] Merge tag 'linux-kselftest-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
git bisect good ce24729667cf8aaebf290613a6026a50a22c3eee
# good: [3c9e66568ad40dc17518fa00e2b28c3b450040d4] Merge tag 'arc-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
git bisect good 3c9e66568ad40dc17518fa00e2b28c3b450040d4
# good: [4aada7791fa2bd3e927502bc67ba604b95bb21bf] Merge remote-tracking branch 'sound-current/for-linus'
git bisect good 4aada7791fa2bd3e927502bc67ba604b95bb21bf
# bad: [2611695ba42692c4d887d379309b9b33edc25055] Merge remote-tracking branch 'usb-chipidea-fixes/ci-for-usb-stable'
git bisect bad 2611695ba42692c4d887d379309b9b33edc25055
# good: [80aa3db7fe3cd90b18a227c9f25798c1743ffe1e] Merge remote-tracking branch 'sound-asoc-fixes/for-linus'
git bisect good 80aa3db7fe3cd90b18a227c9f25798c1743ffe1e
# good: [83c813e237b8edf0fe8184ccdf3dc9622202084c] Merge remote-tracking branch 'spi/for-5.7' into spi-linus
git bisect good 83c813e237b8edf0fe8184ccdf3dc9622202084c
# good: [b054578b1ea052664a1b19fde1c163d29b0856b5] Merge remote-tracking branch 'spi-fixes/for-linus'
git bisect good b054578b1ea052664a1b19fde1c163d29b0856b5
# bad: [e0dd35dbc905307e249cee2301304b6a194848ef] Merge remote-tracking branch 'driver-core.current/driver-core-linus'
git bisect bad e0dd35dbc905307e249cee2301304b6a194848ef
# good: [44e960490ddf868fc9135151c4a658936e771dc2] driver core: Fix handling of SYNC_STATE_ONLY + STATELESS device links
git bisect good 44e960490ddf868fc9135151c4a658936e771dc2
# bad: [4ef12f7198023c09ad6d25b652bd8748c965c7fa] kobject: Make sure the parent does not get released before its children
git bisect bad 4ef12f7198023c09ad6d25b652bd8748c965c7fa
# first bad commit: [4ef12f7198023c09ad6d25b652bd8748c965c7fa] kobject: Make sure the parent does not get released before its children

Powered by blists - more mailing lists