lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f036c53d-7e81-763c-47f4-6024c6c5f058@csgroup.eu>
Date:   Thu, 4 Mar 2021 12:23:36 +0100
From:   Christophe Leroy <christophe.leroy@...roup.eu>
To:     Marco Elver <elver@...gle.com>
Cc:     Alexander Potapenko <glider@...gle.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linuxppc-dev@...ts.ozlabs.org,
        kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32



Le 03/03/2021 à 11:56, Marco Elver a écrit :
> 
> Somewhat tangentially, I also note that e.g. show_regs(regs) (which
> was printed along the KFENCE report above) didn't include the top
> frame in the "Call Trace", so this assumption is definitely not
> isolated to KFENCE.
> 

Now, I have tested PPC64 (with the patch I sent yesterday to modify save_stack_trace_regs() 
applied), and I get many failures. Any idea ?

[   17.653751][   T58] ==================================================================
[   17.654379][   T58] BUG: KFENCE: invalid free in .kfence_guarded_free+0x2e4/0x530
[   17.654379][   T58]
[   17.654831][   T58] Invalid free of 0xc00000003c9c0000 (in kfence-#77):
[   17.655358][   T58]  .kfence_guarded_free+0x2e4/0x530
[   17.655775][   T58]  .__slab_free+0x320/0x5a0
[   17.656039][   T58]  .test_double_free+0xe0/0x198
[   17.656308][   T58]  .kunit_try_run_case+0x80/0x110
[   17.656523][   T58]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.657161][   T58]  .kthread+0x18c/0x1a0
[   17.659148][   T58]  .ret_from_kernel_thread+0x58/0x70
[   17.659869][   T58]
[   17.663954][   T58] kfence-#77 [0xc00000003c9c0000-0xc00000003c9c001f, size=32, cache=kmalloc-32] 
allocated by task 58:
[   17.666113][   T58]  .__kfence_alloc+0x1bc/0x510
[   17.667069][   T58]  .__kmalloc+0x280/0x4f0
[   17.667452][   T58]  .test_alloc+0x19c/0x430
[   17.667732][   T58]  .test_double_free+0x88/0x198
[   17.667971][   T58]  .kunit_try_run_case+0x80/0x110
[   17.668283][   T58]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.668553][   T58]  .kthread+0x18c/0x1a0
[   17.669315][   T58]  .ret_from_kernel_thread+0x58/0x70
[   17.669711][   T58]
[   17.669711][   T58] freed by task 58:
[   17.670116][   T58]  .kfence_guarded_free+0x3d0/0x530
[   17.670421][   T58]  .__slab_free+0x320/0x5a0
[   17.670603][   T58]  .test_double_free+0xb4/0x198
[   17.670827][   T58]  .kunit_try_run_case+0x80/0x110
[   17.671073][   T58]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.671410][   T58]  .kthread+0x18c/0x1a0
[   17.671618][   T58]  .ret_from_kernel_thread+0x58/0x70
[   17.671972][   T58]
[   17.672638][   T58] CPU: 0 PID: 58 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   17.673768][   T58] ==================================================================
[   17.677031][   T58]     # test_double_free: EXPECTATION FAILED at mm/kfence/kfence_test.c:380
[   17.677031][   T58]     Expected report_matches(&expect) to be true, but is false
[   17.684397][    T1]     not ok 7 - test_double_free
[   17.686463][   T59]     # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0
[   17.688403][   T59]     # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, 
cache=1
[   17.797584][   T59] ==================================================================
[   17.801260][   T59] BUG: KFENCE: invalid free in .kfence_guarded_free+0x2e4/0x530
[   17.801260][   T59]
[   17.801512][   T59] Invalid free of 0xc00000003c9effe0 (in kfence-#78):
[   17.801668][   T59]  .kfence_guarded_free+0x2e4/0x530
[   17.801849][   T59]  .__slab_free+0x320/0x5a0
[   17.801983][   T59]  .kmem_cache_free+0x31c/0x5c0
[   17.802109][   T59]  .test_double_free+0xd0/0x198
[   17.802227][   T59]  .kunit_try_run_case+0x80/0x110
[   17.802494][   T59]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.802641][   T59]  .kthread+0x18c/0x1a0
[   17.802821][   T59]  .ret_from_kernel_thread+0x58/0x70
[   17.802989][   T59]
[   17.803303][   T59] kfence-#78 [0xc00000003c9effe0-0xc00000003c9effff, size=32, cache=test] 
allocated by task 59:
[   17.803666][   T59]  .__kfence_alloc+0x1bc/0x510
[   17.803898][   T59]  .kmem_cache_alloc+0x290/0x440
[   17.804036][   T59]  .test_alloc+0x188/0x430
[   17.804151][   T59]  .test_double_free+0x88/0x198
[   17.804363][   T59]  .kunit_try_run_case+0x80/0x110
[   17.804637][   T59]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.805099][   T59]  .kthread+0x18c/0x1a0
[   17.805313][   T59]  .ret_from_kernel_thread+0x58/0x70
[   17.806035][   T59]
[   17.806035][   T59] freed by task 59:
[   17.806495][   T59]  .kfence_guarded_free+0x3d0/0x530
[   17.806689][   T59]  .__slab_free+0x320/0x5a0
[   17.806941][   T59]  .kmem_cache_free+0x31c/0x5c0
[   17.807122][   T59]  .test_double_free+0xa8/0x198
[   17.807360][   T59]  .kunit_try_run_case+0x80/0x110
[   17.807538][   T59]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.807703][   T59]  .kthread+0x18c/0x1a0
[   17.808015][   T59]  .ret_from_kernel_thread+0x58/0x70
[   17.808220][   T59]
[   17.808406][   T59] CPU: 0 PID: 59 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   17.808670][   T59] ==================================================================
[   17.809882][   T59]     # test_double_free-memcache: EXPECTATION FAILED at 
mm/kfence/kfence_test.c:380
[   17.809882][   T59]     Expected report_matches(&expect) to be true, but is false
[   17.812462][    T1]     not ok 8 - test_double_free-memcache
[   17.813872][   T60]     # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[   17.920432][   T60] ==================================================================
[   17.920747][   T60] BUG: KFENCE: invalid free in .kfence_guarded_free+0x2e4/0x530
[   17.920747][   T60]
[   17.921003][   T60] Invalid free of 0xc00000003ca0ffe1 (in kfence-#79):
[   17.921137][   T60]  .kfence_guarded_free+0x2e4/0x530
[   17.921268][   T60]  .__slab_free+0x320/0x5a0
[   17.921461][   T60]  .test_invalid_addr_free+0xc0/0x1a8
[   17.921607][   T60]  .kunit_try_run_case+0x80/0x110
[   17.921739][   T60]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.921946][   T60]  .kthread+0x18c/0x1a0
[   17.922065][   T60]  .ret_from_kernel_thread+0x58/0x70
[   17.922215][   T60]
[   17.922327][   T60] kfence-#79 [0xc00000003ca0ffe0-0xc00000003ca0ffff, size=32, cache=kmalloc-32] 
allocated by task 60:
[   17.922585][   T60]  .__kfence_alloc+0x1bc/0x510
[   17.922730][   T60]  .__kmalloc+0x280/0x4f0
[   17.922903][   T60]  .test_alloc+0x19c/0x430
[   17.923032][   T60]  .test_invalid_addr_free+0x8c/0x1a8
[   17.923164][   T60]  .kunit_try_run_case+0x80/0x110
[   17.923333][   T60]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   17.923489][   T60]  .kthread+0x18c/0x1a0
[   17.923608][   T60]  .ret_from_kernel_thread+0x58/0x70
[   17.923773][   T60]
[   17.923913][   T60] CPU: 0 PID: 60 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   17.924128][   T60] ==================================================================
[   17.925133][   T60]     # test_invalid_addr_free: EXPECTATION FAILED at mm/kfence/kfence_test.c:397
[   17.925133][   T60]     Expected report_matches(&expect) to be true, but is false
[   17.927243][    T1]     not ok 9 - test_invalid_addr_free
[   17.931185][   T61]     # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0
[   17.932183][   T61]     # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, 
policy=any, cache=1
[   18.149594][   T61] ==================================================================
[   18.149909][   T61] BUG: KFENCE: invalid free in .kfence_guarded_free+0x2e4/0x530
[   18.149909][   T61]
[   18.150129][   T61] Invalid free of 0xc00000003ca20001 (in kfence-#80):
[   18.150267][   T61]  .kfence_guarded_free+0x2e4/0x530
[   18.150465][   T61]  .__slab_free+0x320/0x5a0
[   18.150643][   T61]  .kmem_cache_free+0x31c/0x5c0
[   18.150873][   T61]  .test_invalid_addr_free+0xb0/0x1a8
[   18.151097][   T61]  .kunit_try_run_case+0x80/0x110
[   18.151286][   T61]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.151578][   T61]  .kthread+0x18c/0x1a0
[   18.151762][   T61]  .ret_from_kernel_thread+0x58/0x70
[   18.152085][   T61]
[   18.152260][   T61] kfence-#80 [0xc00000003ca20000-0xc00000003ca2001f, size=32, cache=test] 
allocated by task 61:
[   18.152660][   T61]  .__kfence_alloc+0x1bc/0x510
[   18.152883][   T61]  .kmem_cache_alloc+0x290/0x440
[   18.153128][   T61]  .test_alloc+0x188/0x430
[   18.153325][   T61]  .test_invalid_addr_free+0x8c/0x1a8
[   18.153584][   T61]  .kunit_try_run_case+0x80/0x110
[   18.153796][   T61]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.154094][   T61]  .kthread+0x18c/0x1a0
[   18.154279][   T61]  .ret_from_kernel_thread+0x58/0x70
[   18.154555][   T61]
[   18.154762][   T61] CPU: 0 PID: 61 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   18.155179][   T61] ==================================================================
[   18.157795][   T61]     # test_invalid_addr_free-memcache: EXPECTATION FAILED at 
mm/kfence/kfence_test.c:397
[   18.157795][   T61]     Expected report_matches(&expect) to be true, but is false
[   18.165055][    T1]     not ok 10 - test_invalid_addr_free-memcache
[   18.166459][   T62]     # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[   18.514038][   T62] ==================================================================
[   18.514772][   T62] BUG: KFENCE: memory corruption in .kfence_guarded_free+0x23c/0x530
[   18.514772][   T62]
[   18.515235][   T62] Corrupted memory at 0xc00000003ca60020 [ 0x2a . . . . . . . . . . . . . . . ] 
(in kfence-#82):
[   18.516308][   T62]  .kfence_guarded_free+0x23c/0x530
[   18.516550][   T62]  .__slab_free+0x320/0x5a0
[   18.516814][   T62]  .test_corruption+0xcc/0x248
[   18.517053][   T62]  .kunit_try_run_case+0x80/0x110
[   18.517347][   T62]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.517609][   T62]  .kthread+0x18c/0x1a0
[   18.517841][   T62]  .ret_from_kernel_thread+0x58/0x70
[   18.518271][   T62]
[   18.518405][   T62] kfence-#82 [0xc00000003ca60000-0xc00000003ca6001f, size=32, cache=kmalloc-32] 
allocated by task 62:
[   18.518858][   T62]  .__kfence_alloc+0x1bc/0x510
[   18.519180][   T62]  .__kmalloc+0x280/0x4f0
[   18.519370][   T62]  .test_alloc+0x19c/0x430
[   18.519583][   T62]  .test_corruption+0x94/0x248
[   18.519864][   T62]  .kunit_try_run_case+0x80/0x110
[   18.520135][   T62]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.520368][   T62]  .kthread+0x18c/0x1a0
[   18.520569][   T62]  .ret_from_kernel_thread+0x58/0x70
[   18.520825][   T62]
[   18.520990][   T62] CPU: 0 PID: 62 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   18.521803][   T62] ==================================================================
[   18.523184][   T62]     # test_corruption: EXPECTATION FAILED at mm/kfence/kfence_test.c:417
[   18.523184][   T62]     Expected report_matches(&expect) to be true, but is false
[   18.524015][   T62]     # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0
[   18.741141][   T62] ==================================================================
[   18.741476][   T62] BUG: KFENCE: memory corruption in .kfence_guarded_free+0x160/0x530
[   18.741476][   T62]
[   18.741746][   T62] Corrupted memory at 0xc00000003ca8ffdf [ 0x2a ] (in kfence-#83):
[   18.741995][   T62]  .kfence_guarded_free+0x160/0x530
[   18.742140][   T62]  .__slab_free+0x320/0x5a0
[   18.742402][   T62]  .test_corruption+0x19c/0x248
[   18.742586][   T62]  .kunit_try_run_case+0x80/0x110
[   18.742809][   T62]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.743027][   T62]  .kthread+0x18c/0x1a0
[   18.743488][   T62]  .ret_from_kernel_thread+0x58/0x70
[   18.743970][   T62]
[   18.744156][   T62] kfence-#83 [0xc00000003ca8ffe0-0xc00000003ca8ffff, size=32, cache=kmalloc-32] 
allocated by task 62:
[   18.745071][   T62]  .__kfence_alloc+0x1bc/0x510
[   18.746079][   T62]  .__kmalloc+0x280/0x4f0
[   18.746595][   T62]  .test_alloc+0x19c/0x430
[   18.746879][   T62]  .test_corruption+0x164/0x248
[   18.748178][   T62]  .kunit_try_run_case+0x80/0x110
[   18.749636][   T62]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   18.749949][   T62]  .kthread+0x18c/0x1a0
[   18.750201][   T62]  .ret_from_kernel_thread+0x58/0x70
[   18.750369][   T62]
[   18.750485][   T62] CPU: 0 PID: 62 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   18.750762][   T62] ==================================================================
[   18.751578][   T62]     # test_corruption: EXPECTATION FAILED at mm/kfence/kfence_test.c:423
[   18.751578][   T62]     Expected report_matches(&expect) to be true, but is false
[   18.753340][    T1]     not ok 11 - test_corruption
[   18.754944][   T63]     # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0
[   18.756995][   T63]     # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, 
cache=1
[   19.109763][   T63] ==================================================================
[   19.110515][   T63] BUG: KFENCE: memory corruption in .kfence_guarded_free+0x23c/0x530
[   19.110515][   T63]
[   19.110978][   T63] Corrupted memory at 0xc00000003cac0020 [ 0x2a . . . . . . . . . . . . . . . ] 
(in kfence-#85):
[   19.111848][   T63]  .kfence_guarded_free+0x23c/0x530
[   19.112763][   T63]  .__slab_free+0x320/0x5a0
[   19.113121][   T63]  .kmem_cache_free+0x31c/0x5c0
[   19.113351][   T63]  .test_corruption+0xc0/0x248
[   19.113806][   T63]  .kunit_try_run_case+0x80/0x110
[   19.114019][   T63]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   19.114173][   T63]  .kthread+0x18c/0x1a0
[   19.114292][   T63]  .ret_from_kernel_thread+0x58/0x70
[   19.114535][   T63]
[   19.114681][   T63] kfence-#85 [0xc00000003cac0000-0xc00000003cac001f, size=32, cache=test] 
allocated by task 63:
[   19.115287][   T63]  .__kfence_alloc+0x1bc/0x510
[   19.115597][   T63]  .kmem_cache_alloc+0x290/0x440
[   19.115875][   T63]  .test_alloc+0x188/0x430
[   19.116456][   T63]  .test_corruption+0x94/0x248
[   19.116689][   T63]  .kunit_try_run_case+0x80/0x110
[   19.117021][   T63]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   19.117383][   T63]  .kthread+0x18c/0x1a0
[   19.117572][   T63]  .ret_from_kernel_thread+0x58/0x70
[   19.117713][   T63]
[   19.117816][   T63] CPU: 0 PID: 63 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   19.118706][   T63] ==================================================================
[   19.119719][   T63]     # test_corruption-memcache: EXPECTATION FAILED at mm/kfence/kfence_test.c:417
[   19.119719][   T63]     Expected report_matches(&expect) to be true, but is false
[   19.120669][   T63]     # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, 
cache=1
[   19.339842][   T63] ==================================================================
[   19.340238][   T63] BUG: KFENCE: memory corruption in .kfence_guarded_free+0x160/0x530
[   19.340238][   T63]
[   19.340487][   T63] Corrupted memory at 0xc00000003caeffdf [ 0x2a ] (in kfence-#86):
[   19.340748][   T63]  .kfence_guarded_free+0x160/0x530
[   19.340885][   T63]  .__slab_free+0x320/0x5a0
[   19.341095][   T63]  .kmem_cache_free+0x31c/0x5c0
[   19.341285][   T63]  .test_corruption+0x190/0x248
[   19.341480][   T63]  .kunit_try_run_case+0x80/0x110
[   19.341921][   T63]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   19.342298][   T63]  .kthread+0x18c/0x1a0
[   19.342816][   T63]  .ret_from_kernel_thread+0x58/0x70
[   19.343799][   T63]
[   19.345941][   T63] kfence-#86 [0xc00000003caeffe0-0xc00000003caeffff, size=32, cache=test] 
allocated by task 63:
[   19.347301][   T63]  .__kfence_alloc+0x1bc/0x510
[   19.347620][   T63]  .kmem_cache_alloc+0x290/0x440
[   19.347820][   T63]  .test_alloc+0x188/0x430
[   19.348202][   T63]  .test_corruption+0x164/0x248
[   19.348400][   T63]  .kunit_try_run_case+0x80/0x110
[   19.348609][   T63]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   19.348810][   T63]  .kthread+0x18c/0x1a0
[   19.349131][   T63]  .ret_from_kernel_thread+0x58/0x70
[   19.349429][   T63]
[   19.349612][   T63] CPU: 0 PID: 63 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   19.349985][   T63] ==================================================================
[   19.351145][   T63]     # test_corruption-memcache: EXPECTATION FAILED at mm/kfence/kfence_test.c:423
[   19.351145][   T63]     Expected report_matches(&expect) to be true, but is false
[   19.353730][    T1]     not ok 12 - test_corruption-memcache
[   26.350432][   T69] ==================================================================
[   26.350757][   T69] BUG: KFENCE: memory corruption in .kfence_guarded_free+0x23c/0x530
[   26.350757][   T69]
[   26.350961][   T69] Corrupted memory at 0xc00000003cfcfff9 [ 0xac . . . . . . ] (in kfence-#125):
[   26.351333][   T69]  .kfence_guarded_free+0x23c/0x530
[   26.351517][   T69]  .__slab_free+0x320/0x5a0
[   26.351645][   T69]  .test_kmalloc_aligned_oob_write+0x12c/0x1e4
[   26.351774][   T69]  .kunit_try_run_case+0x80/0x110
[   26.351902][   T69]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   26.352066][   T69]  .kthread+0x18c/0x1a0
[   26.352180][   T69]  .ret_from_kernel_thread+0x58/0x70
[   26.352294][   T69]
[   26.352367][   T69] kfence-#125 [0xc00000003cfcffb0-0xc00000003cfcfff8, size=73, 
cache=kmalloc-96] allocated by task 69:
[   26.352668][   T69]  .__kfence_alloc+0x1bc/0x510
[   26.352804][   T69]  .__kmalloc+0x280/0x4f0
[   26.352913][   T69]  .test_alloc+0x19c/0x430
[   26.353092][   T69]  .test_kmalloc_aligned_oob_write+0x80/0x1e4
[   26.353290][   T69]  .kunit_try_run_case+0x80/0x110
[   26.353505][   T69]  .kunit_generic_run_threadfn_adapter+0x38/0x50
[   26.353724][   T69]  .kthread+0x18c/0x1a0
[   26.353896][   T69]  .ret_from_kernel_thread+0x58/0x70
[   26.354153][   T69]
[   26.354309][   T69] CPU: 0 PID: 69 Comm: kunit_try_catch Tainted: G    B 
5.12.0-rc1-01540-g0783285cc1b8-dirty #4685
[   26.354714][   T69] ==================================================================
[   26.355421][   T69]     # test_kmalloc_aligned_oob_write: EXPECTATION FAILED at 
mm/kfence/kfence_test.c:489
[   26.355421][   T69]     Expected report_matches(&expect) to be true, but is false
[   26.357224][    T1]     not ok 18 - test_kmalloc_aligned_oob_write



Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ