lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 17 Mar 2021 13:53:53 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Naresh Kamboju <naresh.kamboju@...aro.org>
Cc:     open list <linux-kernel@...r.kernel.org>,
        linux-usb@...r.kernel.org, lkft-triage@...ts.linaro.org,
        Alan Stern <stern@...land.harvard.edu>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Jason Yan <yanaijie@...wei.com>,
        "Ahmed S. Darwish" <a.darwish@...utronix.de>,
        Oliver Neukum <oneukum@...e.com>,
        Eugeniu Rosca <erosca@...adit-jv.com>,
        Arnd Bergmann <arnd@...db.de>,
        Anders Roxell <anders.roxell@...aro.org>
Subject: Re: BUG: KFENCE: memory corruption in usb_get_device_descriptor

On Wed, Mar 17, 2021 at 04:56:15PM +0530, Naresh Kamboju wrote:
> On Wed, 17 Mar 2021 at 15:34, Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
> >
> > On Wed, Mar 17, 2021 at 02:28:40PM +0530, Naresh Kamboju wrote:
> > > While booting Linux mainline master 5.12.0-rc2 and 5.12.0-rc3 on arm64
> > > Hikey device the following KFENCE bug was found.
> > >
> > > Recently, we have enabled CONFIG_KFENCE=y and started seeing this crash.
> > > kernel BUG log:
> >
> > What USB traffic are you having here?
> 
> This is  getting triggered while booting the device.
> We are not running any traffic.

Ah, so this is device probe time.

> > And has this ever not triggered?
> 
> No.
> It was not triggered before.
> Since CONFIG_KFENCE=y is added to our builds recently we are able to
> reproduce always on recent builds.
> 
> Steps to reproduce:
> 1) Build arm64 kernel Image with this given config.
>       - tuxmake --runtime podman --target-arch arm64 --toolchain gcc-9
> --kconfig defconfig --kconfig-add
> https://builds.tuxbuild.com/1pfztfszUNcDwOAyMrw2wPMKNfc/config
> 2) Boot arm64 hikey hi6220 device
> 3) While booting the device you will get to see this kernel BUG:
> 
> [   18.243075] BUG: KFENCE: memory corruption in
> usb_get_device_descriptor+0x80/0xb0
> [   18.813861] BUG: KFENCE: memory corruption in
> __usbnet_read_cmd.isra.0+0xd0/0x1a0

There was a warning before this, from the hub code, when reading from
this device as well.  Perhaps this is just a side affect of the real
memory corruption issue somewhere else?

Bisection would be nice, but I'm placing odds on this always being an
issue here in this driver code...

thanks for the report.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ