lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <f26b1e6f-f3fc-191b-e613-c0b5748e26ef@gmail.com>
Date:   Wed, 22 Dec 2021 14:36:12 +0000
From:   "Colin King (gmail)" <colin.i.king@...il.com>
To:     linux-alpha@...r.kernel.org
Cc:     Richard Henderson <rth@...ddle.net>,
        Ivan Kokshaysky <ink@...assic.park.msu.ru>,
        Matt Turner <mattst88@...il.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: kernel oops when reading /proc/bus/pci/00/01.00 with odd size and odd
 alignment

Hi,

While testing the Alpha kernel with stress-ng procfs test I found that 
misaligned odd reads cause an oops. I was able to figure out a simple 
reproducer as follows:

dd seek=1 if=/proc/bus/pci/00/01.0 of=/dev/zero bs=5


[ 2013.722601] Unable to handle kernel paging request at virtual address 
0000000000000004
[ 2013.722601] dd(1195): Oops -1
[ 2013.722601] pc = [<0000000000000004>]  ra = [<fffffc00014fd634>]  ps 
= 0000    Tainted: G      D     E
[ 2013.722601] pc is at 0x4
[ 2013.722601] ra is at proc_bus_pci_read+0x244/0x3d0
[ 2013.722601] v0 = 0000000000000000  t0 = 0000000009080000  t1 = 
0000000000000000
[ 2013.722601] t2 = 0000000009080000  t3 = 0000000000000000  t4 = 
fffffc0006c43f08
[ 2013.722601] t5 = 0000000000000011  t6 = 0000000000000012  t7 = 
fffffc0006c40000
[ 2013.722601] s0 = fffffc0000967000  s1 = 0000000000000005  s2 = 
000000012002a005
[ 2013.722601] s3 = 000000012002a001  s4 = 0000000000000010  s5 = 
0000000000000000
[ 2013.722601] s6 = ffffffffdffd600f
[ 2013.722601] a0 = 0000000000000000  a1 = fffffd01fe000810  a2 = 
0000000000000010
[ 2013.722601] a3 = 0000000000000004  a4 = fffffc0006c43dd8  a5 = 
fffffc0003c05dd8
[ 2013.722601] t8 = 0000000000000001  t9 = 0000000000000001  t10= 
000000012002e058
[ 2013.722601] t11= 000000012002e058  pv = fffffc0001023650  at = 
0000000010a8b186
[ 2013.726508] gp = fffffc00025197f8  sp = 00000000d1f90b3a
[ 2013.726508] Trace:
[ 2013.726508] [<fffffc00012d39e8>] proc_reg_read+0xc8/0x140
[ 2013.727484] [<fffffc000120ed58>] vfs_read+0xd8/0x220
[ 2013.727484] [<fffffc000120ed14>] vfs_read+0x94/0x220
[ 2013.727484] [<fffffc00010110ec>] entMM+0x9c/0xc0
[ 2013.727484] [<fffffc000120f274>] ksys_read+0x84/0x130
[ 2013.728461] [<fffffc000101149c>] entSys+0xac/0xc0

[ 2013.728461] Code:
[ 2013.728461]  00000000
[ 2013.728461]  00063301
[ 2013.728461]  000012c8
[ 2013.729437]  00001111
[ 2013.729437]  0003fac6

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ