lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 2 May 2022 17:24:01 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     open list <linux-kernel@...r.kernel.org>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Cc:     Shuah Khan <shuah@...nel.org>,
        Anders Roxell <anders.roxell@...aro.org>,
        Marco Elver <elver@...gle.com>,
        Kees Cook <keescook@...gle.com>, decot@...glers.com,
        "Tobin C. Harding" <tobin@...nel.org>
Subject: [arm] lib: bitmap.sh: BUG: KFENCE: out-of-bounds read in _find_next_bit_le+0x10/0x48

Following kernel BUG KFENCE noticed on qemu_arm while testing lib: bitmap.sh
with kselftest merge config build image [1] & [2].

metadata:
  git_ref: master
  git_repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline
  git_sha: 672c0c5173427e6b3e2a9bbb7be51ceeec78093a
  git_describe: v5.18-rc5
  kernel_version: 5.18.0-rc5
  kernel-config: https://builds.tuxbuild.com/28a2wdk3XzmLVGqD5njLS4uX1tm/config
  artifact-location: https://builds.tuxbuild.com/28a2wdk3XzmLVGqD5njLS4uX1tm
  toolchain: gcc-10


Test log:
---------
# selftests: lib: bitmap.sh
[   36.266913] test_bitmap: loaded.
[   36.269151] test_bitmap: parselist: 14: input is '0-2047:128/256'
OK, Time: 4600
[   36.273024] ==================================================================
[   36.275942] BUG: KFENCE: out-of-bounds read in _find_next_bit_le+0x10/0x48
[   36.275942]
[   36.279808] Out-of-bounds read at 0x9ec8e937 (4096B right of kfence-#29):
[   36.283046]  _find_next_bit_le+0x10/0x48
[   36.285030]
[   36.285816] kfence-#29: 0xf28dd28d-0x0b305c8e, size=4096, cache=kmalloc-4k
[   36.285816]
[   36.289807] allocated by task 498 on cpu 1 at 36.272960s:
[   36.292432]  test_bitmap_printlist+0x2c/0x13c [test_bitmap]
[   36.295174]  test_bitmap_init+0x5c/0xefc [test_bitmap]
[   36.297709]  do_one_initcall+0x70/0x330
[   36.299605]  do_init_module+0x4c/0x26c
[   36.301484]  sys_finit_module+0xdc/0x138
[   36.303452]  ret_fast_syscall+0x0/0x1c
[   36.305294]  0xbebec788
[   36.306516]
[   36.307264] CPU: 1 PID: 498 Comm: modprobe Not tainted 5.18.0-rc5 #1
[   36.310304] Hardware name: Generic DT based system
[   36.312658] ==================================================================
[   36.316609] test_bitmap: bitmap_print_to_pagebuf: input is '0-32767
[   36.316609] ', Time: 43635540
[   36.333605] test_bitmap: all 1945 tests passed
[   36.360116] test_bitmap: unloaded.
# bitmap: ok

Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>

--
Linaro LKFT
https://lkft.linaro.org

[1] https://lkft.validation.linaro.org/scheduler/job/4975877#L995
[2] https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v5.18-rc5/testrun/9320073/suite/linux-log-parser/test/check-kernel-bug-4975877/log

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ