| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 09 Sep 2022 14:24:31 +0200
From: Sven Schnelle <svens@...ux.ibm.com>
To: Yury Norov <yury.norov@...il.com>
Cc: Valentin Schneider <vschneid@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org,
Alexey Klimov <klimov.linux@...il.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Andy Whitcroft <apw@...onical.com>,
Catalin Marinas <catalin.marinas@....com>,
David Laight <David.Laight@...lab.com>,
Dennis Zhou <dennis@...nel.org>,
Guenter Roeck <linux@...ck-us.net>,
Kees Cook <keescook@...omium.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Russell King <linux@...linux.org.uk>
Subject: Re: [PATCH v3 3/4] lib/find_bit: optimize find_next_bit() functions
Hi Yury,
Yury Norov <yury.norov@...il.com> writes:
> On Wed, Sep 07, 2022 at 05:27:08PM +0100, Valentin Schneider wrote:
>> On 27/08/22 10:58, Yury Norov wrote:
>> > +#define FIND_NEXT_BIT(FETCH, MUNGE, size, start) \
>> > +({ \
>> > + unsigned long mask, idx, tmp, sz = (size), __start = (start); \
>> > + \
>> > + if (unlikely(__start >= sz)) \
>> > + goto out; \
>> > + \
>> > + mask = MUNGE(BITMAP_FIRST_WORD_MASK(__start)); \
>> > + idx = __start / BITS_PER_LONG; \
>> > + \
>> > + for (tmp = (FETCH) & mask; !tmp; tmp = (FETCH)) { \
>> > + if (idx > sz / BITS_PER_LONG) \
>>
>> Does that want to be
>
> Yes, I already fixed this.
>
>> if (idx + 1 >= sz / BITS_PER_LONG)
>>
>> ?
Did you push that already? We're still seeing crashes in CI, and the
'idx + 1' doesnt seem to be in next-20220908. Adding it makes the
out-of-bound access go away, but the kernel will crash later in the
block mq code:
[ 0.760803] NET: Registered PF_PACKET protocol family
[ 0.760808] bridge: filtering via arp/ip/ip6tables is no longeravailable by default. Update your scripts to load br_netfilter if youneed this.
[ 0.760938] Key type dns_resolver registered
[ 0.760967] cio: Channel measurement facility initialized using format extended (mode autodetected)
[ 0.761789] dasd-eckd 0.0.3850: A channel path to the device has become operational
[ 0.762577] dasd-eckd 0.0.3850: A channel path to the device has become operational
[ 0.772623] dasd-eckd 0.0.3850: New DASD 3390/0C (CU 3990/01) with 30051 cylinders, 15 heads, 224 sectors
[ 0.806105] dasd-eckd 0.0.3850: DASD with 4 KB/block, 21636720 KB total size, 48 KB/track, compatible disk layout
[ 0.806131] Unable to handle kernel pointer dereference in virtual kernel address space
[ 0.806132] Failing address: fffffffffffff000 TEID: fffffffffffff803
[ 0.806134] Fault in home space mode while using kernel ASCE.
[ 0.806137] AS:0000000001f14007 R3:0000000081360007 S:0000000000000020
[ 0.806154] Oops: 0038 ilc:2 [#1] SMP
[ 0.806333] Modules linked in:
[ 0.806337] CPU: 0 PID: 42 Comm: kworker/0:3 Not tainted 6.0.0-rc4-next-20220908-dirty #463
[ 0.806339] Hardware name: IBM 3906 M04 704 (z/VM 7.1.0)
[ 0.806340] Workqueue: events do_kick_device
[ 0.806344] Krnl PSW : 0704c00180000000 0000000000811ee4 (blk_rq_merge_ok+0x1c/0x120)
[ 0.806362] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[ 0.806368] Krnl GPRS: 8000000000000001 00000000018461e0 ffffffffffffffb8 0000000080ac6200
[ 0.806379] 00000000ffffbfff 00000000fee80000 0000000001fbe4a8 00000000822cbda0
[ 0.806387] 0000000000000008 0000000080ac6200 000003ff7f842108 ffffffffffffffb8
[ 0.806390] 00000000822aa100 00000380003b78d0 00000380003b7590 00000380003b7550
[ 0.806413] Krnl Code: 0000000000811ed4: b90400ef lgr %r14,%r15
[ 0.806413] 0000000000811ed8: e3f0ffc0ff71 lay %r15,-64(%r15)
[ 0.806413] #0000000000811ede: e3e0f0980024 stg %r14,152(%r15)
[ 0.806413] >0000000000811ee4: 58102018 l %r1,24(%r2)
[ 0.806413] 0000000000811ee8: 4210f0a7 stc %r1,167(%r15)
[ 0.806413] 0000000000811eec: ec4138bf0055 risbg %r4,%r1,56,191,0
[ 0.806413] 0000000000811ef2: b90400b2 lgr %r11,%r2
[ 0.806413] 0000000000811ef6: b90400a3 lgr %r10,%r3
[ 0.806427] Call Trace:
[ 0.806431] [<0000000000811ee4>] blk_rq_merge_ok+0x1c/0x120
[ 0.806470] [<0000000000d07a5a>] blk_bio_list_merge+0x7a/0xd0
[ 0.806474] [<0000000000820456>] blk_mq_sched_bio_merge+0xde/0x150
[ 0.806478] [<0000000000815110>] blk_mq_get_new_requests+0x88/0x190
[ 0.806481] [<000000000081a346>] blk_mq_submit_bio+0x286/0x438
[ 0.806484] [<00000000008090d2>] __submit_bio+0x12a/0x1d8
[ 0.806498] [<0000000000809738>] submit_bio_noacct_nocheck+0xa0/0xf8
[ 0.806502] [<000000000047e02e>] submit_bh_wbc+0x16e/0x1b0
[ 0.806505] [<0000000000481384>] block_read_full_folio+0x2ec/0x400
[ 0.806508] [<0000000000348518>] filemap_read_folio+0x38/0xc8
[ 0.806512] [<000000000034998e>] do_read_cache_folio+0x13e/0x1e8
[ 0.806516] [<0000000000349a60>] read_cache_folio+0x28/0x38
[ 0.806520] [<0000000000826d56>] read_part_sector+0x5e/0xe8
[ 0.806524] [<0000000000828ed4>] read_lba+0xb4/0x170
[ 0.806528] [<00000000008294d6>] find_valid_gpt.constprop.0+0xde/0x568
[ 0.806532] [<0000000000829c92>] efi_partition+0x332/0x398
[ 0.806559] [<0000000000826586>] check_partition+0x12e/0x248
[ 0.806567] [<0000000000826a1c>] bdev_disk_changed.part.0+0xcc/0x378
[ 0.806578] [<0000000000ca8016>] dasd_scan_partitions+0x76/0x120
[ 0.806582] [<0000000000ca1018>] dasd_change_state+0x310/0x3a0
[ 0.806584] [<0000000000ca10e8>] do_kick_device+0x40/0xc8
[ 0.806587] [<0000000000174ae0>] process_one_work+0x200/0x458
[ 0.806591] [<000000000017526e>] worker_thread+0x66/0x480
[ 0.806594] [<000000000017cf98>] kthread+0x108/0x110
[ 0.806596] [<0000000000103354>] __ret_from_fork+0x3c/0x58
[ 0.806600] [<0000000000d1eb0a>] ret_from_fork+0xa/0x40
[ 0.806604] Last Breaking-Event-Address:
[ 0.806606] [<0000000000d07a54>] blk_bio_list_merge+0x74/0xd0
[ 0.806610] Kernel panic - not syncing: Fatal exception: panic_on_oops
Reverting the 'lib/find_bit: optimize find_next_bit() functions' patch
'fixes' these issues.
Regards
Sven
Powered by blists - more mailing lists