| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Sep 2022 13:06:15 -0700 (PDT)
From: Palmer Dabbelt <palmer@...osinc.com>
To: xianting.tian@...ux.alibaba.com
CC: dan.carpenter@...cle.com, kbuild@...ts.01.org, lkp@...el.com,
kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
guoren@...nel.org
Subject: Re: arch/riscv/kernel/traps.c:48 die() warn: variable dereferenced before check 'regs' (see line 46)
On Thu, 11 Aug 2022 03:42:28 PDT (-0700), xianting.tian@...ux.alibaba.com wrote:
>
> 在 2022/8/11 下午6:33, Dan Carpenter 写道:
>> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>> head: f41445645ab5d172e6090d00c332c335d8dba337
>> commit: 3f1901110a89b0e2e13adb2ac8d1a7102879ea98 RISC-V: Add fast call path of crash_kexec()
>> config: riscv-randconfig-m031-20220810 (https://download.01.org/0day-ci/archive/20220811/202208110538.uaLOQmBs-lkp@intel.com/config)
>> compiler: riscv64-linux-gcc (GCC) 12.1.0
>>
>> If you fix the issue, kindly add following tag where applicable
>> Reported-by: kernel test robot <lkp@...el.com>
>> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>>
>> smatch warnings:
>> arch/riscv/kernel/traps.c:48 die() warn: variable dereferenced before check 'regs' (see line 46)
>>
>> vim +/regs +48 arch/riscv/kernel/traps.c
>>
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 31 void die(struct pt_regs *regs, const char *str)
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 32 {
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 33 static int die_counter;
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 34 int ret;
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 35
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 36 oops_enter();
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 37
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 38 spin_lock_irq(&die_lock);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 39 console_verbose();
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 40 bust_spinlocks(1);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 41
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 42 pr_emerg("%s [#%d]\n", str, ++die_counter);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 43 print_modules();
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 44 show_regs(regs);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 45
>> a4c3733d32a72f Christoph Hellwig 2019-10-28 @46 ret = notify_die(DIE_OOPS, str, regs, 0, regs->cause, SIGSEGV);
>> ^^^^^^^^^^^
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 47
>> 3f1901110a89b0 Xianting Tian 2022-06-06 @48 if (regs && kexec_should_crash(current))
>> ^^^^
>>
>> Delete this NULL check.
> thanks, I will send another fixup patch to fix the issue, is it OK?
You're always welcome to send fixes, but I didn't see anything so I just
sent along https://lore.kernel.org/r/20220920200037.6727-1-palmer@rivosinc.com/
>>
>> 3f1901110a89b0 Xianting Tian 2022-06-06 49 crash_kexec(regs);
>> 3f1901110a89b0 Xianting Tian 2022-06-06 50
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 51 bust_spinlocks(0);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 52 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 53 spin_unlock_irq(&die_lock);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 54 oops_exit();
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 55
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 56 if (in_interrupt())
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 57 panic("Fatal exception in interrupt");
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 58 if (panic_on_oops)
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 59 panic("Fatal exception");
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 60 if (ret != NOTIFY_STOP)
>> 0e25498f8cd43c Eric W. Biederman 2021-06-28 61 make_task_dead(SIGSEGV);
>> 76d2a0493a17d4 Palmer Dabbelt 2017-07-10 62 }
>>
Powered by blists - more mailing lists