lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202210110948.26b43120-yujie.liu@intel.com>
Date:   Tue, 11 Oct 2022 11:45:56 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Kees Cook <keescook@...omium.org>
CC:     <lkp@...ts.01.org>, <lkp@...el.com>,
        <linux-kernel@...r.kernel.org>, <linux-hardening@...r.kernel.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>
Subject: [fortify] 54d9469bc5: WARNING:at_fs/nfs/namespace.c:#nfs_d_automount

Please be noted that we have reported similar cases:

[fortify] 728833277d: WARNING:at_net/netlink/af_netlink.c:#netlink_ack
https://lore.kernel.org/all/202209071317.245c5751-oliver.sang@intel.com/

[fortify] 54d9469bc5: WARNING:at_net/wireless/wext-core.c:#wireless_send_event
https://lore.kernel.org/all/202210110943.6f16f1ea-yujie.liu@intel.com

Not sure if this is a new case that triggers the warning, so we send
this report FYI. Thanks.


Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: 54d9469bc515dc5fcbc20eecbe19cea868b70d68 ("fortify: Add run-time WARN for cross-field memcpy()")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

in testcase: fsmark
version: fsmark-x86_64-698ee57-1_20220517
with following parameters:

	iterations: 1x
	disk: 1SSD
	nr_threads: 1t
	fs: xfs
	filesize: 8K
	test_size: 60G
	sync_method: NoSync
	cpufreq_governor: performance
	fs2: nfsv4

test-description: The fsmark is a file system benchmark to test synchronous write workloads, for example, mail servers workload.
test-url: https://sourceforge.net/projects/fsmark/

on test machine: 144 threads 4 sockets Intel(R) Xeon(R) Gold 5318H CPU @ 2.50GHz (Cooper Lake) with 128G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[   57.251347][ T4357] ------------[ cut here ]------------
[   57.256986][ T4357] memcpy: detected field-spanning write (size 28) of single field "&ctx->nfs_server.address" at fs/nfs/namespace.c:178 (size 16)
[   57.270700][ T4357] WARNING: CPU: 77 PID: 4357 at fs/nfs/namespace.c:178 nfs_d_automount+0x23e/0x2c0
[   57.280121][ T4357] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfsd auth_rpcgss xfs dm_mod ipmi_ssif intel_rapl_msr intel_rapl_common btrfs blake2b_generic xor raid6_pq zstd_compress libcrc32c ast nvme drm_vram_helper drm_ttm_helper nvme_core ttm skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel rapl intel_cstate drm_kms_helper t10_pi ahci syscopyarea sysfillrect crc64_rocksoft_generic intel_uncore libahci sysimgblt crc64_rocksoft mei_me crc64 ioatdma fb_sys_fops joydev acpi_ipmi libata mei intel_pch_thermal dca wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_pad acpi_power_meter drm fuse ip_tables
[   57.345010][ T4357] CPU: 77 PID: 4357 Comm: mount.nfs Tainted: G        W          6.0.0-rc2-00009-g54d9469bc515 #1
[   57.355769][ T4357] RIP: 0010:nfs_d_automount+0x23e/0x2c0
[   57.361510][ T4357] Code: 10 00 00 00 4c 89 ee 4c 89 04 24 48 c7 c2 38 46 57 82 48 c7 c7 48 74 52 82 4c 89 4c 24 08 c6 05 df 37 86 01 01 e8 1d 4f 7a 00 <0f> 0b 4c 8b 4c 24 08 4c 8b 04 24 e9 c8 fe ff ff 49 c7 c4 f4 ff ff
[   57.381643][ T4357] RSP: 0018:ffffc9000d4c3b20 EFLAGS: 00010282
[   57.387906][ T4357] RAX: 0000000000000000 RBX: 000000000007a120 RCX: 0000000000000000
[   57.396080][ T4357] RDX: ffff88885fde6a30 RSI: ffff88885fddb700 RDI: ffff88885fddb700
[   57.404250][ T4357] RBP: ffff8881d2858000 R08: 0000000000000000 R09: 00000000fffeffff
[   57.412425][ T4357] R10: ffffc9000d4c39c0 R11: ffff88a07ffc57a8 R12: ffff888107e0e800
[   57.420598][ T4357] R13: 000000000000001c R14: ffff888107e37000 R15: ffff888107e0d000
[   57.428765][ T4357] FS:  00007f409f91d840(0000) GS:ffff88885fdc0000(0000) knlGS:0000000000000000
[   57.437890][ T4357] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.444676][ T4357] CR2: 00007f409f913003 CR3: 00000001aaec8003 CR4: 00000000007706e0
[   57.452840][ T4357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.461001][ T4357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.469157][ T4357] PKRU: 55555554
[   57.472888][ T4357] Call Trace:
[   57.476354][ T4357]  <TASK>
[   57.479467][ T4357]  __traverse_mounts+0x8c/0x240
[   57.484485][ T4357]  step_into+0x1de/0x380
[   57.488891][ T4357]  path_lookupat+0x6e/0x1c0
[   57.493552][ T4357]  filename_lookup+0xcf/0x200
[   57.498376][ T4357]  ? kmem_cache_alloc+0x162/0x300
[   57.503555][ T4357]  vfs_path_lookup+0x51/0xc0
[   57.508288][ T4357]  mount_subtree+0xa1/0x180
[   57.512934][ T4357]  ? kmem_cache_alloc_trace+0x15a/0x2c0
[   57.518623][ T4357]  do_nfs4_mount+0x20b/0x3c0 [nfsv4]
[   57.524060][ T4357]  nfs4_try_get_tree+0x47/0xc0 [nfsv4]
[   57.529665][ T4357]  vfs_get_tree+0x22/0xc0
[   57.534129][ T4357]  do_new_mount+0x17a/0x300
[   57.538749][ T4357]  __x64_sys_mount+0x107/0x140
[   57.543639][ T4357]  do_syscall_64+0x38/0xc0
[   57.548169][ T4357]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.554172][ T4357] RIP: 0033:0x7f409fcf36ea
[   57.558690][ T4357] Code: 48 8b 0d a9 17 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 76 17 0d 00 f7 d8 64 89 01 48
[   57.578648][ T4357] RSP: 002b:00007fffee80d348 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   57.587173][ T4357] RAX: ffffffffffffffda RBX: 00007fffee80d4a0 RCX: 00007f409fcf36ea
[   57.595264][ T4357] RDX: 000055868be78ba0 RSI: 000055868be78b80 RDI: 000055868be78bc0
[   57.603355][ T4357] RBP: 000055868be7b8b0 R08: 000055868be7bf80 R09: 000055868be7bf80
[   57.611442][ T4357] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   57.619524][ T4357] R13: 000055868be7b220 R14: 00007fffee80d398 R15: 000000000000001c
[   57.627605][ T4357]  </TASK>
[   57.630728][ T4357] ---[ end trace 0000000000000000 ]---


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/all/202210110948.26b43120-yujie.liu@intel.com


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config-6.0.0-rc2-00009-g54d9469bc515" of type "text/plain" (163956 bytes)

View attachment "job-script" of type "text/plain" (8559 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (37580 bytes)

View attachment "fsmark" of type "text/plain" (820 bytes)

View attachment "job.yaml" of type "text/plain" (5696 bytes)

View attachment "reproduce" of type "text/plain" (968 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ