lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 30 Dec 2022 15:14:29 +0000 (GMT)
From:   Holger Kiehl <Holger.Kiehl@....de>
To:     Kashyap Desai <kashyap.desai@...adcom.com>,
        Sumit Saxena <sumit.saxena@...adcom.com>,
        Shivasharan S <shivasharan.srikanteshwara@...adcom.com>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        megaraidlinux.pdl@...adcom.com, linux-scsi@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: memcpy: detected field-spanning write (size 128) of single field
 "&r1_cmd->io_request->SGL" at drivers/scsi/megaraid/megaraid_sas_fusion.c:3326
 (size 16)

Hello,

I am getting this at boot when filesystems are being mounted on all
systems with megaraid_sas:

          Starting File System Checkā€¦b5c5-42c7-93bc-06a5c05f0141...
[   25.705445] ------------[ cut here ]------------
[   25.718769] memcpy: detected field-spanning write (size 128) of single field "&r1_cmd->io_request->SGL" at drivers/scsi/megaraid/megaraid_sas_fusion.c:3326 (size 16)
[   25.751153] WARNING: CPU: 107 PID: 2741 at drivers/scsi/megaraid/megaraid_sas_fusion.c:3326 megasas_prepare_secondRaid1_IO+0x13d/0x150 [megaraid_sas]
[   25.783375] Modules linked in: sd_mod sg nvme nvme_core t10_pi crct10dif_pclmul crc32_pclmul crc32c_intel ahci crc64_rocksoft_generic ghash_clmulni_intel crc64_rocksoft ice libahci sha512_ssse3 bnxt_en crc64 sp5100_tco megaraid_sas
[   25.834579] CPU: 107 PID: 2741 Comm: fsck.ext4 Not tainted 6.1.1 #1
[   25.854737] Hardware name: Dell Inc. PowerEdge R7525/XXXXXX, BIOS 2.9.3 08/05/2022
[   25.872776] RIP: 0010:megasas_prepare_secondRaid1_IO+0x13d/0x150 [megaraid_sas]
[   25.891150] Code: 00 00 0f 85 2f ff ff ff b9 10 00 00 00 48 c7 c2 70 92 6f c0 4c 89 f6 48 c7 c7 c8 92 6f c0 c6 05 51 49 02 00 01 e8 fd 2a 3d d9 <0f> 0b e9 06 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44
[   25.931873] RSP: 0018:ffffa5588625f900 EFLAGS: 00010286
[   25.947337] RAX: 0000000000000000 RBX: ffff8df60693a180 RCX: 0000000000000000
[   25.966847] RDX: ffff8ff13e4ec700 RSI: ffff8ff13e4e0560 RDI: ffff8ff13e4e0560
[   25.985757] RBP: ffff8df60680e000 R08: 0000000000000000 R09: ffffffff9b184de0
[   26.012930] R10: 0000000000000001 R11: 0000000000000001 R12: ffffa5587374f058
[   26.035873] R13: ffff8df5f9470820 R14: 0000000000000080 R15: ffff8df6191b0750
[   26.054510] FS:  00007f8dac1e2780(0000) GS:ffff8ff13e4c0000(0000) knlGS:0000000000000000
[   26.073109] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.087901] CR2: 00007ffcd3263fe8 CR3: 00000100ad48e004 CR4: 0000000000770ee0
[   26.105898] PKRU: 55555554
[   26.118517] Call Trace:
[   26.130464]  <TASK>
[   26.144148]  megasas_build_and_issue_cmd_fusion+0x185/0x230 [megaraid_sas]
[   26.166138]  scsi_dispatch_cmd+0x8b/0x220
[   26.181020]  scsi_queue_rq+0x279/0x610
[   26.197569]  blk_mq_dispatch_rq_list+0x18b/0x690
[   26.216612]  __blk_mq_do_dispatch_sched+0xba/0x330
[   26.230539]  ? release_pages+0x15b/0x450
[   26.244164]  ? elv_attempt_insert_merge+0xbc/0x100
[   26.257915]  blk_mq_do_dispatch_sched+0x3b/0x70
[   26.271189]  __blk_mq_sched_dispatch_requests+0xf0/0x140
[   26.285749]  blk_mq_sched_dispatch_requests+0x34/0x60
[   26.299851]  __blk_mq_run_hw_queue+0x35/0x90
[   26.316085]  blk_mq_sched_insert_requests+0x6a/0x150
[   26.337224]  blk_mq_flush_plug_list+0x122/0x2f0
[   26.352449]  __blk_flush_plug+0x102/0x160
[   26.365502]  ? __wake_up_common_lock+0x8a/0xc0
[   26.379836]  blk_finish_plug+0x25/0x40
[   26.393678]  generic_writepages+0x5a/0x80
[   26.408024]  do_writepages+0xcf/0x1d0
[   26.422927]  filemap_fdatawrite_wbc+0x66/0x90
[   26.438551]  __filemap_fdatawrite_range+0x54/0x80
[   26.456288]  file_write_and_wait_range+0x43/0xa0
[   26.469451]  blkdev_fsync+0x14/0x40
[   26.481500]  __x64_sys_fsync+0x33/0x60
[   26.495285]  do_syscall_64+0x5c/0x90
[   26.509468]  ? ksys_write+0xab/0xe0
[   26.521848]  ? syscall_exit_to_user_mode+0x12/0x30
[   26.534957]  ? do_syscall_64+0x69/0x90
[   26.546588]  ? handle_mm_fault+0xee/0x2e0
[   26.557927]  ? do_user_addr_fault+0x1d6/0x690
[   26.569652]  ? exc_page_fault+0x5d/0x120
[   26.580668]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   26.597062] RIP: 0033:0x7f8dac32c067
[   26.608530] Code: ff ff ff ff eb b7 e8 38 82 01 00 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 4a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 6b f5 ff
[   26.641441] RSP: 002b:00007ffcd3266108 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
[   26.655857] RAX: ffffffffffffffda RBX: 000055f73742d400 RCX: 00007f8dac32c067
[   26.670764] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   26.685898] RBP: 00007ffcd3266170 R08: 0000000000000000 R09: 0000000000000000
[   26.702612] R10: 00000000000000c8 R11: 0000000000000246 R12: 0000000000000000
[   26.721338] R13: 00007ffcd3266178 R14: 000055f73742d1b0 R15: 000055f73742d1b0
[   26.739231]  </TASK>
[   26.748275] ---[ end trace 0000000000000000 ]---

Think this was introduced with kernel hardening code

    54d9469bc515 fortify: Add run-time WARN for cross-field memcpy()

CONFIG_FORTIFY_SOURCE=y, committed in 6.0-rc2 as mentioned in
https://bugzilla.kernel.org/show_bug.cgi?id=216563#c3

Regards,
Holger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ