| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Jul 2023 14:03:46 +0530
From: Naresh Kamboju <naresh.kamboju@...aro.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: stable@...r.kernel.org, patches@...ts.linux.dev,
linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
akpm@...ux-foundation.org, linux@...ck-us.net, shuah@...nel.org,
patches@...nelci.org, lkft-triage@...ts.linaro.org, pavel@...x.de,
jonathanh@...dia.com, f.fainelli@...il.com,
sudipm.mukherjee@...il.com, srw@...dewatkins.net, rwarsow@....de,
conor@...nel.org
Subject: Re: [PATCH 6.4 00/31] 6.4.1-rc3 review
On Fri, 30 Jun 2023 at 13:03, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.4.1 release.
> There are 31 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 02 Jul 2023 07:20:45 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.4.1-rc3.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@...aro.org>
NOTE:
1) Following kernel BUG noticed while booting and running KASAN /
KFENCE testing on
qemu-arm64 and qemu-x86_64. This is always reproducible.
Boot log:
=========
<6>[ 508.503587] KTAP version 1
<6>[ 508.504164] # Subtest: input_core
<6>[ 508.505615] 1..3
<6>[ 508.514268] input: Test input device as /devices/virtual/input/input1
<3>[ 508.533860]
==================================================================
<3>[ 508.535501] BUG: KASAN: slab-use-after-free in input_free_device+0x20/0x74
<3>[ 508.537680] Read of size 1 at addr ffff0000c60dd548 by task
kunit_try_catch/471
<3>[ 508.539159]
<3>[ 508.540334] CPU: 1 PID: 471 Comm: kunit_try_catch Tainted: G
N 6.4.1-rc3 #1
<3>[ 508.542035] Hardware name: linux,dummy-virt (DT)
<3>[ 508.543528] Call trace:
<3>[ 508.544275] dump_backtrace+0x94/0x100
<3>[ 508.545430] show_stack+0x18/0x24
<3>[ 508.546378] dump_stack_lvl+0x48/0x60
<3>[ 508.547602] print_report+0xf8/0x5c0
<3>[ 508.548600] kasan_report+0x78/0xc0
<3>[ 508.549629] __asan_load1+0x60/0x6c
<3>[ 508.550799] input_free_device+0x20/0x74
<3>[ 508.551884] input_test_exit+0x2c/0x3c
<3>[ 508.553028] kunit_try_run_case+0x94/0x118
<3>[ 508.554249] kunit_generic_run_threadfn_adapter+0x30/0x4c
<3>[ 508.555496] kthread+0x1d4/0x1e4
<3>[ 508.556452] ret_from_fork+0x10/0x20
<3>[ 508.558125]
<3>[ 508.558816] Allocated by task 471:
<4>[ 508.559974] kasan_save_stack+0x2c/0x54
<4>[ 508.561120] kasan_set_track+0x2c/0x40
<4>[ 508.562131] kasan_save_alloc_info+0x24/0x34
<4>[ 508.563206] __kasan_kmalloc+0xa0/0xb8
<4>[ 508.564204] kmalloc_trace+0x54/0x68
<4>[ 508.565387] input_allocate_device+0x30/0x164
<4>[ 508.566523] input_test_init+0x94/0x1c4
<4>[ 508.567540] kunit_try_run_case+0x60/0x118
<4>[ 508.568615] kunit_generic_run_threadfn_adapter+0x30/0x4c
<4>[ 508.569927] kthread+0x1d4/0x1e4
<4>[ 508.570869] ret_from_fork+0x10/0x20
<3>[ 508.571923]
<3>[ 508.572538] Freed by task 471:
<4>[ 508.573365] kasan_save_stack+0x2c/0x54
<4>[ 508.574404] kasan_set_track+0x2c/0x40
<4>[ 508.575376] kasan_save_free_info+0x38/0x60
<4>[ 508.576452] __kasan_slab_free+0xe8/0x154
<4>[ 508.577537] __kmem_cache_free+0x194/0x360
<4>[ 508.578423] kfree+0x60/0x74
<4>[ 508.579332] input_dev_release+0x64/0x80
<4>[ 508.580610] device_release+0x94/0x10c
<4>[ 508.581712] kobject_put+0xe0/0x184
<4>[ 508.582682] put_device+0x14/0x24
<4>[ 508.583595] input_unregister_device+0x78/0x90
<4>[ 508.584664] input_test_exit+0x24/0x3c
<4>[ 508.585797] kunit_try_run_case+0x94/0x118
<4>[ 508.586839] kunit_generic_run_threadfn_adapter+0x30/0x4c
<4>[ 508.588072] kthread+0x1d4/0x1e4
<4>[ 508.589121] ret_from_fork+0x10/0x20
<3>[ 508.590175]
<3>[ 508.591009] The buggy address belongs to the object at ffff0000c60dd000
<3>[ 508.591009] which belongs to the cache kmalloc-2k of size 2048
<3>[ 508.593404] The buggy address is located 1352 bytes inside of
<3>[ 508.593404] freed 2048-byte region [ffff0000c60dd000, ffff0000c60dd800)
<3>[ 508.595234]
<3>[ 508.596225] The buggy address belongs to the physical page:
<4>[ 508.597748] page:00000000c20b6f30 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x1060d8
<4>[ 508.599925] head:00000000c20b6f30 order:3 entire_mapcount:0
nr_pages_mapped:0 pincount:0
<4>[ 508.601649] flags:
0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
<4>[ 508.603059] page_type: 0xffffffff()
<4>[ 508.604620] raw: 0bfffc0000010200 ffff0000c0002900
dead000000000122 0000000000000000
<4>[ 508.606267] raw: 0000000000000000 0000000080080008
00000001ffffffff 0000000000000000
<4>[ 508.607742] page dumped because: kasan: bad access detected
<3>[ 508.608610]
<3>[ 508.609452] Memory state around the buggy address:
<3>[ 508.611047] ffff0000c60dd400: fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb
<3>[ 508.612333] ffff0000c60dd480: fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb
<3>[ 508.613892] >ffff0000c60dd500: fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb
<3>[ 508.615057] ^
<3>[ 508.616277] ffff0000c60dd580: fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb
<3>[ 508.618324] ffff0000c60dd600: fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb
<3>[ 508.619628]
==================================================================
<4>[ 508.621915] Disabling lock debugging due to kernel taint
Links:
- https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.4.y/build/v6.4-32-g94976aa9d87c/testrun/18006002/suite/log-parser-boot/test/check-kernel-bug/log
- https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.4.y/build/v6.4-32-g94976aa9d87c/testrun/18006002/suite/log-parser-boot/tests/
2) Build warnings on x86 with KCSAN config enabled with clang 16 tool chain.
* x86_64, build
- clang-16-lkftconfig-kcsan-warnings
vmlinux.o: warning: objtool: ibt_selftest+0x14: sibling call from
callable instruction with modified stack frame
vmlinux.o: warning: objtool: ibt_selftest+0x1e: return with modified stack frame
vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x27: relocation to
!ENDBR: .text+0x1b63c6
vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x3d: relocation to
!ENDBR: .text+0x1b622c
Link:
- https://storage.tuxsuite.com/public/linaro/lkft/builds/2RurEsG9Cn0pVN7klR71yKdp57r/
## Build
* kernel: 6.4.1-rc3
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-6.4.y
* git commit: 94976aa9d87c63c78bc4d660382977fcf89d2921
* git describe: v6.4-32-g94976aa9d87c
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.4.y/build/v6.4-32-g94976aa9d87c/
## Test Regressions (compared to v6.4)
## Metric Regressions (compared to v6.4)
## Test Fixes (compared to v6.4)
## Metric Fixes (compared to v6.4)
## Test result summary
total: 188717, pass: 153596, fail: 3192, skip: 31929
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 145 total, 144 passed, 1 failed
* arm64: 54 total, 53 passed, 1 failed
* i386: 41 total, 40 passed, 1 failed
* mips: 30 total, 28 passed, 2 failed
* parisc: 4 total, 4 passed, 0 failed
* powerpc: 38 total, 36 passed, 2 failed
* riscv: 26 total, 25 passed, 1 failed
* s390: 16 total, 14 passed, 2 failed
* sh: 14 total, 12 passed, 2 failed
* sparc: 8 total, 8 passed, 0 failed
* x86_64: 46 total, 46 passed, 0 failed
## Test suites summary
* boot
* fwts
* kselftest-android
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-mincore
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-user_events
* kselftest-vDSO
* kselftest-watchdog
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* perf
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
Powered by blists - more mailing lists