lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230830-track-glutinous-39f536b4ced1@wendy>
Date:   Wed, 30 Aug 2023 11:26:37 +0100
From:   Conor Dooley <conor.dooley@...rochip.com>
To:     <jiajie.ho@...rfivetech.com>, <huan.feng@...rfivetech.com>
CC:     <herbert@...dor.apana.org.au>, <linux-kernel@...r.kernel.org>,
        <linux-crypto@...r.kernel.org>, <conor.dooley@...rochip.com>,
        <kernel@...il.dk>, <linux-riscv@...ts.infradead.org>,
        <davidlt@...osinc.com>
Subject: starfive crypto list_add corruption

Hi,

There's been a report on the irc fedora-riscv irc of list_add corruption
with the starfive crypto stuff:
	list_add corruption. next->prev should be prev (ffffffff02f65320), but was ffffffd8eef15848. (next=ffffffd8eef15840).
	------------[ cut here ]------------
	kernel BUG at lib/list_debug.c:29!
	Kernel BUG [#1]
	Modules linked in: jh7110_crypto spidev pcs_xpcs clk_starfive_jh7110_aon pinctrl_starfive_jh7110_aon clk_starfive_jh7110_stg crypto_engine phylink dw_mmc_starfive dw_mmc_pltfm clk_starfive_jh7110_vout phy_jh7110_pcie spi_
	pl022 clk_starfive_jh7110_isp dw_mmc phy_jh7110_usb i2c_designware_platform pinctrl_starfive_jh7110_sys i2c_designware_core sunrpc ip6_tables ip_tables i2c_dev fuse                                                                        
	CPU: 2 PID: 53 Comm: kworker/u8:2 Not tainted 6.5.0-next-20230829 #13
	Hardware name: StarFive VisionFive 2 v1.3B (DT)
	Workqueue: events_unbound deferred_probe_work_func
	epc : __list_add_valid_or_report+0x82/0x96
	 ra : __list_add_valid_or_report+0x82/0x96
	epc : ffffffff80640808 ra : ffffffff80640808 sp : ffffffc8002dbb10
	 gp : ffffffff81f9ea48 tp : ffffffd8c0ac3a00 t0 : ffffffff80c8f5fc
	 t1 : 0720072007200720 t2 : 206464615f747369 s0 : ffffffc8002dbb20
	 s1 : ffffffd8ecf11040 a0 : 0000000000000075 a1 : ffffffd8fdd71a48
	 a2 : ffffffd8fdd7e728 a3 : 0000000000000000 a4 : 0000000000000000
	 a5 : 0000000000000000 a6 : ffffffff81fc3818 a7 : 0000000000000034
	 s2 : ffffffd8eef15840 s3 : ffffffff02f65320 s4 : ffffffd8c02a3c10
	 s5 : ffffffd8ecf11178 s6 : ffffffd8ecf11150 s7 : ffffffff02f65250
	 s8 : ffffffff823953d8 s9 : ffffffff8109ba08 s10: ffffffd8c0154000
	 s11: ffffffd8c0b1c540 t3 : ffffffd8c0161f00 t4 : ffffffd8c0161f00
	 t5 : ffffffd8c0161000 t6 : ffffffc8002db918
	status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003
	[<ffffffff80640808>] __list_add_valid_or_report+0x82/0x96
	[<ffffffff02df646c>] starfive_cryp_probe+0x1e0/0x4bc [jh7110_crypto]
	[<ffffffff80835062>] platform_probe+0x5e/0xba
	[<ffffffff8083205c>] really_probe+0xa0/0x35a
	[<ffffffff80832398>] __driver_probe_device+0x82/0x140
	[<ffffffff8083248e>] driver_probe_device+0x38/0xb6
	[<ffffffff8083258e>] __device_attach_driver+0x82/0xe4
	[<ffffffff8082fe90>] bus_for_each_drv+0x72/0xc8
	[<ffffffff8083299e>] __device_attach+0x94/0x18a
	[<ffffffff80832c92>] device_initial_probe+0x1a/0x22
	[<ffffffff80830e9a>] bus_probe_device+0x96/0x98
	[<ffffffff80831c6a>] deferred_probe_work_func+0xb2/0x102
	[<ffffffff800542be>] process_one_work+0x18a/0x32a
	[<ffffffff80054fe2>] worker_thread+0x2fc/0x44a
	[<ffffffff8005e3e0>] kthread+0xc4/0xe4
	[<ffffffff80003c12>] ret_from_fork+0xe/0x20
	Code: 9002 86be 1517 0157 0513 b685 1097 0065 80e7 92a0 (9002) 1517 
	---[ end trace 0000000000000000 ]---
	Kernel panic - not syncing: Fatal exception in interrupt
	SMP: stopping secondary CPUs
	---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

I feel like this isn't the first report I saw, but the other might've
been for the equivalent driver in the vendor tree & I probably didn't
pay any attention to.

Thanks,
Conor.

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ