| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90f50994-3cc7-4f35-9fab-a62ac129a93d@suswa.mountain>
Date: Mon, 27 Nov 2023 11:38:49 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: oe-kbuild@...ts.linux.dev, Qi Hu <huqi@...ngson.cn>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
linux-kernel@...r.kernel.org, Huacai Chen <chenhuacai@...nel.org>
Subject: arch/loongarch/kernel/traps.c:407 die() warn: variable dereferenced
before check 'regs' (see line 401)
Hi Qi,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: d2da77f431ac49b5763b88751a75f70daa46296c
commit: 346dc929623cef70ff7832a4fa0ffd1b696e312a LoongArch: Fix the write_fcsr() macro
config: loongarch-randconfig-r071-20231126 (https://download.01.org/0day-ci/archive/20231127/202311270400.2cHw6Jsv-lkp@intel.com/config)
compiler: loongarch64-linux-gcc (GCC) 13.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231127/202311270400.2cHw6Jsv-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <error27@...il.com>
| Closes: https://lore.kernel.org/r/202311270400.2cHw6Jsv-lkp@intel.com/
New smatch warnings:
arch/loongarch/kernel/traps.c:407 die() warn: variable dereferenced before check 'regs' (see line 401)
vim +/regs +407 arch/loongarch/kernel/traps.c
0603839b18f4fb Huacai Chen 2022-05-31 385 void __noreturn die(const char *str, struct pt_regs *regs)
0603839b18f4fb Huacai Chen 2022-05-31 386 {
0603839b18f4fb Huacai Chen 2022-05-31 387 static int die_counter;
0603839b18f4fb Huacai Chen 2022-05-31 388 int sig = SIGSEGV;
0603839b18f4fb Huacai Chen 2022-05-31 389
0603839b18f4fb Huacai Chen 2022-05-31 390 oops_enter();
0603839b18f4fb Huacai Chen 2022-05-31 391
0603839b18f4fb Huacai Chen 2022-05-31 392 if (notify_die(DIE_OOPS, str, regs, 0, current->thread.trap_nr,
0603839b18f4fb Huacai Chen 2022-05-31 393 SIGSEGV) == NOTIFY_STOP)
0603839b18f4fb Huacai Chen 2022-05-31 394 sig = 0;
0603839b18f4fb Huacai Chen 2022-05-31 395
0603839b18f4fb Huacai Chen 2022-05-31 396 console_verbose();
0603839b18f4fb Huacai Chen 2022-05-31 397 raw_spin_lock_irq(&die_lock);
0603839b18f4fb Huacai Chen 2022-05-31 398 bust_spinlocks(1);
0603839b18f4fb Huacai Chen 2022-05-31 399
0603839b18f4fb Huacai Chen 2022-05-31 400 printk("%s[#%d]:\n", str, ++die_counter);
0603839b18f4fb Huacai Chen 2022-05-31 @401 show_registers(regs);
^^^^
Dereferenced
0603839b18f4fb Huacai Chen 2022-05-31 402 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
0603839b18f4fb Huacai Chen 2022-05-31 403 raw_spin_unlock_irq(&die_lock);
0603839b18f4fb Huacai Chen 2022-05-31 404
0603839b18f4fb Huacai Chen 2022-05-31 405 oops_exit();
0603839b18f4fb Huacai Chen 2022-05-31 406
4e62d1d86585e1 Youling Tang 2022-10-12 @407 if (regs && kexec_should_crash(current))
^^^^
Checked too late
4e62d1d86585e1 Youling Tang 2022-10-12 408 crash_kexec(regs);
4e62d1d86585e1 Youling Tang 2022-10-12 409
0603839b18f4fb Huacai Chen 2022-05-31 410 if (in_interrupt())
0603839b18f4fb Huacai Chen 2022-05-31 411 panic("Fatal exception in interrupt");
0603839b18f4fb Huacai Chen 2022-05-31 412
0603839b18f4fb Huacai Chen 2022-05-31 413 if (panic_on_oops)
0603839b18f4fb Huacai Chen 2022-05-31 414 panic("Fatal exception");
0603839b18f4fb Huacai Chen 2022-05-31 415
0603839b18f4fb Huacai Chen 2022-05-31 416 make_task_dead(sig);
0603839b18f4fb Huacai Chen 2022-05-31 417 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists