| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 May 2024 12:53:34 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Richard Fitzgerald <rf@...nsource.cirrus.com>
Cc: broonie@...nel.org, linux-kernel@...r.kernel.org,
patches@...nsource.cirrus.com
Subject: Re: [PATCH 04/11] regmap: kunit: Run sparse cache tests at non-zero
register addresses
Hi,
On Mon, Apr 08, 2024 at 03:45:53PM +0100, Richard Fitzgerald wrote:
> Run the cache_drop() and cache_present() tests at blocks of addresses
> that don't start at zero.
>
> This adds a from_reg parameter to struct regmap_test_param. This is
> used to set the base address of the register defaults created by
> gen_regmap().
>
> Extra entries are added to sparse_cache_types_list[] to test at non-zero
> from_reg values. The cache_drop() and cache_present() tests are updated
> to test at the given offset.
>
> The aim here is to add test cases to cache_drop() for the bug fixed by
> commit 00bb549d7d63 ("regmap: maple: Fix cache corruption in
> regcache_maple_drop()")
>
> But the same parameter table is used by the cache_present() test so
> let's also update that to use from_reg.
>
> Signed-off-by: Richard Fitzgerald <rf@...nsource.cirrus.com>
With this patch in mainline, I get lots of errors such as
[ 23.494308] =============================================================================
[ 23.496391] BUG kmalloc-64 (Tainted: G N): kmalloc Redzone overwritten
Bisect log and first of many backtraces attached for reference.
Guenter
---
# bad: [1b294a1f35616977caddaddf3e9d28e576a1adbc] Merge tag 'net-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
# good: [a5131c3fdf2608f1c15f3809e201cf540eb28489] Merge tag 'x86-shstk-2024-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect start '1b294a1f3561' 'a5131c3fdf26'
# good: [f8beae078c82abde57fed4a5be0bbc3579b59ad0] Merge tag 'gtp-24-05-07' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/gtp Pablo neira Ayuso says:
git bisect good f8beae078c82abde57fed4a5be0bbc3579b59ad0
# bad: [ce952d8f0e9b58dc6a2bde7e47ca7fa7925583cc] Merge tag 'gpio-updates-for-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
git bisect bad ce952d8f0e9b58dc6a2bde7e47ca7fa7925583cc
# good: [f952b6c863090464c148066df9f46cb3edd603da] Merge tag 'thermal-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good f952b6c863090464c148066df9f46cb3edd603da
# bad: [07bbfc6aba1efe332d9994b2995c9bea0cd3b25f] Merge tag 'regulator-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
git bisect bad 07bbfc6aba1efe332d9994b2995c9bea0cd3b25f
# good: [e573d27e18f8289454b6abb378de531374bd3cde] Merge branches 'acpi-tools', 'acpi-docs' and 'pnp'
git bisect good e573d27e18f8289454b6abb378de531374bd3cde
# good: [440f9d47dfac065a8da663adbc4b28703fdf550e] Merge branches 'pm-cpuidle', 'pm-sleep' and 'pm-powercap'
git bisect good 440f9d47dfac065a8da663adbc4b28703fdf550e
# good: [41b94bc6d96b9b046ef08114f057dcc6c52e28b6] iio: addac: ad74115: Use devm_regulator_get_enable_read_voltage()
git bisect good 41b94bc6d96b9b046ef08114f057dcc6c52e28b6
# bad: [991b5e2aad870828669ca105f424ef1b2534f820] regmap: kunit: Fix an NULL vs IS_ERR() check
git bisect bad 991b5e2aad870828669ca105f424ef1b2534f820
# bad: [ce75e06eea9cfdddaa0082cef663cf2d4aa5ed1d] regmap: kunit: Use a KUnit action to call regmap_exit()
git bisect bad ce75e06eea9cfdddaa0082cef663cf2d4aa5ed1d
# bad: [710915743d53d19a1baf0326302aa1f743ab018e] regmap: kunit: Run sparse cache tests at non-zero register addresses
git bisect bad 710915743d53d19a1baf0326302aa1f743ab018e
# good: [7b7982f14315e0f6910e13b22ed38a47144a83ec] regmap: kunit: Create a struct device for the regmap
git bisect good 7b7982f14315e0f6910e13b22ed38a47144a83ec
# good: [48bccea96fead1b212e19e38e50bf8e69287c45d] regmap: kunit: Introduce struct for test case parameters
git bisect good 48bccea96fead1b212e19e38e50bf8e69287c45d
# first bad commit: [710915743d53d19a1baf0326302aa1f743ab018e] regmap: kunit: Run sparse cache tests at non-zero register addresses
---
[ 23.494308] =============================================================================
[ 23.496391] BUG kmalloc-64 (Tainted: G N): kmalloc Redzone overwritten
[ 23.496900] -----------------------------------------------------------------------------
[ 23.496900]
[ 23.497510] 0xc69ee28b-0xc69ee28b @offset=651. First byte 0x0 instead of 0xcc
[ 23.498079] Allocated in __regmap_init_ram+0x30/0xa0 age=2 cpu=0 pid=1064
[ 23.499422] __kmalloc+0x270/0x378
[ 23.499783] __regmap_init_ram+0x30/0xa0
[ 23.500109] gen_regmap.constprop.0+0x144/0x198
[ 23.500440] stride+0x58/0x4e4
[ 23.500715] kunit_try_run_case+0x5c/0x1a4
[ 23.501016] kunit_generic_run_threadfn_adapter+0x1c/0x34
[ 23.501396] kthread+0xfc/0x120
[ 23.501682] ret_from_fork+0x14/0x24
[ 23.502030] Freed in pinctrl_free+0x9c/0x184 age=4 cpu=0 pid=10
[ 23.502450] pinctrl_free+0x9c/0x184
[ 23.502711] release_nodes+0x50/0x7c
[ 23.502985] devres_release_all+0x80/0xf0
[ 23.503265] device_unbind_cleanup+0xc/0x60
[ 23.503587] really_probe+0x188/0x2d0
[ 23.503890] __driver_probe_device+0x84/0x1a0
[ 23.504175] driver_probe_device+0x2c/0xc4
[ 23.504454] __device_attach_driver+0x94/0xc4
[ 23.504738] bus_for_each_drv+0x84/0xdc
[ 23.505003] __device_attach+0xac/0x1d8
[ 23.505268] bus_probe_device+0x8c/0x90
[ 23.505541] deferred_probe_work_func+0x8c/0xc0
[ 23.505822] process_one_work+0x260/0x6f8
[ 23.506100] worker_thread+0x178/0x3b0
[ 23.506373] kthread+0xfc/0x120
[ 23.506605] ret_from_fork+0x14/0x24
[ 23.506906] Slab 0xcbeacdc0 objects=21 used=19 fp=0xc69eec40 flags=0xa00(workingset|slab|zone=0)
[ 23.507770] Object 0xc69ee280 @offset=640 fp=0xc69ee100
[ 23.507770]
[ 23.508668] Redzone c69ee240: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.509138] Redzone c69ee250: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.509538] Redzone c69ee260: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.509935] Redzone c69ee270: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.510453] Object c69ee280: 01 00 01 00 01 00 01 00 01 00 01 00 cc cc cc cc ................
[ 23.510984] Object c69ee290: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.511488] Object c69ee2a0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.511857] Object c69ee2b0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 23.512268] Redzone c69ee2c0: cc cc cc cc ....
[ 23.512738] Padding c69ee2f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ
[ 23.513444] CPU: 0 PID: 1065 Comm: kunit_try_catch Tainted: G N 6.9.0-05151-g1b294a1f3561 #1
[ 23.514023] Hardware name: Freescale i.MX6 Ultralite (Device Tree)
[ 23.514542] Call trace:
[ 23.514722] unwind_backtrace from show_stack+0x10/0x14
[ 23.515298] show_stack from dump_stack_lvl+0x78/0xa8
[ 23.515621] dump_stack_lvl from check_bytes_and_report+0x110/0x12c
[ 23.515972] check_bytes_and_report from check_object+0x36c/0x3a8
[ 23.516310] check_object from free_to_partial_list+0x15c/0x5ec
[ 23.516647] free_to_partial_list from kfree+0x218/0x2cc
[ 23.516967] kfree from regmap_ram_free_context+0x18/0x2c
[ 23.517298] regmap_ram_free_context from regmap_exit+0x7c/0x148
[ 23.517650] regmap_exit from kunit_remove_resource+0xac/0xc4
[ 23.518001] kunit_remove_resource from kunit_cleanup+0x2c/0x5c
[ 23.518435] kunit_cleanup from kunit_generic_run_threadfn_adapter+0x1c/0x34
[ 23.518876] kunit_generic_run_threadfn_adapter from kthread+0xfc/0x120
[ 23.519305] kthread from ret_from_fork+0x14/0x24
[ 23.519764] Exception stack(0xd2541fb0 to 0xd2541ff8)
[ 23.520248] 1fa0: 00000000 00000000 00000000 00000000
[ 23.520717] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 23.521161] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 23.521753] Disabling lock debugging due to kernel taint
[ 23.522060] FIX kmalloc-64: Restoring kmalloc Redzone 0xc69ee28b-0xc69ee28b=0xcc
[ 23.522403] FIX kmalloc-64: Object at 0xc69ee280 not freed
Powered by blists - more mailing lists