lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5c1daddb-d8b3-420a-839f-208e0a6e168b@roeck-us.net>
Date: Thu, 16 May 2024 12:53:34 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Richard Fitzgerald <rf@...nsource.cirrus.com>
Cc: broonie@...nel.org, linux-kernel@...r.kernel.org,
	patches@...nsource.cirrus.com
Subject: Re: [PATCH 04/11] regmap: kunit: Run sparse cache tests at non-zero
 register addresses

Hi,

On Mon, Apr 08, 2024 at 03:45:53PM +0100, Richard Fitzgerald wrote:
> Run the cache_drop() and cache_present() tests at blocks of addresses
> that don't start at zero.
> 
> This adds a from_reg parameter to struct regmap_test_param. This is
> used to set the base address of the register defaults created by
> gen_regmap().
> 
> Extra entries are added to sparse_cache_types_list[] to test at non-zero
> from_reg values. The cache_drop() and cache_present() tests are updated
> to test at the given offset.
> 
> The aim here is to add test cases to cache_drop() for the bug fixed by
> commit 00bb549d7d63 ("regmap: maple: Fix cache corruption in
> regcache_maple_drop()")
> 
> But the same parameter table is used by the cache_present() test so
> let's also update that to use from_reg.
> 
> Signed-off-by: Richard Fitzgerald <rf@...nsource.cirrus.com>

With this patch in mainline, I get lots of errors such as

[   23.494308] =============================================================================
[   23.496391] BUG kmalloc-64 (Tainted: G                 N): kmalloc Redzone overwritten

Bisect log and first of many backtraces attached for reference.

Guenter

---
# bad: [1b294a1f35616977caddaddf3e9d28e576a1adbc] Merge tag 'net-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
# good: [a5131c3fdf2608f1c15f3809e201cf540eb28489] Merge tag 'x86-shstk-2024-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect start '1b294a1f3561' 'a5131c3fdf26'
# good: [f8beae078c82abde57fed4a5be0bbc3579b59ad0] Merge tag 'gtp-24-05-07' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/gtp Pablo neira Ayuso says:
git bisect good f8beae078c82abde57fed4a5be0bbc3579b59ad0
# bad: [ce952d8f0e9b58dc6a2bde7e47ca7fa7925583cc] Merge tag 'gpio-updates-for-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
git bisect bad ce952d8f0e9b58dc6a2bde7e47ca7fa7925583cc
# good: [f952b6c863090464c148066df9f46cb3edd603da] Merge tag 'thermal-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good f952b6c863090464c148066df9f46cb3edd603da
# bad: [07bbfc6aba1efe332d9994b2995c9bea0cd3b25f] Merge tag 'regulator-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
git bisect bad 07bbfc6aba1efe332d9994b2995c9bea0cd3b25f
# good: [e573d27e18f8289454b6abb378de531374bd3cde] Merge branches 'acpi-tools', 'acpi-docs' and 'pnp'
git bisect good e573d27e18f8289454b6abb378de531374bd3cde
# good: [440f9d47dfac065a8da663adbc4b28703fdf550e] Merge branches 'pm-cpuidle', 'pm-sleep' and 'pm-powercap'
git bisect good 440f9d47dfac065a8da663adbc4b28703fdf550e
# good: [41b94bc6d96b9b046ef08114f057dcc6c52e28b6] iio: addac: ad74115: Use devm_regulator_get_enable_read_voltage()
git bisect good 41b94bc6d96b9b046ef08114f057dcc6c52e28b6
# bad: [991b5e2aad870828669ca105f424ef1b2534f820] regmap: kunit: Fix an NULL vs IS_ERR() check
git bisect bad 991b5e2aad870828669ca105f424ef1b2534f820
# bad: [ce75e06eea9cfdddaa0082cef663cf2d4aa5ed1d] regmap: kunit: Use a KUnit action to call regmap_exit()
git bisect bad ce75e06eea9cfdddaa0082cef663cf2d4aa5ed1d
# bad: [710915743d53d19a1baf0326302aa1f743ab018e] regmap: kunit: Run sparse cache tests at non-zero register addresses
git bisect bad 710915743d53d19a1baf0326302aa1f743ab018e
# good: [7b7982f14315e0f6910e13b22ed38a47144a83ec] regmap: kunit: Create a struct device for the regmap
git bisect good 7b7982f14315e0f6910e13b22ed38a47144a83ec
# good: [48bccea96fead1b212e19e38e50bf8e69287c45d] regmap: kunit: Introduce struct for test case parameters
git bisect good 48bccea96fead1b212e19e38e50bf8e69287c45d
# first bad commit: [710915743d53d19a1baf0326302aa1f743ab018e] regmap: kunit: Run sparse cache tests at non-zero register addresses

---
[   23.494308] =============================================================================
[   23.496391] BUG kmalloc-64 (Tainted: G                 N): kmalloc Redzone overwritten
[   23.496900] -----------------------------------------------------------------------------
[   23.496900]
[   23.497510] 0xc69ee28b-0xc69ee28b @offset=651. First byte 0x0 instead of 0xcc
[   23.498079] Allocated in __regmap_init_ram+0x30/0xa0 age=2 cpu=0 pid=1064
[   23.499422]  __kmalloc+0x270/0x378
[   23.499783]  __regmap_init_ram+0x30/0xa0
[   23.500109]  gen_regmap.constprop.0+0x144/0x198
[   23.500440]  stride+0x58/0x4e4
[   23.500715]  kunit_try_run_case+0x5c/0x1a4
[   23.501016]  kunit_generic_run_threadfn_adapter+0x1c/0x34
[   23.501396]  kthread+0xfc/0x120
[   23.501682]  ret_from_fork+0x14/0x24
[   23.502030] Freed in pinctrl_free+0x9c/0x184 age=4 cpu=0 pid=10
[   23.502450]  pinctrl_free+0x9c/0x184
[   23.502711]  release_nodes+0x50/0x7c
[   23.502985]  devres_release_all+0x80/0xf0
[   23.503265]  device_unbind_cleanup+0xc/0x60
[   23.503587]  really_probe+0x188/0x2d0
[   23.503890]  __driver_probe_device+0x84/0x1a0
[   23.504175]  driver_probe_device+0x2c/0xc4
[   23.504454]  __device_attach_driver+0x94/0xc4
[   23.504738]  bus_for_each_drv+0x84/0xdc
[   23.505003]  __device_attach+0xac/0x1d8
[   23.505268]  bus_probe_device+0x8c/0x90
[   23.505541]  deferred_probe_work_func+0x8c/0xc0
[   23.505822]  process_one_work+0x260/0x6f8
[   23.506100]  worker_thread+0x178/0x3b0
[   23.506373]  kthread+0xfc/0x120
[   23.506605]  ret_from_fork+0x14/0x24
[   23.506906] Slab 0xcbeacdc0 objects=21 used=19 fp=0xc69eec40 flags=0xa00(workingset|slab|zone=0)
[   23.507770] Object 0xc69ee280 @offset=640 fp=0xc69ee100
[   23.507770]
[   23.508668] Redzone  c69ee240: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.509138] Redzone  c69ee250: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.509538] Redzone  c69ee260: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.509935] Redzone  c69ee270: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.510453] Object   c69ee280: 01 00 01 00 01 00 01 00 01 00 01 00 cc cc cc cc  ................
[   23.510984] Object   c69ee290: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.511488] Object   c69ee2a0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.511857] Object   c69ee2b0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
[   23.512268] Redzone  c69ee2c0: cc cc cc cc                                      ....
[   23.512738] Padding  c69ee2f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
[   23.513444] CPU: 0 PID: 1065 Comm: kunit_try_catch Tainted: G                 N 6.9.0-05151-g1b294a1f3561 #1
[   23.514023] Hardware name: Freescale i.MX6 Ultralite (Device Tree)
[   23.514542] Call trace:
[   23.514722]  unwind_backtrace from show_stack+0x10/0x14
[   23.515298]  show_stack from dump_stack_lvl+0x78/0xa8
[   23.515621]  dump_stack_lvl from check_bytes_and_report+0x110/0x12c
[   23.515972]  check_bytes_and_report from check_object+0x36c/0x3a8
[   23.516310]  check_object from free_to_partial_list+0x15c/0x5ec
[   23.516647]  free_to_partial_list from kfree+0x218/0x2cc
[   23.516967]  kfree from regmap_ram_free_context+0x18/0x2c
[   23.517298]  regmap_ram_free_context from regmap_exit+0x7c/0x148
[   23.517650]  regmap_exit from kunit_remove_resource+0xac/0xc4
[   23.518001]  kunit_remove_resource from kunit_cleanup+0x2c/0x5c
[   23.518435]  kunit_cleanup from kunit_generic_run_threadfn_adapter+0x1c/0x34
[   23.518876]  kunit_generic_run_threadfn_adapter from kthread+0xfc/0x120
[   23.519305]  kthread from ret_from_fork+0x14/0x24
[   23.519764] Exception stack(0xd2541fb0 to 0xd2541ff8)
[   23.520248] 1fa0:                                     00000000 00000000 00000000 00000000
[   23.520717] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   23.521161] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   23.521753] Disabling lock debugging due to kernel taint
[   23.522060] FIX kmalloc-64: Restoring kmalloc Redzone 0xc69ee28b-0xc69ee28b=0xcc
[   23.522403] FIX kmalloc-64: Object at 0xc69ee280 not freed

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ