| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3fd98d2a-2891-4579-bbdb-52c48c7b50ab@kernel.org> Date: Mon, 30 Sep 2024 12:33:42 +0200 From: Krzysztof Kozlowski <krzk@...nel.org> To: Jinjie Ruan <ruanjinjie@...wei.com>, s.nawrocki@...sung.com, cw00.choi@...sung.com, alim.akhtar@...sung.com, mturquette@...libre.com, sboyd@...nel.org, sunyeal.hong@...sung.com, linux-samsung-soc@...r.kernel.org, linux-clk@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] clk: samsung: Fix out-of-bound access of of_match_node() On 27/09/2024 12:21, Jinjie Ruan wrote: > Currently, there is no terminator entry for exynosautov920_cmu_of_match, > hence facing below KASAN warning, > > ================================================================== > BUG: KASAN: global-out-of-bounds in of_match_node+0x120/0x13c > Read of size 1 at addr ffffffe31cc9e628 by task swapper/0/1 > > CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0+ #334 > Hardware name: linux,dummy-virt (DT) > Call trace: > dump_backtrace+0x94/0xec > show_stack+0x18/0x24 > dump_stack_lvl+0x90/0xd0 > print_report+0x1f4/0x5b4 > kasan_report+0xc8/0x110 > __asan_report_load1_noabort+0x20/0x2c > of_match_node+0x120/0x13c > of_match_device+0x70/0xb4 > platform_match+0xa0/0x25c > __device_attach_driver+0x7c/0x2d4 > bus_for_each_drv+0x100/0x188 > __device_attach+0x174/0x364 > device_initial_probe+0x14/0x20 > bus_probe_device+0x128/0x158 > device_add+0xb3c/0x10fc > of_device_add+0xdc/0x150 > of_platform_device_create_pdata+0x120/0x20c > of_platform_bus_create+0x2bc/0x620 > of_platform_populate+0x58/0x108 > of_platform_default_populate_init+0x100/0x120 > do_one_initcall+0x110/0x788 > kernel_init_freeable+0x44c/0x61c > kernel_init+0x24/0x1e4 > ret_from_fork+0x10/0x20 > > The buggy address belongs to the variable: > exynosautov920_cmu_of_match+0xc8/0x2c80 > > The buggy address belongs to the virtual mapping at > [ffffffe31c7d0000, ffffffe31d700000) created by: > paging_init+0x424/0x60c > > The buggy address belongs to the physical page: > page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4349e > flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) > raw: 03fffe0000002000 fffffffec00d2788 fffffffec00d2788 0000000000000000 > raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > ffffffe31cc9e500: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 00 00 > ffffffe31cc9e580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > >ffffffe31cc9e600: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 > ^ > ffffffe31cc9e680: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 00 00 06 f9 > ffffffe31cc9e700: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 00 00 06 f9 > ================================================================== In the future, please the trim logs from entirely unrelated parts, like addresses. No need to resend for this. Best regards, Krzysztof
Powered by blists - more mailing lists