lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20241015165539.35fb42b8@yea>
Date: Tue, 15 Oct 2024 16:55:39 +0200
From: Erhard Furtner <erhard_f@...lbox.org>
To: linux-kernel@...r.kernel.org, linux@...inikbrodowski.net,
 max8rr8@...il.com
Subject: Re: "WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461
 iounmap+0xda/0xe0" at initializing PCMCIA serial card (Thinkpad T60,
 v6.12-rc2)

On Wed, 9 Oct 2024 19:15:07 +0200
Erhard Furtner <erhard_f@...lbox.org> wrote:

> On kernel v6.12-rc2 this warning shows up when my PCMCIA serial card gets initialized on my Thinkpad T60:
> 
> [...]
> pcmcia_socket pcmcia_socket0: pccard: PCMCIA card inserted into slot 0
> pcmcia_socket pcmcia_socket0: cs: memory probe 0xe46d0000-0xe7ffffff:
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461 iounmap+0xda/0xe0
> Modules linked in:
> CPU: 0 UID: 0 PID: 67 Comm: pccardd Tainted: G        W          6.12.0-rc2-P3 #3
> Tainted: [W]=WARN
> Hardware name: LENOVO 2007F2G/2007F2G, BIOS 79ETE7WW (2.27 ) 03/21/2011
> EIP: iounmap+0xda/0xe0
> Code: c7 75 2b 89 f8 e8 6a 27 16 00 5e 5f 5b 5d 31 c0 31 c9 31 d2 c3 56 68 9c 8e 92 c9 e8 e8 c3 73 00 83 c4 08 e8 3c 33 74 00 eb e0 <0f> 0b eb dc 0f 0b 55 89 e5 56 89 c6 25 00 f0 ff ff 31 d2 b9 00 10
> EAX: f7dfe000 EBX: c1b7b578 ECX: 00000000 EDX: 00000000
> ESI: 00000000 EDI: c1a95e40 EBP: c1a95e10 ESP: c1a95e04
> DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286
> CR0: 80050033 CR2: ffbff000 CR3: 09b7c000 CR4: 000006f0
> Call Trace:
>  ? show_regs+0x4e/0x5c
>  ? __warn+0x87/0xdc
>  ? iounmap+0xda/0xe0
>  ? report_bug+0x94/0x108
>  ? exc_overflow+0x3c/0x3c
>  ? handle_bug+0x41/0x60
>  ? exc_invalid_op+0x17/0x40
>  ? handle_exception+0x101/0x101
>  ? exc_overflow+0x3c/0x3c
>  ? iounmap+0xda/0xe0
>  ? exc_overflow+0x3c/0x3c
>  ? iounmap+0xda/0xe0
>  readable+0x69/0xb8
>  ? do_mem_probe+0x190/0x190
>  do_validate_mem+0x8a/0x154
>  do_mem_probe+0xa8/0x190
>  ? do_mem_probe+0x190/0x190
>  pcmcia_nonstatic_validate_mem+0x45/0x80
>  ? do_mem_probe+0x190/0x190
>  ? readable+0xb8/0xb8
>  pcmcia_validate_mem+0x14/0x1c
>  pcmcia_card_add+0x3c/0xb0
>  pcmcia_bus_add+0x3a/0x44
>  socket_insert+0xc7/0xcc
>  pccardd+0x143/0x370
>  kthread+0xc4/0xd0
>  ? pcmcia_register_socket+0x28c/0x28c
>  ? kthread_blkcg+0x24/0x24
>  ? kthread_blkcg+0x24/0x24
>  ret_from_fork+0x31/0x3c
>  ret_from_fork_asm+0x12/0x18
>  entry_INT80_32+0xf0/0xf0
> ---[ end trace 0000000000000000 ]---
>  excluding 0xe4df4000-0xe5185fff 0xe5fce000-0xe635ffff 0xe6e16000-0xe71a7fff 0xe7ff0000-0xe8381fff
> pcmcia (null): pcmcia: registering new device pcmcia(null) (IRQ: 16)
> serial_cs 0.0: trying to set up [0x0279:0x950b] (pfc: 0, multi: 2, quirk: c980f7c0)
> 0.0: ttyS4 at I/O 0xa108 (irq = 16, base_baud = 115200) is a 16450
> [...]

I successfully bisected the issue back to:

 # git bisect bad
50c6dbdfd16e312382842198a7919341ad480e05 is the first bad commit
commit 50c6dbdfd16e312382842198a7919341ad480e05 (HEAD)
Author: Max Ramanouski <max8rr8@...il.com>
Date:   Sun Aug 25 01:01:11 2024 +0300

    x86/ioremap: Improve iounmap() address range checks
    
    Allowing iounmap() on memory that was not ioremap()'d in the first
    place is obviously a bad idea.  There is currently a feeble attempt to
    avoid errant iounmap()s by checking to see if the address is below
    "high_memory".  But that's imprecise at best because there are plenty
    of high addresses that are also invalid to call iounmap() on.
    
    Thankfully, there is a more precise helper: is_ioremap_addr().  x86
    just does not use it in iounmap().
    
    Restrict iounmap() to addresses in the ioremap region, by using
    is_ioremap_addr(). This aligns x86 closer to the generic iounmap()
    implementation.
    
    Additionally, add a warning in case there is an attempt to iounmap()
    invalid memory.  This replaces an existing silent return and will
    help alert folks to any incorrect usage of iounmap().
    
    Due to VMALLOC_START on i386 not being present in asm/pgtable.h,
    include for asm/vmalloc.h had to be added to include/linux/ioremap.h.
    
    [ dhansen: tweak subject and changelog ]
    
    Signed-off-by: Max Ramanouski <max8rr8@...il.com>
    Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
    Reviewed-by: Christoph Hellwig <hch@....de>
    Reviewed-by: Alistair Popple <apopple@...dia.com>
    Link: https://lore.kernel.org/all/20240824220111.84441-1-max8rr8%40gmail.com

 arch/x86/mm/ioremap.c   | 3 ++-
 include/linux/ioremap.h | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)


And indeed reverting 50c6dbdfd16e312382842198a7919341ad480e05 on top of v6.12-rc3 makes the warning disappear.

Regards,
Erhard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ