lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20241231163857.42bbbbb5@yea>
Date: Tue, 31 Dec 2024 16:38:57 +0100
From: Erhard Furtner <erhard_f@...lbox.org>
To: linux-kernel@...r.kernel.org, linux@...inikbrodowski.net, mail@...do.de
Cc: x86@...nel.org
Subject: Re: "WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461
 iounmap+0xda/0xe0" at initializing PCMCIA serial card (Thinkpad T60,
 v6.12-rc2)

On Wed, 9 Oct 2024 19:15:07 +0200
Erhard Furtner <erhard_f@...lbox.org> wrote:

> On kernel v6.12-rc2 this warning shows up when my PCMCIA serial card gets initialized on my Thinkpad T60:
> 
> [...]
> pcmcia_socket pcmcia_socket0: pccard: PCMCIA card inserted into slot 0
> pcmcia_socket pcmcia_socket0: cs: memory probe 0xe46d0000-0xe7ffffff:
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461 iounmap+0xda/0xe0
> Modules linked in:
> CPU: 0 UID: 0 PID: 67 Comm: pccardd Tainted: G        W          6.12.0-rc2-P3 #3
> Tainted: [W]=WARN
> Hardware name: LENOVO 2007F2G/2007F2G, BIOS 79ETE7WW (2.27 ) 03/21/2011
> EIP: iounmap+0xda/0xe0
> Code: c7 75 2b 89 f8 e8 6a 27 16 00 5e 5f 5b 5d 31 c0 31 c9 31 d2 c3 56 68 9c 8e 92 c9 e8 e8 c3 73 00 83 c4 08 e8 3c 33 74 00 eb e0 <0f> 0b eb dc 0f 0b 55 89 e5 56 89 c6 25 00 f0 ff ff 31 d2 b9 00 10
> EAX: f7dfe000 EBX: c1b7b578 ECX: 00000000 EDX: 00000000
> ESI: 00000000 EDI: c1a95e40 EBP: c1a95e10 ESP: c1a95e04
> DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286
> CR0: 80050033 CR2: ffbff000 CR3: 09b7c000 CR4: 000006f0
> Call Trace:
>  ? show_regs+0x4e/0x5c
>  ? __warn+0x87/0xdc
>  ? iounmap+0xda/0xe0
>  ? report_bug+0x94/0x108
>  ? exc_overflow+0x3c/0x3c
>  ? handle_bug+0x41/0x60
>  ? exc_invalid_op+0x17/0x40
>  ? handle_exception+0x101/0x101
>  ? exc_overflow+0x3c/0x3c
>  ? iounmap+0xda/0xe0
>  ? exc_overflow+0x3c/0x3c
>  ? iounmap+0xda/0xe0
>  readable+0x69/0xb8
>  ? do_mem_probe+0x190/0x190
>  do_validate_mem+0x8a/0x154
>  do_mem_probe+0xa8/0x190
>  ? do_mem_probe+0x190/0x190
>  pcmcia_nonstatic_validate_mem+0x45/0x80
>  ? do_mem_probe+0x190/0x190
>  ? readable+0xb8/0xb8
>  pcmcia_validate_mem+0x14/0x1c
>  pcmcia_card_add+0x3c/0xb0
>  pcmcia_bus_add+0x3a/0x44
>  socket_insert+0xc7/0xcc
>  pccardd+0x143/0x370
>  kthread+0xc4/0xd0
>  ? pcmcia_register_socket+0x28c/0x28c
>  ? kthread_blkcg+0x24/0x24
>  ? kthread_blkcg+0x24/0x24
>  ret_from_fork+0x31/0x3c
>  ret_from_fork_asm+0x12/0x18
>  entry_INT80_32+0xf0/0xf0
> ---[ end trace 0000000000000000 ]---
>  excluding 0xe4df4000-0xe5185fff 0xe5fce000-0xe635ffff 0xe6e16000-0xe71a7fff 0xe7ff0000-0xe8381fff
> pcmcia (null): pcmcia: registering new device pcmcia(null) (IRQ: 16)
> serial_cs 0.0: trying to set up [0x0279:0x950b] (pfc: 0, multi: 2, quirk: c980f7c0)
> 0.0: ttyS4 at I/O 0xa108 (irq = 16, base_baud = 115200) is a 16450
> [...]

This shows up on stable v6.12.x and on v6.13-rc too, so more people might get this warning.

I bisected the issue to "50c6dbdfd16e312382842198a7919341ad480e05 x86/ioremap: Improve iounmap() address range checks", realizing only later that the commit itself does not cause the issue but only imposes a more strict range check.

The commit message says "Restrict iounmap() to addresses in the ioremap region, by using
is_ioremap_addr(). This aligns x86 closer to the generic iounmap()
implementation. Additionally, add a warning in case there is an attempt to iounmap() invalid memory. This replaces an existing silent return and will help alert folks to any incorrect usage of iounmap()."

So technically speaking it's no regression but a hint that yenta_cardbus and other pcmcia drivers may have been checking a wrong range from the start. And it seems a general problem on x86.

In my case it's an ExSys EX-1352 PCMCIA RS-232 card, providing 2x serial ports as my Thinkpad T60 got none. Some data about the hardware:

 # lspci -s 15:00.0 -vv
15:00.0 CardBus bridge: Texas Instruments PCI1510 PC card Cardbus Controller
	Subsystem: Lenovo ThinkPad T60/R60 series
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 168, Cache Line Size: 32 bytes
	Interrupt: pin A routed to IRQ 16
	Region 0: Memory at e4300000 (32-bit, non-prefetchable) [size=4K]
	Bus: primary=15, secondary=16, subordinate=17, sec-latency=176
	Memory window 0: e0000000-e3ffffff (prefetchable)
	Memory window 1: c4000000-c7ffffff
	I/O window 0: 0000a000-0000a0ff
	I/O window 1: 0000a400-0000a4ff
	BridgeCtl: Parity- SERR- ISA- VGA- MAbort- >Reset+ 16bInt- PostWrite+
	16-bit legacy interface ports at 0001
	Capabilities: [a0] Power Management version 2
		Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
		Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
		Bridge: PM+ B3-
	Kernel driver in use: yenta_cardbus

 # pccardctl info
PRODID_1="PC CARD
"
PRODID_2="GENERIC
"
PRODID_3=""
PRODID_4=""
MANFID=0279,950b
FUNCID=2
 # pccardctl status
Socket 0:
  3.3V
 16-bit
 PC Card
  Subdevice 0 (function 0) bound to driver "serial_cs"


I know PCMCIA SUBSYSTEM is listed as "Odd Fixes" only in Maintainers but perhaps a not too invasive fix is possible for someone knowledgeable. I could help with the testing on my system.

Regards,
Erhard

View attachment "bisect_pcmcia.txt" of type "text/plain" (3710 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ