| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202503241523.6b53646b-lkp@intel.com>
Date: Mon, 24 Mar 2025 15:37:17 +0800
From: kernel test robot <oliver.sang@...el.com>
To: "Ahmed S. Darwish" <darwi@...utronix.de>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
<dave.hansen@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, "Andrew
Cooper" <andrew.cooper3@...rix.com>, "H. Peter Anvin" <hpa@...or.com>, "John
Ogness" <john.ogness@...utronix.de>, <x86@...nel.org>,
<x86-cpuid@...ts.linux.dev>, "Ahmed S. Darwish" <darwi@...utronix.de>,
<oliver.sang@...el.com>
Subject: Re: [PATCH v3 22/29] x86/cpu: Use consolidated leaf 0x2 descriptor
table
Hello,
kernel test robot noticed "BUG:KASAN:stack-out-of-bounds_in_intel_detect_tlb" on:
commit: e114ca069e278f250be2b7bc49b2679dc5da4a95 ("[PATCH v3 22/29] x86/cpu: Use consolidated leaf 0x2 descriptor table")
url: https://github.com/intel-lab-lkp/linux/commits/Ahmed-S-Darwish/x86-cpu-Remove-leaf-0x2-parsing-loop/20250319-203156
patch link: https://lore.kernel.org/all/20250319122137.4004-23-darwi@linutronix.de/
patch subject: [PATCH v3 22/29] x86/cpu: Use consolidated leaf 0x2 descriptor table
in testcase: boot
config: x86_64-rhel-9.4-kselftests
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------------+------------+------------+
| | bf82706005 | e114ca069e |
+---------------------------------------------------+------------+------------+
| BUG:KASAN:stack-out-of-bounds_in_intel_detect_tlb | 0 | 12 |
+---------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202503241523.6b53646b-lkp@intel.com
[ 5.001760][ T0] BUG: KASAN: stack-out-of-bounds in intel_detect_tlb (arch/x86/kernel/cpu/intel.c:698 arch/x86/kernel/cpu/intel.c:688)
[ 5.001760][ T0] Read of size 1 at addr ffffffff8a607e80 by task swapper/0/0
[ 5.001760][ T0]
[ 5.001760][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.14.0-rc5-00152-ge114ca069e27 #1
[ 5.001760][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 5.001760][ T0] Call Trace:
[ 5.001760][ T0] <TASK>
[ 5.001760][ T0] dump_stack_lvl (lib/dump_stack.c:124)
[ 5.001760][ T0] print_address_description+0x2c/0x3f0
[ 5.001760][ T0] ? intel_detect_tlb (arch/x86/kernel/cpu/intel.c:698 arch/x86/kernel/cpu/intel.c:688)
[ 5.001760][ T0] print_report (mm/kasan/report.c:522)
[ 5.001760][ T0] ? kasan_addr_to_slab (mm/kasan/common.c:37)
[ 5.001760][ T0] ? intel_detect_tlb (arch/x86/kernel/cpu/intel.c:698 arch/x86/kernel/cpu/intel.c:688)
[ 5.001760][ T0] kasan_report (mm/kasan/report.c:636)
[ 5.001760][ T0] ? intel_detect_tlb (arch/x86/kernel/cpu/intel.c:698 arch/x86/kernel/cpu/intel.c:688)
[ 5.001760][ T0] intel_detect_tlb (arch/x86/kernel/cpu/intel.c:698 arch/x86/kernel/cpu/intel.c:688)
[ 5.001760][ T0] ? __pfx_intel_detect_tlb (arch/x86/kernel/cpu/intel.c:689)
[ 5.001760][ T0] ? numa_add_cpu (include/linux/nodemask.h:272 (discriminator 2) mm/numa_emulation.c:560 (discriminator 2))
[ 5.001760][ T0] arch_cpu_finalize_init (arch/x86/kernel/cpu/common.c:862 arch/x86/kernel/cpu/common.c:1999 arch/x86/kernel/cpu/common.c:2409)
[ 5.001760][ T0] start_kernel (init/main.c:1067)
[ 5.001760][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:503)
[ 5.001760][ T0] x86_64_start_kernel (arch/x86/kernel/head64.c:445 (discriminator 17))
[ 5.001760][ T0] ? soft_restart_cpu (arch/x86/kernel/head_64.S:459)
[ 5.001760][ T0] common_startup_64 (arch/x86/kernel/head_64.S:421)
[ 5.001760][ T0] </TASK>
[ 5.001760][ T0]
[ 5.001760][ T0] The buggy address belongs to stack of task swapper/0/0
[ 5.001760][ T0] and is located at offset 48 in frame:
[ 5.001760][ T0] intel_detect_tlb (arch/x86/kernel/cpu/intel.c:689)
[ 5.001760][ T0]
[ 5.001760][ T0] This frame has 1 object:
[ 5.001760][ T0] [32, 48) 'regs'
[ 5.001760][ T0]
[ 5.001760][ T0] The buggy address belongs to the physical page:
[ 5.001760][ T0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ab407
[ 5.001760][ T0] flags: 0x17ffffc0002000(reserved|node=0|zone=2|lastcpupid=0x1fffff)
[ 5.001760][ T0] raw: 0017ffffc0002000 ffffea0006ad01c8 ffffea0006ad01c8 0000000000000000
[ 5.001760][ T0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 5.001760][ T0] page dumped because: kasan: bad access detected
[ 5.001760][ T0]
[ 5.001760][ T0] Memory state around the buggy address:
[ 5.001760][ T0] ffffffff8a607d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 5.001760][ T0] ffffffff8a607e00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[ 5.001760][ T0] >ffffffff8a607e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 5.001760][ T0] ^
[ 5.001760][ T0] ffffffff8a607f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 5.001760][ T0] ffffffff8a607f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 5.001760][ T0] ==================================================================
[ 5.001775][ T0] Disabling lock debugging due to kernel taint
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250324/202503241523.6b53646b-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists