lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202505240845.ACz1UFaT-lkp@intel.com>
Date: Sat, 24 May 2025 09:13:27 +0800
From: kernel test robot <lkp@...el.com>
To: Ye Bin <yebin@...weicloud.com>, rostedt@...dmis.org,
	mhiramat@...nel.org, mathieu.desnoyers@...icios.com,
	mark.rutland@....com, linux-trace-kernel@...r.kernel.org
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
	linux-kernel@...r.kernel.org, yebin10@...wei.com
Subject: Re: [PATCH 2/2] ftrace: don't allocate  ftrace module map

Hi Ye,

kernel test robot noticed the following build errors:

[auto build test ERROR on trace/for-next]
[also build test ERROR on linus/master v6.15-rc7 next-20250523]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ye-Bin/ftrace-fix-UAF-when-lookup-kallsym-after-ftrace-disabled/20250523-164234
base:   https://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace for-next
patch link:    https://lore.kernel.org/r/20250523083945.3390587-3-yebin%40huaweicloud.com
patch subject: [PATCH 2/2] ftrace: don't allocate  ftrace module map
config: s390-randconfig-001-20250524 (https://download.01.org/0day-ci/archive/20250524/202505240845.ACz1UFaT-lkp@intel.com/config)
compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250524/202505240845.ACz1UFaT-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202505240845.ACz1UFaT-lkp@intel.com/

All errors (new ones prefixed by >>):

>> kernel/trace/ftrace.c:7825:37: error: incomplete definition of type 'struct module'
    7825 |         if (ftrace_disabled || (mod && !mod->num_ftrace_callsites)) {
         |                                         ~~~^
   include/linux/printk.h:400:8: note: forward declaration of 'struct module'
     400 | struct module;
         |        ^
   1 error generated.


vim +7825 kernel/trace/ftrace.c

  7806	
  7807	void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
  7808	{
  7809		unsigned long start = (unsigned long)(start_ptr);
  7810		unsigned long end = (unsigned long)(end_ptr);
  7811		struct ftrace_page **last_pg = &ftrace_pages_start;
  7812		struct ftrace_page *tmp_page = NULL;
  7813		struct ftrace_page *pg;
  7814		struct dyn_ftrace *rec;
  7815		struct dyn_ftrace key;
  7816		struct ftrace_mod_map *mod_map = NULL;
  7817		struct ftrace_init_func *func, *func_next;
  7818		LIST_HEAD(clear_hash);
  7819	
  7820		key.ip = start;
  7821		key.flags = end;	/* overload flags, as it is unsigned long */
  7822	
  7823		mutex_lock(&ftrace_lock);
  7824	
> 7825		if (ftrace_disabled || (mod && !mod->num_ftrace_callsites)) {
  7826			mutex_unlock(&ftrace_lock);
  7827			return;
  7828		}
  7829	
  7830		/*
  7831		 * If we are freeing module init memory, then check if
  7832		 * any tracer is active. If so, we need to save a mapping of
  7833		 * the module functions being freed with the address.
  7834		 */
  7835		if (mod && ftrace_ops_list != &ftrace_list_end)
  7836			mod_map = allocate_ftrace_mod_map(mod, start, end);
  7837	
  7838		for (pg = ftrace_pages_start; pg; last_pg = &pg->next, pg = *last_pg) {
  7839			if (end < pg->records[0].ip ||
  7840			    start >= (pg->records[pg->index - 1].ip + MCOUNT_INSN_SIZE))
  7841				continue;
  7842	 again:
  7843			rec = bsearch(&key, pg->records, pg->index,
  7844				      sizeof(struct dyn_ftrace),
  7845				      ftrace_cmp_recs);
  7846			if (!rec)
  7847				continue;
  7848	
  7849			/* rec will be cleared from hashes after ftrace_lock unlock */
  7850			add_to_clear_hash_list(&clear_hash, rec);
  7851	
  7852			if (mod_map)
  7853				save_ftrace_mod_rec(mod_map, rec);
  7854	
  7855			pg->index--;
  7856			ftrace_update_tot_cnt--;
  7857			if (!pg->index) {
  7858				*last_pg = pg->next;
  7859				pg->next = tmp_page;
  7860				tmp_page = pg;
  7861				pg = container_of(last_pg, struct ftrace_page, next);
  7862				if (!(*last_pg))
  7863					ftrace_pages = pg;
  7864				continue;
  7865			}
  7866			memmove(rec, rec + 1,
  7867				(pg->index - (rec - pg->records)) * sizeof(*rec));
  7868			/* More than one function may be in this block */
  7869			goto again;
  7870		}
  7871		mutex_unlock(&ftrace_lock);
  7872	
  7873		list_for_each_entry_safe(func, func_next, &clear_hash, list) {
  7874			clear_func_from_hashes(func);
  7875			kfree(func);
  7876		}
  7877		/* Need to synchronize with ftrace_location_range() */
  7878		if (tmp_page) {
  7879			synchronize_rcu();
  7880			ftrace_free_pages(tmp_page);
  7881		}
  7882	}
  7883	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ