From: "Zbigniew Kempczyński" <zbigniew.kempczynski@intel.com>
To: igt-dev@lists.freedesktop.org
Cc: "Zbigniew Kempczyński" <zbigniew.kempczynski@intel.com>,
"Lucas De Marchi" <lucas.demarchi@intel.com>
Subject: [PATCH i-g-t] lib/igt_kmod: Fix sigaction write to uninitialized memory
Date: Fri, 12 Apr 2024 13:53:51 +0200 [thread overview]
Message-ID: <20240412115351.334936-1-zbigniew.kempczynski@intel.com> (raw)
I've noticed on running kunit subtest:
IGT-Version: 1.28-NO-GIT (x86_64) (Linux: 6.8.0-xeint+ x86_64)
Using IGT_SRANDOM=1712922311 for randomisation
Starting subtest: xe_bo
Received signal SIGSEGV.
Stack trace:
#0 [fatal_sig_handler+0xda]
#1 [__sigaction+0x50]
#2 [__libc_sigaction+0x10f]
#3 [kunit_get_tests+0x417]
#4 [igt_kunit+0x35f]
#5 [__igt_unique____real_main41+0x44]
#6 [main+0x48]
#7 [__libc_init_first+0x90]
#8 [__libc_start_main+0x80]
#9 [_start+0x25]
Subtest xe_bo: CRASH (0.005s)
Looks this is related to sigaction() write to memory referenced
by uninitialized pointer located on the stack. Lets fix it.
Signed-off-by: Zbigniew Kempczyński <zbigniew.kempczynski@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
---
lib/igt_kmod.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/lib/igt_kmod.c b/lib/igt_kmod.c
index 1ec9c8a602..6659c27eba 100644
--- a/lib/igt_kmod.c
+++ b/lib/igt_kmod.c
@@ -963,7 +963,7 @@ static int kunit_kmsg_result_get(struct igt_list_head *results,
int fd, struct igt_ktap_results *ktap)
{
struct sigaction sigchld = { .sa_handler = kunit_sigchld_handler, },
- *saved;
+ saved;
char record[BUF_LEN + 1], *buf;
unsigned long taints;
int ret;
@@ -975,7 +975,7 @@ static int kunit_kmsg_result_get(struct igt_list_head *results,
return -ENOTRECOVERABLE;
if (modprobe) {
- err = igt_debug_on(sigaction(SIGCHLD, &sigchld, saved));
+ err = igt_debug_on(sigaction(SIGCHLD, &sigchld, &saved));
if (err == -1)
return -errno;
else if (unlikely(err))
@@ -988,7 +988,7 @@ static int kunit_kmsg_result_get(struct igt_list_head *results,
igt_debug_on(pthread_mutex_unlock(&modprobe->lock));
__attribute__ ((fallthrough));
case ENOTRECOVERABLE:
- igt_debug_on(sigaction(SIGCHLD, saved, NULL));
+ igt_debug_on(sigaction(SIGCHLD, &saved, NULL));
if (igt_debug_on(modprobe->err))
return modprobe->err;
break;
@@ -996,7 +996,7 @@ static int kunit_kmsg_result_get(struct igt_list_head *results,
break;
default:
igt_debug("pthread_mutex_lock() error: %d\n", err);
- igt_debug_on(sigaction(SIGCHLD, saved, NULL));
+ igt_debug_on(sigaction(SIGCHLD, &saved, NULL));
return -err;
}
}
@@ -1005,7 +1005,7 @@ static int kunit_kmsg_result_get(struct igt_list_head *results,
if (modprobe && !err) { /* pthread_mutex_lock() succeeded */
igt_debug_on(pthread_mutex_unlock(&modprobe->lock));
- igt_debug_on(sigaction(SIGCHLD, saved, NULL));
+ igt_debug_on(sigaction(SIGCHLD, &saved, NULL));
}
if (igt_debug_on(!ret))
@@ -1236,7 +1236,7 @@ static bool kunit_get_tests(struct igt_list_head *tests,
struct igt_ktap_results **ktap)
{
struct sigaction sigalrm = { .sa_handler = kunit_get_tests_timeout, },
- *saved;
+ saved;
struct igt_ktap_result *r, *rn;
unsigned long taints;
int flags, err;
@@ -1263,13 +1263,13 @@ static bool kunit_get_tests(struct igt_list_head *tests,
igt_skip_on(modprobe(tst->kmod, opts));
igt_skip_on(igt_kernel_tainted(&taints));
- igt_skip_on(sigaction(SIGALRM, &sigalrm, saved));
+ igt_skip_on(sigaction(SIGALRM, &sigalrm, &saved));
alarm(10);
err = kunit_get_results(tests, tst->kmsg, ktap);
alarm(0);
- igt_debug_on(sigaction(SIGALRM, saved, NULL));
+ igt_debug_on(sigaction(SIGALRM, &saved, NULL));
igt_skip_on_f(err,
"KTAP parser failed while getting a list of test cases\n");
--
2.34.1
next reply other threads:[~2024-04-12 11:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 11:53 Zbigniew Kempczyński [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-04-12 12:20 [PATCH i-g-t] lib/igt_kmod: Fix sigaction write to uninitialized memory Zbigniew Kempczyński
2024-04-12 14:15 ` Lucas De Marchi
2024-04-12 16:20 ` Zbigniew Kempczyński
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240412115351.334936-1-zbigniew.kempczynski@intel.com \
--to=zbigniew.kempczynski@intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=lucas.demarchi@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox