From: Florian Fainelli <f.fainelli@gmail.com>
To: Linus Walleij <linus.walleij@linaro.org>
Cc: Abbott Liu <liuwenliang@huawei.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Russell King <linux@armlinux.org.uk>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH 0/5 v2] KASan for ARM
Date: Mon, 1 Jun 2020 09:36:57 -0700 [thread overview]
Message-ID: <25cdd13f-1f95-1ca5-c28b-917538643590@gmail.com> (raw)
In-Reply-To: <CACRpkdZ5Dd92QYtKU8X+HHBFXXWm5m16htZ7vxeMTanxTQ=L1A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1801 bytes --]
On 6/1/2020 1:55 AM, Linus Walleij wrote:
> On Mon, Jun 1, 2020 at 6:00 AM Florian Fainelli <f.fainelli@gmail.com> wrote:
>
>> Since this patch series has had many people trying to push it forward,
>> how about we try to get it merged as-is (minus bugs, see below) with the
>> caveat that TTRB0-less CPUs are not going to be supported for now and
>> later on, this gets lifted if we find a champion who can get that working?
>
> Oh I fixed most issues in the v9 patch set, we ironed out the actual problem
> with ARMv4 and ARMv5 with some help from Ard, Catalin and then Russell
> suggested how to also improve the way we get taskinfo from sp in the
> assembly.
>
>> I tested this on an ARMv8 system (Brahma-B53 CPU) and an ARMv7-A system
>> (Brahma-B15 CPU) with and without ARM_LPAE enabled and neither were able
>> to boot unless KASAN was turned off (outline instrumentation), I don't
>> even get to the point where earlyprintk is giving me anything which is
>> odd. Have not looked at the differences between this version and the one
>> I had sent before and have not hooked a debugger to find out where we
>> are hung.
>>
>> If you have a Raspberry Pi 4 you could use it as a test system for ARM_LPAE.
>
> Did you try to use the v9 patch set on top of v5.7:
> https://lore.kernel.org/linux-arm-kernel/20200515114028.135674-1-linus.walleij@linaro.org/
>
> I need to rebase this on v5.8-rc1 once it is out but it is working on all my
> targets now, there is also this git branch:
> https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-integrator.git/log/?h=kasan
This branch got me a bit further, but still failed to fully initialize
(see attached kasan.log), on another platform with a slightly different
memory map, I ended up getting a different error (kasan2.log).
--
Florian
[-- Attachment #2: kasan.log --]
[-- Type: text/plain, Size: 6769 bytes --]
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 5.7.0-rc1-g17b3e5f7b19c (fainelli@fainelli-desktop) (gcc version 6.3.0 (crosstool-NG ), GNU ld (crosstool-NG )
2.26.20160125) #10 SMP Mon Jun 1 09:26:43 PDT 2020
[ 0.000000] CPU: ARMv7 Processor [420f00f3] revision 3 (ARMv7), cr=30c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
[ 0.000000] OF: fdt: Machine model: BCM97445VMS
[ 0.000000] printk: bootconsole [earlycon0] enabled
[ 0.000000] Memory policy: Data cache writealloc
[ 0.000000] cma: Reserved 16 MiB at 0x00000000bec00000
[ 0.000000] kasan: populating shadow for b7000000, bd000000
[ 0.000000] 8<--- cut here ---
[ 0.000000] Unable to handle kernel paging request at virtual address bcbffe00
[ 0.000000] pgd = (ptrval)
[ 0.000000] [bcbffe00] *pgd=80000000006003, *pmd=00000000
[ 0.000000] Internal error: Oops: 206 [#1] SMP ARM
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc1-g17b3e5f7b19c #10
[ 0.000000] Hardware name: Broadcom STB (Flattened Device Tree)
[ 0.000000] PC is at check_memory_region+0xb0/0x1bc
[ 0.000000] LR is at 0x40
[ 0.000000] pc : [<c044b060>] lr : [<00000040>] psr: 000000d3
[ 0.000000] sp : c2803c58 ip : bcbffe00 fp : c2803c84
[ 0.000000] r10: c16b5000 r9 : 00000000 r8 : bcc00000
[ 0.000000] r7 : 00000000 r6 : 00000200 r5 : bcbfffff r4 : edffffff
[ 0.000000] r3 : c181cf10 r2 : 00000001 r1 : 00001000 r0 : edfff000
[ 0.000000] Flags: nzcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment user
[ 0.000000] Control: 30c5387d Table: 018731e0 DAC: fffffffd
[ 0.000000] Process swapper (pid: 0, stack limit = 0x(ptrval))
[ 0.000000] Stack: (0xc2803c58 to 0xc2804000)
[ 0.000000] 3c40: c181cf10 00001000
[ 0.000000] 3c60: edfff000 00000000 00000000 00000001 00000000 c16b5000 c2803ca4 c2803c88
[ 0.000000] 3c80: c0448ca8 c044afbc 00001000 00000000 edfff000 00000000 c2803ce4 c2803ca8
[ 0.000000] 3ca0: c181cf10 c0448c8c 3fffffff 00000000 00000001 00000000 ffffffff 00000000
[ 0.000000] 3cc0: 00000001 00000000 ffffffff ffffffff b71f6000 00000018 c2803d1c c2803ce8
[ 0.000000] 3ce0: c180d578 c181ce68 3fffffff 00000000 00000001 00000000 ffffffff c180d7c0
[ 0.000000] 3d00: ee1f6fb0 00000000 fffff000 00000000 c2803d4c c2803d20 c180d768 c180d508
[ 0.000000] 3d20: 2e00071f c180d924 b71f6000 c2899de0 bd000000 00000000 c18730d8 00000018
[ 0.000000] 3d40: c2803d6c c2803d50 c180d94c c180d724 c289a040 c2b51460 30000000 00000000
[ 0.000000] 3d60: c2803dc4 c2803d70 c180db60 c180d8cc 02800000 00000000 c2b284c0 00000000
[ 0.000000] 3d80: 0000001c ffff1000 0002ffff 00001000 30000000 00000000 30000000 c2f8c740
[ 0.000000] 3da0: c0008000 c1870a44 c2899de0 e12fff1e c2803f40 c185e7a8 c2803ee4 c2803dc8
[ 0.000000] 3dc0: c1805b48 c180d99c 0000006c 30c5387d 00000000 00000000 c1200740 c2803edc
[ 0.000000] 3de0: c0226508 30c5387d 00000024 c2803df8 185007c0 c2803ea0 c1200740 c2803edc
[ 0.000000] 3e00: 41b58ab3 c1641aa4 c1805368 c02b2060 c02b2c50 c02b3508 00000000 b75007cc
[ 0.000000] 3e20: c2800000 30c0387d c2800000 c2806d40 c2803ed4 c2803e40 c02b2c50 c02b3508
[ 0.000000] 3e40: c2803eb4 00000000 c2803e74 c2803e58 c2803e74 c2803e60 c0297cc0 c044ab08
[ 0.000000] 3e60: 41b58ab3 c1643fe0 c02b2bbc c2803e78 c031c8ec c044ab08 00000000 c285fad8
[ 0.000000] 3e80: c2803edc c0449634 c2803eb4 c2803e98 c0449634 c044a3c8 c2b4bf80 c2b4d680
[ 0.000000] 3ea0: 00000000 c2800000 c2803ec4 c2803eb8 c044ab68 00000000 c2803ee4 b75007e4
[ 0.000000] 3ec0: c2803fc0 30c0387d c2800000 c2806d40 420f00f3 30c5387d c2803ff4 c2803ee8
[ 0.000000] 3ee0: c1800d3c c1805374 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.000000] 3f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.000000] 3f20: 41b58ab3 c1640b9c c1800c64 00000000 00000000 00000000 00000000 00000000
[ 0.000000] 3f40: c1870a44 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.000000] 3f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 c180d618
[ 0.000000] 3f80: 00001000 00002b24 02b24403 00c00000 c2803fe4 c2803fa0 c180d684 c02281a8
[ 0.000000] 3fa0: 02b24403 00c00000 00000000 00000000 c280a284 c2899de0 00000000 c1800334
[ 0.000000] 3fc0: 00000000 00000000 ffffffff c1800334 00000000 30c0387d ffffffff 07723000
[ 0.000000] 3fe0: 420f00f3 30c5387d 00000000 c2803ff8 00000000 c1800c70 00000000 00000000
[ 0.000000] Backtrace:
[ 0.000000] [<c044afb0>] (check_memory_region) from [<c0448ca8>] (memset+0x28/0x44)
[ 0.000000] r10:c16b5000 r9:00000000 r8:00000001 r7:00000000 r6:00000000 r5:edfff000
[ 0.000000] r4:00001000 r3:c181cf10
[ 0.000000] [<c0448c80>] (memset) from [<c181cf10>] (memblock_alloc_try_nid+0xb4/0xc4)
[ 0.000000] r7:00000000 r6:edfff000 r5:00000000 r4:00001000
[ 0.000000] [<c181ce5c>] (memblock_alloc_try_nid) from [<c180d578>] (kasan_alloc_block.constprop.7+0x7c/0x84)
[ 0.000000] r9:00000018 r8:b71f6000 r7:ffffffff r6:ffffffff r5:00000000 r4:00000001
[ 0.000000] [<c180d4fc>] (kasan_alloc_block.constprop.7) from [<c180d768>] (kasan_pte_populate+0x50/0xb4)
[ 0.000000] r7:00000000 r6:fffff000 r5:00000000 r4:ee1f6fb0
[ 0.000000] [<c180d718>] (kasan_pte_populate) from [<c180d94c>] (create_mapping.constprop.1+0x8c/0xa4)
[ 0.000000] r9:00000018 r8:c18730d8 r7:00000000 r6:bd000000 r5:c2899de0 r4:b71f6000
[ 0.000000] [<c180d8c0>] (create_mapping.constprop.1) from [<c180db60>] (kasan_init+0x1d0/0x2f0)
[ 0.000000] r7:00000000 r6:30000000 r5:c2b51460 r4:c289a040
[ 0.000000] [<c180d990>] (kasan_init) from [<c1805b48>] (setup_arch+0x7e0/0xfb0)
[ 0.000000] r10:c185e7a8 r9:c2803f40 r8:e12fff1e r7:c2899de0 r6:c1870a44 r5:c0008000
[ 0.000000] r4:c2f8c740
[ 0.000000] [<c1805368>] (setup_arch) from [<c1800d3c>] (start_kernel+0xd8/0x5d8)
[ 0.000000] r10:30c5387d r9:420f00f3 r8:c2806d40 r7:c2800000 r6:30c0387d r5:c2803fc0
[ 0.000000] r4:b75007e4
[ 0.000000] [<c1800c64>] (start_kernel) from [<00000000>] (0x0)
[ 0.000000] r10:30c5387d r9:420f00f3 r8:07723000 r7:ffffffff r6:30c0387d r5:00000000
[ 0.000000] r4:c1800334
[ 0.000000] Code: e286e007 a1a0e006 e1b0e1ce 0a00002d (e1cc60d0)
[ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x48/0x58 with crng_init=0
[ 0.000000] ---[ end trace 0000000000000000 ]---
[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!
[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
[-- Attachment #3: kasan2.log --]
[-- Type: text/plain, Size: 5162 bytes --]
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 5.7.0-rc1-g17b3e5f7b19c (fainelli@fainelli-desktop) (gcc version 6.3.0 (crosstool-NG ), GNU ld (crosstool-NG )
2.26.20160125) #10 SMP Mon Jun 1 09:26:43 PDT 2020
[ 0.000000] CPU: ARMv7 Processor [420f1000] revision 0 (ARMv7), cr=30c5383d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] OF: fdt: Machine model: BCX972160DV
[ 0.000000] printk: bootconsole [earlycon0] enabled
[ 0.000000] Memory policy: Data cache writealloc
[ 0.000000] cma: Reserved 16 MiB at 0x00000000fcc00000
[ 0.000000] kasan: populating shadow for b7000000, bd000000
[ 0.000000] kasan: populating shadow for af000000, bd000000
[ 0.000000] kasan: populating shadow for b6e00000, b7000000
[ 0.000000] kasan: Kernel address sanitizer initialized
[ 0.000000] ==================================================================
[ 0.000000] BUG: KASAN: stack-out-of-bounds in unflatten_dt_nodes+0x5f8/0x75c
[ 0.000000] Write of size 6 at addr df783afc by task swapper/0
[ 0.000000]
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc1-g17b3e5f7b19c #10
[ 0.000000] Hardware name: Broadcom STB (Flattened Device Tree)
[ 0.000000] Backtrace:
[ 0.000000] [<c0210d68>] (dump_backtrace) from [<c0211130>] (show_stack+0x20/0x24)
[ 0.000000] r7:c2977560 r6:00000000 r5:400000d3 r4:c2977560
[ 0.000000] [<c0211110>] (show_stack) from [<c086ec70>] (dump_stack+0xc0/0xf0)
[ 0.000000] [<c086ebb0>] (dump_stack) from [<c0449efc>] (print_address_description.constprop.2+0x78/0x4d4)
[ 0.000000] r10:c2803d40 r9:df7839b8 r8:00000001 r7:c0d58280 r6:edce2c78 r5:c2800000
[ 0.000000] r4:df783afc r3:edce2c80
[ 0.000000] [<c0449e84>] (print_address_description.constprop.2) from [<c044a5fc>] (__kasan_report+0x124/0x158)
[ 0.000000] r8:00000001 r7:c0d58280 r6:00000000 r5:c2800000 r4:df783afc
[ 0.000000] [<c044a4d8>] (__kasan_report) from [<c0449650>] (kasan_report+0x3c/0x44)
[ 0.000000] r8:baef0761 r7:c0d58280 r6:00000001 r5:00000006 r4:df783afc
[ 0.000000] [<c0449614>] (kasan_report) from [<c044b0cc>] (check_memory_region+0x11c/0x1bc)
[ 0.000000] r7:df783afc r6:baef075f r5:baef0760 r4:df783b01
[ 0.000000] [<c044afb0>] (check_memory_region) from [<c0448d80>] (memcpy+0x4c/0x70)
[ 0.000000] r10:c2803d40 r9:df7839b8 r8:c761e000 r7:df783afc r6:c7622030 r5:c0d58280
[ 0.000000] r4:00000006 r3:c0d58280
[ 0.000000] [<c0448d34>] (memcpy) from [<c0d58280>] (unflatten_dt_nodes+0x5f8/0x75c)
[ 0.000000] r7:df783ab0 r6:df783ad0 r5:00000006 r4:c7622030
[ 0.000000] [<c0d57c88>] (unflatten_dt_nodes) from [<c0d5851c>] (__unflatten_device_tree+0x118/0x398)
[ 0.000000] r10:00000000 r9:c2f81cc0 r8:df786ffc r7:df77976c r6:c761e000 r5:0000d890
[ 0.000000] r4:c2b1af70
[ 0.000000] [<c0d58404>] (__unflatten_device_tree) from [<c1836a0c>] (unflatten_device_tree+0x44/0x54)
[ 0.000000] r10:c185e7a8 r9:00000000 r8:42800000 r7:c2b51490 r6:efffcd00 r5:00000000
[ 0.000000] r4:c1834efc
[ 0.000000] [<c18369c8>] (unflatten_device_tree) from [<c1805fa8>] (setup_arch+0xc40/0xfb0)
[ 0.000000] r4:c185e7d0
[ 0.000000] [<c1805368>] (setup_arch) from [<c1800d3c>] (start_kernel+0xd8/0x5d8)
[ 0.000000] r10:30c5387d r9:420f1000 r8:c2806d40 r7:c2800000 r6:30c0387d r5:c2803fc0
[ 0.000000] r4:b75007e4
[ 0.000000] [<c1800c64>] (start_kernel) from [<00000000>] (0x0)
[ 0.000000] r10:30c5387d r9:420f1000 r8:4761e000 r7:ffffffff r6:30c0387d r5:00000000
[ 0.000000] r4:c1800334
[ 0.000000]
[ 0.000000] The buggy address belongs to the page:
[ 0.000000] page:edce2c78 refcount:1 mapcount:0 mapping:(ptrval) index:0x0
[ 0.000000] flags: 0x0()
[ 0.000000] raw: 00000000 00000000 edce2c80 edce2c80 00000000 00000000 00000000 00000000
[ 0.000000] raw: ffffffff 00000001
[ 0.000000] page dumped because: kasan: bad access detected
[ 0.000000]
[ 0.000000] Memory state around the buggy address:
[ 0.000000] df783980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 0.000000] df783a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 0.000000] >df783a80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 0.000000] ^
[ 0.000000] df783b00: 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2
[ 0.000000] df783b80: 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2
[ 0.000000] ==================================================================
[ 0.000000] Disabling lock debugging due to kernel taint
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.1 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: Trusted OS migration not required
[ 0.000000] psci: SMC Calling Convention v1.1
[ 0.000000] percpu: Embedded 20 pages/cpu s49292 r8192 d24436 u81920
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 1038463
[ 0.000000] Kernel command line: earlyprintk
[-- Attachment #4: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-06-01 16:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-12 0:24 [PATCH 0/5 v2] KASan for ARM Linus Walleij
2020-04-12 0:24 ` [PATCH 1/5 v2] ARM: Disable KASan instrumentation for some code Linus Walleij
2020-04-12 0:24 ` [PATCH 2/5 v2] ARM: Replace memory functions for KASan Linus Walleij
2020-04-12 0:24 ` [PATCH 3/5 v2] ARM: Define the virtual space of KASan's shadow region Linus Walleij
2020-04-12 0:24 ` [PATCH 4/5 v2] ARM: Initialize the mapping of KASan shadow memory Linus Walleij
2020-04-12 0:24 ` [PATCH 5/5 v2] ARM: Enable KASan for ARM Linus Walleij
2020-06-01 4:00 ` [PATCH 0/5 v2] " Florian Fainelli
2020-06-01 8:55 ` Linus Walleij
2020-06-01 16:36 ` Florian Fainelli [this message]
2020-06-01 16:40 ` Ard Biesheuvel
2020-06-01 16:51 ` Florian Fainelli
2020-06-03 8:45 ` Linus Walleij
2020-06-04 9:24 ` Linus Walleij
2020-06-04 11:26 ` Ard Biesheuvel
2020-06-04 12:10 ` Ard Biesheuvel
2020-06-04 17:01 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25cdd13f-1f95-1ca5-c28b-917538643590@gmail.com \
--to=f.fainelli@gmail.com \
--cc=ardb@kernel.org \
--cc=aryabinin@virtuozzo.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=liuwenliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox