edac: NULL deref when handling sysfs write

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* edac: NULL deref when handling sysfs write
@ 2013-02-22 14:29 Sasha Levin
  2013-02-22 14:38 ` Borislav Petkov
  0 siblings, 1 reply; 2+ messages in thread
From: Sasha Levin @ 2013-02-22 14:29 UTC (permalink / raw)
  To: dougthompson; +Cc: linux-edac, Dave Jones, linux-kernel@vger.kernel.org

Hi all,

While fuzzing with trinity inside a KVM tools guest running latest -next kernel
I've stumbled on the following spew:


[ 2060.023557] Invalid bank value!
[ 2060.029076] [Hardware Error]: MC0 Error:
[ 2060.030515] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 2060.032038] IP: [<          (null)>]           (null)
[ 2060.034697] PGD 5e08b067 PUD b46cc067 PMD 650d3067 PTE 63b1225
[ 2060.036896] Oops: 0003 [#2] PREEMPT SMP DEBUG_PAGEALLOC
[ 2060.037985] Modules linked in:
[ 2060.039759] CPU 1
[ 2060.040113] Pid: 3347, comm: trinity Tainted: G      D W    3.8.0-next-20130221-sasha-00038-g655a782-dirty #9
[ 2060.040311] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
[ 2060.040311] RSP: 0018:ffff88005ed57af0  EFLAGS: 00010287
[ 2060.040311] RAX: 0000000000000000 RBX: ffffffff87141d20 RCX: 000000002c052c04
[ 2060.040311] RDX: ffff880061d78000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2060.040311] RBP: ffff88005ed57b78 R08: 0000000000000002 R09: 0000000000000000
[ 2060.040311] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000001d6680
[ 2060.040311] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800bb600000
[ 2060.040311] FS:  00007f42a4a20700(0000) GS:ffff8800bb800000(0000) knlGS:0000000000000000
[ 2060.040311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2060.040311] CR2: 0000000000000000 CR3: 00000000920f2000 CR4: 00000000000406e0
[ 2060.040311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2060.040311] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2060.040311] Process trinity (pid: 3347, threadinfo ffff88005ed56000, task ffff880061d78000)
[ 2060.079801] can: request_module (can-proto-3) failed.
[ 2060.040311] Stack:
[ 2060.040311]  ffffffff83394f95 0000000000000002 0000000000000000 ffff88005ed57b88
[ 2060.040311]  0000000000000286 ffff880065031000 ffff88005ed57b90 ffff88005ed57c70
[ 2060.040311]  ffff88005ed57b68 ffffffff81a3568c 0000000a00000286 0000000022222222
[ 2060.040311] Call Trace:
[ 2060.040311]  [<ffffffff83394f95>] ? amd_decode_mce+0xf5/0x880
[ 2060.040311]  [<ffffffff81a3568c>] ? _kstrtoull+0x2c/0x90
[ 2060.040311]  [<ffffffff833942b7>] edac_inject_bank_store+0x87/0xa0
[ 2060.040311]  [<ffffffff8130e21b>] ? sysfs_write_file+0xeb/0x150
[ 2060.040311]  [<ffffffff81a238cf>] kobj_attr_store+0xf/0x20
[ 2060.040311]  [<ffffffff8130e233>] sysfs_write_file+0x103/0x150
[ 2060.040311]  [<ffffffff81296e6e>] ? alloc_pipe_info+0x3e/0xa0
[ 2060.040311]  [<ffffffff8128d970>] vfs_write+0xb0/0x180
[ 2060.040311]  [<ffffffff812c012f>] write_pipe_buf+0x6f/0xb0
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812bfa5c>] splice_from_pipe_feed+0x7c/0x120
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812bff05>] __splice_from_pipe+0x45/0x80
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812c19dc>] splice_from_pipe+0x4c/0x70
[ 2060.040311]  [<ffffffff812c1a18>] default_file_splice_write+0x18/0x30
[ 2060.040311]  [<ffffffff812bffc3>] do_splice_from+0x83/0xb0
[ 2060.040311]  [<ffffffff812c000e>] direct_splice_actor+0x1e/0x20
[ 2060.040311]  [<ffffffff812c0747>] splice_direct_to_actor+0xe7/0x200
[ 2060.040311]  [<ffffffff812bfff0>] ? do_splice_from+0xb0/0xb0
[ 2060.040311]  [<ffffffff812c1a9c>] do_splice_direct+0x4c/0x70
[ 2060.040311]  [<ffffffff8128e829>] do_sendfile+0x179/0x310
[ 2060.040311]  [<ffffffff8128ead4>] sys_sendfile64+0x64/0xb0
[ 2060.040311]  [<ffffffff83db10d8>] tracesys+0xe1/0xe6
[ 2060.040311] Code:  Bad RIP value.
[ 2060.040311] RIP  [<          (null)>]           (null)
[ 2060.040311]  RSP <ffff88005ed57af0>
[ 2060.040311] CR2: 0000000000000000
[ 2060.176086] ---[ end trace d40d4e0b7f844b95 ]---


Thanks,
Sasha

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: edac: NULL deref when handling sysfs write
  2013-02-22 14:29 edac: NULL deref when handling sysfs write Sasha Levin
@ 2013-02-22 14:38 ` Borislav Petkov
  0 siblings, 0 replies; 2+ messages in thread
From: Borislav Petkov @ 2013-02-22 14:38 UTC (permalink / raw)
  To: Sasha Levin
  Cc: dougthompson, linux-edac, Dave Jones,
	linux-kernel@vger.kernel.org

On Fri, Feb 22, 2013 at 09:29:04AM -0500, Sasha Levin wrote:
> Hi all,
> 
> While fuzzing with trinity inside a KVM tools guest running latest -next kernel
> I've stumbled on the following spew:
> 
> 
> [ 2060.023557] Invalid bank value!

You're injecting into an invalid bank.

> [ 2060.029076] [Hardware Error]: MC0 Error:

This looks like a second write to the same sysfs file which passes the
first.

For now, do

rmmod mce_amd_inj

before running trinity.

This module needs to get converted to debugfs (I have patches) anyway.

Thanks.

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-02-22 14:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-22 14:29 edac: NULL deref when handling sysfs write Sasha Levin
2013-02-22 14:38 ` Borislav Petkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox