From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: Lin Yujun <linyujun809@huawei.com>
Cc: mhiramat@kernel.org, rostedt@goodmis.org, ardb@kernel.org,
ndesaulniers@google.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next] arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
Date: Wed, 30 Mar 2022 17:00:36 +0100 [thread overview]
Message-ID: <YkR+pL+aQ7M/s3U5@shell.armlinux.org.uk> (raw)
In-Reply-To: <20220317090751.80831-1-linyujun809@huawei.com>
On Thu, Mar 17, 2022 at 05:07:51PM +0800, Lin Yujun wrote:
> The following KASAN warning is detected by QEMU.
>
> ==================================================================
> BUG: KASAN: stack-out-of-bounds in unwind_frame+0x508/0x870
> Read of size 4 at addr c36bba90 by task cat/163
>
> CPU: 1 PID: 163 Comm: cat Not tainted 5.10.0-rc1 #40
> Hardware name: ARM-Versatile Express
> [<c0113fac>] (unwind_backtrace) from [<c010e71c>] (show_stack+0x10/0x14)
> [<c010e71c>] (show_stack) from [<c0b805b4>] (dump_stack+0x98/0xb0)
> [<c0b805b4>] (dump_stack) from [<c0b7d658>] (print_address_description.constprop.0+0x58/0x4bc)
> [<c0b7d658>] (print_address_description.constprop.0) from [<c031435c>] (kasan_report+0x154/0x170)
> [<c031435c>] (kasan_report) from [<c0113c44>] (unwind_frame+0x508/0x870)
> [<c0113c44>] (unwind_frame) from [<c010e298>] (__save_stack_trace+0x110/0x134)
> [<c010e298>] (__save_stack_trace) from [<c01ce0d8>] (stack_trace_save+0x8c/0xb4)
> [<c01ce0d8>] (stack_trace_save) from [<c0313520>] (kasan_set_track+0x38/0x60)
> [<c0313520>] (kasan_set_track) from [<c0314cb8>] (kasan_set_free_info+0x20/0x2c)
> [<c0314cb8>] (kasan_set_free_info) from [<c0313474>] (__kasan_slab_free+0xec/0x120)
> [<c0313474>] (__kasan_slab_free) from [<c0311e20>] (kmem_cache_free+0x7c/0x334)
> [<c0311e20>] (kmem_cache_free) from [<c01c35dc>] (rcu_core+0x390/0xccc)
> [<c01c35dc>] (rcu_core) from [<c01013a8>] (__do_softirq+0x180/0x518)
> [<c01013a8>] (__do_softirq) from [<c0135214>] (irq_exit+0x9c/0xe0)
> [<c0135214>] (irq_exit) from [<c01a40e4>] (__handle_domain_irq+0xb0/0x110)
> [<c01a40e4>] (__handle_domain_irq) from [<c0691248>] (gic_handle_irq+0xa0/0xb8)
> [<c0691248>] (gic_handle_irq) from [<c0100b0c>] (__irq_svc+0x6c/0x94)
> Exception stack(0xc36bb928 to 0xc36bb970)
> b920: c36bb9c0 00000000 c0126919 c0101228 c36bb9c0 b76d7730
> b940: c36b8000 c36bb9a0 c3335b00 c01ce0d8 00000003 c36bba3c c36bb940 c36bb978
> b960: c010e298 c011373c 60000013 ffffffff
> [<c0100b0c>] (__irq_svc) from [<c011373c>] (unwind_frame+0x0/0x870)
> [<c011373c>] (unwind_frame) from [<00000000>] (0x0)
>
> The buggy address belongs to the page:
> page:(ptrval) refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x636bb
> flags: 0x0()
> raw: 00000000 00000000 ef867764 00000000 00000000 00000000 ffffffff 00000000
> page dumped because: kasan: bad access detected
>
> addr c36bba90 is located in stack of task cat/163 at offset 48 in frame:
> stack_trace_save+0x0/0xb4
>
> this frame has 1 object:
> [32, 48) 'trace'
>
> Memory state around the buggy address:
> c36bb980: f1 f1 f1 f1 00 04 f2 f2 00 00 f3 f3 00 00 00 00
> c36bba00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
> >c36bba80: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
> ^
> c36bbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> c36bbb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==================================================================
>
> There is a same issue on x86 and has been resolved by the commit f7d27c35ddff
> ("x86/mm, kasan: Silence KASAN warnings in get_wchan()").
> The solution could be applied to arm architecture too.
>
> Signed-off-by: Lin Yujun <linyujun809@huawei.com>
> Reported-by: He Ying <heying24@huawei.com>
Hi,
Please drop this in the patch system if not already done so. Pointer to
it in my signature below. Thanks.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
prev parent reply other threads:[~2022-03-30 16:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 9:07 [PATCH -next] arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() Lin Yujun
2022-03-30 16:00 ` Russell King (Oracle) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkR+pL+aQ7M/s3U5@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=ardb@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linyujun809@huawei.com \
--cc=mhiramat@kernel.org \
--cc=ndesaulniers@google.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox