From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C14AC3DA4A for ; Fri, 16 Aug 2024 12:00:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B27B08D0079; Fri, 16 Aug 2024 08:00:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AD7868D0075; Fri, 16 Aug 2024 08:00:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 99F278D0079; Fri, 16 Aug 2024 08:00:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 743A28D0075 for ; Fri, 16 Aug 2024 08:00:16 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 055B2C1AC3 for ; Fri, 16 Aug 2024 12:00:15 +0000 (UTC) X-FDA: 82457965632.05.50E8426 Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by imf05.hostedemail.com (Postfix) with ESMTP id 87D1C100024 for ; Fri, 16 Aug 2024 12:00:13 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=ellerman.id.au header.s=201909 header.b=Y6Bl4Zp0; spf=pass (imf05.hostedemail.com: domain of mpe@ellerman.id.au designates 150.107.74.76 as permitted sender) smtp.mailfrom=mpe@ellerman.id.au; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723809541; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Dg2wmoLuWszE/sMEij+vnB0qKCaWQ2c/mcsfnaVGnx4=; b=Bv7DvcqbXkachIaAkuZCCNveOquDZVutx7/jwuqtt6TMY2GVPyLF5vC9XycFypBj9bXItg Q0ewPq3ERh5o/jKk1p+CzIJ65cd93k/eRMZpFAtSy2ZgKF74Y3wjstCfz2iHfLelZgnaEb fzQM4sa5g3ykxUCnKQtz+lgrfq8j1rU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723809541; a=rsa-sha256; cv=none; b=rICdM0bb+54nMi8undiJh+cl2KH5bVlyK/uyM6Xvpymc4eyjXgIPPq8S4YGCl+zSip20ai 2ZeRFjkG5Y8wjL7u+S7ACKnrA33Ly13Sa8iABQowDwOzJQmdNd8kH7w9/DGE11eCWyIJG6 KsAPmSXyRSz33kuAJRbFajEBsmGekLs= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=ellerman.id.au header.s=201909 header.b=Y6Bl4Zp0; spf=pass (imf05.hostedemail.com: domain of mpe@ellerman.id.au designates 150.107.74.76 as permitted sender) smtp.mailfrom=mpe@ellerman.id.au; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellerman.id.au; s=201909; t=1723809610; bh=Dg2wmoLuWszE/sMEij+vnB0qKCaWQ2c/mcsfnaVGnx4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Y6Bl4Zp03A1u2ELNcUy/JbhEIpmchOH5L/yBokEYh3F8JO6TZBJFixrw6L00BEfKu GHwOkTkSQC0Tx4tpowRvp0YSx98UyBtvFMEsqqPAZLN/Opad/foh5gcjatnMgc8KNe nrFg9hvL2aughm+Q/CwDFshL7H/pSZcIvW78hU2Nb1U/lxWtDHgKIcsuW7UtqdzSzD ymv2CGjJk/H4CdqzDGbjULiM8NMvDkuRKi7MZRmWz5lv9vACQFqD5QEC4MsHwUs6MY ca+vjlOTeJ+SURUiLH1hJ/OjxFHIbu2UIIRjAiwh3GPDXRn3hML1KZiakRJrRIi8Xh a2FrIlUnamupw== Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mail.ozlabs.org (Postfix) with ESMTPSA id 4WlgXp0761z4wcl; Fri, 16 Aug 2024 22:00:09 +1000 (AEST) From: Michael Ellerman To: Ivan Orlov , Erhard Furtner , Kees Cook Cc: linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, David Gow , kunit-dev@googlegroups.com Subject: Re: OVERFLOW_KUNIT_TEST fails with BUG: KASAN: stack-out-of-bounds in string_nocheck+0x168/0x1c8 (kernel 6.11-rc2, PowerMac G4 DP) In-Reply-To: References: <20240809231537.7c9ee7ea@yea> <202408121146.1D02EB6E@keescook> <20240814223813.7b301ad4@yea> <81303aa9-40a4-42ec-8e48-4a460398d469@gmail.com> Date: Fri, 16 Aug 2024 22:00:09 +1000 Message-ID: <87sev43cfq.fsf@mail.lhotse> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 87D1C100024 X-Stat-Signature: xnazzt8zr8dj3nj5tj4dgpu79ez578s7 X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1723809613-382119 X-HE-Meta: U2FsdGVkX19UirV1Lz5hZNhdZDaarccJ69UtPBaPgB37ich5LxcyHWSH6bjLLGmAVHc4kZo02vttWVey/FzlvLWPi0muQ/eCaupnqAhR3RHSGvG82+ITnFs8RzDQ09wML50RqQW1CDQvLMw2GZBz26wJV2kB9xONOJ0BgIPzP0IgVBQByOEXJm7tMNZcnzC4hqyLC8De9kUNpikHejh5vZg/J/UHtTnFdgEO37czeubf2NjNahPu88TUZSOJS7i4/9riImhILCW7BdPyuc2gOinN0l9fnxh68RHn1HvqYWHth67pQB4rNXlinrwIcDOuiZaHi2KjrawrzTvkYENnoSLP3IrhX8a2RWHdOumtFAZ61ZShgDpfv2bq7gzRXn55pF+a9V1L3AdiBLOHZy9SAJqPV6gQIusUsAusFhCcqEOsAOcwy8gPO2aAF04Klgd+b4ujxt9mBp/Zcxi+dQmTGxpZJwRLH2PU9tWL9XSySCQxorBLoL7YK6RyIHFKwXBEMtwaltArJJcUWBBQy44PuLhV/KZGYVeiFEITgIRMn17nXRtvIixDFCdXgaxc8lKXgIfAtick0v6ijEmzbaU8Th+OUrWRCg1d1XIvb66hvy9q6AFEbgHQp6/Y0Oyrv93bTCFmn+EaWooLtJDe79GMG6kD+uux85YpzcTvNxG+OrFzQq8poeQhig9VnxWFG2fOpA4Xz2jGqtDzGW76NQHoCC5skaEMYLOBzKUQZQlwdlgym+sd7mN3XBJydjZ5jxrLRaEdpXBnRyWoCfBzrXrqLNusbM8ehNJW9eF5u2wlA1w8yFG294mCXgQ3VbjuN8DRXMDGt7mzY2VbtRzjLPKrETfNXtoEcVpQQs5XiiJOo1PoJjB41JtCZ7XdWaB73kAlF6PtDQMLpwYc9j9evdzLEv8h3fzgjyuXhe39wHPkAiXQny6Qx//l+0JSWgp0RVq7pk+Jb37Fgl50d8/VX7x 9DcSiLOe 2V+JjQTqXiyKUhendNNNRNzyeRAuDWcKf+wK5kIsCzLkiELPs5ZnA3WUtzFivCMCnZvrFFswywAuZ/03f3d9MLVV1hu8KDDNmscguL5hwyrIVdUW5T79Wx3V+tZxAZLYrFEAK/pmJfEe1/bLRU9BNbrWgsJUKRsJerIESxyvRAg6m3lUh1IDjpLV+eiciF9kWuhtiQF6jpQpwod97/od7uYVSPFG8i/Hc0PmTmt7u5t8sOAsVCCMzuRJQCasqoGXEEwrldubrY8obZmnTudT8VNXaGMh0drbjzV1Txhab0SSZ/4i3YUyZDH/DM9LKSsuhkfzAfkwzvmqY3w4L99oPX/f5S7QSzPNlyUMv X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Ivan Orlov writes: > On 8/15/24 00:26, Ivan Orlov wrote: >>=20 >> As you can see, the device name is defined as a local variable, which=20 >> means that it doesn't exist out of the 'overflow_allocation_test'=20 >> function scope. This patch: >>=20 >> diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c >> index f314a0c15a6d..fa7ca8c94eee 100644 >> --- a/lib/overflow_kunit.c >> +++ b/lib/overflow_kunit.c >> @@ -668,7 +668,7 @@ DEFINE_TEST_ALLOC(devm_kzalloc,=C2=A0 devm_kfree, 1,= 1, 0); >>=20 >> =C2=A0static void overflow_allocation_test(struct kunit *test) >> =C2=A0{ >> -=C2=A0=C2=A0=C2=A0 const char device_name[] =3D "overflow-test"; >> +=C2=A0=C2=A0=C2=A0 static const char device_name[] =3D "overflow-test"; >> =C2=A0=C2=A0=C2=A0=C2=A0 struct device *dev; >> =C2=A0=C2=A0=C2=A0=C2=A0 int count =3D 0; >>=20 >>=20 >> Seems to fix the problem and it is not reproducable anymore. >>=20 >> I will send the proper patch tomorrow. >>=20 >> Good night! >>=20 > > Forgot to mention that the problem is intermittently reproducible on=20 > QEMU x86_64, and this is the only architecture I tested the solution on. > > However, it looks like the initial report points us to=20 > 'module_remove_driver' function, which presumably calls the following=20 > kasprintf as a part of 'make_driver_name' function which also operates=20 > on driver name. If driver name points to invalid memory range (because=20 > it is out of scope), it is going to cause a KASAN bug kernel panic. Nice catch. I notice there's at least one other case that looks similar in=20 lib/fortify_kunit.c cheers