linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: John Stultz <jstultz@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: Yongqin Liu <yongqin.liu@linaro.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
	 Thomas Gleixner <tglx@linutronix.de>,
	Jason Gunthorpe <jgg@ziepe.ca>, Nishanth Menon <nm@ti.com>,
	 Michael Kelley <mikelley@microsoft.com>,
	Dan Williams <dan.j.williams@intel.com>,
	 Won Chung <wonchung@google.com>, David Gow <davidgow@google.com>,
	 Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	 Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	 Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	Guenter Roeck <linux@roeck-us.net>,
	 Andy Shevchenko <andriy.shevchenko@intel.com>,
	Paolo Abeni <pabeni@redhat.com>,
	 Geert Uytterhoeven <geert@linux-m68k.org>,
	Nathan Chancellor <nathan@kernel.org>,
	 Nick Desaulniers <ndesaulniers@google.com>,
	Tom Rix <trix@redhat.com>,
	linux-kernel@vger.kernel.org,  linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, llvm@lists.linux.dev,
	 Sumit Semwal <sumit.semwal@linaro.org>
Subject: Re: [PATCH 5/6] driver core: Add __alloc_size hint to devm allocators
Date: Thu, 2 Feb 2023 10:56:29 -0800	[thread overview]
Message-ID: <CANDhNCoJJs_jSAdr6uved=cK=-6+nzSJq3e_E3HgtiXHZXkVww@mail.gmail.com> (raw)
In-Reply-To: <63dbf04a.630a0220.2608a.0149@mx.google.com>

On Thu, Feb 2, 2023 at 9:18 AM Kees Cook <keescook@chromium.org> wrote:
> On Wed, Feb 01, 2023 at 12:11:41AM -0800, John Stultz wrote:
> > On Tue, Jan 31, 2023 at 11:36 PM Yongqin Liu <yongqin.liu@linaro.org> wrote:
> > > This change causes "Kernel panic - not syncing: BRK handler: Fatal exception"
> > > for the android-mainline based hikey960 build, with this commit reverted,
> > > there is no problem for the build to boot to the homescreen.
> > > Not sure if you have any idea about it and give some suggestions.
> > >
> > > Here is part of the kernel panic log:
...
> > Here as nr_sensors=1, we allocate only one structure for the array.
> > But then below that, we modify two entries, writing past the valid
> > array, and corrupting data when writing the second sensor values.
> >
> > data->sensor[0].id = HI3660_BIG_SENSOR;
> > data->sensor[0].irq_name = "tsensor_a73";
> > data->sensor[0].data = data;
> >
> > data->sensor[1].id = HI3660_LITTLE_SENSOR;
> > data->sensor[1].irq_name = "tsensor_a53";
> > data->sensor[1].data = data;
> >
> > I suspect nr_sensors needs to be set to 2.
> >
> > Nice work, Kees!
>
> Yay for compilers! :)

Well, I know it's not trivial to make the compilers catch these
things, so yay for you and others putting in all the effort on this as
well.

That said, making sense of the error message isn't completely trivial
either. I've been seeing a few cases recently of some of the new
compiler tooling (I pinged you earlier on a CFI one) causing errors
that developers aren't really sure how to address.  I know sometimes
it's not easy to surface the errors with context to what was wrong,
but at the risk of intense bike shedding, is there some way to provide
something like "Likely array bounds error" instead of just "BRK
handler: Fatal exception"?

> Was a patch sent to fix this driver?

I think YongQin is looking into it (either setting the nr_sensors
value to 2 or dropping the second sensor access).

thanks
-john


  reply	other threads:[~2023-02-02 18:56 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-01 22:33 [PATCH 0/6] slab: Provide full coverage for __alloc_size attribute Kees Cook
2022-11-01 22:33 ` [PATCH 1/6] slab: Clean up SLOB vs kmalloc() definition Kees Cook
2022-11-03 13:32   ` Hyeonggon Yoo
2022-11-01 22:33 ` [PATCH 2/6] slab: Remove special-casing of const 0 size allocations Kees Cook
2022-11-03 14:00   ` Hyeonggon Yoo
2022-11-01 22:33 ` [PATCH 3/6] slab: Provide functional __alloc_size() hints to kmalloc_trace*() Kees Cook
2022-11-03 14:16   ` Hyeonggon Yoo
2022-11-04 18:22     ` Kees Cook
2022-11-05  1:09       ` Hyeonggon Yoo
2022-11-05  6:45         ` Kees Cook
2022-11-01 22:33 ` [PATCH 4/6] string: Add __realloc_size hint to kmemdup() Kees Cook
2022-11-02  9:26   ` Rasmus Villemoes
2022-11-02 19:40     ` Kees Cook
2022-11-01 22:33 ` [PATCH 5/6] driver core: Add __alloc_size hint to devm allocators Kees Cook
2023-02-01  7:36   ` Yongqin Liu
2023-02-01  8:11     ` John Stultz
2023-02-01  8:16       ` John Stultz
2023-02-01 18:41       ` Andy Shevchenko
2023-02-02 17:18       ` Kees Cook
2023-02-02 18:56         ` John Stultz [this message]
2023-02-02 19:10           ` Kees Cook
2023-02-02 19:20             ` Ard Biesheuvel
2023-02-02 19:31               ` Nick Desaulniers
2023-02-02 19:49                 ` Sami Tolvanen
2023-02-02 19:53                   ` Kees Cook
2023-02-02 20:11                     ` Sami Tolvanen
2023-02-02 20:43                       ` Kees Cook
2022-11-01 22:33 ` [PATCH 6/6] kunit/fortify: Validate __alloc_size attribute results Kees Cook
2022-11-29 12:24 ` [PATCH 0/6] slab: Provide full coverage for __alloc_size attribute Conor Dooley
2022-11-29 12:33   ` Arnd Bergmann
2022-12-01 17:15     ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANDhNCoJJs_jSAdr6uved=cK=-6+nzSJq3e_E3HgtiXHZXkVww@mail.gmail.com' \
    --to=jstultz@google.com \
    --cc=42.hyeyoo@gmail.com \
    --cc=andriy.shevchenko@intel.com \
    --cc=cl@linux.com \
    --cc=dan.j.williams@intel.com \
    --cc=davidgow@google.com \
    --cc=geert@linux-m68k.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=iamjoonsoo.kim@lge.com \
    --cc=jgg@ziepe.ca \
    --cc=keescook@chromium.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux@roeck-us.net \
    --cc=llvm@lists.linux.dev \
    --cc=mikelley@microsoft.com \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=nm@ti.com \
    --cc=pabeni@redhat.com \
    --cc=penberg@kernel.org \
    --cc=rasmus.villemoes@prevas.dk \
    --cc=rientjes@google.com \
    --cc=roman.gushchin@linux.dev \
    --cc=sumit.semwal@linaro.org \
    --cc=tglx@linutronix.de \
    --cc=trix@redhat.com \
    --cc=vbabka@suse.cz \
    --cc=wonchung@google.com \
    --cc=yongqin.liu@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox