Add and register minimal platform drivers associated with parent
platform devices used for testing to prevent a null-ptr-deref when
try_module_get() is called.
Marco Pagani (4):
fpga: add helpers for the FPGA KUnit test suites.
fpga: add a platform driver to the FPGA Manager test suite
fpga: add a platform driver to the FPGA Bridge test suite
fpga: add a platform driver to the FPGA Region test suite
drivers/fpga/tests/fpga-bridge-test.c | 18 +++++++++++++++-
drivers/fpga/tests/fpga-mgr-test.c | 18 +++++++++++++++-
drivers/fpga/tests/fpga-region-test.c | 26 ++++++++++++++++++-----
drivers/fpga/tests/fpga-test-helpers.h | 29 ++++++++++++++++++++++++++
4 files changed, 84 insertions(+), 7 deletions(-)
create mode 100644 drivers/fpga/tests/fpga-test-helpers.h
base-commit: 6465e260f48790807eef06b583b38ca9789b6072
--
2.41.0
Register a minimal platform driver associated with the parent platform
device used for testing to prevent a null-ptr-deref when try_module_get()
is called by fpga_mgr_get().
Fixes: ccbc1c302115 ("fpga: add an initial KUnit suite for the FPGA Manager")
Reported-by: Jinjie Ruan <[email protected]>
Signed-off-by: Marco Pagani <[email protected]>
---
drivers/fpga/tests/fpga-mgr-test.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/drivers/fpga/tests/fpga-mgr-test.c b/drivers/fpga/tests/fpga-mgr-test.c
index 6acec55b60ce..30de474d7def 100644
--- a/drivers/fpga/tests/fpga-mgr-test.c
+++ b/drivers/fpga/tests/fpga-mgr-test.c
@@ -14,6 +14,8 @@
#include <linux/scatterlist.h>
#include <linux/types.h>
+#include "fpga-test-helpers.h"
+
#define HEADER_FILL 'H'
#define IMAGE_FILL 'P'
#define IMAGE_BLOCK 1024
@@ -277,6 +279,18 @@ static void fpga_mgr_test_img_load_sgt(struct kunit *test)
sg_free_table(ctx->img_info->sgt);
}
+TEST_PLATFORM_DRIVER(test_platform_driver);
+
+static int fpga_mgr_test_suite_init(struct kunit_suite *suite)
+{
+ return platform_driver_register(&test_platform_driver);
+}
+
+static void fpga_mgr_test_suite_exit(struct kunit_suite *suite)
+{
+ platform_driver_unregister(&test_platform_driver);
+}
+
static int fpga_mgr_test_init(struct kunit *test)
{
struct mgr_ctx *ctx;
@@ -284,7 +298,7 @@ static int fpga_mgr_test_init(struct kunit *test)
ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
- ctx->pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
+ ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
ctx->mgr = devm_fpga_mgr_register(&ctx->pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
@@ -317,6 +331,8 @@ static struct kunit_case fpga_mgr_test_cases[] = {
static struct kunit_suite fpga_mgr_suite = {
.name = "fpga_mgr",
+ .suite_init = fpga_mgr_test_suite_init,
+ .suite_exit = fpga_mgr_test_suite_exit,
.init = fpga_mgr_test_init,
.exit = fpga_mgr_test_exit,
.test_cases = fpga_mgr_test_cases,
--
2.41.0
Register a minimal platform driver associated with the parent platform
device used for testing to prevent a null-ptr-deref when try_module_get()
is called by fpga_region_get(). Also, fix a typo in the suite's name.
Fixes: 64a5f972c93d ("fpga: add an initial KUnit suite for the FPGA Region")
Reported-by: Jinjie Ruan <[email protected]>
Signed-off-by: Marco Pagani <[email protected]>
---
drivers/fpga/tests/fpga-region-test.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/drivers/fpga/tests/fpga-region-test.c b/drivers/fpga/tests/fpga-region-test.c
index 9f9d50ee7871..5ff688b394f9 100644
--- a/drivers/fpga/tests/fpga-region-test.c
+++ b/drivers/fpga/tests/fpga-region-test.c
@@ -15,6 +15,8 @@
#include <linux/platform_device.h>
#include <linux/types.h>
+#include "fpga-test-helpers.h"
+
struct mgr_stats {
u32 write_count;
};
@@ -132,6 +134,18 @@ static void fpga_region_test_program_fpga(struct kunit *test)
fpga_image_info_free(img_info);
}
+TEST_PLATFORM_DRIVER(test_platform_driver);
+
+static int fpga_region_test_suite_init(struct kunit_suite *suite)
+{
+ return platform_driver_register(&test_platform_driver);
+}
+
+static void fpga_region_test_suite_exit(struct kunit_suite *suite)
+{
+ platform_driver_unregister(&test_platform_driver);
+}
+
/*
* The configuration used in this test suite uses a single bridge to
* limit the code under test to a single unit. The functions used by the
@@ -146,14 +160,15 @@ static int fpga_region_test_init(struct kunit *test)
ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
- ctx->mgr_pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
+ ctx->mgr_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
+ NULL, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->mgr_pdev);
ctx->mgr = devm_fpga_mgr_register(&ctx->mgr_pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
&ctx->mgr_stats);
KUNIT_ASSERT_FALSE(test, IS_ERR_OR_NULL(ctx->mgr));
- ctx->bridge_pdev = platform_device_register_simple("bridge_pdev", PLATFORM_DEVID_AUTO,
+ ctx->bridge_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
NULL, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->bridge_pdev);
@@ -163,7 +178,7 @@ static int fpga_region_test_init(struct kunit *test)
ctx->bridge_stats.enable = true;
- ctx->region_pdev = platform_device_register_simple("region_pdev", PLATFORM_DEVID_AUTO,
+ ctx->region_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
NULL, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->region_pdev);
@@ -195,12 +210,13 @@ static void fpga_region_test_exit(struct kunit *test)
static struct kunit_case fpga_region_test_cases[] = {
KUNIT_CASE(fpga_region_test_class_find),
KUNIT_CASE(fpga_region_test_program_fpga),
-
{}
};
static struct kunit_suite fpga_region_suite = {
- .name = "fpga_mgr",
+ .name = "fpga_region",
+ .suite_init = fpga_region_test_suite_init,
+ .suite_exit = fpga_region_test_suite_exit,
.init = fpga_region_test_init,
.exit = fpga_region_test_exit,
.test_cases = fpga_region_test_cases,
--
2.41.0
Add helpers to facilitate the registration of minimal platform drivers
to support the parent platform devices used for testing.
Signed-off-by: Marco Pagani <[email protected]>
---
drivers/fpga/tests/fpga-test-helpers.h | 29 ++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100644 drivers/fpga/tests/fpga-test-helpers.h
diff --git a/drivers/fpga/tests/fpga-test-helpers.h b/drivers/fpga/tests/fpga-test-helpers.h
new file mode 100644
index 000000000000..fcad3249be68
--- /dev/null
+++ b/drivers/fpga/tests/fpga-test-helpers.h
@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * KUnit test for the FPGA Manager
+ *
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Author: Marco Pagani <[email protected]>
+ */
+
+#ifndef FPGA_KUNIT_HELPERS_
+#define FPGA_KUNIT_HELPERS_
+
+#define TEST_PDEV_NAME "fpga-test-pdev"
+
+#define TEST_PLATFORM_DRIVER(__drv_name) \
+ __TEST_PLATFORM_DRIVER(__drv_name, TEST_PDEV_NAME)
+/*
+ * Helper macro for defining a minimal platform driver that can
+ * be registered to support the parent platform devices used for
+ * testing.
+ */
+#define __TEST_PLATFORM_DRIVER(__drv_name, __dev_name) \
+static struct platform_driver __drv_name = { \
+ .driver = { \
+ .name = __dev_name, \
+ }, \
+}
+
+#endif /* FPGA_KUNIT_HELPERS_ */
--
2.41.0
Register a minimal platform driver associated with the parent platform
device used for testing to prevent a null-ptr-deref when try_module_get()
is called by __fpga_bridge_get().
Fixes: 9e6823481e5f ("fpga: add an initial KUnit suite for the FPGA Bridge")
Reported-by: Jinjie Ruan <[email protected]>
Signed-off-by: Marco Pagani <[email protected]>
---
drivers/fpga/tests/fpga-bridge-test.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/drivers/fpga/tests/fpga-bridge-test.c b/drivers/fpga/tests/fpga-bridge-test.c
index 1d258002cdd7..4bd4ecaa7e90 100644
--- a/drivers/fpga/tests/fpga-bridge-test.c
+++ b/drivers/fpga/tests/fpga-bridge-test.c
@@ -13,6 +13,8 @@
#include <linux/module.h>
#include <linux/types.h>
+#include "fpga-test-helpers.h"
+
struct bridge_stats {
bool enable;
};
@@ -53,7 +55,7 @@ static struct bridge_ctx *register_test_bridge(struct kunit *test)
ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
- ctx->pdev = platform_device_register_simple("bridge_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
+ ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
ctx->bridge = fpga_bridge_register(&ctx->pdev->dev, "Fake FPGA bridge", &fake_bridge_ops,
@@ -144,6 +146,18 @@ static void fpga_bridge_test_get_put_list(struct kunit *test)
unregister_test_bridge(ctx_1);
}
+TEST_PLATFORM_DRIVER(test_platform_driver);
+
+static int fpga_bridge_test_suite_init(struct kunit_suite *suite)
+{
+ return platform_driver_register(&test_platform_driver);
+}
+
+static void fpga_bridge_test_suite_exit(struct kunit_suite *suite)
+{
+ platform_driver_unregister(&test_platform_driver);
+}
+
static int fpga_bridge_test_init(struct kunit *test)
{
test->priv = register_test_bridge(test);
@@ -165,6 +179,8 @@ static struct kunit_case fpga_bridge_test_cases[] = {
static struct kunit_suite fpga_bridge_suite = {
.name = "fpga_bridge",
+ .suite_init = fpga_bridge_test_suite_init,
+ .suite_exit = fpga_bridge_test_suite_exit,
.init = fpga_bridge_test_init,
.exit = fpga_bridge_test_exit,
.test_cases = fpga_bridge_test_cases,
--
2.41.0
On 2023/9/27 0:39, Marco Pagani wrote:
> Register a minimal platform driver associated with the parent platform
> device used for testing to prevent a null-ptr-deref when try_module_get()
> is called by fpga_mgr_get().
>
> Fixes: ccbc1c302115 ("fpga: add an initial KUnit suite for the FPGA Manager")
> Reported-by: Jinjie Ruan <[email protected]>
> Signed-off-by: Marco Pagani <[email protected]>
> ---
> drivers/fpga/tests/fpga-mgr-test.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/fpga/tests/fpga-mgr-test.c b/drivers/fpga/tests/fpga-mgr-test.c
> index 6acec55b60ce..30de474d7def 100644
> --- a/drivers/fpga/tests/fpga-mgr-test.c
> +++ b/drivers/fpga/tests/fpga-mgr-test.c
> @@ -14,6 +14,8 @@
> #include <linux/scatterlist.h>
> #include <linux/types.h>
>
> +#include "fpga-test-helpers.h"
> +
> #define HEADER_FILL 'H'
> #define IMAGE_FILL 'P'
> #define IMAGE_BLOCK 1024
> @@ -277,6 +279,18 @@ static void fpga_mgr_test_img_load_sgt(struct kunit *test)
> sg_free_table(ctx->img_info->sgt);
> }
>
> +TEST_PLATFORM_DRIVER(test_platform_driver);
> +
> +static int fpga_mgr_test_suite_init(struct kunit_suite *suite)
> +{
> + return platform_driver_register(&test_platform_driver);
modprobe fpga-mgr-test and there is still a null-ptr-deref.
root@syzkaller:~# modprobe fpga-mgr-test
[ 45.088127] KTAP version 1
[ 45.088354] 1..1
[ 45.089520] ------------[ cut here ]------------
[ 45.089861] kobject: '(null)' (ffffffffa02121d0): is not initialized,
yet kobject_get() is being called.
[ 45.090608] WARNING: CPU: 1 PID: 1862 at lib/kobject.c:637
kobject_get+0x98/0xe0
[ 45.091209] Modules linked in: fpga_mgr_test(+)
[ 45.091581] CPU: 1 PID: 1862 Comm: modprobe Tainted: G
N 6.6.0-rc3+ #54
[ 45.092201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 45.092870] RIP: 0010:kobject_get+0x98/0xe0
[ 45.093200] Code: 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03
80 3c 02 00 75 44 49 8b 34 24 4c 89 e2 48 c7 c7 20 63 ac 84 e8 38 fe 24
fd <0f> 0b eb a2 48 89 ef be 01 00 00 00 e8 d7 de a4 fe 4c 89 e0 5d 41
[ 45.094653] RSP: 0018:ffff8881062f7298 EFLAGS: 00010286
[ 45.095086] RAX: 0000000000000000 RBX: ffffffff848a3660 RCX:
0000000000000000
[ 45.095649] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
0000000000000001
[ 45.096205] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
ffffed1020c5ee12
[ 45.096761] R10: ffff8881062f7097 R11: 3a7463656a626f6b R12:
ffffffffa02121d0
[ 45.097315] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
ffff88810661aca0
[ 45.097863] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
knlGS:0000000000000000
[ 45.098485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.098933] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
0000000000770ee0
[ 45.099497] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 45.100054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 45.100615] PKRU: 55555554
[ 45.100833] Call Trace:
[ 45.101034] <TASK>
[ 45.101206] ? __warn+0xc9/0x260
[ 45.101480] ? irq_work_queue+0x35/0x50
[ 45.101786] ? kobject_get+0x98/0xe0
[ 45.102073] ? report_bug+0x345/0x400
[ 45.102377] ? handle_bug+0x3c/0x70
[ 45.102661] ? exc_invalid_op+0x14/0x40
[ 45.102968] ? asm_exc_invalid_op+0x16/0x20
[ 45.103317] ? kobject_get+0x98/0xe0
[ 45.103604] ? kobject_get+0x98/0xe0
[ 45.103892] kobject_add_internal+0x9e/0x870
[ 45.104235] kobject_add+0x120/0x1f0
[ 45.104535] ? kset_create_and_add+0x160/0x160
[ 45.104892] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 45.105269] ? _raw_spin_lock+0x87/0xe0
[ 45.105586] ? kobject_create_and_add+0x3c/0xb0
[ 45.105948] kobject_create_and_add+0x68/0xb0
[ 45.106303] module_add_driver+0x260/0x350
[ 45.106635] bus_add_driver+0x2c9/0x580
[ 45.106941] driver_register+0x133/0x460
[ 45.107284] kunit_run_tests+0xdb/0xef0
[ 45.107599] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.107962] ? __sched_text_end+0xa/0xa
[ 45.108284] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 45.108675] ? __kunit_test_suites_exit+0x80/0x80
[ 45.109045] ? set_track_prepare+0x8a/0xd0
[ 45.109380] ? get_object+0x70/0x70
[ 45.109658] ? alloc_inode+0x12a/0x1e0
[ 45.109960] ? new_inode+0x14/0x230
[ 45.110238] ? __debugfs_create_file+0xc8/0x5d0
[ 45.110607] ? __kunit_test_suites_init+0x73/0x140
[ 45.110982] ? kunit_module_notify+0x3ab/0x440
[ 45.111341] ? notifier_call_chain+0xbf/0x280
[ 45.111688] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.112045] ? __sched_text_end+0xa/0xa
[ 45.112362] ? projid_m_show+0x200/0x200
[ 45.112671] ? kasan_set_track+0x21/0x30
[ 45.112974] ? _raw_spin_lock+0x87/0xe0
[ 45.113290] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.113615] ? _raw_spin_lock+0x87/0xe0
[ 45.113914] ? __d_instantiate+0x1d5/0x3b0
[ 45.114232] ? alloc_inode+0x72/0x1e0
[ 45.114535] ? up_write+0x6d/0xa0
[ 45.114803] ? __debugfs_create_file+0x3b5/0x5d0
[ 45.115180] __kunit_test_suites_init+0xde/0x140
[ 45.115557] kunit_module_notify+0x3ab/0x440
[ 45.115895] ? __kunit_test_suites_init+0x140/0x140
[ 45.116287] ? preempt_count_add+0x79/0x150
[ 45.116623] notifier_call_chain+0xbf/0x280
[ 45.116953] ? kasan_quarantine_put+0x21/0x1a0
[ 45.117311] blocking_notifier_call_chain_robust+0xbb/0x140
[ 45.117747] ? notifier_call_chain+0x280/0x280
[ 45.118097] ? 0xffffffffa0208000
[ 45.118372] load_module+0x4af0/0x67d0
[ 45.118671] ? module_frob_arch_sections+0x20/0x20
[ 45.119057] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 45.119476] ? kernel_read_file+0x3ca/0x510
[ 45.119807] ? __x64_sys_fspick+0x2a0/0x2a0
[ 45.120134] ? init_module_from_file+0xd2/0x130
[ 45.120499] init_module_from_file+0xd2/0x130
[ 45.120843] ? __ia32_sys_init_module+0xa0/0xa0
[ 45.121203] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 45.121589] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.121916] idempotent_init_module+0x339/0x610
[ 45.122286] ? init_module_from_file+0x130/0x130
[ 45.122648] ? __fget_light+0x57/0x500
[ 45.122950] __x64_sys_finit_module+0xba/0x130
[ 45.123323] do_syscall_64+0x35/0x80
[ 45.123607] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 45.124001] RIP: 0033:0x7fabf471b839
[ 45.124303] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 45.125754] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 45.126359] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
00007fabf471b839
[ 45.126921] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
0000000000000003
[ 45.127505] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
000055578e373210
[ 45.128057] R10: 0000000000000003 R11: 0000000000000246 R12:
0000000000000000
[ 45.128621] R13: 000055578e370f30 R14: 0000000000040000 R15:
000055578e370e10
[ 45.129183] </TASK>
[ 45.129376] ---[ end trace 0000000000000000 ]---
[ 45.129744] ------------[ cut here ]------------
[ 45.130109] refcount_t: addition on 0; use-after-free.
[ 45.130555] WARNING: CPU: 1 PID: 1862 at lib/refcount.c:25
refcount_warn_saturate+0x120/0x190
[ 45.131214] Modules linked in: fpga_mgr_test(+)
[ 45.131588] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 45.132205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 45.132854] RIP: 0010:refcount_warn_saturate+0x120/0x190
[ 45.133262] Code: 1d bc 3f 40 0a 80 fb 01 0f 87 5a f8 67 01 83 e3 01
0f 85 5d ff ff ff 48 c7 c7 e0 99 7a 84 c6 05 9c 3f 40 0a 01 e8 30 1e 80
fe <0f> 0b e9 43 ff ff ff 0f b6 1d 86 3f 40 0a 80 fb 01 0f 87 4f f8 67
[ 45.134712] RSP: 0018:ffff8881062f7280 EFLAGS: 00010286
[ 45.135138] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 45.135698] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
0000000000000001
[ 45.136244] RBP: 0000000000000002 R08: 0000000000000001 R09:
ffffed1020c5ee0f
[ 45.136804] R10: ffff8881062f707f R11: 746e756f63666572 R12:
ffffffffa02121d0
[ 45.137367] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
ffff88810661aca0
[ 45.137919] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
knlGS:0000000000000000
[ 45.138551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.139007] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
0000000000770ee0
[ 45.139566] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 45.140116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 45.140669] PKRU: 55555554
[ 45.140882] Call Trace:
[ 45.141084] <TASK>
[ 45.141254] ? __warn+0xc9/0x260
[ 45.141520] ? refcount_warn_saturate+0x120/0x190
[ 45.141889] ? report_bug+0x345/0x400
[ 45.142176] ? handle_bug+0x3c/0x70
[ 45.142461] ? exc_invalid_op+0x14/0x40
[ 45.142767] ? asm_exc_invalid_op+0x16/0x20
[ 45.143101] ? refcount_warn_saturate+0x120/0x190
[ 45.143474] kobject_get+0xbd/0xe0
[ 45.143745] kobject_add_internal+0x9e/0x870
[ 45.144084] kobject_add+0x120/0x1f0
[ 45.144378] ? kset_create_and_add+0x160/0x160
[ 45.144732] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 45.145109] ? _raw_spin_lock+0x87/0xe0
[ 45.145426] ? kobject_create_and_add+0x3c/0xb0
[ 45.145787] kobject_create_and_add+0x68/0xb0
[ 45.146130] module_add_driver+0x260/0x350
[ 45.146465] bus_add_driver+0x2c9/0x580
[ 45.146762] driver_register+0x133/0x460
[ 45.147084] kunit_run_tests+0xdb/0xef0
[ 45.147404] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.147754] ? __sched_text_end+0xa/0xa
[ 45.148056] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 45.148456] ? __kunit_test_suites_exit+0x80/0x80
[ 45.148817] ? set_track_prepare+0x8a/0xd0
[ 45.149145] ? get_object+0x70/0x70
[ 45.149425] ? alloc_inode+0x12a/0x1e0
[ 45.149716] ? new_inode+0x14/0x230
[ 45.149989] ? __debugfs_create_file+0xc8/0x5d0
[ 45.150347] ? __kunit_test_suites_init+0x73/0x140
[ 45.150724] ? kunit_module_notify+0x3ab/0x440
[ 45.151074] ? notifier_call_chain+0xbf/0x280
[ 45.151420] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.151772] ? __sched_text_end+0xa/0xa
[ 45.152079] ? projid_m_show+0x200/0x200
[ 45.152403] ? kasan_set_track+0x21/0x30
[ 45.152712] ? _raw_spin_lock+0x87/0xe0
[ 45.153010] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.153333] ? _raw_spin_lock+0x87/0xe0
[ 45.153635] ? __d_instantiate+0x1d5/0x3b0
[ 45.153953] ? alloc_inode+0x72/0x1e0
[ 45.154235] ? up_write+0x6d/0xa0
[ 45.154509] ? __debugfs_create_file+0x3b5/0x5d0
[ 45.154869] __kunit_test_suites_init+0xde/0x140
[ 45.155222] kunit_module_notify+0x3ab/0x440
[ 45.155560] ? __kunit_test_suites_init+0x140/0x140
[ 45.155938] ? preempt_count_add+0x79/0x150
[ 45.156259] notifier_call_chain+0xbf/0x280
[ 45.156591] ? kasan_quarantine_put+0x21/0x1a0
[ 45.156937] blocking_notifier_call_chain_robust+0xbb/0x140
[ 45.157371] ? notifier_call_chain+0x280/0x280
[ 45.157713] ? 0xffffffffa0208000
[ 45.157967] load_module+0x4af0/0x67d0
[ 45.158255] ? module_frob_arch_sections+0x20/0x20
[ 45.158630] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 45.159025] ? kernel_read_file+0x3ca/0x510
[ 45.159353] ? __x64_sys_fspick+0x2a0/0x2a0
[ 45.159673] ? init_module_from_file+0xd2/0x130
[ 45.160014] init_module_from_file+0xd2/0x130
[ 45.160356] ? __ia32_sys_init_module+0xa0/0xa0
[ 45.160702] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 45.161058] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.161386] idempotent_init_module+0x339/0x610
[ 45.161727] ? init_module_from_file+0x130/0x130
[ 45.162081] ? __fget_light+0x57/0x500
[ 45.162378] __x64_sys_finit_module+0xba/0x130
[ 45.162720] do_syscall_64+0x35/0x80
[ 45.162989] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 45.163380] RIP: 0033:0x7fabf471b839
[ 45.163655] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 45.165049] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 45.165627] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
00007fabf471b839
[ 45.166168] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
0000000000000003
[ 45.166733] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
000055578e373210
[ 45.167297] R10: 0000000000000003 R11: 0000000000000246 R12:
0000000000000000
[ 45.167847] R13: 000055578e370f30 R14: 0000000000040000 R15:
000055578e370e10
[ 45.168404] </TASK>
[ 45.168579] ---[ end trace 0000000000000000 ]---
[ 45.168952] general protection fault, probably for non-canonical
address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
[ 45.169771] KASAN: null-ptr-deref in range
[0x0000000000000018-0x000000000000001f]
[ 45.170336] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 45.170935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 45.171562] RIP: 0010:kobject_namespace+0x71/0x150
[ 45.171933] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 45.173324] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
[ 45.173716] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 45.174245] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
0000000000000018
[ 45.174777] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
ffffed1020c5ee0f
[ 45.175317] R10: ffff8881062f707f R11: 746e756f63666572 R12:
ffffffffa02121d0
[ 45.175847] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
ffffffff84ac7020
[ 45.176377] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
knlGS:0000000000000000
[ 45.176977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.177413] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
0000000000770ee0
[ 45.177946] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 45.178479] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 45.179016] PKRU: 55555554
[ 45.179227] Call Trace:
[ 45.179418] <TASK>
[ 45.179584] ? die_addr+0x3d/0xa0
[ 45.179843] ? exc_general_protection+0x144/0x220
[ 45.180202] ? asm_exc_general_protection+0x22/0x30
[ 45.180570] ? kobject_namespace+0x71/0x150
[ 45.180886] kobject_add_internal+0x267/0x870
[ 45.181221] kobject_add+0x120/0x1f0
[ 45.181497] ? kset_create_and_add+0x160/0x160
[ 45.181828] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 45.182188] ? _raw_spin_lock+0x87/0xe0
[ 45.182480] ? kobject_create_and_add+0x3c/0xb0
[ 45.182822] kobject_create_and_add+0x68/0xb0
[ 45.183159] module_add_driver+0x260/0x350
[ 45.183472] bus_add_driver+0x2c9/0x580
[ 45.183764] driver_register+0x133/0x460
[ 45.184061] kunit_run_tests+0xdb/0xef0
[ 45.184354] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.184700] ? __sched_text_end+0xa/0xa
[ 45.184993] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 45.185365] ? __kunit_test_suites_exit+0x80/0x80
[ 45.185718] ? set_track_prepare+0x8a/0xd0
[ 45.186027] ? get_object+0x70/0x70
[ 45.186296] ? alloc_inode+0x12a/0x1e0
[ 45.186578] ? new_inode+0x14/0x230
[ 45.186848] ? __debugfs_create_file+0xc8/0x5d0
[ 45.187199] ? __kunit_test_suites_init+0x73/0x140
[ 45.187563] ? kunit_module_notify+0x3ab/0x440
[ 45.187905] ? notifier_call_chain+0xbf/0x280
[ 45.188232] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 45.188574] ? __sched_text_end+0xa/0xa
[ 45.188862] ? projid_m_show+0x200/0x200
[ 45.189158] ? kasan_set_track+0x21/0x30
[ 45.189457] ? _raw_spin_lock+0x87/0xe0
[ 45.189747] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.190054] ? _raw_spin_lock+0x87/0xe0
[ 45.190345] ? __d_instantiate+0x1d5/0x3b0
[ 45.190657] ? alloc_inode+0x72/0x1e0
[ 45.190935] ? up_write+0x6d/0xa0
[ 45.191191] ? __debugfs_create_file+0x3b5/0x5d0
[ 45.191545] __kunit_test_suites_init+0xde/0x140
[ 45.191904] kunit_module_notify+0x3ab/0x440
[ 45.192226] ? __kunit_test_suites_init+0x140/0x140
[ 45.192601] ? preempt_count_add+0x79/0x150
[ 45.192927] notifier_call_chain+0xbf/0x280
[ 45.193244] ? kasan_quarantine_put+0x21/0x1a0
[ 45.193586] blocking_notifier_call_chain_robust+0xbb/0x140
[ 45.194015] ? notifier_call_chain+0x280/0x280
[ 45.194360] ? 0xffffffffa0208000
[ 45.194614] load_module+0x4af0/0x67d0
[ 45.194909] ? module_frob_arch_sections+0x20/0x20
[ 45.195274] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 45.195672] ? kernel_read_file+0x3ca/0x510
[ 45.195997] ? __x64_sys_fspick+0x2a0/0x2a0
[ 45.196319] ? init_module_from_file+0xd2/0x130
[ 45.196675] init_module_from_file+0xd2/0x130
[ 45.197006] ? __ia32_sys_init_module+0xa0/0xa0
[ 45.197352] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 45.197724] ? _raw_spin_lock_bh+0xe0/0xe0
[ 45.198044] idempotent_init_module+0x339/0x610
[ 45.198392] ? init_module_from_file+0x130/0x130
[ 45.198748] ? __fget_light+0x57/0x500
[ 45.199043] __x64_sys_finit_module+0xba/0x130
[ 45.199389] do_syscall_64+0x35/0x80
[ 45.199664] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 45.200050] RIP: 0033:0x7fabf471b839
[ 45.200325] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 45.201713] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 45.202278] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
00007fabf471b839
[ 45.202816] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
0000000000000003
[ 45.203348] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
000055578e373210
[ 45.203886] R10: 0000000000000003 R11: 0000000000000246 R12:
0000000000000000
[ 45.204426] R13: 000055578e370f30 R14: 0000000000040000 R15:
000055578e370e10
[ 45.204962] </TASK>
[ 45.205140] Modules linked in: fpga_mgr_test(+)
[ 45.205500] Dumping ftrace buffer:
[ 45.205768] (ftrace buffer empty)
[ 45.206066] ---[ end trace 0000000000000000 ]---
[ 45.206477] RIP: 0010:kobject_namespace+0x71/0x150
[ 45.206850] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 45.208501] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
[ 45.209015] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 45.209708] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
0000000000000018
[ 45.210473] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
ffffed1020c5ee0f
[ 45.211142] R10: ffff8881062f707f R11: 746e756f63666572 R12:
ffffffffa02121d0
[ 45.211898] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
ffffffff84ac7020
[ 45.212653] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
knlGS:0000000000000000
[ 45.213441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.213970] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
0000000000770ee0
[ 45.214716] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 45.215424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 45.216089] PKRU: 55555554
[ 45.216440] Kernel panic - not syncing: Fatal exception
[ 45.217935] Dumping ftrace buffer:
[ 45.218195] (ftrace buffer empty)
[ 45.218473] Kernel Offset: disabled
[ 45.218740] Rebooting in 1 seconds..
> +}
> +
> +static void fpga_mgr_test_suite_exit(struct kunit_suite *suite)
> +{
> + platform_driver_unregister(&test_platform_driver);
> +}
> +
> static int fpga_mgr_test_init(struct kunit *test)
> {
> struct mgr_ctx *ctx;
> @@ -284,7 +298,7 @@ static int fpga_mgr_test_init(struct kunit *test)
> ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
>
> - ctx->pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
> + ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
>
> ctx->mgr = devm_fpga_mgr_register(&ctx->pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
> @@ -317,6 +331,8 @@ static struct kunit_case fpga_mgr_test_cases[] = {
>
> static struct kunit_suite fpga_mgr_suite = {
> .name = "fpga_mgr",
> + .suite_init = fpga_mgr_test_suite_init,
> + .suite_exit = fpga_mgr_test_suite_exit,
> .init = fpga_mgr_test_init,
> .exit = fpga_mgr_test_exit,
> .test_cases = fpga_mgr_test_cases,
On 2023/9/27 0:39, Marco Pagani wrote:
> Register a minimal platform driver associated with the parent platform
> device used for testing to prevent a null-ptr-deref when try_module_get()
> is called by __fpga_bridge_get().
>
> Fixes: 9e6823481e5f ("fpga: add an initial KUnit suite for the FPGA Bridge")
> Reported-by: Jinjie Ruan <[email protected]>
> Signed-off-by: Marco Pagani <[email protected]>
> ---
> drivers/fpga/tests/fpga-bridge-test.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/fpga/tests/fpga-bridge-test.c b/drivers/fpga/tests/fpga-bridge-test.c
> index 1d258002cdd7..4bd4ecaa7e90 100644
> --- a/drivers/fpga/tests/fpga-bridge-test.c
> +++ b/drivers/fpga/tests/fpga-bridge-test.c
> @@ -13,6 +13,8 @@
> #include <linux/module.h>
> #include <linux/types.h>
>
> +#include "fpga-test-helpers.h"
> +
> struct bridge_stats {
> bool enable;
> };
> @@ -53,7 +55,7 @@ static struct bridge_ctx *register_test_bridge(struct kunit *test)
> ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
>
> - ctx->pdev = platform_device_register_simple("bridge_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
> + ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
>
> ctx->bridge = fpga_bridge_register(&ctx->pdev->dev, "Fake FPGA bridge", &fake_bridge_ops,
> @@ -144,6 +146,18 @@ static void fpga_bridge_test_get_put_list(struct kunit *test)
> unregister_test_bridge(ctx_1);
> }
>
> +TEST_PLATFORM_DRIVER(test_platform_driver);
> +
> +static int fpga_bridge_test_suite_init(struct kunit_suite *suite)
> +{
> + return platform_driver_register(&test_platform_driver);
modprobe fpga-bridge-test and there is still a null-ptr-deref.
root@syzkaller:~# modprobe fpga-bridge-test
[ 33.870688] KTAP version 1
[ 33.870897] 1..1
[ 33.871947] ------------[ cut here ]------------
[ 33.872287] kobject: '(null)' (ffffffffa0241990): is not initialized,
yet kobject_get() is being called.
[ 33.873267] WARNING: CPU: 6 PID: 1860 at lib/kobject.c:637
kobject_get+0x98/0xe0
[ 33.873884] Modules linked in: fpga_bridge_test(+) fpga_bridge
[ 33.874368] CPU: 6 PID: 1860 Comm: modprobe Tainted: G
N 6.6.0-rc3+ #54
[ 33.875023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 33.875700] RIP: 0010:kobject_get+0x98/0xe0
[ 33.876044] Code: 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03
80 3c 02 00 75 44 49 8b 34 24 4c 89 e2 48 c7 c7 20 63 ac 84 e8 38 fe 24
fd <0f> 0b eb a2 48 89 ef be 01 00 00 00 e8 d7 de a4 fe 4c 89 e0 5d 41
[ 33.877527] RSP: 0018:ffff88810df6f298 EFLAGS: 00010286
[ 33.877951] RAX: 0000000000000000 RBX: ffffffff848a3660 RCX:
0000000000000000
[ 33.878538] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
0000000000000001
[ 33.879100] RBP: ffff88810c83cd40 R08: 0000000000000001 R09:
ffffed1021bede12
[ 33.879687] R10: ffff88810df6f097 R11: 3a7463656a626f6b R12:
ffffffffa0241990
[ 33.880235] R13: ffff88810c83cd58 R14: ffffffffa0241990 R15:
ffff888106502dd8
[ 33.880790] FS: 00007f27dd761540(0000) GS:ffff888119f00000(0000)
knlGS:0000000000000000
[ 33.881437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.881886] CR2: 00007ffc270848b8 CR3: 0000000106d73006 CR4:
0000000000770ee0
[ 33.882452] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 33.883001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 33.883557] PKRU: 55555554
[ 33.883777] Call Trace:
[ 33.883975] <TASK>
[ 33.884151] ? __warn+0xc9/0x260
[ 33.884424] ? irq_work_queue+0x35/0x50
[ 33.884728] ? kobject_get+0x98/0xe0
[ 33.885010] ? report_bug+0x345/0x400
[ 33.885304] ? handle_bug+0x3c/0x70
[ 33.885602] ? exc_invalid_op+0x14/0x40
[ 33.885900] ? asm_exc_invalid_op+0x16/0x20
[ 33.886224] ? kobject_get+0x98/0xe0
[ 33.886518] ? kobject_get+0x98/0xe0
[ 33.886813] kobject_add_internal+0x9e/0x870
[ 33.887148] kobject_add+0x120/0x1f0
[ 33.887444] ? kset_create_and_add+0x160/0x160
[ 33.887796] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 33.888171] ? _raw_spin_lock+0x87/0xe0
[ 33.888480] ? kobject_create_and_add+0x3c/0xb0
[ 33.888836] kobject_create_and_add+0x68/0xb0
[ 33.889183] module_add_driver+0x260/0x350
[ 33.889515] bus_add_driver+0x2c9/0x580
[ 33.889818] driver_register+0x133/0x460
[ 33.890128] kunit_run_tests+0xdb/0xef0
[ 33.890440] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.890802] ? __sched_text_end+0xa/0xa
[ 33.891108] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 33.891508] ? __kunit_test_suites_exit+0x80/0x80
[ 33.891875] ? set_track_prepare+0x8a/0xd0
[ 33.892192] ? get_object+0x70/0x70
[ 33.892479] ? alloc_inode+0x12a/0x1e0
[ 33.892780] ? new_inode+0x14/0x230
[ 33.893056] ? __debugfs_create_file+0xc8/0x5d0
[ 33.893424] ? __kunit_test_suites_init+0x73/0x140
[ 33.893804] ? kunit_module_notify+0x3ab/0x440
[ 33.894157] ? notifier_call_chain+0xbf/0x280
[ 33.894512] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.894873] ? __sched_text_end+0xa/0xa
[ 33.895178] ? projid_m_show+0x200/0x200
[ 33.895496] ? kasan_set_track+0x21/0x30
[ 33.895803] ? _raw_spin_lock+0x87/0xe0
[ 33.896101] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.896434] ? _raw_spin_lock+0x87/0xe0
[ 33.896733] ? __d_instantiate+0x1d5/0x3b0
[ 33.897055] ? alloc_inode+0x72/0x1e0
[ 33.897356] ? up_write+0x6d/0xa0
[ 33.897623] ? __debugfs_create_file+0x3b5/0x5d0
[ 33.897988] __kunit_test_suites_init+0xde/0x140
[ 33.898357] kunit_module_notify+0x3ab/0x440
[ 33.898701] ? __kunit_test_suites_init+0x140/0x140
[ 33.899084] ? preempt_count_add+0x79/0x150
[ 33.899428] notifier_call_chain+0xbf/0x280
[ 33.899757] ? kasan_quarantine_put+0x21/0x1a0
[ 33.900107] blocking_notifier_call_chain_robust+0xbb/0x140
[ 33.900549] ? notifier_call_chain+0x280/0x280
[ 33.900895] ? 0xffffffffa0238000
[ 33.901158] load_module+0x4af0/0x67d0
[ 33.901471] ? module_frob_arch_sections+0x20/0x20
[ 33.901842] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 33.902244] ? kernel_read_file+0x3ca/0x510
[ 33.902591] ? __x64_sys_fspick+0x2a0/0x2a0
[ 33.902921] ? init_module_from_file+0xd2/0x130
[ 33.903271] init_module_from_file+0xd2/0x130
[ 33.903621] ? __ia32_sys_init_module+0xa0/0xa0
[ 33.903977] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 33.904352] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.904674] idempotent_init_module+0x339/0x610
[ 33.905028] ? init_module_from_file+0x130/0x130
[ 33.905405] ? __fget_light+0x57/0x500
[ 33.905700] __x64_sys_finit_module+0xba/0x130
[ 33.906046] do_syscall_64+0x35/0x80
[ 33.906342] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 33.906743] RIP: 0033:0x7f27dd11b839
[ 33.907026] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 33.908447] RSP: 002b:00007ffc27087998 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 33.909022] RAX: ffffffffffffffda RBX: 00005645642bed20 RCX:
00007f27dd11b839
[ 33.909578] RDX: 0000000000000000 RSI: 000056456321bc2e RDI:
0000000000000004
[ 33.910114] RBP: 000056456321bc2e R08: 0000000000000000 R09:
00005645642bed20
[ 33.910670] R10: 0000000000000004 R11: 0000000000000246 R12:
0000000000000000
[ 33.911219] R13: 00005645642bee90 R14: 0000000000040000 R15:
00005645642bed20
[ 33.911770] </TASK>
[ 33.911947] ---[ end trace 0000000000000000 ]---
[ 33.912307] ------------[ cut here ]------------
[ 33.912679] refcount_t: addition on 0; use-after-free.
[ 33.913097] WARNING: CPU: 6 PID: 1860 at lib/refcount.c:25
refcount_warn_saturate+0x120/0x190
[ 33.913757] Modules linked in: fpga_bridge_test(+) fpga_bridge
[ 33.914207] CPU: 6 PID: 1860 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 33.914834] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 33.915487] RIP: 0010:refcount_warn_saturate+0x120/0x190
[ 33.915891] Code: 1d bc 3f 40 0a 80 fb 01 0f 87 5a f8 67 01 83 e3 01
0f 85 5d ff ff ff 48 c7 c7 e0 99 7a 84 c6 05 9c 3f 40 0a 01 e8 30 1e 80
fe <0f> 0b e9 43 ff ff ff 0f b6 1d 86 3f 40 0a 80 fb 01 0f 87 4f f8 67
[ 33.917299] RSP: 0018:ffff88810df6f280 EFLAGS: 00010286
[ 33.917717] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 33.918265] RDX: 0000000000000002 RSI: 0000000000000004 RDI:
0000000000000001
[ 33.918816] RBP: 0000000000000002 R08: 0000000000000001 R09:
ffffed10233e4ef1
[ 33.919372] R10: ffff888119f2778b R11: 746e756f63666572 R12:
ffffffffa0241990
[ 33.919913] R13: ffff88810c83cd58 R14: ffffffffa0241990 R15:
ffff888106502dd8
[ 33.920462] FS: 00007f27dd761540(0000) GS:ffff888119f00000(0000)
knlGS:0000000000000000
[ 33.921066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.921513] CR2: 00007ffc270848b8 CR3: 0000000106d73006 CR4:
0000000000770ee0
[ 33.922059] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 33.922621] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 33.923163] PKRU: 55555554
[ 33.923386] Call Trace:
[ 33.923581] <TASK>
[ 33.923753] ? __warn+0xc9/0x260
[ 33.924008] ? refcount_warn_saturate+0x120/0x190
[ 33.924381] ? report_bug+0x345/0x400
[ 33.924668] ? handle_bug+0x3c/0x70
[ 33.924942] ? exc_invalid_op+0x14/0x40
[ 33.925241] ? asm_exc_invalid_op+0x16/0x20
[ 33.925576] ? refcount_warn_saturate+0x120/0x190
[ 33.925942] kobject_get+0xbd/0xe0
[ 33.926208] kobject_add_internal+0x9e/0x870
[ 33.926552] kobject_add+0x120/0x1f0
[ 33.926841] ? kset_create_and_add+0x160/0x160
[ 33.927186] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 33.927568] ? _raw_spin_lock+0x87/0xe0
[ 33.927871] ? kobject_create_and_add+0x3c/0xb0
[ 33.928226] kobject_create_and_add+0x68/0xb0
[ 33.928581] module_add_driver+0x260/0x350
[ 33.928905] bus_add_driver+0x2c9/0x580
[ 33.929204] driver_register+0x133/0x460
[ 33.929521] kunit_run_tests+0xdb/0xef0
[ 33.929821] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.930177] ? __sched_text_end+0xa/0xa
[ 33.930491] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 33.930888] ? __kunit_test_suites_exit+0x80/0x80
[ 33.931253] ? set_track_prepare+0x8a/0xd0
[ 33.931582] ? get_object+0x70/0x70
[ 33.931853] ? alloc_inode+0x12a/0x1e0
[ 33.932149] ? new_inode+0x14/0x230
[ 33.932433] ? __debugfs_create_file+0xc8/0x5d0
[ 33.932785] ? __kunit_test_suites_init+0x73/0x140
[ 33.933149] ? kunit_module_notify+0x3ab/0x440
[ 33.933511] ? notifier_call_chain+0xbf/0x280
[ 33.933856] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.934209] ? __sched_text_end+0xa/0xa
[ 33.934519] ? projid_m_show+0x200/0x200
[ 33.934831] ? kasan_set_track+0x21/0x30
[ 33.935135] ? _raw_spin_lock+0x87/0xe0
[ 33.935447] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.935768] ? _raw_spin_lock+0x87/0xe0
[ 33.936068] ? __d_instantiate+0x1d5/0x3b0
[ 33.936398] ? alloc_inode+0x72/0x1e0
[ 33.936691] ? up_write+0x6d/0xa0
[ 33.936953] ? __debugfs_create_file+0x3b5/0x5d0
[ 33.937325] __kunit_test_suites_init+0xde/0x140
[ 33.937689] kunit_module_notify+0x3ab/0x440
[ 33.938027] ? __kunit_test_suites_init+0x140/0x140
[ 33.938417] ? preempt_count_add+0x79/0x150
[ 33.938751] notifier_call_chain+0xbf/0x280
[ 33.939071] ? kasan_quarantine_put+0x21/0x1a0
[ 33.939428] blocking_notifier_call_chain_robust+0xbb/0x140
[ 33.939860] ? notifier_call_chain+0x280/0x280
[ 33.940207] ? 0xffffffffa0238000
[ 33.940483] load_module+0x4af0/0x67d0
[ 33.940783] ? module_frob_arch_sections+0x20/0x20
[ 33.941153] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 33.941562] ? kernel_read_file+0x3ca/0x510
[ 33.941889] ? __x64_sys_fspick+0x2a0/0x2a0
[ 33.942213] ? init_module_from_file+0xd2/0x130
[ 33.942584] init_module_from_file+0xd2/0x130
[ 33.942928] ? __ia32_sys_init_module+0xa0/0xa0
[ 33.943276] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 33.943653] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.943971] idempotent_init_module+0x339/0x610
[ 33.944331] ? init_module_from_file+0x130/0x130
[ 33.944691] ? __fget_light+0x57/0x500
[ 33.944987] __x64_sys_finit_module+0xba/0x130
[ 33.945343] do_syscall_64+0x35/0x80
[ 33.945624] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 33.946011] RIP: 0033:0x7f27dd11b839
[ 33.946292] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 33.947694] RSP: 002b:00007ffc27087998 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 33.948267] RAX: ffffffffffffffda RBX: 00005645642bed20 RCX:
00007f27dd11b839
[ 33.948815] RDX: 0000000000000000 RSI: 000056456321bc2e RDI:
0000000000000004
[ 33.949366] RBP: 000056456321bc2e R08: 0000000000000000 R09:
00005645642bed20
[ 33.949905] R10: 0000000000000004 R11: 0000000000000246 R12:
0000000000000000
[ 33.950463] R13: 00005645642bee90 R14: 0000000000040000 R15:
00005645642bed20
[ 33.951014] </TASK>
[ 33.951188] ---[ end trace 0000000000000000 ]---
[ 33.951561] general protection fault, probably for non-canonical
address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
[ 33.952381] KASAN: null-ptr-deref in range
[0x0000000000000018-0x000000000000001f]
[ 33.952952] CPU: 6 PID: 1860 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 33.953554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 33.954178] RIP: 0010:kobject_namespace+0x71/0x150
[ 33.954546] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 33.955934] RSP: 0018:ffff88810df6f288 EFLAGS: 00010206
[ 33.956330] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 33.956869] RDX: 0000000000000003 RSI: 0000000000000004 RDI:
0000000000000018
[ 33.957411] RBP: ffff88810c83cd40 R08: 0000000000000001 R09:
ffffed10233e4ef1
[ 33.957949] R10: ffff888119f2778b R11: 746e756f63666572 R12:
ffffffffa0241990
[ 33.958486] R13: ffff88810c83cd58 R14: ffff88810c83cd68 R15:
ffffffff84ac7020
[ 33.959030] FS: 00007f27dd761540(0000) GS:ffff888119f00000(0000)
knlGS:0000000000000000
[ 33.959642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.960079] CR2: 00007ffc270848b8 CR3: 0000000106d73006 CR4:
0000000000770ee0
[ 33.960616] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 33.961145] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 33.961682] PKRU: 55555554
[ 33.961890] Call Trace:
[ 33.962081] <TASK>
[ 33.962247] ? die_addr+0x3d/0xa0
[ 33.962511] ? exc_general_protection+0x144/0x220
[ 33.962876] ? asm_exc_general_protection+0x22/0x30
[ 33.963244] ? kobject_namespace+0x71/0x150
[ 33.963570] kobject_add_internal+0x267/0x870
[ 33.963908] kobject_add+0x120/0x1f0
[ 33.964185] ? kset_create_and_add+0x160/0x160
[ 33.964528] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 33.964896] ? _raw_spin_lock+0x87/0xe0
[ 33.965192] ? kobject_create_and_add+0x3c/0xb0
[ 33.965544] kobject_create_and_add+0x68/0xb0
[ 33.965877] module_add_driver+0x260/0x350
[ 33.966197] bus_add_driver+0x2c9/0x580
[ 33.966502] driver_register+0x133/0x460
[ 33.966812] kunit_run_tests+0xdb/0xef0
[ 33.967106] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.967457] ? __sched_text_end+0xa/0xa
[ 33.967756] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 33.968127] ? __kunit_test_suites_exit+0x80/0x80
[ 33.968489] ? set_track_prepare+0x8a/0xd0
[ 33.968810] ? get_object+0x70/0x70
[ 33.969078] ? alloc_inode+0x12a/0x1e0
[ 33.969371] ? new_inode+0x14/0x230
[ 33.969644] ? __debugfs_create_file+0xc8/0x5d0
[ 33.969992] ? __kunit_test_suites_init+0x73/0x140
[ 33.970365] ? kunit_module_notify+0x3ab/0x440
[ 33.970711] ? notifier_call_chain+0xbf/0x280
[ 33.971044] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 33.971399] ? __sched_text_end+0xa/0xa
[ 33.971701] ? projid_m_show+0x200/0x200
[ 33.972009] ? kasan_set_track+0x21/0x30
[ 33.972313] ? _raw_spin_lock+0x87/0xe0
[ 33.972614] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.972931] ? _raw_spin_lock+0x87/0xe0
[ 33.973221] ? __d_instantiate+0x1d5/0x3b0
[ 33.973537] ? alloc_inode+0x72/0x1e0
[ 33.973819] ? up_write+0x6d/0xa0
[ 33.974075] ? __debugfs_create_file+0x3b5/0x5d0
[ 33.974431] __kunit_test_suites_init+0xde/0x140
[ 33.974794] kunit_module_notify+0x3ab/0x440
[ 33.975123] ? __kunit_test_suites_init+0x140/0x140
[ 33.975499] ? preempt_count_add+0x79/0x150
[ 33.975825] notifier_call_chain+0xbf/0x280
[ 33.976146] ? kasan_quarantine_put+0x21/0x1a0
[ 33.976498] blocking_notifier_call_chain_robust+0xbb/0x140
[ 33.976919] ? notifier_call_chain+0x280/0x280
[ 33.977262] ? 0xffffffffa0238000
[ 33.977527] load_module+0x4af0/0x67d0
[ 33.977822] ? module_frob_arch_sections+0x20/0x20
[ 33.978190] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 33.978592] ? kernel_read_file+0x3ca/0x510
[ 33.978920] ? __x64_sys_fspick+0x2a0/0x2a0
[ 33.979244] ? init_module_from_file+0xd2/0x130
[ 33.979595] init_module_from_file+0xd2/0x130
[ 33.979932] ? __ia32_sys_init_module+0xa0/0xa0
[ 33.980278] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 33.980642] ? _raw_spin_lock_bh+0xe0/0xe0
[ 33.980958] idempotent_init_module+0x339/0x610
[ 33.981311] ? init_module_from_file+0x130/0x130
[ 33.981671] ? __fget_light+0x57/0x500
[ 33.981965] __x64_sys_finit_module+0xba/0x130
[ 33.982307] do_syscall_64+0x35/0x80
[ 33.982596] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 33.982977] RIP: 0033:0x7f27dd11b839
[ 33.983250] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 33.984642] RSP: 002b:00007ffc27087998 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 33.985206] RAX: ffffffffffffffda RBX: 00005645642bed20 RCX:
00007f27dd11b839
[ 33.985738] RDX: 0000000000000000 RSI: 000056456321bc2e RDI:
0000000000000004
[ 33.986272] RBP: 000056456321bc2e R08: 0000000000000000 R09:
00005645642bed20
[ 33.986830] R10: 0000000000000004 R11: 0000000000000246 R12:
0000000000000000
[ 33.987381] R13: 00005645642bee90 R14: 0000000000040000 R15:
00005645642bed20
[ 33.987926] </TASK>
[ 33.988098] Modules linked in: fpga_bridge_test(+) fpga_bridge
[ 33.988551] Dumping ftrace buffer:
[ 33.988814] (ftrace buffer empty)
[ 33.989107] ---[ end trace 0000000000000000 ]---
[ 33.989516] RIP: 0010:kobject_namespace+0x71/0x150
[ 33.989886] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 33.991715] RSP: 0018:ffff88810df6f288 EFLAGS: 00010206
[ 33.992201] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 33.992989] RDX: 0000000000000003 RSI: 0000000000000004 RDI:
0000000000000018
[ 33.993614] RBP: ffff88810c83cd40 R08: 0000000000000001 R09:
ffffed10233e4ef1
[ 33.994373] R10: ffff888119f2778b R11: 746e756f63666572 R12:
ffffffffa0241990
[ 33.995091] R13: ffff88810c83cd58 R14: ffff88810c83cd68 R15:
ffffffff84ac7020
[ 33.995829] FS: 00007f27dd761540(0000) GS:ffff888119f00000(0000)
knlGS:0000000000000000
[ 33.996640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.997246] CR2: 00007ffc270848b8 CR3: 0000000106d73006 CR4:
0000000000770ee0
[ 33.997971] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 33.998673] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 33.999414] PKRU: 55555554
[ 33.999678] Kernel panic - not syncing: Fatal exception
[ 34.001019] Dumping ftrace buffer:
[ 34.001286] (ftrace buffer empty)
[ 34.001561] Kernel Offset: disabled
[ 34.001829] Rebooting in 1 seconds..
> +}
> +
> +static void fpga_bridge_test_suite_exit(struct kunit_suite *suite)
> +{
> + platform_driver_unregister(&test_platform_driver);
> +}
> +
> static int fpga_bridge_test_init(struct kunit *test)
> {
> test->priv = register_test_bridge(test);
> @@ -165,6 +179,8 @@ static struct kunit_case fpga_bridge_test_cases[] = {
>
> static struct kunit_suite fpga_bridge_suite = {
> .name = "fpga_bridge",
> + .suite_init = fpga_bridge_test_suite_init,
> + .suite_exit = fpga_bridge_test_suite_exit,
> .init = fpga_bridge_test_init,
> .exit = fpga_bridge_test_exit,
> .test_cases = fpga_bridge_test_cases,
On 2023/9/27 0:39, Marco Pagani wrote:
> Register a minimal platform driver associated with the parent platform
> device used for testing to prevent a null-ptr-deref when try_module_get()
> is called by fpga_region_get(). Also, fix a typo in the suite's name.
>
> Fixes: 64a5f972c93d ("fpga: add an initial KUnit suite for the FPGA Region")
> Reported-by: Jinjie Ruan <[email protected]>
> Signed-off-by: Marco Pagani <[email protected]>
> ---
> drivers/fpga/tests/fpga-region-test.c | 26 +++++++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/fpga/tests/fpga-region-test.c b/drivers/fpga/tests/fpga-region-test.c
> index 9f9d50ee7871..5ff688b394f9 100644
> --- a/drivers/fpga/tests/fpga-region-test.c
> +++ b/drivers/fpga/tests/fpga-region-test.c
> @@ -15,6 +15,8 @@
> #include <linux/platform_device.h>
> #include <linux/types.h>
>
> +#include "fpga-test-helpers.h"
> +
> struct mgr_stats {
> u32 write_count;
> };
> @@ -132,6 +134,18 @@ static void fpga_region_test_program_fpga(struct kunit *test)
> fpga_image_info_free(img_info);
> }
>
> +TEST_PLATFORM_DRIVER(test_platform_driver);
> +
> +static int fpga_region_test_suite_init(struct kunit_suite *suite)
> +{
> + return platform_driver_register(&test_platform_driver);
modprobe fpga-region-test and then there is still a null-ptr-deref.
root@syzkaller:~# modprobe fpga-region-test
[ 39.603646] KTAP version 1
[ 39.603866] 1..1
[ 39.604574] ------------[ cut here ]------------
[ 39.604921] kobject: '(null)' (ffffffffa0271490): is not initialized,
yet kobject_get() is being called.
[ 39.605842] WARNING: CPU: 3 PID: 1862 at lib/kobject.c:637
kobject_get+0x98/0xe0
[ 39.606445] Modules linked in: fpga_region_test(+) fpga_region
fpga_bridge
[ 39.607000] CPU: 3 PID: 1862 Comm: modprobe Tainted: G
N 6.6.0-rc3+ #54
[ 39.607640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 39.608304] RIP: 0010:kobject_get+0x98/0xe0
[ 39.608651] Code: 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03
80 3c 02 00 75 44 49 8b 34 24 4c 89 e2 48 c7 c7 20 63 ac 84 e8 38 fe 24
fd <0f> 0b eb a2 48 89 ef be 01 00 00 00 e8 d7 de a4 fe 4c 89 e0 5d 41
[ 39.610140] RSP: 0018:ffff888106f87298 EFLAGS: 00010286
[ 39.610583] RAX: 0000000000000000 RBX: ffffffff848a3660 RCX:
0000000000000000
[ 39.611153] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
0000000000000001
[ 39.611736] RBP: ffff888106002740 R08: 0000000000000001 R09:
ffffed1020df0e12
[ 39.612298] R10: ffff888106f87097 R11: 3a7463656a626f6b R12:
ffffffffa0271490
[ 39.612882] R13: ffff888106002758 R14: ffffffffa0271490 R15:
ffff88810b6a9798
[ 39.613458] FS: 00007fecca45a540(0000) GS:ffff888119d80000(0000)
knlGS:0000000000000000
[ 39.614079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.614542] CR2: 00007ffe202a0f58 CR3: 000000010ba75004 CR4:
0000000000770ee0
[ 39.615110] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 39.615680] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 39.616227] PKRU: 55555554
[ 39.616456] Call Trace:
[ 39.616652] <TASK>
[ 39.616825] ? __warn+0xc9/0x260
[ 39.617085] ? irq_work_queue+0x35/0x50
[ 39.617410] ? kobject_get+0x98/0xe0
[ 39.617711] ? report_bug+0x345/0x400
[ 39.618002] ? handle_bug+0x3c/0x70
[ 39.618278] ? exc_invalid_op+0x14/0x40
[ 39.618596] ? asm_exc_invalid_op+0x16/0x20
[ 39.618926] ? kobject_get+0x98/0xe0
[ 39.619208] ? kobject_get+0x98/0xe0
[ 39.619510] kobject_add_internal+0x9e/0x870
[ 39.619850] kobject_add+0x120/0x1f0
[ 39.620138] ? kset_create_and_add+0x160/0x160
[ 39.620500] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 39.620881] ? _raw_spin_lock+0x87/0xe0
[ 39.621185] ? kobject_create_and_add+0x3c/0xb0
[ 39.621566] kobject_create_and_add+0x68/0xb0
[ 39.621913] module_add_driver+0x260/0x350
[ 39.622237] bus_add_driver+0x2c9/0x580
[ 39.622556] driver_register+0x133/0x460
[ 39.622867] kunit_run_tests+0xdb/0xef0
[ 39.623169] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.623540] ? __sched_text_end+0xa/0xa
[ 39.623845] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 39.624230] ? __kunit_test_suites_exit+0x80/0x80
[ 39.624615] ? set_track_prepare+0x8a/0xd0
[ 39.624935] ? get_object+0x70/0x70
[ 39.625212] ? alloc_inode+0x12a/0x1e0
[ 39.625541] ? new_inode+0x14/0x230
[ 39.625818] ? __debugfs_create_file+0xc8/0x5d0
[ 39.626178] ? __kunit_test_suites_init+0x73/0x140
[ 39.626577] ? kunit_module_notify+0x3ab/0x440
[ 39.626925] ? notifier_call_chain+0xbf/0x280
[ 39.627274] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.627647] ? __sched_text_end+0xa/0xa
[ 39.627958] ? projid_m_show+0x200/0x200
[ 39.628279] ? kasan_set_track+0x21/0x30
[ 39.628607] ? _raw_spin_lock+0x87/0xe0
[ 39.628911] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.629238] ? _raw_spin_lock+0x87/0xe0
[ 39.629566] ? __d_instantiate+0x1d5/0x3b0
[ 39.629894] ? alloc_inode+0x72/0x1e0
[ 39.630197] ? up_write+0x6d/0xa0
[ 39.630506] ? __debugfs_create_file+0x3b5/0x5d0
[ 39.630881] __kunit_test_suites_init+0xde/0x140
[ 39.631248] kunit_module_notify+0x3ab/0x440
[ 39.631602] ? __kunit_test_suites_init+0x140/0x140
[ 39.631985] ? preempt_count_add+0x79/0x150
[ 39.632319] notifier_call_chain+0xbf/0x280
[ 39.632665] ? kasan_quarantine_put+0x21/0x1a0
[ 39.633020] blocking_notifier_call_chain_robust+0xbb/0x140
[ 39.633470] ? notifier_call_chain+0x280/0x280
[ 39.633828] ? 0xffffffffa0268000
[ 39.634099] load_module+0x4af0/0x67d0
[ 39.634402] ? module_frob_arch_sections+0x20/0x20
[ 39.634795] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 39.635200] ? kernel_read_file+0x3ca/0x510
[ 39.635549] ? __x64_sys_fspick+0x2a0/0x2a0
[ 39.635884] ? init_module_from_file+0xd2/0x130
[ 39.636237] init_module_from_file+0xd2/0x130
[ 39.636591] ? __ia32_sys_init_module+0xa0/0xa0
[ 39.636948] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 39.637318] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.637663] idempotent_init_module+0x339/0x610
[ 39.638022] ? init_module_from_file+0x130/0x130
[ 39.638390] ? __fget_light+0x57/0x500
[ 39.638711] __x64_sys_finit_module+0xba/0x130
[ 39.639066] do_syscall_64+0x35/0x80
[ 39.639355] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 39.639771] RIP: 0033:0x7fecc9f1b839
[ 39.640065] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 39.641519] RSP: 002b:00007ffe202a4038 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 39.642105] RAX: ffffffffffffffda RBX: 000055fe429e7d20 RCX:
00007fecc9f1b839
[ 39.642679] RDX: 0000000000000000 RSI: 000055fe4081bc2e RDI:
0000000000000005
[ 39.643236] RBP: 000055fe4081bc2e R08: 0000000000000000 R09:
000055fe429e7d20
[ 39.643807] R10: 0000000000000005 R11: 0000000000000246 R12:
0000000000000000
[ 39.644370] R13: 000055fe429e7e90 R14: 0000000000040000 R15:
000055fe429e7d20
[ 39.644943] </TASK>
[ 39.645122] ---[ end trace 0000000000000000 ]---
[ 39.645513] ------------[ cut here ]------------
[ 39.645876] refcount_t: addition on 0; use-after-free.
[ 39.646301] WARNING: CPU: 3 PID: 1862 at lib/refcount.c:25
refcount_warn_saturate+0x120/0x190
[ 39.646992] Modules linked in: fpga_region_test(+) fpga_region
fpga_bridge
[ 39.647551] CPU: 3 PID: 1862 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 39.648193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 39.648868] RIP: 0010:refcount_warn_saturate+0x120/0x190
[ 39.649287] Code: 1d bc 3f 40 0a 80 fb 01 0f 87 5a f8 67 01 83 e3 01
0f 85 5d ff ff ff 48 c7 c7 e0 99 7a 84 c6 05 9c 3f 40 0a 01 e8 30 1e 80
fe <0f> 0b e9 43 ff ff ff 0f b6 1d 86 3f 40 0a 80 fb 01 0f 87 4f f8 67
[ 39.650771] RSP: 0018:ffff888106f87280 EFLAGS: 00010286
[ 39.651185] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 39.651766] RDX: 0000000000000002 RSI: 0000000000000004 RDI:
0000000000000001
[ 39.652328] RBP: 0000000000000002 R08: 0000000000000001 R09:
ffffed10233b4ef1
[ 39.652902] R10: ffff888119da778b R11: 746e756f63666572 R12:
ffffffffa0271490
[ 39.653483] R13: ffff888106002758 R14: ffffffffa0271490 R15:
ffff88810b6a9798
[ 39.654041] FS: 00007fecca45a540(0000) GS:ffff888119d80000(0000)
knlGS:0000000000000000
[ 39.654697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.655155] CR2: 00007ffe202a0f58 CR3: 000000010ba75004 CR4:
0000000000770ee0
[ 39.655746] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 39.656312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 39.656894] PKRU: 55555554
[ 39.657116] Call Trace:
[ 39.657319] <TASK>
[ 39.657516] ? __warn+0xc9/0x260
[ 39.657782] ? refcount_warn_saturate+0x120/0x190
[ 39.658158] ? report_bug+0x345/0x400
[ 39.658467] ? handle_bug+0x3c/0x70
[ 39.658760] ? exc_invalid_op+0x14/0x40
[ 39.659069] ? asm_exc_invalid_op+0x16/0x20
[ 39.659405] ? refcount_warn_saturate+0x120/0x190
[ 39.659806] kobject_get+0xbd/0xe0
[ 39.660088] kobject_add_internal+0x9e/0x870
[ 39.660441] kobject_add+0x120/0x1f0
[ 39.660747] ? kset_create_and_add+0x160/0x160
[ 39.661108] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 39.661512] ? _raw_spin_lock+0x87/0xe0
[ 39.661820] ? kobject_create_and_add+0x3c/0xb0
[ 39.662184] kobject_create_and_add+0x68/0xb0
[ 39.662554] module_add_driver+0x260/0x350
[ 39.662890] bus_add_driver+0x2c9/0x580
[ 39.663207] driver_register+0x133/0x460
[ 39.663547] kunit_run_tests+0xdb/0xef0
[ 39.663866] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.664232] ? __sched_text_end+0xa/0xa
[ 39.664560] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 39.664960] ? __kunit_test_suites_exit+0x80/0x80
[ 39.665343] ? set_track_prepare+0x8a/0xd0
[ 39.665702] ? get_object+0x70/0x70
[ 39.665985] ? alloc_inode+0x12a/0x1e0
[ 39.666294] ? new_inode+0x14/0x230
[ 39.666600] ? __debugfs_create_file+0xc8/0x5d0
[ 39.666970] ? __kunit_test_suites_init+0x73/0x140
[ 39.667359] ? kunit_module_notify+0x3ab/0x440
[ 39.667742] ? notifier_call_chain+0xbf/0x280
[ 39.668093] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.668478] ? __sched_text_end+0xa/0xa
[ 39.668796] ? projid_m_show+0x200/0x200
[ 39.669115] ? kasan_set_track+0x21/0x30
[ 39.669459] ? _raw_spin_lock+0x87/0xe0
[ 39.669773] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.670106] ? _raw_spin_lock+0x87/0xe0
[ 39.670419] ? __d_instantiate+0x1d5/0x3b0
[ 39.670766] ? alloc_inode+0x72/0x1e0
[ 39.671070] ? up_write+0x6d/0xa0
[ 39.671344] ? __debugfs_create_file+0x3b5/0x5d0
[ 39.671738] __kunit_test_suites_init+0xde/0x140
[ 39.672122] kunit_module_notify+0x3ab/0x440
[ 39.672487] ? __kunit_test_suites_init+0x140/0x140
[ 39.672890] ? preempt_count_add+0x79/0x150
[ 39.673232] notifier_call_chain+0xbf/0x280
[ 39.673588] ? kasan_quarantine_put+0x21/0x1a0
[ 39.673953] blocking_notifier_call_chain_robust+0xbb/0x140
[ 39.674395] ? notifier_call_chain+0x280/0x280
[ 39.674785] ? 0xffffffffa0268000
[ 39.675061] load_module+0x4af0/0x67d0
[ 39.675377] ? module_frob_arch_sections+0x20/0x20
[ 39.675786] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 39.676209] ? kernel_read_file+0x3ca/0x510
[ 39.676565] ? __x64_sys_fspick+0x2a0/0x2a0
[ 39.676908] ? init_module_from_file+0xd2/0x130
[ 39.677277] init_module_from_file+0xd2/0x130
[ 39.677668] ? __ia32_sys_init_module+0xa0/0xa0
[ 39.678041] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 39.678437] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.678784] idempotent_init_module+0x339/0x610
[ 39.679156] ? init_module_from_file+0x130/0x130
[ 39.679556] ? __fget_light+0x57/0x500
[ 39.679870] __x64_sys_finit_module+0xba/0x130
[ 39.680237] do_syscall_64+0x35/0x80
[ 39.680553] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 39.680973] RIP: 0033:0x7fecc9f1b839
[ 39.681271] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 39.682793] RSP: 002b:00007ffe202a4038 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 39.683399] RAX: ffffffffffffffda RBX: 000055fe429e7d20 RCX:
00007fecc9f1b839
[ 39.683993] RDX: 0000000000000000 RSI: 000055fe4081bc2e RDI:
0000000000000005
[ 39.684584] RBP: 000055fe4081bc2e R08: 0000000000000000 R09:
000055fe429e7d20
[ 39.685160] R10: 0000000000000005 R11: 0000000000000246 R12:
0000000000000000
[ 39.685760] R13: 000055fe429e7e90 R14: 0000000000040000 R15:
000055fe429e7d20
[ 39.686337] </TASK>
[ 39.686537] ---[ end trace 0000000000000000 ]---
[ 39.686924] general protection fault, probably for non-canonical
address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
[ 39.687789] KASAN: null-ptr-deref in range
[0x0000000000000018-0x000000000000001f]
[ 39.688397] CPU: 3 PID: 1862 Comm: modprobe Tainted: G W
N 6.6.0-rc3+ #54
[ 39.689054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
[ 39.689741] RIP: 0010:kobject_namespace+0x71/0x150
[ 39.690141] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 39.691661] RSP: 0018:ffff888106f87288 EFLAGS: 00010206
[ 39.692087] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 39.692683] RDX: 0000000000000003 RSI: 0000000000000004 RDI:
0000000000000018
[ 39.693275] RBP: ffff888106002740 R08: 0000000000000001 R09:
ffffed10233b4ef1
[ 39.693882] R10: ffff888119da778b R11: 746e756f63666572 R12:
ffffffffa0271490
[ 39.694465] R13: ffff888106002758 R14: ffff888106002768 R15:
ffffffff84ac7020
[ 39.695044] FS: 00007fecca45a540(0000) GS:ffff888119d80000(0000)
knlGS:0000000000000000
[ 39.695703] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.696180] CR2: 00007ffe202a0f58 CR3: 000000010ba75004 CR4:
0000000000770ee0
[ 39.696770] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 39.697346] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 39.697955] PKRU: 55555554
[ 39.698180] Call Trace:
[ 39.698386] <TASK>
[ 39.698577] ? die_addr+0x3d/0xa0
[ 39.698861] ? exc_general_protection+0x144/0x220
[ 39.699253] ? asm_exc_general_protection+0x22/0x30
[ 39.699667] ? kobject_namespace+0x71/0x150
[ 39.700016] kobject_add_internal+0x267/0x870
[ 39.700396] kobject_add+0x120/0x1f0
[ 39.700708] ? kset_create_and_add+0x160/0x160
[ 39.701087] ? __kmem_cache_alloc_node+0x1d2/0x350
[ 39.701506] ? _raw_spin_lock+0x87/0xe0
[ 39.701839] ? kobject_create_and_add+0x3c/0xb0
[ 39.702223] kobject_create_and_add+0x68/0xb0
[ 39.702604] module_add_driver+0x260/0x350
[ 39.702954] bus_add_driver+0x2c9/0x580
[ 39.703284] driver_register+0x133/0x460
[ 39.703627] kunit_run_tests+0xdb/0xef0
[ 39.703955] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.704342] ? __sched_text_end+0xa/0xa
[ 39.704693] ? _raw_spin_unlock_irqrestore+0x42/0x80
[ 39.705108] ? __kunit_test_suites_exit+0x80/0x80
[ 39.705533] ? set_track_prepare+0x8a/0xd0
[ 39.705880] ? get_object+0x70/0x70
[ 39.706181] ? alloc_inode+0x12a/0x1e0
[ 39.706505] ? new_inode+0x14/0x230
[ 39.706809] ? __debugfs_create_file+0xc8/0x5d0
[ 39.707188] ? __kunit_test_suites_init+0x73/0x140
[ 39.707597] ? kunit_module_notify+0x3ab/0x440
[ 39.707980] ? notifier_call_chain+0xbf/0x280
[ 39.708354] ? _raw_spin_lock_irqsave+0x8d/0xe0
[ 39.708750] ? __sched_text_end+0xa/0xa
[ 39.709085] ? projid_m_show+0x200/0x200
[ 39.709423] ? kasan_set_track+0x21/0x30
[ 39.709761] ? _raw_spin_lock+0x87/0xe0
[ 39.710094] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.710443] ? _raw_spin_lock+0x87/0xe0
[ 39.710773] ? __d_instantiate+0x1d5/0x3b0
[ 39.711131] ? alloc_inode+0x72/0x1e0
[ 39.711458] ? up_write+0x6d/0xa0
[ 39.711753] ? __debugfs_create_file+0x3b5/0x5d0
[ 39.712150] __kunit_test_suites_init+0xde/0x140
[ 39.712557] kunit_module_notify+0x3ab/0x440
[ 39.712943] ? __kunit_test_suites_init+0x140/0x140
[ 39.713385] ? preempt_count_add+0x79/0x150
[ 39.713761] notifier_call_chain+0xbf/0x280
[ 39.714118] ? kasan_quarantine_put+0x21/0x1a0
[ 39.714511] blocking_notifier_call_chain_robust+0xbb/0x140
[ 39.714994] ? notifier_call_chain+0x280/0x280
[ 39.715374] ? 0xffffffffa0268000
[ 39.715688] load_module+0x4af0/0x67d0
[ 39.716021] ? module_frob_arch_sections+0x20/0x20
[ 39.716435] ? rwsem_down_write_slowpath+0x11a0/0x11a0
[ 39.716893] ? kernel_read_file+0x3ca/0x510
[ 39.717267] ? __x64_sys_fspick+0x2a0/0x2a0
[ 39.717648] ? init_module_from_file+0xd2/0x130
[ 39.718042] init_module_from_file+0xd2/0x130
[ 39.718418] ? __ia32_sys_init_module+0xa0/0xa0
[ 39.718832] ? userfaultfd_unmap_prep+0x3d0/0x3d0
[ 39.719237] ? _raw_spin_lock_bh+0xe0/0xe0
[ 39.719608] idempotent_init_module+0x339/0x610
[ 39.720006] ? init_module_from_file+0x130/0x130
[ 39.720418] ? __fget_light+0x57/0x500
[ 39.720760] __x64_sys_finit_module+0xba/0x130
[ 39.721160] do_syscall_64+0x35/0x80
[ 39.721488] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 39.721931] RIP: 0033:0x7fecc9f1b839
[ 39.722236] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[ 39.723816] RSP: 002b:00007ffe202a4038 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 39.724470] RAX: ffffffffffffffda RBX: 000055fe429e7d20 RCX:
00007fecc9f1b839
[ 39.725091] RDX: 0000000000000000 RSI: 000055fe4081bc2e RDI:
0000000000000005
[ 39.725719] RBP: 000055fe4081bc2e R08: 0000000000000000 R09:
000055fe429e7d20
[ 39.726337] R10: 0000000000000005 R11: 0000000000000246 R12:
0000000000000000
[ 39.726966] R13: 000055fe429e7e90 R14: 0000000000040000 R15:
000055fe429e7d20
[ 39.727604] </TASK>
[ 39.727804] Modules linked in: fpga_region_test(+) fpga_region
fpga_bridge
[ 39.728401] Dumping ftrace buffer:
[ 39.728719] (ftrace buffer empty)
[ 39.729058] ---[ end trace 0000000000000000 ]---
[ 39.729539] RIP: 0010:kobject_namespace+0x71/0x150
[ 39.729967] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
[ 39.731622] RSP: 0018:ffff888106f87288 EFLAGS: 00010206
[ 39.732076] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 39.732745] RDX: 0000000000000003 RSI: 0000000000000004 RDI:
0000000000000018
[ 39.733381] RBP: ffff888106002740 R08: 0000000000000001 R09:
ffffed10233b4ef1
[ 39.734054] R10: ffff888119da778b R11: 746e756f63666572 R12:
ffffffffa0271490
[ 39.734696] R13: ffff888106002758 R14: ffff888106002768 R15:
ffffffff84ac7020
[ 39.735318] FS: 00007fecca45a540(0000) GS:ffff888119d80000(0000)
knlGS:0000000000000000
[ 39.736022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.736542] CR2: 00007ffe202a0f58 CR3: 000000010ba75004 CR4:
0000000000770ee0
[ 39.737170] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 39.737818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 39.738446] PKRU: 55555554
[ 39.738695] Kernel panic - not syncing: Fatal exception
[ 39.739930] Dumping ftrace buffer:
[ 39.740176] (ftrace buffer empty)
[ 39.740485] Kernel Offset: disabled
[ 39.740794] Rebooting in 1 seconds..
> +}
> +
> +static void fpga_region_test_suite_exit(struct kunit_suite *suite)
> +{
> + platform_driver_unregister(&test_platform_driver);
> +}
> +
> /*
> * The configuration used in this test suite uses a single bridge to
> * limit the code under test to a single unit. The functions used by the
> @@ -146,14 +160,15 @@ static int fpga_region_test_init(struct kunit *test)
> ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
>
> - ctx->mgr_pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
> + ctx->mgr_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
> + NULL, 0);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->mgr_pdev);
>
> ctx->mgr = devm_fpga_mgr_register(&ctx->mgr_pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
> &ctx->mgr_stats);
> KUNIT_ASSERT_FALSE(test, IS_ERR_OR_NULL(ctx->mgr));
>
> - ctx->bridge_pdev = platform_device_register_simple("bridge_pdev", PLATFORM_DEVID_AUTO,
> + ctx->bridge_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
> NULL, 0);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->bridge_pdev);
>
> @@ -163,7 +178,7 @@ static int fpga_region_test_init(struct kunit *test)
>
> ctx->bridge_stats.enable = true;
>
> - ctx->region_pdev = platform_device_register_simple("region_pdev", PLATFORM_DEVID_AUTO,
> + ctx->region_pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO,
> NULL, 0);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->region_pdev);
>
> @@ -195,12 +210,13 @@ static void fpga_region_test_exit(struct kunit *test)
> static struct kunit_case fpga_region_test_cases[] = {
> KUNIT_CASE(fpga_region_test_class_find),
> KUNIT_CASE(fpga_region_test_program_fpga),
> -
> {}
> };
>
> static struct kunit_suite fpga_region_suite = {
> - .name = "fpga_mgr",
> + .name = "fpga_region",
> + .suite_init = fpga_region_test_suite_init,
> + .suite_exit = fpga_region_test_suite_exit,
> .init = fpga_region_test_init,
> .exit = fpga_region_test_exit,
> .test_cases = fpga_region_test_cases,
On 2023-09-27 04:55, Ruan Jinjie wrote:
>
>
> On 2023/9/27 0:39, Marco Pagani wrote:
>> Register a minimal platform driver associated with the parent platform
>> device used for testing to prevent a null-ptr-deref when try_module_get()
>> is called by fpga_mgr_get().
>>
>> Fixes: ccbc1c302115 ("fpga: add an initial KUnit suite for the FPGA Manager")
>> Reported-by: Jinjie Ruan <[email protected]>
>> Signed-off-by: Marco Pagani <[email protected]>
>> ---
>> drivers/fpga/tests/fpga-mgr-test.c | 18 +++++++++++++++++-
>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/fpga/tests/fpga-mgr-test.c b/drivers/fpga/tests/fpga-mgr-test.c
>> index 6acec55b60ce..30de474d7def 100644
>> --- a/drivers/fpga/tests/fpga-mgr-test.c
>> +++ b/drivers/fpga/tests/fpga-mgr-test.c
>> @@ -14,6 +14,8 @@
>> #include <linux/scatterlist.h>
>> #include <linux/types.h>
>>
>> +#include "fpga-test-helpers.h"
>> +
>> #define HEADER_FILL 'H'
>> #define IMAGE_FILL 'P'
>> #define IMAGE_BLOCK 1024
>> @@ -277,6 +279,18 @@ static void fpga_mgr_test_img_load_sgt(struct kunit *test)
>> sg_free_table(ctx->img_info->sgt);
>> }
>>
>> +TEST_PLATFORM_DRIVER(test_platform_driver);
>> +
>> +static int fpga_mgr_test_suite_init(struct kunit_suite *suite)
>> +{
>> + return platform_driver_register(&test_platform_driver);
>
> modprobe fpga-mgr-test and there is still a null-ptr-deref.
These issues appear to be caused by your commit 2810c1e99867 ("kunit: Fix
wild-memory-access bug in kunit_free_suite_set()") that causes all test
suites to run while modules are still in MODULE_STATE_COMING. In that
state, modules are not yet fully initialized lacking sysfs' kobjects
and hence causing module_add_driver() to fail.
You can test it by running the FPGA suites on a kernel before commit
2810c1e99867. I sent an RFC patch to restore the normal execution
flow and use the refcount to avoid calling kunit_free_suite_set() if
load_module() fails.
Thanks,
Marco
>
> root@syzkaller:~# modprobe fpga-mgr-test
> [ 45.088127] KTAP version 1
> [ 45.088354] 1..1
> [ 45.089520] ------------[ cut here ]------------
> [ 45.089861] kobject: '(null)' (ffffffffa02121d0): is not initialized,
> yet kobject_get() is being called.
> [ 45.090608] WARNING: CPU: 1 PID: 1862 at lib/kobject.c:637
> kobject_get+0x98/0xe0
> [ 45.091209] Modules linked in: fpga_mgr_test(+)
> [ 45.091581] CPU: 1 PID: 1862 Comm: modprobe Tainted: G
> N 6.6.0-rc3+ #54
> [ 45.092201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.15.0-1 04/01/2014
> [ 45.092870] RIP: 0010:kobject_get+0x98/0xe0
> [ 45.093200] Code: 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03
> 80 3c 02 00 75 44 49 8b 34 24 4c 89 e2 48 c7 c7 20 63 ac 84 e8 38 fe 24
> fd <0f> 0b eb a2 48 89 ef be 01 00 00 00 e8 d7 de a4 fe 4c 89 e0 5d 41
> [ 45.094653] RSP: 0018:ffff8881062f7298 EFLAGS: 00010286
> [ 45.095086] RAX: 0000000000000000 RBX: ffffffff848a3660 RCX:
> 0000000000000000
> [ 45.095649] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
> 0000000000000001
> [ 45.096205] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
> ffffed1020c5ee12
> [ 45.096761] R10: ffff8881062f7097 R11: 3a7463656a626f6b R12:
> ffffffffa02121d0
> [ 45.097315] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
> ffff88810661aca0
> [ 45.097863] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
> knlGS:0000000000000000
> [ 45.098485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 45.098933] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
> 0000000000770ee0
> [ 45.099497] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 45.100054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 45.100615] PKRU: 55555554
> [ 45.100833] Call Trace:
> [ 45.101034] <TASK>
> [ 45.101206] ? __warn+0xc9/0x260
> [ 45.101480] ? irq_work_queue+0x35/0x50
> [ 45.101786] ? kobject_get+0x98/0xe0
> [ 45.102073] ? report_bug+0x345/0x400
> [ 45.102377] ? handle_bug+0x3c/0x70
> [ 45.102661] ? exc_invalid_op+0x14/0x40
> [ 45.102968] ? asm_exc_invalid_op+0x16/0x20
> [ 45.103317] ? kobject_get+0x98/0xe0
> [ 45.103604] ? kobject_get+0x98/0xe0
> [ 45.103892] kobject_add_internal+0x9e/0x870
> [ 45.104235] kobject_add+0x120/0x1f0
> [ 45.104535] ? kset_create_and_add+0x160/0x160
> [ 45.104892] ? __kmem_cache_alloc_node+0x1d2/0x350
> [ 45.105269] ? _raw_spin_lock+0x87/0xe0
> [ 45.105586] ? kobject_create_and_add+0x3c/0xb0
> [ 45.105948] kobject_create_and_add+0x68/0xb0
> [ 45.106303] module_add_driver+0x260/0x350
> [ 45.106635] bus_add_driver+0x2c9/0x580
> [ 45.106941] driver_register+0x133/0x460
> [ 45.107284] kunit_run_tests+0xdb/0xef0
> [ 45.107599] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.107962] ? __sched_text_end+0xa/0xa
> [ 45.108284] ? _raw_spin_unlock_irqrestore+0x42/0x80
> [ 45.108675] ? __kunit_test_suites_exit+0x80/0x80
> [ 45.109045] ? set_track_prepare+0x8a/0xd0
> [ 45.109380] ? get_object+0x70/0x70
> [ 45.109658] ? alloc_inode+0x12a/0x1e0
> [ 45.109960] ? new_inode+0x14/0x230
> [ 45.110238] ? __debugfs_create_file+0xc8/0x5d0
> [ 45.110607] ? __kunit_test_suites_init+0x73/0x140
> [ 45.110982] ? kunit_module_notify+0x3ab/0x440
> [ 45.111341] ? notifier_call_chain+0xbf/0x280
> [ 45.111688] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.112045] ? __sched_text_end+0xa/0xa
> [ 45.112362] ? projid_m_show+0x200/0x200
> [ 45.112671] ? kasan_set_track+0x21/0x30
> [ 45.112974] ? _raw_spin_lock+0x87/0xe0
> [ 45.113290] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.113615] ? _raw_spin_lock+0x87/0xe0
> [ 45.113914] ? __d_instantiate+0x1d5/0x3b0
> [ 45.114232] ? alloc_inode+0x72/0x1e0
> [ 45.114535] ? up_write+0x6d/0xa0
> [ 45.114803] ? __debugfs_create_file+0x3b5/0x5d0
> [ 45.115180] __kunit_test_suites_init+0xde/0x140
> [ 45.115557] kunit_module_notify+0x3ab/0x440
> [ 45.115895] ? __kunit_test_suites_init+0x140/0x140
> [ 45.116287] ? preempt_count_add+0x79/0x150
> [ 45.116623] notifier_call_chain+0xbf/0x280
> [ 45.116953] ? kasan_quarantine_put+0x21/0x1a0
> [ 45.117311] blocking_notifier_call_chain_robust+0xbb/0x140
> [ 45.117747] ? notifier_call_chain+0x280/0x280
> [ 45.118097] ? 0xffffffffa0208000
> [ 45.118372] load_module+0x4af0/0x67d0
> [ 45.118671] ? module_frob_arch_sections+0x20/0x20
> [ 45.119057] ? rwsem_down_write_slowpath+0x11a0/0x11a0
> [ 45.119476] ? kernel_read_file+0x3ca/0x510
> [ 45.119807] ? __x64_sys_fspick+0x2a0/0x2a0
> [ 45.120134] ? init_module_from_file+0xd2/0x130
> [ 45.120499] init_module_from_file+0xd2/0x130
> [ 45.120843] ? __ia32_sys_init_module+0xa0/0xa0
> [ 45.121203] ? userfaultfd_unmap_prep+0x3d0/0x3d0
> [ 45.121589] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.121916] idempotent_init_module+0x339/0x610
> [ 45.122286] ? init_module_from_file+0x130/0x130
> [ 45.122648] ? __fget_light+0x57/0x500
> [ 45.122950] __x64_sys_finit_module+0xba/0x130
> [ 45.123323] do_syscall_64+0x35/0x80
> [ 45.123607] entry_SYSCALL_64_after_hwframe+0x46/0xb0
> [ 45.124001] RIP: 0033:0x7fabf471b839
> [ 45.124303] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
> [ 45.125754] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000139
> [ 45.126359] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
> 00007fabf471b839
> [ 45.126921] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
> 0000000000000003
> [ 45.127505] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
> 000055578e373210
> [ 45.128057] R10: 0000000000000003 R11: 0000000000000246 R12:
> 0000000000000000
> [ 45.128621] R13: 000055578e370f30 R14: 0000000000040000 R15:
> 000055578e370e10
> [ 45.129183] </TASK>
> [ 45.129376] ---[ end trace 0000000000000000 ]---
> [ 45.129744] ------------[ cut here ]------------
> [ 45.130109] refcount_t: addition on 0; use-after-free.
> [ 45.130555] WARNING: CPU: 1 PID: 1862 at lib/refcount.c:25
> refcount_warn_saturate+0x120/0x190
> [ 45.131214] Modules linked in: fpga_mgr_test(+)
> [ 45.131588] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
> N 6.6.0-rc3+ #54
> [ 45.132205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.15.0-1 04/01/2014
> [ 45.132854] RIP: 0010:refcount_warn_saturate+0x120/0x190
> [ 45.133262] Code: 1d bc 3f 40 0a 80 fb 01 0f 87 5a f8 67 01 83 e3 01
> 0f 85 5d ff ff ff 48 c7 c7 e0 99 7a 84 c6 05 9c 3f 40 0a 01 e8 30 1e 80
> fe <0f> 0b e9 43 ff ff ff 0f b6 1d 86 3f 40 0a 80 fb 01 0f 87 4f f8 67
> [ 45.134712] RSP: 0018:ffff8881062f7280 EFLAGS: 00010286
> [ 45.135138] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
> 0000000000000000
> [ 45.135698] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
> 0000000000000001
> [ 45.136244] RBP: 0000000000000002 R08: 0000000000000001 R09:
> ffffed1020c5ee0f
> [ 45.136804] R10: ffff8881062f707f R11: 746e756f63666572 R12:
> ffffffffa02121d0
> [ 45.137367] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
> ffff88810661aca0
> [ 45.137919] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
> knlGS:0000000000000000
> [ 45.138551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 45.139007] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
> 0000000000770ee0
> [ 45.139566] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 45.140116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 45.140669] PKRU: 55555554
> [ 45.140882] Call Trace:
> [ 45.141084] <TASK>
> [ 45.141254] ? __warn+0xc9/0x260
> [ 45.141520] ? refcount_warn_saturate+0x120/0x190
> [ 45.141889] ? report_bug+0x345/0x400
> [ 45.142176] ? handle_bug+0x3c/0x70
> [ 45.142461] ? exc_invalid_op+0x14/0x40
> [ 45.142767] ? asm_exc_invalid_op+0x16/0x20
> [ 45.143101] ? refcount_warn_saturate+0x120/0x190
> [ 45.143474] kobject_get+0xbd/0xe0
> [ 45.143745] kobject_add_internal+0x9e/0x870
> [ 45.144084] kobject_add+0x120/0x1f0
> [ 45.144378] ? kset_create_and_add+0x160/0x160
> [ 45.144732] ? __kmem_cache_alloc_node+0x1d2/0x350
> [ 45.145109] ? _raw_spin_lock+0x87/0xe0
> [ 45.145426] ? kobject_create_and_add+0x3c/0xb0
> [ 45.145787] kobject_create_and_add+0x68/0xb0
> [ 45.146130] module_add_driver+0x260/0x350
> [ 45.146465] bus_add_driver+0x2c9/0x580
> [ 45.146762] driver_register+0x133/0x460
> [ 45.147084] kunit_run_tests+0xdb/0xef0
> [ 45.147404] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.147754] ? __sched_text_end+0xa/0xa
> [ 45.148056] ? _raw_spin_unlock_irqrestore+0x42/0x80
> [ 45.148456] ? __kunit_test_suites_exit+0x80/0x80
> [ 45.148817] ? set_track_prepare+0x8a/0xd0
> [ 45.149145] ? get_object+0x70/0x70
> [ 45.149425] ? alloc_inode+0x12a/0x1e0
> [ 45.149716] ? new_inode+0x14/0x230
> [ 45.149989] ? __debugfs_create_file+0xc8/0x5d0
> [ 45.150347] ? __kunit_test_suites_init+0x73/0x140
> [ 45.150724] ? kunit_module_notify+0x3ab/0x440
> [ 45.151074] ? notifier_call_chain+0xbf/0x280
> [ 45.151420] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.151772] ? __sched_text_end+0xa/0xa
> [ 45.152079] ? projid_m_show+0x200/0x200
> [ 45.152403] ? kasan_set_track+0x21/0x30
> [ 45.152712] ? _raw_spin_lock+0x87/0xe0
> [ 45.153010] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.153333] ? _raw_spin_lock+0x87/0xe0
> [ 45.153635] ? __d_instantiate+0x1d5/0x3b0
> [ 45.153953] ? alloc_inode+0x72/0x1e0
> [ 45.154235] ? up_write+0x6d/0xa0
> [ 45.154509] ? __debugfs_create_file+0x3b5/0x5d0
> [ 45.154869] __kunit_test_suites_init+0xde/0x140
> [ 45.155222] kunit_module_notify+0x3ab/0x440
> [ 45.155560] ? __kunit_test_suites_init+0x140/0x140
> [ 45.155938] ? preempt_count_add+0x79/0x150
> [ 45.156259] notifier_call_chain+0xbf/0x280
> [ 45.156591] ? kasan_quarantine_put+0x21/0x1a0
> [ 45.156937] blocking_notifier_call_chain_robust+0xbb/0x140
> [ 45.157371] ? notifier_call_chain+0x280/0x280
> [ 45.157713] ? 0xffffffffa0208000
> [ 45.157967] load_module+0x4af0/0x67d0
> [ 45.158255] ? module_frob_arch_sections+0x20/0x20
> [ 45.158630] ? rwsem_down_write_slowpath+0x11a0/0x11a0
> [ 45.159025] ? kernel_read_file+0x3ca/0x510
> [ 45.159353] ? __x64_sys_fspick+0x2a0/0x2a0
> [ 45.159673] ? init_module_from_file+0xd2/0x130
> [ 45.160014] init_module_from_file+0xd2/0x130
> [ 45.160356] ? __ia32_sys_init_module+0xa0/0xa0
> [ 45.160702] ? userfaultfd_unmap_prep+0x3d0/0x3d0
> [ 45.161058] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.161386] idempotent_init_module+0x339/0x610
> [ 45.161727] ? init_module_from_file+0x130/0x130
> [ 45.162081] ? __fget_light+0x57/0x500
> [ 45.162378] __x64_sys_finit_module+0xba/0x130
> [ 45.162720] do_syscall_64+0x35/0x80
> [ 45.162989] entry_SYSCALL_64_after_hwframe+0x46/0xb0
> [ 45.163380] RIP: 0033:0x7fabf471b839
> [ 45.163655] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
> [ 45.165049] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000139
> [ 45.165627] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
> 00007fabf471b839
> [ 45.166168] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
> 0000000000000003
> [ 45.166733] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
> 000055578e373210
> [ 45.167297] R10: 0000000000000003 R11: 0000000000000246 R12:
> 0000000000000000
> [ 45.167847] R13: 000055578e370f30 R14: 0000000000040000 R15:
> 000055578e370e10
> [ 45.168404] </TASK>
> [ 45.168579] ---[ end trace 0000000000000000 ]---
> [ 45.168952] general protection fault, probably for non-canonical
> address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
> [ 45.169771] KASAN: null-ptr-deref in range
> [0x0000000000000018-0x000000000000001f]
> [ 45.170336] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
> N 6.6.0-rc3+ #54
> [ 45.170935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.15.0-1 04/01/2014
> [ 45.171562] RIP: 0010:kobject_namespace+0x71/0x150
> [ 45.171933] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
> b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
> 03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
> [ 45.173324] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
> [ 45.173716] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
> 0000000000000000
> [ 45.174245] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
> 0000000000000018
> [ 45.174777] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
> ffffed1020c5ee0f
> [ 45.175317] R10: ffff8881062f707f R11: 746e756f63666572 R12:
> ffffffffa02121d0
> [ 45.175847] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
> ffffffff84ac7020
> [ 45.176377] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
> knlGS:0000000000000000
> [ 45.176977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 45.177413] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
> 0000000000770ee0
> [ 45.177946] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 45.178479] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 45.179016] PKRU: 55555554
> [ 45.179227] Call Trace:
> [ 45.179418] <TASK>
> [ 45.179584] ? die_addr+0x3d/0xa0
> [ 45.179843] ? exc_general_protection+0x144/0x220
> [ 45.180202] ? asm_exc_general_protection+0x22/0x30
> [ 45.180570] ? kobject_namespace+0x71/0x150
> [ 45.180886] kobject_add_internal+0x267/0x870
> [ 45.181221] kobject_add+0x120/0x1f0
> [ 45.181497] ? kset_create_and_add+0x160/0x160
> [ 45.181828] ? __kmem_cache_alloc_node+0x1d2/0x350
> [ 45.182188] ? _raw_spin_lock+0x87/0xe0
> [ 45.182480] ? kobject_create_and_add+0x3c/0xb0
> [ 45.182822] kobject_create_and_add+0x68/0xb0
> [ 45.183159] module_add_driver+0x260/0x350
> [ 45.183472] bus_add_driver+0x2c9/0x580
> [ 45.183764] driver_register+0x133/0x460
> [ 45.184061] kunit_run_tests+0xdb/0xef0
> [ 45.184354] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.184700] ? __sched_text_end+0xa/0xa
> [ 45.184993] ? _raw_spin_unlock_irqrestore+0x42/0x80
> [ 45.185365] ? __kunit_test_suites_exit+0x80/0x80
> [ 45.185718] ? set_track_prepare+0x8a/0xd0
> [ 45.186027] ? get_object+0x70/0x70
> [ 45.186296] ? alloc_inode+0x12a/0x1e0
> [ 45.186578] ? new_inode+0x14/0x230
> [ 45.186848] ? __debugfs_create_file+0xc8/0x5d0
> [ 45.187199] ? __kunit_test_suites_init+0x73/0x140
> [ 45.187563] ? kunit_module_notify+0x3ab/0x440
> [ 45.187905] ? notifier_call_chain+0xbf/0x280
> [ 45.188232] ? _raw_spin_lock_irqsave+0x8d/0xe0
> [ 45.188574] ? __sched_text_end+0xa/0xa
> [ 45.188862] ? projid_m_show+0x200/0x200
> [ 45.189158] ? kasan_set_track+0x21/0x30
> [ 45.189457] ? _raw_spin_lock+0x87/0xe0
> [ 45.189747] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.190054] ? _raw_spin_lock+0x87/0xe0
> [ 45.190345] ? __d_instantiate+0x1d5/0x3b0
> [ 45.190657] ? alloc_inode+0x72/0x1e0
> [ 45.190935] ? up_write+0x6d/0xa0
> [ 45.191191] ? __debugfs_create_file+0x3b5/0x5d0
> [ 45.191545] __kunit_test_suites_init+0xde/0x140
> [ 45.191904] kunit_module_notify+0x3ab/0x440
> [ 45.192226] ? __kunit_test_suites_init+0x140/0x140
> [ 45.192601] ? preempt_count_add+0x79/0x150
> [ 45.192927] notifier_call_chain+0xbf/0x280
> [ 45.193244] ? kasan_quarantine_put+0x21/0x1a0
> [ 45.193586] blocking_notifier_call_chain_robust+0xbb/0x140
> [ 45.194015] ? notifier_call_chain+0x280/0x280
> [ 45.194360] ? 0xffffffffa0208000
> [ 45.194614] load_module+0x4af0/0x67d0
> [ 45.194909] ? module_frob_arch_sections+0x20/0x20
> [ 45.195274] ? rwsem_down_write_slowpath+0x11a0/0x11a0
> [ 45.195672] ? kernel_read_file+0x3ca/0x510
> [ 45.195997] ? __x64_sys_fspick+0x2a0/0x2a0
> [ 45.196319] ? init_module_from_file+0xd2/0x130
> [ 45.196675] init_module_from_file+0xd2/0x130
> [ 45.197006] ? __ia32_sys_init_module+0xa0/0xa0
> [ 45.197352] ? userfaultfd_unmap_prep+0x3d0/0x3d0
> [ 45.197724] ? _raw_spin_lock_bh+0xe0/0xe0
> [ 45.198044] idempotent_init_module+0x339/0x610
> [ 45.198392] ? init_module_from_file+0x130/0x130
> [ 45.198748] ? __fget_light+0x57/0x500
> [ 45.199043] __x64_sys_finit_module+0xba/0x130
> [ 45.199389] do_syscall_64+0x35/0x80
> [ 45.199664] entry_SYSCALL_64_after_hwframe+0x46/0xb0
> [ 45.200050] RIP: 0033:0x7fabf471b839
> [ 45.200325] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
> [ 45.201713] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000139
> [ 45.202278] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
> 00007fabf471b839
> [ 45.202816] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
> 0000000000000003
> [ 45.203348] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
> 000055578e373210
> [ 45.203886] R10: 0000000000000003 R11: 0000000000000246 R12:
> 0000000000000000
> [ 45.204426] R13: 000055578e370f30 R14: 0000000000040000 R15:
> 000055578e370e10
> [ 45.204962] </TASK>
> [ 45.205140] Modules linked in: fpga_mgr_test(+)
> [ 45.205500] Dumping ftrace buffer:
> [ 45.205768] (ftrace buffer empty)
> [ 45.206066] ---[ end trace 0000000000000000 ]---
> [ 45.206477] RIP: 0010:kobject_namespace+0x71/0x150
> [ 45.206850] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
> b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
> 03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
> [ 45.208501] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
> [ 45.209015] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
> 0000000000000000
> [ 45.209708] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
> 0000000000000018
> [ 45.210473] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
> ffffed1020c5ee0f
> [ 45.211142] R10: ffff8881062f707f R11: 746e756f63666572 R12:
> ffffffffa02121d0
> [ 45.211898] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
> ffffffff84ac7020
> [ 45.212653] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
> knlGS:0000000000000000
> [ 45.213441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 45.213970] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
> 0000000000770ee0
> [ 45.214716] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 45.215424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 45.216089] PKRU: 55555554
> [ 45.216440] Kernel panic - not syncing: Fatal exception
> [ 45.217935] Dumping ftrace buffer:
> [ 45.218195] (ftrace buffer empty)
> [ 45.218473] Kernel Offset: disabled
> [ 45.218740] Rebooting in 1 seconds..
>
>> +}
>> +
>> +static void fpga_mgr_test_suite_exit(struct kunit_suite *suite)
>> +{
>> + platform_driver_unregister(&test_platform_driver);
>> +}
>> +
>> static int fpga_mgr_test_init(struct kunit *test)
>> {
>> struct mgr_ctx *ctx;
>> @@ -284,7 +298,7 @@ static int fpga_mgr_test_init(struct kunit *test)
>> ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
>> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
>>
>> - ctx->pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
>> + ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
>> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
>>
>> ctx->mgr = devm_fpga_mgr_register(&ctx->pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
>> @@ -317,6 +331,8 @@ static struct kunit_case fpga_mgr_test_cases[] = {
>>
>> static struct kunit_suite fpga_mgr_suite = {
>> .name = "fpga_mgr",
>> + .suite_init = fpga_mgr_test_suite_init,
>> + .suite_exit = fpga_mgr_test_suite_exit,
>> .init = fpga_mgr_test_init,
>> .exit = fpga_mgr_test_exit,
>> .test_cases = fpga_mgr_test_cases,
>
On 2023/9/28 0:56, Marco Pagani wrote:
>
>
> On 2023-09-27 04:55, Ruan Jinjie wrote:
>>
>>
>> On 2023/9/27 0:39, Marco Pagani wrote:
>>> Register a minimal platform driver associated with the parent platform
>>> device used for testing to prevent a null-ptr-deref when try_module_get()
>>> is called by fpga_mgr_get().
>>>
>>> Fixes: ccbc1c302115 ("fpga: add an initial KUnit suite for the FPGA Manager")
>>> Reported-by: Jinjie Ruan <[email protected]>
>>> Signed-off-by: Marco Pagani <[email protected]>
>>> ---
>>> drivers/fpga/tests/fpga-mgr-test.c | 18 +++++++++++++++++-
>>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/fpga/tests/fpga-mgr-test.c b/drivers/fpga/tests/fpga-mgr-test.c
>>> index 6acec55b60ce..30de474d7def 100644
>>> --- a/drivers/fpga/tests/fpga-mgr-test.c
>>> +++ b/drivers/fpga/tests/fpga-mgr-test.c
>>> @@ -14,6 +14,8 @@
>>> #include <linux/scatterlist.h>
>>> #include <linux/types.h>
>>>
>>> +#include "fpga-test-helpers.h"
>>> +
>>> #define HEADER_FILL 'H'
>>> #define IMAGE_FILL 'P'
>>> #define IMAGE_BLOCK 1024
>>> @@ -277,6 +279,18 @@ static void fpga_mgr_test_img_load_sgt(struct kunit *test)
>>> sg_free_table(ctx->img_info->sgt);
>>> }
>>>
>>> +TEST_PLATFORM_DRIVER(test_platform_driver);
>>> +
>>> +static int fpga_mgr_test_suite_init(struct kunit_suite *suite)
>>> +{
>>> + return platform_driver_register(&test_platform_driver);
>>
>> modprobe fpga-mgr-test and there is still a null-ptr-deref.
>
>
> These issues appear to be caused by your commit 2810c1e99867 ("kunit: Fix
> wild-memory-access bug in kunit_free_suite_set()") that causes all test
> suites to run while modules are still in MODULE_STATE_COMING. In that
> state, modules are not yet fully initialized lacking sysfs' kobjects
> and hence causing module_add_driver() to fail.
Right! it is the commit's issue.
>
> You can test it by running the FPGA suites on a kernel before commit
> 2810c1e99867. I sent an RFC patch to restore the normal execution
> flow and use the refcount to avoid calling kunit_free_suite_set() if
> load_module() fails.
I have a more elegant way to fix it, which split the init func into 2
parts and use the return error code to avoid check whether free is
empty. I'll send it sooner.
>
> Thanks,
> Marco
>
>
>>
>> root@syzkaller:~# modprobe fpga-mgr-test
>> [ 45.088127] KTAP version 1
>> [ 45.088354] 1..1
>> [ 45.089520] ------------[ cut here ]------------
>> [ 45.089861] kobject: '(null)' (ffffffffa02121d0): is not initialized,
>> yet kobject_get() is being called.
>> [ 45.090608] WARNING: CPU: 1 PID: 1862 at lib/kobject.c:637
>> kobject_get+0x98/0xe0
>> [ 45.091209] Modules linked in: fpga_mgr_test(+)
>> [ 45.091581] CPU: 1 PID: 1862 Comm: modprobe Tainted: G
>> N 6.6.0-rc3+ #54
>> [ 45.092201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>> BIOS 1.15.0-1 04/01/2014
>> [ 45.092870] RIP: 0010:kobject_get+0x98/0xe0
>> [ 45.093200] Code: 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03
>> 80 3c 02 00 75 44 49 8b 34 24 4c 89 e2 48 c7 c7 20 63 ac 84 e8 38 fe 24
>> fd <0f> 0b eb a2 48 89 ef be 01 00 00 00 e8 d7 de a4 fe 4c 89 e0 5d 41
>> [ 45.094653] RSP: 0018:ffff8881062f7298 EFLAGS: 00010286
>> [ 45.095086] RAX: 0000000000000000 RBX: ffffffff848a3660 RCX:
>> 0000000000000000
>> [ 45.095649] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
>> 0000000000000001
>> [ 45.096205] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
>> ffffed1020c5ee12
>> [ 45.096761] R10: ffff8881062f7097 R11: 3a7463656a626f6b R12:
>> ffffffffa02121d0
>> [ 45.097315] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
>> ffff88810661aca0
>> [ 45.097863] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
>> knlGS:0000000000000000
>> [ 45.098485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 45.098933] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
>> 0000000000770ee0
>> [ 45.099497] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 45.100054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 45.100615] PKRU: 55555554
>> [ 45.100833] Call Trace:
>> [ 45.101034] <TASK>
>> [ 45.101206] ? __warn+0xc9/0x260
>> [ 45.101480] ? irq_work_queue+0x35/0x50
>> [ 45.101786] ? kobject_get+0x98/0xe0
>> [ 45.102073] ? report_bug+0x345/0x400
>> [ 45.102377] ? handle_bug+0x3c/0x70
>> [ 45.102661] ? exc_invalid_op+0x14/0x40
>> [ 45.102968] ? asm_exc_invalid_op+0x16/0x20
>> [ 45.103317] ? kobject_get+0x98/0xe0
>> [ 45.103604] ? kobject_get+0x98/0xe0
>> [ 45.103892] kobject_add_internal+0x9e/0x870
>> [ 45.104235] kobject_add+0x120/0x1f0
>> [ 45.104535] ? kset_create_and_add+0x160/0x160
>> [ 45.104892] ? __kmem_cache_alloc_node+0x1d2/0x350
>> [ 45.105269] ? _raw_spin_lock+0x87/0xe0
>> [ 45.105586] ? kobject_create_and_add+0x3c/0xb0
>> [ 45.105948] kobject_create_and_add+0x68/0xb0
>> [ 45.106303] module_add_driver+0x260/0x350
>> [ 45.106635] bus_add_driver+0x2c9/0x580
>> [ 45.106941] driver_register+0x133/0x460
>> [ 45.107284] kunit_run_tests+0xdb/0xef0
>> [ 45.107599] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.107962] ? __sched_text_end+0xa/0xa
>> [ 45.108284] ? _raw_spin_unlock_irqrestore+0x42/0x80
>> [ 45.108675] ? __kunit_test_suites_exit+0x80/0x80
>> [ 45.109045] ? set_track_prepare+0x8a/0xd0
>> [ 45.109380] ? get_object+0x70/0x70
>> [ 45.109658] ? alloc_inode+0x12a/0x1e0
>> [ 45.109960] ? new_inode+0x14/0x230
>> [ 45.110238] ? __debugfs_create_file+0xc8/0x5d0
>> [ 45.110607] ? __kunit_test_suites_init+0x73/0x140
>> [ 45.110982] ? kunit_module_notify+0x3ab/0x440
>> [ 45.111341] ? notifier_call_chain+0xbf/0x280
>> [ 45.111688] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.112045] ? __sched_text_end+0xa/0xa
>> [ 45.112362] ? projid_m_show+0x200/0x200
>> [ 45.112671] ? kasan_set_track+0x21/0x30
>> [ 45.112974] ? _raw_spin_lock+0x87/0xe0
>> [ 45.113290] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.113615] ? _raw_spin_lock+0x87/0xe0
>> [ 45.113914] ? __d_instantiate+0x1d5/0x3b0
>> [ 45.114232] ? alloc_inode+0x72/0x1e0
>> [ 45.114535] ? up_write+0x6d/0xa0
>> [ 45.114803] ? __debugfs_create_file+0x3b5/0x5d0
>> [ 45.115180] __kunit_test_suites_init+0xde/0x140
>> [ 45.115557] kunit_module_notify+0x3ab/0x440
>> [ 45.115895] ? __kunit_test_suites_init+0x140/0x140
>> [ 45.116287] ? preempt_count_add+0x79/0x150
>> [ 45.116623] notifier_call_chain+0xbf/0x280
>> [ 45.116953] ? kasan_quarantine_put+0x21/0x1a0
>> [ 45.117311] blocking_notifier_call_chain_robust+0xbb/0x140
>> [ 45.117747] ? notifier_call_chain+0x280/0x280
>> [ 45.118097] ? 0xffffffffa0208000
>> [ 45.118372] load_module+0x4af0/0x67d0
>> [ 45.118671] ? module_frob_arch_sections+0x20/0x20
>> [ 45.119057] ? rwsem_down_write_slowpath+0x11a0/0x11a0
>> [ 45.119476] ? kernel_read_file+0x3ca/0x510
>> [ 45.119807] ? __x64_sys_fspick+0x2a0/0x2a0
>> [ 45.120134] ? init_module_from_file+0xd2/0x130
>> [ 45.120499] init_module_from_file+0xd2/0x130
>> [ 45.120843] ? __ia32_sys_init_module+0xa0/0xa0
>> [ 45.121203] ? userfaultfd_unmap_prep+0x3d0/0x3d0
>> [ 45.121589] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.121916] idempotent_init_module+0x339/0x610
>> [ 45.122286] ? init_module_from_file+0x130/0x130
>> [ 45.122648] ? __fget_light+0x57/0x500
>> [ 45.122950] __x64_sys_finit_module+0xba/0x130
>> [ 45.123323] do_syscall_64+0x35/0x80
>> [ 45.123607] entry_SYSCALL_64_after_hwframe+0x46/0xb0
>> [ 45.124001] RIP: 0033:0x7fabf471b839
>> [ 45.124303] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
>> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
>> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
>> [ 45.125754] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000139
>> [ 45.126359] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
>> 00007fabf471b839
>> [ 45.126921] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
>> 0000000000000003
>> [ 45.127505] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
>> 000055578e373210
>> [ 45.128057] R10: 0000000000000003 R11: 0000000000000246 R12:
>> 0000000000000000
>> [ 45.128621] R13: 000055578e370f30 R14: 0000000000040000 R15:
>> 000055578e370e10
>> [ 45.129183] </TASK>
>> [ 45.129376] ---[ end trace 0000000000000000 ]---
>> [ 45.129744] ------------[ cut here ]------------
>> [ 45.130109] refcount_t: addition on 0; use-after-free.
>> [ 45.130555] WARNING: CPU: 1 PID: 1862 at lib/refcount.c:25
>> refcount_warn_saturate+0x120/0x190
>> [ 45.131214] Modules linked in: fpga_mgr_test(+)
>> [ 45.131588] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
>> N 6.6.0-rc3+ #54
>> [ 45.132205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>> BIOS 1.15.0-1 04/01/2014
>> [ 45.132854] RIP: 0010:refcount_warn_saturate+0x120/0x190
>> [ 45.133262] Code: 1d bc 3f 40 0a 80 fb 01 0f 87 5a f8 67 01 83 e3 01
>> 0f 85 5d ff ff ff 48 c7 c7 e0 99 7a 84 c6 05 9c 3f 40 0a 01 e8 30 1e 80
>> fe <0f> 0b e9 43 ff ff ff 0f b6 1d 86 3f 40 0a 80 fb 01 0f 87 4f f8 67
>> [ 45.134712] RSP: 0018:ffff8881062f7280 EFLAGS: 00010286
>> [ 45.135138] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [ 45.135698] RDX: 0000000000000002 RSI: ffffffff847b4d40 RDI:
>> 0000000000000001
>> [ 45.136244] RBP: 0000000000000002 R08: 0000000000000001 R09:
>> ffffed1020c5ee0f
>> [ 45.136804] R10: ffff8881062f707f R11: 746e756f63666572 R12:
>> ffffffffa02121d0
>> [ 45.137367] R13: ffff888101b6d858 R14: ffffffffa02121d0 R15:
>> ffff88810661aca0
>> [ 45.137919] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
>> knlGS:0000000000000000
>> [ 45.138551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 45.139007] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
>> 0000000000770ee0
>> [ 45.139566] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 45.140116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 45.140669] PKRU: 55555554
>> [ 45.140882] Call Trace:
>> [ 45.141084] <TASK>
>> [ 45.141254] ? __warn+0xc9/0x260
>> [ 45.141520] ? refcount_warn_saturate+0x120/0x190
>> [ 45.141889] ? report_bug+0x345/0x400
>> [ 45.142176] ? handle_bug+0x3c/0x70
>> [ 45.142461] ? exc_invalid_op+0x14/0x40
>> [ 45.142767] ? asm_exc_invalid_op+0x16/0x20
>> [ 45.143101] ? refcount_warn_saturate+0x120/0x190
>> [ 45.143474] kobject_get+0xbd/0xe0
>> [ 45.143745] kobject_add_internal+0x9e/0x870
>> [ 45.144084] kobject_add+0x120/0x1f0
>> [ 45.144378] ? kset_create_and_add+0x160/0x160
>> [ 45.144732] ? __kmem_cache_alloc_node+0x1d2/0x350
>> [ 45.145109] ? _raw_spin_lock+0x87/0xe0
>> [ 45.145426] ? kobject_create_and_add+0x3c/0xb0
>> [ 45.145787] kobject_create_and_add+0x68/0xb0
>> [ 45.146130] module_add_driver+0x260/0x350
>> [ 45.146465] bus_add_driver+0x2c9/0x580
>> [ 45.146762] driver_register+0x133/0x460
>> [ 45.147084] kunit_run_tests+0xdb/0xef0
>> [ 45.147404] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.147754] ? __sched_text_end+0xa/0xa
>> [ 45.148056] ? _raw_spin_unlock_irqrestore+0x42/0x80
>> [ 45.148456] ? __kunit_test_suites_exit+0x80/0x80
>> [ 45.148817] ? set_track_prepare+0x8a/0xd0
>> [ 45.149145] ? get_object+0x70/0x70
>> [ 45.149425] ? alloc_inode+0x12a/0x1e0
>> [ 45.149716] ? new_inode+0x14/0x230
>> [ 45.149989] ? __debugfs_create_file+0xc8/0x5d0
>> [ 45.150347] ? __kunit_test_suites_init+0x73/0x140
>> [ 45.150724] ? kunit_module_notify+0x3ab/0x440
>> [ 45.151074] ? notifier_call_chain+0xbf/0x280
>> [ 45.151420] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.151772] ? __sched_text_end+0xa/0xa
>> [ 45.152079] ? projid_m_show+0x200/0x200
>> [ 45.152403] ? kasan_set_track+0x21/0x30
>> [ 45.152712] ? _raw_spin_lock+0x87/0xe0
>> [ 45.153010] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.153333] ? _raw_spin_lock+0x87/0xe0
>> [ 45.153635] ? __d_instantiate+0x1d5/0x3b0
>> [ 45.153953] ? alloc_inode+0x72/0x1e0
>> [ 45.154235] ? up_write+0x6d/0xa0
>> [ 45.154509] ? __debugfs_create_file+0x3b5/0x5d0
>> [ 45.154869] __kunit_test_suites_init+0xde/0x140
>> [ 45.155222] kunit_module_notify+0x3ab/0x440
>> [ 45.155560] ? __kunit_test_suites_init+0x140/0x140
>> [ 45.155938] ? preempt_count_add+0x79/0x150
>> [ 45.156259] notifier_call_chain+0xbf/0x280
>> [ 45.156591] ? kasan_quarantine_put+0x21/0x1a0
>> [ 45.156937] blocking_notifier_call_chain_robust+0xbb/0x140
>> [ 45.157371] ? notifier_call_chain+0x280/0x280
>> [ 45.157713] ? 0xffffffffa0208000
>> [ 45.157967] load_module+0x4af0/0x67d0
>> [ 45.158255] ? module_frob_arch_sections+0x20/0x20
>> [ 45.158630] ? rwsem_down_write_slowpath+0x11a0/0x11a0
>> [ 45.159025] ? kernel_read_file+0x3ca/0x510
>> [ 45.159353] ? __x64_sys_fspick+0x2a0/0x2a0
>> [ 45.159673] ? init_module_from_file+0xd2/0x130
>> [ 45.160014] init_module_from_file+0xd2/0x130
>> [ 45.160356] ? __ia32_sys_init_module+0xa0/0xa0
>> [ 45.160702] ? userfaultfd_unmap_prep+0x3d0/0x3d0
>> [ 45.161058] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.161386] idempotent_init_module+0x339/0x610
>> [ 45.161727] ? init_module_from_file+0x130/0x130
>> [ 45.162081] ? __fget_light+0x57/0x500
>> [ 45.162378] __x64_sys_finit_module+0xba/0x130
>> [ 45.162720] do_syscall_64+0x35/0x80
>> [ 45.162989] entry_SYSCALL_64_after_hwframe+0x46/0xb0
>> [ 45.163380] RIP: 0033:0x7fabf471b839
>> [ 45.163655] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
>> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
>> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
>> [ 45.165049] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000139
>> [ 45.165627] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
>> 00007fabf471b839
>> [ 45.166168] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
>> 0000000000000003
>> [ 45.166733] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
>> 000055578e373210
>> [ 45.167297] R10: 0000000000000003 R11: 0000000000000246 R12:
>> 0000000000000000
>> [ 45.167847] R13: 000055578e370f30 R14: 0000000000040000 R15:
>> 000055578e370e10
>> [ 45.168404] </TASK>
>> [ 45.168579] ---[ end trace 0000000000000000 ]---
>> [ 45.168952] general protection fault, probably for non-canonical
>> address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
>> [ 45.169771] KASAN: null-ptr-deref in range
>> [0x0000000000000018-0x000000000000001f]
>> [ 45.170336] CPU: 1 PID: 1862 Comm: modprobe Tainted: G W
>> N 6.6.0-rc3+ #54
>> [ 45.170935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>> BIOS 1.15.0-1 04/01/2014
>> [ 45.171562] RIP: 0010:kobject_namespace+0x71/0x150
>> [ 45.171933] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
>> b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
>> 03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
>> [ 45.173324] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
>> [ 45.173716] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [ 45.174245] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
>> 0000000000000018
>> [ 45.174777] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
>> ffffed1020c5ee0f
>> [ 45.175317] R10: ffff8881062f707f R11: 746e756f63666572 R12:
>> ffffffffa02121d0
>> [ 45.175847] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
>> ffffffff84ac7020
>> [ 45.176377] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
>> knlGS:0000000000000000
>> [ 45.176977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 45.177413] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
>> 0000000000770ee0
>> [ 45.177946] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 45.178479] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 45.179016] PKRU: 55555554
>> [ 45.179227] Call Trace:
>> [ 45.179418] <TASK>
>> [ 45.179584] ? die_addr+0x3d/0xa0
>> [ 45.179843] ? exc_general_protection+0x144/0x220
>> [ 45.180202] ? asm_exc_general_protection+0x22/0x30
>> [ 45.180570] ? kobject_namespace+0x71/0x150
>> [ 45.180886] kobject_add_internal+0x267/0x870
>> [ 45.181221] kobject_add+0x120/0x1f0
>> [ 45.181497] ? kset_create_and_add+0x160/0x160
>> [ 45.181828] ? __kmem_cache_alloc_node+0x1d2/0x350
>> [ 45.182188] ? _raw_spin_lock+0x87/0xe0
>> [ 45.182480] ? kobject_create_and_add+0x3c/0xb0
>> [ 45.182822] kobject_create_and_add+0x68/0xb0
>> [ 45.183159] module_add_driver+0x260/0x350
>> [ 45.183472] bus_add_driver+0x2c9/0x580
>> [ 45.183764] driver_register+0x133/0x460
>> [ 45.184061] kunit_run_tests+0xdb/0xef0
>> [ 45.184354] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.184700] ? __sched_text_end+0xa/0xa
>> [ 45.184993] ? _raw_spin_unlock_irqrestore+0x42/0x80
>> [ 45.185365] ? __kunit_test_suites_exit+0x80/0x80
>> [ 45.185718] ? set_track_prepare+0x8a/0xd0
>> [ 45.186027] ? get_object+0x70/0x70
>> [ 45.186296] ? alloc_inode+0x12a/0x1e0
>> [ 45.186578] ? new_inode+0x14/0x230
>> [ 45.186848] ? __debugfs_create_file+0xc8/0x5d0
>> [ 45.187199] ? __kunit_test_suites_init+0x73/0x140
>> [ 45.187563] ? kunit_module_notify+0x3ab/0x440
>> [ 45.187905] ? notifier_call_chain+0xbf/0x280
>> [ 45.188232] ? _raw_spin_lock_irqsave+0x8d/0xe0
>> [ 45.188574] ? __sched_text_end+0xa/0xa
>> [ 45.188862] ? projid_m_show+0x200/0x200
>> [ 45.189158] ? kasan_set_track+0x21/0x30
>> [ 45.189457] ? _raw_spin_lock+0x87/0xe0
>> [ 45.189747] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.190054] ? _raw_spin_lock+0x87/0xe0
>> [ 45.190345] ? __d_instantiate+0x1d5/0x3b0
>> [ 45.190657] ? alloc_inode+0x72/0x1e0
>> [ 45.190935] ? up_write+0x6d/0xa0
>> [ 45.191191] ? __debugfs_create_file+0x3b5/0x5d0
>> [ 45.191545] __kunit_test_suites_init+0xde/0x140
>> [ 45.191904] kunit_module_notify+0x3ab/0x440
>> [ 45.192226] ? __kunit_test_suites_init+0x140/0x140
>> [ 45.192601] ? preempt_count_add+0x79/0x150
>> [ 45.192927] notifier_call_chain+0xbf/0x280
>> [ 45.193244] ? kasan_quarantine_put+0x21/0x1a0
>> [ 45.193586] blocking_notifier_call_chain_robust+0xbb/0x140
>> [ 45.194015] ? notifier_call_chain+0x280/0x280
>> [ 45.194360] ? 0xffffffffa0208000
>> [ 45.194614] load_module+0x4af0/0x67d0
>> [ 45.194909] ? module_frob_arch_sections+0x20/0x20
>> [ 45.195274] ? rwsem_down_write_slowpath+0x11a0/0x11a0
>> [ 45.195672] ? kernel_read_file+0x3ca/0x510
>> [ 45.195997] ? __x64_sys_fspick+0x2a0/0x2a0
>> [ 45.196319] ? init_module_from_file+0xd2/0x130
>> [ 45.196675] init_module_from_file+0xd2/0x130
>> [ 45.197006] ? __ia32_sys_init_module+0xa0/0xa0
>> [ 45.197352] ? userfaultfd_unmap_prep+0x3d0/0x3d0
>> [ 45.197724] ? _raw_spin_lock_bh+0xe0/0xe0
>> [ 45.198044] idempotent_init_module+0x339/0x610
>> [ 45.198392] ? init_module_from_file+0x130/0x130
>> [ 45.198748] ? __fget_light+0x57/0x500
>> [ 45.199043] __x64_sys_finit_module+0xba/0x130
>> [ 45.199389] do_syscall_64+0x35/0x80
>> [ 45.199664] entry_SYSCALL_64_after_hwframe+0x46/0xb0
>> [ 45.200050] RIP: 0033:0x7fabf471b839
>> [ 45.200325] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
>> 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
>> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
>> [ 45.201713] RSP: 002b:00007ffd1f377128 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000139
>> [ 45.202278] RAX: ffffffffffffffda RBX: 000055578e370e10 RCX:
>> 00007fabf471b839
>> [ 45.202816] RDX: 0000000000000000 RSI: 000055578ca1bc2e RDI:
>> 0000000000000003
>> [ 45.203348] RBP: 000055578ca1bc2e R08: 0000000000000000 R09:
>> 000055578e373210
>> [ 45.203886] R10: 0000000000000003 R11: 0000000000000246 R12:
>> 0000000000000000
>> [ 45.204426] R13: 000055578e370f30 R14: 0000000000040000 R15:
>> 000055578e370e10
>> [ 45.204962] </TASK>
>> [ 45.205140] Modules linked in: fpga_mgr_test(+)
>> [ 45.205500] Dumping ftrace buffer:
>> [ 45.205768] (ftrace buffer empty)
>> [ 45.206066] ---[ end trace 0000000000000000 ]---
>> [ 45.206477] RIP: 0010:kobject_namespace+0x71/0x150
>> [ 45.206850] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cd 00 00 00 48
>> b8 00 00 00 00 00 fc ff df 49 8b 5c 24 28 48 8d 7b 18 48 89 fa 48 c1 ea
>> 03 <80> 3c 02 00 0f 85 c1 00 00 00 48 8b 43 18 48 85 c0 74 79 4c 89 e7
>> [ 45.208501] RSP: 0018:ffff8881062f7288 EFLAGS: 00010206
>> [ 45.209015] RAX: dffffc0000000000 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [ 45.209708] RDX: 0000000000000003 RSI: ffffffff847b4d40 RDI:
>> 0000000000000018
>> [ 45.210473] RBP: ffff888101b6d840 R08: 0000000000000001 R09:
>> ffffed1020c5ee0f
>> [ 45.211142] R10: ffff8881062f707f R11: 746e756f63666572 R12:
>> ffffffffa02121d0
>> [ 45.211898] R13: ffff888101b6d858 R14: ffff888101b6d868 R15:
>> ffffffff84ac7020
>> [ 45.212653] FS: 00007fabf4c34540(0000) GS:ffff888119c80000(0000)
>> knlGS:0000000000000000
>> [ 45.213441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 45.213970] CR2: 000055578ca04e20 CR3: 000000010ac0e006 CR4:
>> 0000000000770ee0
>> [ 45.214716] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 45.215424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 45.216089] PKRU: 55555554
>> [ 45.216440] Kernel panic - not syncing: Fatal exception
>> [ 45.217935] Dumping ftrace buffer:
>> [ 45.218195] (ftrace buffer empty)
>> [ 45.218473] Kernel Offset: disabled
>> [ 45.218740] Rebooting in 1 seconds..
>>
>>> +}
>>> +
>>> +static void fpga_mgr_test_suite_exit(struct kunit_suite *suite)
>>> +{
>>> + platform_driver_unregister(&test_platform_driver);
>>> +}
>>> +
>>> static int fpga_mgr_test_init(struct kunit *test)
>>> {
>>> struct mgr_ctx *ctx;
>>> @@ -284,7 +298,7 @@ static int fpga_mgr_test_init(struct kunit *test)
>>> ctx = kunit_kzalloc(test, sizeof(*ctx), GFP_KERNEL);
>>> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx);
>>>
>>> - ctx->pdev = platform_device_register_simple("mgr_pdev", PLATFORM_DEVID_AUTO, NULL, 0);
>>> + ctx->pdev = platform_device_register_simple(TEST_PDEV_NAME, PLATFORM_DEVID_AUTO, NULL, 0);
>>> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ctx->pdev);
>>>
>>> ctx->mgr = devm_fpga_mgr_register(&ctx->pdev->dev, "Fake FPGA Manager", &fake_mgr_ops,
>>> @@ -317,6 +331,8 @@ static struct kunit_case fpga_mgr_test_cases[] = {
>>>
>>> static struct kunit_suite fpga_mgr_suite = {
>>> .name = "fpga_mgr",
>>> + .suite_init = fpga_mgr_test_suite_init,
>>> + .suite_exit = fpga_mgr_test_suite_exit,
>>> .init = fpga_mgr_test_init,
>>> .exit = fpga_mgr_test_exit,
>>> .test_cases = fpga_mgr_test_cases,
>>
>
On 2023-09-28 18:01, Xu Yilun wrote:
> On 2023-09-26 at 18:39:08 +0200, Marco Pagani wrote:
>> Add helpers to facilitate the registration of minimal platform drivers
>> to support the parent platform devices used for testing.
>>
>> Signed-off-by: Marco Pagani <[email protected]>
>> ---
>> drivers/fpga/tests/fpga-test-helpers.h | 29 ++++++++++++++++++++++++++
>> 1 file changed, 29 insertions(+)
>> create mode 100644 drivers/fpga/tests/fpga-test-helpers.h
>>
>> diff --git a/drivers/fpga/tests/fpga-test-helpers.h b/drivers/fpga/tests/fpga-test-helpers.h
>> new file mode 100644
>> index 000000000000..fcad3249be68
>> --- /dev/null
>> +++ b/drivers/fpga/tests/fpga-test-helpers.h
>> @@ -0,0 +1,29 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * KUnit test for the FPGA Manager
>> + *
>> + * Copyright (C) 2023 Red Hat, Inc.
>> + *
>> + * Author: Marco Pagani <[email protected]>
>> + */
>> +
>> +#ifndef FPGA_KUNIT_HELPERS_
>> +#define FPGA_KUNIT_HELPERS_
>
> How about _FPGA_KUNIT_HELPERS_H
That's fine with me. I will change it in v2.
> Others LGTM for this series.
>
> Thanks,
> Yilun
>
>> +
>> +#define TEST_PDEV_NAME "fpga-test-pdev"
>> +
>> +#define TEST_PLATFORM_DRIVER(__drv_name) \
>> + __TEST_PLATFORM_DRIVER(__drv_name, TEST_PDEV_NAME)
>> +/*
>> + * Helper macro for defining a minimal platform driver that can
>> + * be registered to support the parent platform devices used for
>> + * testing.
>> + */
>> +#define __TEST_PLATFORM_DRIVER(__drv_name, __dev_name) \
>> +static struct platform_driver __drv_name = { \
>> + .driver = { \
>> + .name = __dev_name, \
>> + }, \
>> +}
>> +
>> +#endif /* FPGA_KUNIT_HELPERS_ */
>> --
>> 2.41.0
>>
>
Thanks,
Marco
On 2023-09-26 at 18:39:08 +0200, Marco Pagani wrote:
> Add helpers to facilitate the registration of minimal platform drivers
> to support the parent platform devices used for testing.
>
> Signed-off-by: Marco Pagani <[email protected]>
> ---
> drivers/fpga/tests/fpga-test-helpers.h | 29 ++++++++++++++++++++++++++
> 1 file changed, 29 insertions(+)
> create mode 100644 drivers/fpga/tests/fpga-test-helpers.h
>
> diff --git a/drivers/fpga/tests/fpga-test-helpers.h b/drivers/fpga/tests/fpga-test-helpers.h
> new file mode 100644
> index 000000000000..fcad3249be68
> --- /dev/null
> +++ b/drivers/fpga/tests/fpga-test-helpers.h
> @@ -0,0 +1,29 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * KUnit test for the FPGA Manager
> + *
> + * Copyright (C) 2023 Red Hat, Inc.
> + *
> + * Author: Marco Pagani <[email protected]>
> + */
> +
> +#ifndef FPGA_KUNIT_HELPERS_
> +#define FPGA_KUNIT_HELPERS_
How about _FPGA_KUNIT_HELPERS_H
Others LGTM for this series.
Thanks,
Yilun
> +
> +#define TEST_PDEV_NAME "fpga-test-pdev"
> +
> +#define TEST_PLATFORM_DRIVER(__drv_name) \
> + __TEST_PLATFORM_DRIVER(__drv_name, TEST_PDEV_NAME)
> +/*
> + * Helper macro for defining a minimal platform driver that can
> + * be registered to support the parent platform devices used for
> + * testing.
> + */
> +#define __TEST_PLATFORM_DRIVER(__drv_name, __dev_name) \
> +static struct platform_driver __drv_name = { \
> + .driver = { \
> + .name = __dev_name, \
> + }, \
> +}
> +
> +#endif /* FPGA_KUNIT_HELPERS_ */
> --
> 2.41.0
>