Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp631934pxj; Thu, 27 May 2021 08:14:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuQWHfknTDd7tHIS5z0JklyVnyZYm1TjXnsTEmYEK0INKwPWaEPnAJlsCtiuG5b73P3AR+ X-Received: by 2002:a92:d4c8:: with SMTP id o8mr3519269ilm.116.1622128486381; Thu, 27 May 2021 08:14:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622128486; cv=none; d=google.com; s=arc-20160816; b=QUdk+5dkom2LEiiIsaLoIBZ6blLeIsF1vm6S4pYy3bxYSX2E26cn7hLBEyGnK558mf 16zc0WmylT+JlRjkCyaSmj78/dG7Gv2RdT5wn1hlkeMU7yJsudtcjQhB2QTk59hDcFbG F9VDCokOO8E0CIqG1l8kZdWlQwVoLn+EDluxkDbMi9kgSKXM8k7bL4V5WwmsK5h7Hnjk Z3gBFbWmAyihCsmfWheZ1+XlAE7g5aMGHFppDL61ZUf5XaZ7jhwjvagV2jJIukWJfnmq 0SAWWitBHrJ6+DcsUcIsnApy4yWiiOLUxHdOEZuaTEZs8+EZihRiL4AXylj9riXyQ5H3 eoRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=rEwKVFyNJy/eAGXtZLFXMybzpHLfoCbgSR9QQLUPNYU=; b=BUzBlb2zVqTRZeTv5rbIWYkq+/rF6uDVNda8+c15z7sxwvaf5iw0EL1/TgaXfbBfVP ayl3ATJaugwj50ttAh5kDLcnZe4VUVGWQ6fMyyHFh/xrJLxHwIqOP7sc63SCl6gPKoNG mxescKJcppWKGJfV3eoijA45iCx3yntk5GkNsyQvRzTwLCaNez7F661k6eQKqJmcEWzi XKpMV4A4f+qpum3eSDvWFBYD2QUq3UHaZCXs4g1zhuUMTXQun9PRlI3gEVw54IAVgl/r b0WVMvov98osboi0w5ImJEcS4zGbKdmqPIKNQ1B6gcNM7w8qF5hDBWIRHTLWgBb/fipl B6Zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="VDOm/Xgu"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m17si2339052ilg.130.2021.05.27.08.14.32; Thu, 27 May 2021 08:14:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="VDOm/Xgu"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235598AbhE0JD2 (ORCPT + 99 others); Thu, 27 May 2021 05:03:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:60098 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235392AbhE0JDY (ORCPT ); Thu, 27 May 2021 05:03:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 256B26109F; Thu, 27 May 2021 09:01:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622106111; bh=0v+a7eFcTScxcFMCOsuCXh3erJ+IhTVmOZi4NoMG1uw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=VDOm/Xguo2zMSam3Mo8LfZPDvvMXxJJPOASYoPQbPP4Zvxq4hST/hcaphiHHZcEPU w4g/za7ab2AguDkhxfo1oMkXi8aZYn0aZ4FHGS2XPVT79dlLc/A75erYO9Nzb1rlb/ WnoKpOmVglbE1xxXPLwBPzWO0DODaTXlrIo9hia5kMXWFlPSRB1FrjDTuEt+8MnkUD +gP9oJgLFhUF30nq37lnBkVIf21XfKlUI4XwdR6RHao4ZGZljYsE9Ok0Egn8qQeeEB ainxTCK4kEP/xofIrjLEk952jaJkI7yxRuNJIMcLrhhWQNVf6yCqcRDQ9r+siRYlLh 2/bibDnknevEw== Date: Thu, 27 May 2021 11:01:47 +0200 From: Jessica Yu To: Marc Kleine-Budde Cc: linux-kernel@vger.kernel.org Subject: Re: global-out-of-bounds in move_module Message-ID: References: <20210510202653.gjvqsxacw3hcxfvr@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20210510202653.gjvqsxacw3hcxfvr@pengutronix.de> X-OS: Linux p200300cbcf361a0029e37a38368d6727.dip0.t-ipconnect.de 5.12.0-2-default x86_64 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Marc Kleine-Budde [10/05/21 22:26 +0200]: >Hello, > >I just noticed on current net-next/master b741596468b0 ("Merge tag >'riscv-for-linus-5.13-mw1' of >git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux") on 32 bit >arm, that modprobe of a module triggers the following KASAN bug: Hi, Hm, well I just submitted a module loader fix last week (I have no idea if the fix is related to this report somehow, but it does bring ARM module loader behavior up to speed with the other arches). I'm wondering if you can still reproduce this on -rc3? >| [ 110.241783] ================================================================== >| [ 110.249600] BUG: KASAN: global-out-of-bounds in move_module+0x58/0x208 >| [ 110.256253] Write of size 69632 at addr bf030000 by task modprobe/290 >| [ 110.262789] >| [ 110.264361] CPU: 0 PID: 290 Comm: modprobe Tainted: G W 5.12.0-perf+ #7 >| [ 110.272373] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) >| [ 110.278977] Backtrace: >| [ 110.281537] [] (dump_backtrace) from [] (show_stack+0x20/0x24) >| [ 110.289245] r7:00000080 r6:80010093 r5:00000000 r4:c24c20a0 >| [ 110.294981] [] (show_stack) from [] (dump_stack+0xf0/0x118) >| [ 110.302407] [] (dump_stack) from [] (print_address_description.constprop.0+0x58/0x210) >| [ 110.312205] r9:b6e0720e r8:b6e08200 r7:c0273980 r6:00000001 r5:00000000 r4:bf030000 >| [ 110.320023] [] (print_address_description.constprop.0) from [] (kasan_report+0x11c/0x140) >| [ 110.330088] r7:c0273980 r6:00000001 r5:00011000 r4:bf030000 >| [ 110.335820] [] (kasan_report) from [] (kasan_check_range+0xcc/0x1a4) >| [ 110.344039] r7:000001ff r6:b6e081ff r5:bf040fff r4:b6e07210 >| [ 110.349772] [] (kasan_check_range) from [] (memset+0x28/0x44) >| [ 110.357386] r10:cc6a3ef4 r9:f0f1ef18 r8:f0de8740 r7:cc6a3ee0 r6:00000000 r5:bf030000 >| [ 110.365296] r4:00011000 r3:c0273980 >| [ 110.368943] [] (memset) from [] (move_module+0x58/0x208) >| [ 110.376116] r7:cc6a3ee0 r6:f0de8880 r5:f0de8884 r4:bf030000 >| [ 110.381850] [] (move_module) from [] (layout_and_allocate+0x1bc/0x290) >| [ 110.390233] r10:cc6a3ef4 r9:f0f1ef18 r8:cc6a3ef0 r7:00000039 r6:cc6a3ee4 r5:cc6a3ee0 >| [ 110.398138] r4:00000000 >| [ 110.400743] [] (layout_and_allocate) from [] (load_module+0x34c/0xbe4) >| [ 110.409125] r10:cc6a0000 r9:b88d47b8 r8:c165cb00 r7:f3f3f3f3 r6:cc6a3e40 r5:cc6a3ee0 >| [ 110.417031] r4:cc6a0000 >| [ 110.419634] [] (load_module) from [] (sys_finit_module+0x110/0x178) >| [ 110.427760] r10:0000017b r9:00000003 r8:cc6a3ee0 r7:004762d0 r6:00000000 r5:cc6a3f80 >| [ 110.435666] r4:b88d47d4 >| [ 110.438273] [] (sys_finit_module) from [] (ret_fast_syscall+0x0/0x2c) >| [ 110.446565] Exception stack(0xcc6a3fa8 to 0xcc6a3ff0) >| [ 110.451708] 3fa0: 004780c0 00000000 00000003 004762d0 00000000 00477cd0 >| [ 110.459983] 3fc0: 004780c0 00000000 98560c00 0000017b 0210a3f8 0048a090 0047544c 0210a360 >| [ 110.468246] 3fe0: b6c91978 b6c91968 0046eb0d aea934f2 >| [ 110.473388] r9:cc6a0000 r8:c0100268 r7:0000017b r6:98560c00 r5:00000000 r4:004780c0 >| [ 110.481206] >| [ 110.482769] >| [ 110.484329] Memory state around the buggy address: >| [ 110.489199] bf038f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >| [ 110.495812] bf038f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >| [ 110.502419] >bf039000: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 f9 f9 >| [ 110.509021] ^ >| [ 110.515018] bf039080: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 02 f9 f9 >| [ 110.521626] bf039100: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 >| [ 110.528231] ================================================================== > >regards, >Marc > >-- >Pengutronix e.K. | Marc Kleine-Budde | >Embedded Linux | https://www.pengutronix.de | >Vertretung West/Dortmund | Phone: +49-231-2826-924 | >Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |