# git rev-parse -q --verify 4b8397a2335c31dac90f9f9cdf9380836bec0cfb^{commit} 4b8397a2335c31dac90f9f9cdf9380836bec0cfb already have revision, skipping fetch # git checkout -q -f -B kisskb 4b8397a2335c31dac90f9f9cdf9380836bec0cfb # git clean -qxdf # < git log -1 # commit 4b8397a2335c31dac90f9f9cdf9380836bec0cfb # Author: Michael Ellerman # Date: Fri Feb 1 22:03:58 2019 +1100 # # powerpc/64: Fix memcmp reading past the end of src/dest # # Chandan reported that fstests' generic/026 test hit a crash: # # BUG: Unable to handle kernel data access at 0xc00000062ac40000 # Faulting instruction address: 0xc000000000092240 # Oops: Kernel access of bad area, sig: 11 [#1] # LE SMP NR_CPUS=2048 DEBUG_PAGEALLOC NUMA pSeries # CPU: 0 PID: 27828 Comm: chacl Not tainted 5.0.0-rc2-next-20190115-00001-g6de6dba64dda #1 # NIP: c000000000092240 LR: c00000000066a55c CTR: 0000000000000000 # REGS: c00000062c0c3430 TRAP: 0300 Not tainted (5.0.0-rc2-next-20190115-00001-g6de6dba64dda) # MSR: 8000000002009033 CR: 44000842 XER: 20000000 # CFAR: 00007fff7f3108ac DAR: c00000062ac40000 DSISR: 40000000 IRQMASK: 0 # GPR00: 0000000000000000 c00000062c0c36c0 c0000000017f4c00 c00000000121a660 # GPR04: c00000062ac3fff9 0000000000000004 0000000000000020 00000000275b19c4 # GPR08: 000000000000000c 46494c4500000000 5347495f41434c5f c0000000026073a0 # GPR12: 0000000000000000 c0000000027a0000 0000000000000000 0000000000000000 # GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 # GPR20: c00000062ea70020 c00000062c0c38d0 0000000000000002 0000000000000002 # GPR24: c00000062ac3ffe8 00000000275b19c4 0000000000000001 c00000062ac30000 # GPR28: c00000062c0c38d0 c00000062ac30050 c00000062ac30058 0000000000000000 # NIP memcmp+0x120/0x690 # LR xfs_attr3_leaf_lookup_int+0x53c/0x5b0 # Call Trace: # xfs_attr3_leaf_lookup_int+0x78/0x5b0 (unreliable) # xfs_da3_node_lookup_int+0x32c/0x5a0 # xfs_attr_node_addname+0x170/0x6b0 # xfs_attr_set+0x2ac/0x340 # __xfs_set_acl+0xf0/0x230 # xfs_set_acl+0xd0/0x160 # set_posix_acl+0xc0/0x130 # posix_acl_xattr_set+0x68/0x110 # __vfs_setxattr+0xa4/0x110 # __vfs_setxattr_noperm+0xac/0x240 # vfs_setxattr+0x128/0x130 # setxattr+0x248/0x600 # path_setxattr+0x108/0x120 # sys_setxattr+0x28/0x40 # system_call+0x5c/0x70 # Instruction dump: # 7d201c28 7d402428 7c295040 38630008 38840008 408201f0 4200ffe8 2c050000 # 4182ff6c 20c50008 54c61838 7d201c28 <7d402428> 7d293436 7d4a3436 7c295040 # # The instruction dump decodes as: # subfic r6,r5,8 # rlwinm r6,r6,3,0,28 # ldbrx r9,0,r3 # ldbrx r10,0,r4 <- # # Which shows us doing an 8 byte load from c00000062ac3fff9, which # crosses the page boundary at c00000062ac40000 and faults. # # It's not OK for memcmp to read past the end of the source or # destination buffers if that would cross a page boundary, because we # don't know that the next page is mapped. It's also a little fishy to # read past the end of the source or destination buffers in general, it # will annoy valgrind for example (which can run on this code via our # stringloops selftest). # # The bug is in the code at the .Lcmp_rest_lt8bytes label. To fix it # test if we have at least 4 bytes to compare and if so do a 4 byte load # and compare. Otherwise, and/or if we have anything left, jump to the # existing code that does byte at a time comparison. # # Fixes: 2d9ee327adce ("powerpc/64: Align bytes before fall back to .Lshort in powerpc64 memcmp()") # Cc: stable@vger.kernel.org # v4.19+ # Reported-by: Chandan Rajendra # Tested-by: Chandan Rajendra # Signed-off-by: Michael Ellerman # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 4b8397a2335c31dac90f9f9cdf9380836bec0cfb # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- randconfig KCONFIG_SEED=0x7539B10C WARNING: unmet direct dependencies detected for TI_SOC_THERMAL Depends on [n]: THERMAL [=y] && (ARCH_HAS_BANDGAP || COMPILE_TEST [=n]) && HAS_IOMEM [=y] Selected by [y]: - MMC_SDHCI_OMAP [=y] && MMC [=y] && MMC_SDHCI_PLTFM [=y] && OF [=y] WARNING: unmet direct dependencies detected for TI_SOC_THERMAL Depends on [n]: THERMAL [=y] && (ARCH_HAS_BANDGAP || COMPILE_TEST [=n]) && HAS_IOMEM [=y] Selected by [y]: - MMC_SDHCI_OMAP [=y] && MMC [=y] && MMC_SDHCI_PLTFM [=y] && OF [=y] # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_CPU_BIG_ENDIAN=y # Added to kconfig CONFIG_PPC64=y # Added to kconfig CONFIG_PPC_DISABLE_WERROR=y # Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y # Added to kconfig # yes \n | make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- oldconfig yes: standard output: Broken pipe # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- WARNING: unmet direct dependencies detected for TI_SOC_THERMAL Depends on [n]: THERMAL [=y] && (ARCH_HAS_BANDGAP || COMPILE_TEST [=n]) && HAS_IOMEM [=y] Selected by [y]: - MMC_SDHCI_OMAP [=y] && MMC [=y] && MMC_SDHCI_PLTFM [=y] && OF [=y] WARNING: unmet direct dependencies detected for TI_SOC_THERMAL Depends on [n]: THERMAL [=y] && (ARCH_HAS_BANDGAP || COMPILE_TEST [=n]) && HAS_IOMEM [=y] Selected by [y]: - MMC_SDHCI_OMAP [=y] && MMC [=y] && MMC_SDHCI_PLTFM [=y] && OF [=y] WARNING: unmet direct dependencies detected for TI_SOC_THERMAL Depends on [n]: THERMAL [=y] && (ARCH_HAS_BANDGAP || COMPILE_TEST [=n]) && HAS_IOMEM [=y] Selected by [y]: - MMC_SDHCI_OMAP [=y] && MMC [=y] && MMC_SDHCI_PLTFM [=y] && OF [=y] /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:186:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/ipc/shm.c: In function 'ksys_shmdt': /kisskb/src/ipc/shm.c:1686:59: warning: 'file' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:339:21: note: 'pdeo' was declared here /kisskb/src/lib/mpi/mpicoder.c: In function 'mpi_read_raw_from_sgl': /kisskb/src/lib/mpi/mpicoder.c:352:8: warning: 'buff' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/rhashtable.c: In function 'rhashtable_rehash_one': /kisskb/src/lib/rhashtable.c:264:2: warning: 'next' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/kernel/exceptions-64e.S: Assembler messages: /kisskb/src/arch/powerpc/kernel/exceptions-64e.S:587: Error: Unrecognized opcode: `mc_btb_flush' make[3]: *** [/kisskb/src/scripts/Makefile.build:367: arch/powerpc/kernel/exceptions-64e.o] Error 1 make[3]: *** Waiting for unfinished jobs.... /kisskb/src/drivers/char/tpm/tpm-sysfs.c: In function 'pubek_show': /kisskb/src/drivers/char/tpm/tpm-sysfs.c:56:5: warning: 'tpm_buf.data' may be used uninitialized in this function [-Wuninitialized] make[2]: *** [/kisskb/src/scripts/Makefile.build:492: arch/powerpc/kernel] Error 2 make[1]: *** [/kisskb/src/Makefile:1042: arch/powerpc] Error 2 make[1]: *** Waiting for unfinished jobs.... /kisskb/src/mm/ksm.c: In function 'stable_node_dup': /kisskb/src/mm/ksm.c:1393:15: warning: 'found_rmap_hlist_len' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/mfd/arizona-core.c: In function 'arizona_dev_init': /kisskb/src/drivers/mfd/arizona-core.c:1422:6: warning: 'n_subdevs' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/core/gen_stats.c: In function '__gnet_stats_copy_basic': /kisskb/src/net/core/gen_stats.c:161:19: warning: 'seq' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery': /kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8860_bl.c: In function 'adp8860_bl_ambient_light_zone_show': /kisskb/src/drivers/video/backlight/adp8860_bl.c:601:32: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8860_bl.c: In function 'adp8860_bl_ambient_light_level_show': /kisskb/src/drivers/video/backlight/adp8860_bl.c:579:10: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8860_bl.c:579:10: warning: 'ret_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8860_bl.c: In function 'adp8860_show': /kisskb/src/drivers/video/backlight/adp8860_bl.c:443:16: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8870_bl.c: In function 'adp8870_bl_ambient_light_zone_show': /kisskb/src/drivers/video/backlight/adp8870_bl.c:785:32: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8870_bl.c: In function 'adp8870_show': /kisskb/src/drivers/video/backlight/adp8870_bl.c:564:16: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/ipv4/ip_output.c: In function '__ip_append_data.isra.30': /kisskb/src/include/linux/skbuff.h:1338:6: warning: 'extra_uref' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/ipv4/ip_output.c:885:14: note: 'extra_uref' was declared here /kisskb/src/net/core/dev.c: In function 'validate_xmit_skb_list': /kisskb/src/net/core/dev.c:3405:15: warning: 'tail' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/staging/comedi/drivers/pcl818.c: In function 'pcl818_ai_cmd': /kisskb/src/drivers/staging/comedi/drivers/pcl818.c:337:6: warning: 'last_chan' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/staging/comedi/drivers/pcl818.c:347:15: note: 'last_chan' was declared here /kisskb/src/net/ncsi/ncsi-manage.c: In function 'set_one_vid': /kisskb/src/net/ncsi/ncsi-manage.c:676:19: warning: 'vid' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/ipv6/ip6_output.c: In function '__ip6_append_data.isra.26': /kisskb/src/include/linux/skbuff.h:1338:6: warning: 'extra_uref' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/ipv6/ip6_output.c:1270:14: note: 'extra_uref' was declared here /kisskb/src/drivers/staging/comedi/drivers/dt282x.c: In function 'dt282x_ns_to_timer': /kisskb/src/drivers/staging/comedi/drivers/dt282x.c:389:5: warning: 'divider' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/staging/comedi/drivers/dt282x.c:394:16: warning: 'base' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c: In function 'tun_get_user': /kisskb/src/drivers/net/tun.c:1843:30: warning: 'copylen' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1533:31: warning: 'linear' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1753:46: note: 'linear' was declared here /kisskb/src/net/mac80211/tx.c: In function 'ieee80211_build_hdr': /kisskb/src/net/mac80211/tx.c:2502:27: warning: 'chanctx_conf' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/mac80211/mlme.c: In function 'ieee80211_handle_pwr_constr.isra.13': /kisskb/src/net/mac80211/mlme.c:1519:6: warning: 'pwr_level_cisco' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/string.c: In function 'strlcpy': /kisskb/src/lib/string.c:479:8: sorry, unimplemented: inlining failed in call to 'strlen': redefined extern inline functions are not considered for inlining /kisskb/src/lib/string.c:143:9: sorry, unimplemented: called from here make[2]: *** [/kisskb/src/scripts/Makefile.build:277: lib/string.o] Error 1 make[2]: *** Waiting for unfinished jobs.... /kisskb/src/net/sctp/output.c: In function 'sctp_packet_config': /kisskb/src/include/linux/compiler.h:191:2: warning: 'sk' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/sctp/output.c:94:15: note: 'sk' was declared here /kisskb/src/net/tipc/socket.c: In function 'tipc_recvmsg': /kisskb/src/net/tipc/socket.c:1734:27: warning: 'copy' may be used uninitialized in this function [-Wuninitialized] make[1]: *** [/kisskb/src/Makefile:1042: lib] Error 2 make: *** [Makefile:152: sub-make] Error 2 Command 'make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/powerpc-next-rand_powerpc-randconfig_powerpc-gcc4.6 # Build took: 0:01:03.199017