All of lore.kernel.org
 help / color / mirror / Atom feed
* mm/kfence/core.c:839:9: sparse: sparse: context imbalance in 'kfence_handle_page_fault' - different lock contexts for basic block
@ 2021-02-27 17:39 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-02-27 17:39 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 8046 bytes --]

CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Alexander Potapenko <glider@google.com>
CC: Marco Elver <elver@google.com>
CC: Dmitry Vyukov <dvyukov@google.com>
CC: Jann Horn <jannh@google.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   3fb6d0e00efc958d01c2f109c8453033a2d96796
commit: 1dc0da6e9ec0f8d735756374697912cd50f402cf x86, kfence: enable KFENCE for x86
date:   24 hours ago
:::::: branch date: 19 hours ago
:::::: commit date: 24 hours ago
config: i386-randconfig-s002-20210228 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-241-geaceeafa-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1dc0da6e9ec0f8d735756374697912cd50f402cf
        git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout 1dc0da6e9ec0f8d735756374697912cd50f402cf
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


"sparse warnings: (new ones prefixed by >>)"
>> mm/kfence/core.c:839:9: sparse: sparse: context imbalance in 'kfence_handle_page_fault' - different lock contexts for basic block

vim +/kfence_handle_page_fault +839 mm/kfence/core.c

0ce20dd840897b Alexander Potapenko 2021-02-25  768  
0ce20dd840897b Alexander Potapenko 2021-02-25  769  bool kfence_handle_page_fault(unsigned long addr)
0ce20dd840897b Alexander Potapenko 2021-02-25  770  {
0ce20dd840897b Alexander Potapenko 2021-02-25  771  	const int page_index = (addr - (unsigned long)__kfence_pool) / PAGE_SIZE;
0ce20dd840897b Alexander Potapenko 2021-02-25  772  	struct kfence_metadata *to_report = NULL;
0ce20dd840897b Alexander Potapenko 2021-02-25  773  	enum kfence_error_type error_type;
0ce20dd840897b Alexander Potapenko 2021-02-25  774  	unsigned long flags;
0ce20dd840897b Alexander Potapenko 2021-02-25  775  
0ce20dd840897b Alexander Potapenko 2021-02-25  776  	if (!is_kfence_address((void *)addr))
0ce20dd840897b Alexander Potapenko 2021-02-25  777  		return false;
0ce20dd840897b Alexander Potapenko 2021-02-25  778  
0ce20dd840897b Alexander Potapenko 2021-02-25  779  	if (!READ_ONCE(kfence_enabled)) /* If disabled at runtime ... */
0ce20dd840897b Alexander Potapenko 2021-02-25  780  		return kfence_unprotect(addr); /* ... unprotect and proceed. */
0ce20dd840897b Alexander Potapenko 2021-02-25  781  
0ce20dd840897b Alexander Potapenko 2021-02-25  782  	atomic_long_inc(&counters[KFENCE_COUNTER_BUGS]);
0ce20dd840897b Alexander Potapenko 2021-02-25  783  
0ce20dd840897b Alexander Potapenko 2021-02-25  784  	if (page_index % 2) {
0ce20dd840897b Alexander Potapenko 2021-02-25  785  		/* This is a redzone, report a buffer overflow. */
0ce20dd840897b Alexander Potapenko 2021-02-25  786  		struct kfence_metadata *meta;
0ce20dd840897b Alexander Potapenko 2021-02-25  787  		int distance = 0;
0ce20dd840897b Alexander Potapenko 2021-02-25  788  
0ce20dd840897b Alexander Potapenko 2021-02-25  789  		meta = addr_to_metadata(addr - PAGE_SIZE);
0ce20dd840897b Alexander Potapenko 2021-02-25  790  		if (meta && READ_ONCE(meta->state) == KFENCE_OBJECT_ALLOCATED) {
0ce20dd840897b Alexander Potapenko 2021-02-25  791  			to_report = meta;
0ce20dd840897b Alexander Potapenko 2021-02-25  792  			/* Data race ok; distance calculation approximate. */
0ce20dd840897b Alexander Potapenko 2021-02-25  793  			distance = addr - data_race(meta->addr + meta->size);
0ce20dd840897b Alexander Potapenko 2021-02-25  794  		}
0ce20dd840897b Alexander Potapenko 2021-02-25  795  
0ce20dd840897b Alexander Potapenko 2021-02-25  796  		meta = addr_to_metadata(addr + PAGE_SIZE);
0ce20dd840897b Alexander Potapenko 2021-02-25  797  		if (meta && READ_ONCE(meta->state) == KFENCE_OBJECT_ALLOCATED) {
0ce20dd840897b Alexander Potapenko 2021-02-25  798  			/* Data race ok; distance calculation approximate. */
0ce20dd840897b Alexander Potapenko 2021-02-25  799  			if (!to_report || distance > data_race(meta->addr) - addr)
0ce20dd840897b Alexander Potapenko 2021-02-25  800  				to_report = meta;
0ce20dd840897b Alexander Potapenko 2021-02-25  801  		}
0ce20dd840897b Alexander Potapenko 2021-02-25  802  
0ce20dd840897b Alexander Potapenko 2021-02-25  803  		if (!to_report)
0ce20dd840897b Alexander Potapenko 2021-02-25  804  			goto out;
0ce20dd840897b Alexander Potapenko 2021-02-25  805  
0ce20dd840897b Alexander Potapenko 2021-02-25  806  		raw_spin_lock_irqsave(&to_report->lock, flags);
0ce20dd840897b Alexander Potapenko 2021-02-25  807  		to_report->unprotected_page = addr;
0ce20dd840897b Alexander Potapenko 2021-02-25  808  		error_type = KFENCE_ERROR_OOB;
0ce20dd840897b Alexander Potapenko 2021-02-25  809  
0ce20dd840897b Alexander Potapenko 2021-02-25  810  		/*
0ce20dd840897b Alexander Potapenko 2021-02-25  811  		 * If the object was freed before we took the look we can still
0ce20dd840897b Alexander Potapenko 2021-02-25  812  		 * report this as an OOB -- the report will simply show the
0ce20dd840897b Alexander Potapenko 2021-02-25  813  		 * stacktrace of the free as well.
0ce20dd840897b Alexander Potapenko 2021-02-25  814  		 */
0ce20dd840897b Alexander Potapenko 2021-02-25  815  	} else {
0ce20dd840897b Alexander Potapenko 2021-02-25  816  		to_report = addr_to_metadata(addr);
0ce20dd840897b Alexander Potapenko 2021-02-25  817  		if (!to_report)
0ce20dd840897b Alexander Potapenko 2021-02-25  818  			goto out;
0ce20dd840897b Alexander Potapenko 2021-02-25  819  
0ce20dd840897b Alexander Potapenko 2021-02-25  820  		raw_spin_lock_irqsave(&to_report->lock, flags);
0ce20dd840897b Alexander Potapenko 2021-02-25  821  		error_type = KFENCE_ERROR_UAF;
0ce20dd840897b Alexander Potapenko 2021-02-25  822  		/*
0ce20dd840897b Alexander Potapenko 2021-02-25  823  		 * We may race with __kfence_alloc(), and it is possible that a
0ce20dd840897b Alexander Potapenko 2021-02-25  824  		 * freed object may be reallocated. We simply report this as a
0ce20dd840897b Alexander Potapenko 2021-02-25  825  		 * use-after-free, with the stack trace showing the place where
0ce20dd840897b Alexander Potapenko 2021-02-25  826  		 * the object was re-allocated.
0ce20dd840897b Alexander Potapenko 2021-02-25  827  		 */
0ce20dd840897b Alexander Potapenko 2021-02-25  828  	}
0ce20dd840897b Alexander Potapenko 2021-02-25  829  
0ce20dd840897b Alexander Potapenko 2021-02-25  830  out:
0ce20dd840897b Alexander Potapenko 2021-02-25  831  	if (to_report) {
0ce20dd840897b Alexander Potapenko 2021-02-25  832  		kfence_report_error(addr, to_report, error_type);
0ce20dd840897b Alexander Potapenko 2021-02-25  833  		raw_spin_unlock_irqrestore(&to_report->lock, flags);
0ce20dd840897b Alexander Potapenko 2021-02-25  834  	} else {
0ce20dd840897b Alexander Potapenko 2021-02-25  835  		/* This may be a UAF or OOB access, but we can't be sure. */
0ce20dd840897b Alexander Potapenko 2021-02-25  836  		kfence_report_error(addr, NULL, KFENCE_ERROR_INVALID);
0ce20dd840897b Alexander Potapenko 2021-02-25  837  	}
0ce20dd840897b Alexander Potapenko 2021-02-25  838  
0ce20dd840897b Alexander Potapenko 2021-02-25 @839  	return kfence_unprotect(addr); /* Unprotect and let access proceed. */

:::::: The code at line 839 was first introduced by commit
:::::: 0ce20dd840897b12ae70869c69f1ba34d6d16965 mm: add Kernel Electric-Fence infrastructure

:::::: TO: Alexander Potapenko <glider@google.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31595 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-02-27 17:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-27 17:39 mm/kfence/core.c:839:9: sparse: sparse: context imbalance in 'kfence_handle_page_fault' - different lock contexts for basic block kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.