From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E1B9C2BD09 for ; Thu, 5 Dec 2019 11:37:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 39AAC24652 for ; Thu, 5 Dec 2019 11:37:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FjAqSfZW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729380AbfLELhK (ORCPT ); Thu, 5 Dec 2019 06:37:10 -0500 Received: from mail-qt1-f195.google.com ([209.85.160.195]:41145 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729187AbfLELhJ (ORCPT ); Thu, 5 Dec 2019 06:37:09 -0500 Received: by mail-qt1-f195.google.com with SMTP id v2so3187137qtv.8 for ; Thu, 05 Dec 2019 03:37:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TfYIZA1x1hWCQA6g7oQ19DH7tEX6ualy3pbm/P3Lk+A=; b=FjAqSfZWtL5kJIRnjAfh3psbkl8pAdn9kqdwrkrc6B4f8S1BQX57V7yNhGnG0BgwL4 z15JyoonOBeE0tT3TytWPHa3CYQzBD9Tx1POq43C8+CKKbYgMmPV0L4s8BZLCisZW0Pm f5LkYEtNxM7sPloRggdzD8iVN6W49sZsR+I/jfJbS6KjWa+Z1FJ1NvmgxtfYC2CLp305 w4/Zdw6lu3ne6ZYwhPkYooh4vLuzcrPNHP7Rj3jkgz7jaVzaahUIH1/iG1bVjXkBegYp /DU83BC87lTZAbNf8X47Bpt+FqvVbEZvFIVSsSmXIuUebjxYpvSkwl+OHCAaL0gmPODj tlXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TfYIZA1x1hWCQA6g7oQ19DH7tEX6ualy3pbm/P3Lk+A=; b=XsEnJpeqq11/IWq+Z9U47QPcWI8lKybOnPg90jirzshAoK02+X5ioZ2shI1BqtSbk/ puNzFFclxHhXKQ68bAo21iKSgif1vwTxVGYMpdrMU9EKxNYzkErKynx8KnYIIaQu/9F4 GPhggCPwau6tsV0nNAanHQACTTslujR13y+8waX5iwHsDAC5hns470wSU+uwu1Bb6aCd lf8Qw/7v9QYzbz/+S5Bo3soegN78gY4UFNftqxPrX7kpevY8VvIR7mmnF753inQqDEbh CxYG/1G5WhXAKVaF4KlcHzkN1qK08oQIpGl2mIaVegv3/19RjkRi/R/VHOdwtA6Gasve NJBw== X-Gm-Message-State: APjAAAXQk+mzIgsBDZ+bk6E1lg3q+R/GZxounyLla7/0Rpnxj33tz23n xK0buEpDVpBvmDG/DAoQfJvZ4OUkVkXb6QY2LrgORg== X-Google-Smtp-Source: APXvYqzfgZJ9l6UJOOMZ2Qo7SFoVkzP/jw5YHvEyX7L/cw3KsXRUm/icBbPq7v443TCg8aD8BOA0xHa3BtNpRac5BEo= X-Received: by 2002:ac8:ccf:: with SMTP id o15mr7086616qti.380.1575545828141; Thu, 05 Dec 2019 03:37:08 -0800 (PST) MIME-Version: 1.0 References: <0000000000003e640e0598e7abc3@google.com> <41c082f5-5d22-d398-3bdd-3f4bf69d7ea3@redhat.com> <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> In-Reply-To: <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> From: Dmitry Vyukov Date: Thu, 5 Dec 2019 12:36:56 +0100 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font To: Tetsuo Handa Cc: Paolo Bonzini , syzbot , Andrey Ryabinin , Bartlomiej Zolnierkiewicz , Daniel Thompson , Daniel Vetter , DRI , ghalat@redhat.com, Gleb Natapov , gwshan@linux.vnet.ibm.com, "H. Peter Anvin" , James Morris , kasan-dev , KVM list , Linux Fbdev development list , LKML , linux-security-module , Maarten Lankhorst , Ingo Molnar , Michael Ellerman , Russell Currey , Sam Ravnborg , "Serge E. Hallyn" , stewart@linux.vnet.ibm.com, syzkaller-bugs , Kentaro Takeda , Thomas Gleixner , "the arch/x86 maintainers" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 5, 2019 at 11:41 AM Tetsuo Handa wrote: > > On 2019/12/05 19:22, Paolo Bonzini wrote: > > Ah, and because the machine is a KVM guest, kvm_wait appears in a lot of > > backtrace and I get to share syzkaller's joy every time. :) > > > > This bisect result is bogus, though Tetsuo found the bug anyway. > > Perhaps you can exclude commits that only touch architectures other than > > x86? > > > > It would be nice if coverage functionality can extract filenames in the source > code and supply the list of filenames as arguments for bisect operation. > > Also, (unrelated but) it would be nice if we can have "make yes2modconfig" > target which converts CONFIG_FOO=y to CONFIG_FOO=m if FOO is tristate. > syzbot is testing kernel configs close to "make allyesconfig" but I want to > save kernel rebuild time by disabling unrelated functionality when manually > "debug printk()ing" kernels. I thought that maybe sed "s#=y#=m#g" && make olddefconfig will do, but unfortunately, it turns off non-tristate configs... $ egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config CONFIG_MEMORY_HOTPLUG=y CONFIG_TCP_CONG_DCTCP=y # sed -i "s/CONFIG_MEMORY_HOTPLUG=y/CONFIG_MEMORY_HOTPLUG=m/g" .config # sed -i "s/CONFIG_TCP_CONG_DCTCP=y/CONFIG_TCP_CONG_DCTCP=m/g" .config # egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config CONFIG_MEMORY_HOTPLUG=m CONFIG_TCP_CONG_DCTCP=m # make olddefconfig # egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config # CONFIG_MEMORY_HOTPLUG is not set CONFIG_TCP_CONG_DCTCP=m From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dmitry Vyukov Date: Thu, 05 Dec 2019 11:36:56 +0000 Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font Message-Id: List-Id: References: <0000000000003e640e0598e7abc3@google.com> <41c082f5-5d22-d398-3bdd-3f4bf69d7ea3@redhat.com> <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> In-Reply-To: <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Tetsuo Handa Cc: Linux Fbdev development list , KVM list , Daniel Vetter , Russell Currey , DRI , ghalat@redhat.com, "H. Peter Anvin" , Sam Ravnborg , syzbot , Kentaro Takeda , stewart@linux.vnet.ibm.com, Daniel Thompson , Michael Ellerman , the arch/x86 maintainers , James Morris , kasan-dev , Ingo Molnar , Andrey Ryabinin , "Serge E. Hallyn" , Bartlomiej Zolnierkiewicz , Gleb Natapov , syzkaller-bugs , gwshan@linux.vnet.ibm.com, Thomas Gleixner , LKML , linux-security-module , Paolo Bonzini On Thu, Dec 5, 2019 at 11:41 AM Tetsuo Handa wrote: > > On 2019/12/05 19:22, Paolo Bonzini wrote: > > Ah, and because the machine is a KVM guest, kvm_wait appears in a lot of > > backtrace and I get to share syzkaller's joy every time. :) > > > > This bisect result is bogus, though Tetsuo found the bug anyway. > > Perhaps you can exclude commits that only touch architectures other than > > x86? > > > > It would be nice if coverage functionality can extract filenames in the source > code and supply the list of filenames as arguments for bisect operation. > > Also, (unrelated but) it would be nice if we can have "make yes2modconfig" > target which converts CONFIG_FOO=y to CONFIG_FOO=m if FOO is tristate. > syzbot is testing kernel configs close to "make allyesconfig" but I want to > save kernel rebuild time by disabling unrelated functionality when manually > "debug printk()ing" kernels. I thought that maybe sed "s#=y#=m#g" && make olddefconfig will do, but unfortunately, it turns off non-tristate configs... $ egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config CONFIG_MEMORY_HOTPLUG=y CONFIG_TCP_CONG_DCTCP=y # sed -i "s/CONFIG_MEMORY_HOTPLUG=y/CONFIG_MEMORY_HOTPLUG=m/g" .config # sed -i "s/CONFIG_TCP_CONG_DCTCP=y/CONFIG_TCP_CONG_DCTCP=m/g" .config # egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config CONFIG_MEMORY_HOTPLUG=m CONFIG_TCP_CONG_DCTCP=m # make olddefconfig # egrep "CONFIG_MEMORY_HOTPLUG|CONFIG_TCP_CONG_DCTCP" .config # CONFIG_MEMORY_HOTPLUG is not set CONFIG_TCP_CONG_DCTCP=m From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=DKIM_ADSP_CUSTOM_MED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 686CBC43603 for ; Fri, 6 Dec 2019 08:18:22 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 44ECC2467A for ; Fri, 6 Dec 2019 08:18:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 44ECC2467A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id BD0556F97B; Fri, 6 Dec 2019 08:17:39 +0000 (UTC) Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by gabe.freedesktop.org (Postfix) with ESMTPS id 4A4466E060 for ; Thu, 5 Dec 2019 11:37:09 +0000 (UTC) Received: by mail-qt1-x843.google.com with SMTP id 38so3162289qtb.13 for ; Thu, 05 Dec 2019 03:37:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TfYIZA1x1hWCQA6g7oQ19DH7tEX6ualy3pbm/P3Lk+A=; b=DDPpfDAurAO/j5d/qFLIvpzQGgaWJxmB2cXfizWT/2l2X8vDgIKvYrDzz2NJLoXzqR gXpLEQwstObvScujDtuzF8nrJqqY+GVJSP4VqYbacNOSP/YijVbvbcntIQSeCYNoqBaY AI/nm/55mTE/g/OVBVPexWKQTieqr7X4MfCjKi1IhwPLCitA21gBwQyBRoLLcQE6F9rj 7xsqCqTL/1BCJ7Gjkrt2T1ReagFlWdqGOuB9+7aV60C/BGlAn39bCPUO0ebel6rjgWRB CB91hvDk+tRU+0xFcNwbL+our2Bs1dYIFhZyKclyr12Y0vYfgIDwHHsLGtX8eDUwi6bY OwSw== X-Gm-Message-State: APjAAAUyCCqpg6kYj5F2jCenFc4l7S7e9sCqX9UO4oC3KX/wAetLX0Ya BoJd9e/XWxPsCRo9Z4ch7VFOjzmgIdCbmrGDYtlMwQ== X-Google-Smtp-Source: APXvYqzfgZJ9l6UJOOMZ2Qo7SFoVkzP/jw5YHvEyX7L/cw3KsXRUm/icBbPq7v443TCg8aD8BOA0xHa3BtNpRac5BEo= X-Received: by 2002:ac8:ccf:: with SMTP id o15mr7086616qti.380.1575545828141; Thu, 05 Dec 2019 03:37:08 -0800 (PST) MIME-Version: 1.0 References: <0000000000003e640e0598e7abc3@google.com> <41c082f5-5d22-d398-3bdd-3f4bf69d7ea3@redhat.com> <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> In-Reply-To: <397ad276-ee2b-3883-9ed4-b5b1a2f8cf67@i-love.sakura.ne.jp> From: Dmitry Vyukov Date: Thu, 5 Dec 2019 12:36:56 +0100 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font To: Tetsuo Handa X-Mailman-Approved-At: Fri, 06 Dec 2019 08:17:34 +0000 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TfYIZA1x1hWCQA6g7oQ19DH7tEX6ualy3pbm/P3Lk+A=; b=FjAqSfZWtL5kJIRnjAfh3psbkl8pAdn9kqdwrkrc6B4f8S1BQX57V7yNhGnG0BgwL4 z15JyoonOBeE0tT3TytWPHa3CYQzBD9Tx1POq43C8+CKKbYgMmPV0L4s8BZLCisZW0Pm f5LkYEtNxM7sPloRggdzD8iVN6W49sZsR+I/jfJbS6KjWa+Z1FJ1NvmgxtfYC2CLp305 w4/Zdw6lu3ne6ZYwhPkYooh4vLuzcrPNHP7Rj3jkgz7jaVzaahUIH1/iG1bVjXkBegYp /DU83BC87lTZAbNf8X47Bpt+FqvVbEZvFIVSsSmXIuUebjxYpvSkwl+OHCAaL0gmPODj tlXQ== X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Linux Fbdev development list , KVM list , Daniel Vetter , Russell Currey , DRI , ghalat@redhat.com, "H. Peter Anvin" , Sam Ravnborg , syzbot , Kentaro Takeda , stewart@linux.vnet.ibm.com, Daniel Thompson , Michael Ellerman , the arch/x86 maintainers , James Morris , kasan-dev , Ingo Molnar , Andrey Ryabinin , "Serge E. Hallyn" , Bartlomiej Zolnierkiewicz , Gleb Natapov , syzkaller-bugs , gwshan@linux.vnet.ibm.com, Thomas Gleixner , LKML , linux-security-module , Paolo Bonzini Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" T24gVGh1LCBEZWMgNSwgMjAxOSBhdCAxMTo0MSBBTSBUZXRzdW8gSGFuZGEKPHBlbmd1aW4ta2Vy bmVsQGktbG92ZS5zYWt1cmEubmUuanA+IHdyb3RlOgo+Cj4gT24gMjAxOS8xMi8wNSAxOToyMiwg UGFvbG8gQm9uemluaSB3cm90ZToKPiA+IEFoLCBhbmQgYmVjYXVzZSB0aGUgbWFjaGluZSBpcyBh IEtWTSBndWVzdCwga3ZtX3dhaXQgYXBwZWFycyBpbiBhIGxvdCBvZgo+ID4gYmFja3RyYWNlIGFu ZCBJIGdldCB0byBzaGFyZSBzeXprYWxsZXIncyBqb3kgZXZlcnkgdGltZS4gOikKPiA+Cj4gPiBU aGlzIGJpc2VjdCByZXN1bHQgaXMgYm9ndXMsIHRob3VnaCBUZXRzdW8gZm91bmQgdGhlIGJ1ZyBh bnl3YXkuCj4gPiBQZXJoYXBzIHlvdSBjYW4gZXhjbHVkZSBjb21taXRzIHRoYXQgb25seSB0b3Vj aCBhcmNoaXRlY3R1cmVzIG90aGVyIHRoYW4KPiA+IHg4Nj8KPiA+Cj4KPiBJdCB3b3VsZCBiZSBu aWNlIGlmIGNvdmVyYWdlIGZ1bmN0aW9uYWxpdHkgY2FuIGV4dHJhY3QgZmlsZW5hbWVzIGluIHRo ZSBzb3VyY2UKPiBjb2RlIGFuZCBzdXBwbHkgdGhlIGxpc3Qgb2YgZmlsZW5hbWVzIGFzIGFyZ3Vt ZW50cyBmb3IgYmlzZWN0IG9wZXJhdGlvbi4KPgo+IEFsc28sICh1bnJlbGF0ZWQgYnV0KSBpdCB3 b3VsZCBiZSBuaWNlIGlmIHdlIGNhbiBoYXZlICJtYWtlIHllczJtb2Rjb25maWciCj4gdGFyZ2V0 IHdoaWNoIGNvbnZlcnRzIENPTkZJR19GT089eSB0byBDT05GSUdfRk9PPW0gaWYgRk9PIGlzIHRy aXN0YXRlLgo+IHN5emJvdCBpcyB0ZXN0aW5nIGtlcm5lbCBjb25maWdzIGNsb3NlIHRvICJtYWtl IGFsbHllc2NvbmZpZyIgYnV0IEkgd2FudCB0bwo+IHNhdmUga2VybmVsIHJlYnVpbGQgdGltZSBi eSBkaXNhYmxpbmcgdW5yZWxhdGVkIGZ1bmN0aW9uYWxpdHkgd2hlbiBtYW51YWxseQo+ICJkZWJ1 ZyBwcmludGsoKWluZyIga2VybmVscy4KCkkgdGhvdWdodCB0aGF0IG1heWJlIHNlZCAicyM9eSM9 bSNnIiAmJiBtYWtlIG9sZGRlZmNvbmZpZyB3aWxsIGRvLCBidXQKdW5mb3J0dW5hdGVseSwgaXQg dHVybnMgb2ZmIG5vbi10cmlzdGF0ZSBjb25maWdzLi4uCgokIGVncmVwICJDT05GSUdfTUVNT1JZ X0hPVFBMVUd8Q09ORklHX1RDUF9DT05HX0RDVENQIiAuY29uZmlnCkNPTkZJR19NRU1PUllfSE9U UExVRz15CkNPTkZJR19UQ1BfQ09OR19EQ1RDUD15CiMgc2VkIC1pICJzL0NPTkZJR19NRU1PUllf SE9UUExVRz15L0NPTkZJR19NRU1PUllfSE9UUExVRz1tL2ciIC5jb25maWcKIyBzZWQgLWkgInMv Q09ORklHX1RDUF9DT05HX0RDVENQPXkvQ09ORklHX1RDUF9DT05HX0RDVENQPW0vZyIgLmNvbmZp ZwojIGVncmVwICJDT05GSUdfTUVNT1JZX0hPVFBMVUd8Q09ORklHX1RDUF9DT05HX0RDVENQIiAu Y29uZmlnCkNPTkZJR19NRU1PUllfSE9UUExVRz1tCkNPTkZJR19UQ1BfQ09OR19EQ1RDUD1tCiMg bWFrZSBvbGRkZWZjb25maWcKIyBlZ3JlcCAiQ09ORklHX01FTU9SWV9IT1RQTFVHfENPTkZJR19U Q1BfQ09OR19EQ1RDUCIgLmNvbmZpZwojIENPTkZJR19NRU1PUllfSE9UUExVRyBpcyBub3Qgc2V0 CkNPTkZJR19UQ1BfQ09OR19EQ1RDUD1tCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fCmRyaS1kZXZlbCBtYWlsaW5nIGxpc3QKZHJpLWRldmVsQGxpc3RzLmZy ZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2RyaS1kZXZlbA==