* [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
@ 2019-12-17 0:33 bugzilla-daemon
2019-12-17 0:35 ` [Bug 205885] " bugzilla-daemon
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 0:33 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
Bug ID: 205885
Summary: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
Product: Platform Specific/Hardware
Version: 2.5
Kernel Version: 5.5-rc2
Hardware: PPC-32
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: PPC-32
Assignee: platform_ppc-32@kernel-bugs.osdl.org
Reporter: erhard_f@mailbox.org
Regression: No
Created attachment 286331
--> https://bugzilla.kernel.org/attachment.cgi?id=286331&action=edit
screenshot (5.5-rc2, PowerMac G4 DP)
I get this hit at booting kernel 5.5-rc2 on my G4 DP:
[...]
BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
Read of size 1 at addr 00000000 by task swapper/0/1
CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 5.5.0-rc2-PowerMacG4
Call Trace:
[ee8edd78] [c07819e0] dump_stack+0xbc/0x118 (unreliable)
[ee8edda8] [c0244b48] __kasan_report+0x174/0x180
[ee8edde8] [c07949dc] strncpy+0x3c/0x60
[ee8ede18] [c0b6979c] mount_block_root+0x200/0x3e0
[ee8edef8] [c0b69b74] prepare_namespace+0x164/0x174
[ee8edf18] [c0005f3c] kernel_init+0x14/0xf0
[ee8edf38] [c001a348] ret_from_kernel_thread+0x14/0x1c
=================================================================
BUG: Kernel NULL pointer dereference on read at 0x0000000
Faulting instruction address: 0xc07949dc
Oops: Kernel access of bad area sig: 11 (#1]
[...]
For details see screenshot (I appled a median filter but tesseract still was
not able to make much text out of it).
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
@ 2019-12-17 0:35 ` bugzilla-daemon
2019-12-17 5:41 ` bugzilla-daemon
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 0:35 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
--- Comment #1 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 286333
--> https://bugzilla.kernel.org/attachment.cgi?id=286333&action=edit
kernel .config (5.5-rc2, PowerMac G4 DP)
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
2019-12-17 0:35 ` [Bug 205885] " bugzilla-daemon
@ 2019-12-17 5:41 ` bugzilla-daemon
2019-12-17 15:22 ` bugzilla-daemon
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 5:41 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
Christophe Leroy (christophe.leroy@c-s.fr) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |christophe.leroy@c-s.fr
--- Comment #2 from Christophe Leroy (christophe.leroy@c-s.fr) ---
You didn't get that with 5.5-rc1 ?
You get that as well when KASAN is not activated ?
If answer to both is 'yes', can you bisect ?
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
2019-12-17 0:35 ` [Bug 205885] " bugzilla-daemon
2019-12-17 5:41 ` bugzilla-daemon
@ 2019-12-17 15:22 ` bugzilla-daemon
2019-12-17 17:49 ` bugzilla-daemon
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 15:22 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
--- Comment #3 from Erhard F. (erhard_f@mailbox.org) ---
5.5-rc1 works with identical kernel .config.
And on -rc2 I get that without KASAN as well.
I'll do a bisect and report back.
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
` (2 preceding siblings ...)
2019-12-17 15:22 ` bugzilla-daemon
@ 2019-12-17 17:49 ` bugzilla-daemon
2019-12-17 17:51 ` [Bug 205885] [Bisected] " bugzilla-daemon
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 17:49 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #286333|0 |1
is obsolete| |
--- Comment #4 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 286343
--> https://bugzilla.kernel.org/attachment.cgi?id=286343&action=edit
kernel .config (5.5-rc2, PowerMac G4 DP)
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] [Bisected] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
` (3 preceding siblings ...)
2019-12-17 17:49 ` bugzilla-daemon
@ 2019-12-17 17:51 ` bugzilla-daemon
2019-12-17 17:52 ` bugzilla-daemon
2019-12-18 11:07 ` bugzilla-daemon
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 17:51 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
--- Comment #5 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 286345
--> https://bugzilla.kernel.org/attachment.cgi?id=286345&action=edit
bisect.log
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] [Bisected] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
` (4 preceding siblings ...)
2019-12-17 17:51 ` [Bug 205885] [Bisected] " bugzilla-daemon
@ 2019-12-17 17:52 ` bugzilla-daemon
2019-12-18 11:07 ` bugzilla-daemon
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-17 17:52 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #286345|0 |1
is obsolete| |
--- Comment #6 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 286347
--> https://bugzilla.kernel.org/attachment.cgi?id=286347&action=edit
bisect.log
# git bisect bad | tee -a ~/bisect01.log
cccaa5e33525fc07f4a2ce0518e50b9ddf435e47 is the first bad commit
commit cccaa5e33525fc07f4a2ce0518e50b9ddf435e47
Author: Dominik Brodowski <linux@dominikbrodowski.net>
Date: Tue Oct 23 22:41:09 2018 +0200
init: use do_mount() instead of ksys_mount()
In prepare_namespace(), do_mount() can be used instead of ksys_mount()
as the first and third argument are const strings in the kernel, the
second and fourth argument are passed through anyway, and the fifth
argument is NULL.
In do_mount_root(), ksys_mount() is called with the first and third
argument being already kernelspace strings, which do not need to be
copied over from userspace to kernelspace (again). The second and
fourth arguments are passed through to do_mount() anyway. The fifth
argument, while already residing in kernelspace, needs to be put into
a page of its own. Then, do_mount() can be used instead of
ksys_mount().
Once this is done, there are no in-kernel users to ksys_mount() left,
which can therefore be removed.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
fs/namespace.c | 10 ++--------
include/linux/syscalls.h | 2 --
init/do_mounts.c | 28 ++++++++++++++++++++++------
3 files changed, 24 insertions(+), 16 deletions(-)
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug 205885] [Bisected] BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
` (5 preceding siblings ...)
2019-12-17 17:52 ` bugzilla-daemon
@ 2019-12-18 11:07 ` bugzilla-daemon
6 siblings, 0 replies; 8+ messages in thread
From: bugzilla-daemon @ 2019-12-18 11:07 UTC (permalink / raw)
To: linuxppc-dev
https://bugzilla.kernel.org/show_bug.cgi?id=205885
Michael Ellerman (michael@ellerman.id.au) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |michael@ellerman.id.au
Resolution|--- |PATCH_ALREADY_AVAILABLE
--- Comment #7 from Michael Ellerman (michael@ellerman.id.au) ---
This is fixed upstream:
https://git.kernel.org/torvalds/c/7de7de7ca0ae0fc70515ee3154af33af75edae2c
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-12-18 11:09 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-17 0:33 [Bug 205885] New: BUG: KASAN: null-ptr-deref in strncpy+0x3c/0x60 bugzilla-daemon
2019-12-17 0:35 ` [Bug 205885] " bugzilla-daemon
2019-12-17 5:41 ` bugzilla-daemon
2019-12-17 15:22 ` bugzilla-daemon
2019-12-17 17:49 ` bugzilla-daemon
2019-12-17 17:51 ` [Bug 205885] [Bisected] " bugzilla-daemon
2019-12-17 17:52 ` bugzilla-daemon
2019-12-18 11:07 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.