All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/1] Fix Kasan test module run failed in RISCV architecture
@ 2020-11-30  9:13 Nylon Chen
  2020-11-30  9:13 ` [PATCH 1/1] riscv: provide memmove implementation Nylon Chen
  0 siblings, 1 reply; 3+ messages in thread
From: Nylon Chen @ 2020-11-30  9:13 UTC (permalink / raw)
  To: aryabinin, glider, dvyukov, kasan-dev, akpm, paul.walmsley,
	palmer, aou, nickhu, nylon7, luc.vanoostenryck, greentime.hu,
	linux-riscv
  Cc: nylon7717, Nick Hu, alankao

When you run Kasan test module in RISCV architecture,"kmalloc_memmove_invalid_size()"
will be executed and then kernel will be hang in infinite loop as below:

[   26.228433] Memory state around the buggy address:
[   26.229824]  ffffffe066e11d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   26.232098]  ffffffe066e11d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   26.234461] >ffffffe066e11e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   26.236650]                                            ^
[   26.238149]  ffffffe066e11e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.240400]  ffffffe066e11f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.242646]
==================================================================
[   26.245312]
==================================================================
[   26.247607] BUG: KASAN: slab-out-of-bounds in memmove+0x2e/0x8a
[   26.249160] Read of size 1 at addr ffffffe066e11e49 by task
insmod/106
[   26.250855]
[   26.251755] CPU: 0 PID: 106 Comm: insmod Tainted: G    B
5.8.7 #2
[   26.253454] Call Trace:
[   26.254509] [<ffffffe000203256>] walk_stackframe+0x0/0x128
[   26.256027] [<ffffffe000203530>] show_stack+0x2e/0x3a
[   26.257467] [<ffffffe0005ab9e0>] dump_stack+0x84/0xa0
[   26.258936] [<ffffffe000367120>]
print_address_description.isra.0+0x34/0x404
[   26.260686] [<ffffffe000367676>] kasan_report+0xda/0x132
[   26.262141] [<ffffffe000367a68>] __asan_load1+0x42/0x4a
[   26.263610] [<ffffffe0005c1c4c>] memmove+0x2e/0x8a
[   26.265241] [<ffffffdf81cdec26>]
kmalloc_memmove_invalid_size+0x94/0xaa [test_kasan]
[   26.267829] [<ffffffdf81cdfa2a>] kmalloc_tests_init+0x94/0x14a
[test_kasan]
[   26.269563] [<ffffffe0002000d8>] do_one_initcall+0x40/0x134
[   26.271106] [<ffffffe0002a2e5c>] do_init_module+0xc6/0x25c
[   26.272610] [<ffffffe0002a5692>] load_module+0x257a/0x2bf2
[   26.274096] [<ffffffe0002a5e70>] __do_sys_finit_module+0x7e/0x94
[   26.275676] [<ffffffe0002a5eaa>] sys_finit_module+0x10/0x18
[   26.277207] [<ffffffe000201690>] ret_from_syscall+0x0/0x2
[   26.278677]

.....

[  579.407314]  0x0
[  579.408267]  0x0
[  579.409222]  0x0
[  579.410198]  0x0
[  579.411206]  0x0
[  579.412151]  0x0
[  579.413122]  0x0
[  579.414080]  0x0
[  579.415026]  0x0
[  579.415964]  0x0
[  579.416912]  0x0
[  579.417871]  0x0
[  579.418834]  0x0
[  579.419781]  0x0
[  579.420738]  0x0
[  579.421841]  0x0
[  579.422805]  0x0
[  579.423764]  0x0
[  579.424696]  0x0
[  579.425638]  0x0
[  579.426599]  0x0
[  579.427538]  0x0
[  579.428467]  0x0

.....


if we define __HAVE_ARCH_MEMMOVE and port memmove to RISCV can fix it.

Signed-off-by: Nick Hu <nickhu@andestech.com>
Signed-off-by: Nick Hu <nick650823@gmail.com>
Signed-off-by: Nylon Chen <nylon7@andestech.com>

Nylon Chen (1):
  riscv: provide memmove implementation

 arch/riscv/include/asm/string.h |  8 ++---
 arch/riscv/kernel/riscv_ksyms.c |  2 ++
 arch/riscv/lib/Makefile         |  1 +
 arch/riscv/lib/memmove.S        | 64 +++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+), 4 deletions(-)
 create mode 100644 arch/riscv/lib/memmove.S

-- 
2.17.1


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH 1/1] riscv: provide memmove implementation
  2020-11-30  9:13 [PATCH 0/1] Fix Kasan test module run failed in RISCV architecture Nylon Chen
@ 2020-11-30  9:13 ` Nylon Chen
  2020-12-11  1:43   ` Palmer Dabbelt
  0 siblings, 1 reply; 3+ messages in thread
From: Nylon Chen @ 2020-11-30  9:13 UTC (permalink / raw)
  To: aryabinin, glider, dvyukov, kasan-dev, akpm, paul.walmsley,
	palmer, aou, nickhu, nylon7, luc.vanoostenryck, greentime.hu,
	linux-riscv
  Cc: nylon7717, Nick Hu, alankao

The memmove used by the kernel feature like KASAN.

Signed-off-by: Nick Hu <nickhu@andestech.com>
Signed-off-by: Nick Hu <nick650823@gmail.com>
Signed-off-by: Nylon Chen <nylon7@andestech.com>
---
 arch/riscv/include/asm/string.h |  8 ++---
 arch/riscv/kernel/riscv_ksyms.c |  2 ++
 arch/riscv/lib/Makefile         |  1 +
 arch/riscv/lib/memmove.S        | 64 +++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+), 4 deletions(-)
 create mode 100644 arch/riscv/lib/memmove.S

diff --git a/arch/riscv/include/asm/string.h b/arch/riscv/include/asm/string.h
index 924af13f8555..5477e7ecb6e1 100644
--- a/arch/riscv/include/asm/string.h
+++ b/arch/riscv/include/asm/string.h
@@ -12,16 +12,16 @@
 #define __HAVE_ARCH_MEMSET
 extern asmlinkage void *memset(void *, int, size_t);
 extern asmlinkage void *__memset(void *, int, size_t);
-
 #define __HAVE_ARCH_MEMCPY
 extern asmlinkage void *memcpy(void *, const void *, size_t);
 extern asmlinkage void *__memcpy(void *, const void *, size_t);
-
+#define __HAVE_ARCH_MEMMOVE
+extern asmlinkage void *memmove(void *, const void *, size_t);
+extern asmlinkage void *__memmove(void *, const void *, size_t);
 /* For those files which don't want to check by kasan. */
 #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
-
 #define memcpy(dst, src, len) __memcpy(dst, src, len)
 #define memset(s, c, n) __memset(s, c, n)
-
+#define memmove(dst, src, len) __memmove(dst, src, len)
 #endif
 #endif /* _ASM_RISCV_STRING_H */
diff --git a/arch/riscv/kernel/riscv_ksyms.c b/arch/riscv/kernel/riscv_ksyms.c
index 450492e1cb4e..5ab1c7e1a6ed 100644
--- a/arch/riscv/kernel/riscv_ksyms.c
+++ b/arch/riscv/kernel/riscv_ksyms.c
@@ -11,5 +11,7 @@
  */
 EXPORT_SYMBOL(memset);
 EXPORT_SYMBOL(memcpy);
+EXPORT_SYMBOL(memmove);
 EXPORT_SYMBOL(__memset);
 EXPORT_SYMBOL(__memcpy);
+EXPORT_SYMBOL(__memmove);
diff --git a/arch/riscv/lib/Makefile b/arch/riscv/lib/Makefile
index 47e7a8204460..ac6171e9c19e 100644
--- a/arch/riscv/lib/Makefile
+++ b/arch/riscv/lib/Makefile
@@ -2,5 +2,6 @@
 lib-y			+= delay.o
 lib-y			+= memcpy.o
 lib-y			+= memset.o
+lib-y			+= memmove.o
 lib-$(CONFIG_MMU)	+= uaccess.o
 lib-$(CONFIG_64BIT)	+= tishift.o
diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S
new file mode 100644
index 000000000000..07d1d2152ba5
--- /dev/null
+++ b/arch/riscv/lib/memmove.S
@@ -0,0 +1,64 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/linkage.h>
+#include <asm/asm.h>
+
+ENTRY(__memmove)
+WEAK(memmove)
+        move    t0, a0
+        move    t1, a1
+
+        beq     a0, a1, exit_memcpy
+        beqz    a2, exit_memcpy
+        srli    t2, a2, 0x2
+
+        slt     t3, a0, a1
+        beqz    t3, do_reverse
+
+        andi    a2, a2, 0x3
+        li      t4, 1
+        beqz    t2, byte_copy
+
+word_copy:
+        lw      t3, 0(a1)
+        addi    t2, t2, -1
+        addi    a1, a1, 4
+        sw      t3, 0(a0)
+        addi    a0, a0, 4
+        bnez    t2, word_copy
+        beqz    a2, exit_memcpy
+        j       byte_copy
+
+do_reverse:
+        add     a0, a0, a2
+        add     a1, a1, a2
+        andi    a2, a2, 0x3
+        li      t4, -1
+        beqz    t2, reverse_byte_copy
+
+reverse_word_copy:
+        addi    a1, a1, -4
+        addi    t2, t2, -1
+        lw      t3, 0(a1)
+        addi    a0, a0, -4
+        sw      t3, 0(a0)
+        bnez    t2, reverse_word_copy
+        beqz    a2, exit_memcpy
+
+reverse_byte_copy:
+        addi    a0, a0, -1
+        addi    a1, a1, -1
+
+byte_copy:
+        lb      t3, 0(a1)
+        addi    a2, a2, -1
+        sb      t3, 0(a0)
+        add     a1, a1, t4
+        add     a0, a0, t4
+        bnez    a2, byte_copy
+
+exit_memcpy:
+        move a0, t0
+        move a1, t1
+        ret
+END(__memmove)
-- 
2.17.1


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] riscv: provide memmove implementation
  2020-11-30  9:13 ` [PATCH 1/1] riscv: provide memmove implementation Nylon Chen
@ 2020-12-11  1:43   ` Palmer Dabbelt
  0 siblings, 0 replies; 3+ messages in thread
From: Palmer Dabbelt @ 2020-12-11  1:43 UTC (permalink / raw)
  To: nylon7
  Cc: aou, alankao, nickhu, nick650823, kasan-dev, nylon7, nylon7717,
	linux-riscv, glider, luc.vanoostenryck, Paul Walmsley, aryabinin,
	akpm, greentime.hu, dvyukov

On Mon, 30 Nov 2020 01:13:19 PST (-0800), nylon7@andestech.com wrote:
> The memmove used by the kernel feature like KASAN.
>
> Signed-off-by: Nick Hu <nickhu@andestech.com>
> Signed-off-by: Nick Hu <nick650823@gmail.com>
> Signed-off-by: Nylon Chen <nylon7@andestech.com>
> ---
>  arch/riscv/include/asm/string.h |  8 ++---
>  arch/riscv/kernel/riscv_ksyms.c |  2 ++
>  arch/riscv/lib/Makefile         |  1 +
>  arch/riscv/lib/memmove.S        | 64 +++++++++++++++++++++++++++++++++
>  4 files changed, 71 insertions(+), 4 deletions(-)
>  create mode 100644 arch/riscv/lib/memmove.S
>
> diff --git a/arch/riscv/include/asm/string.h b/arch/riscv/include/asm/string.h
> index 924af13f8555..5477e7ecb6e1 100644
> --- a/arch/riscv/include/asm/string.h
> +++ b/arch/riscv/include/asm/string.h
> @@ -12,16 +12,16 @@
>  #define __HAVE_ARCH_MEMSET
>  extern asmlinkage void *memset(void *, int, size_t);
>  extern asmlinkage void *__memset(void *, int, size_t);
> -
>  #define __HAVE_ARCH_MEMCPY
>  extern asmlinkage void *memcpy(void *, const void *, size_t);
>  extern asmlinkage void *__memcpy(void *, const void *, size_t);
> -
> +#define __HAVE_ARCH_MEMMOVE
> +extern asmlinkage void *memmove(void *, const void *, size_t);
> +extern asmlinkage void *__memmove(void *, const void *, size_t);
>  /* For those files which don't want to check by kasan. */
>  #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
> -
>  #define memcpy(dst, src, len) __memcpy(dst, src, len)
>  #define memset(s, c, n) __memset(s, c, n)
> -
> +#define memmove(dst, src, len) __memmove(dst, src, len)
>  #endif
>  #endif /* _ASM_RISCV_STRING_H */
> diff --git a/arch/riscv/kernel/riscv_ksyms.c b/arch/riscv/kernel/riscv_ksyms.c
> index 450492e1cb4e..5ab1c7e1a6ed 100644
> --- a/arch/riscv/kernel/riscv_ksyms.c
> +++ b/arch/riscv/kernel/riscv_ksyms.c
> @@ -11,5 +11,7 @@
>   */
>  EXPORT_SYMBOL(memset);
>  EXPORT_SYMBOL(memcpy);
> +EXPORT_SYMBOL(memmove);
>  EXPORT_SYMBOL(__memset);
>  EXPORT_SYMBOL(__memcpy);
> +EXPORT_SYMBOL(__memmove);
> diff --git a/arch/riscv/lib/Makefile b/arch/riscv/lib/Makefile
> index 47e7a8204460..ac6171e9c19e 100644
> --- a/arch/riscv/lib/Makefile
> +++ b/arch/riscv/lib/Makefile
> @@ -2,5 +2,6 @@
>  lib-y			+= delay.o
>  lib-y			+= memcpy.o
>  lib-y			+= memset.o
> +lib-y			+= memmove.o
>  lib-$(CONFIG_MMU)	+= uaccess.o
>  lib-$(CONFIG_64BIT)	+= tishift.o
> diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S
> new file mode 100644
> index 000000000000..07d1d2152ba5
> --- /dev/null
> +++ b/arch/riscv/lib/memmove.S
> @@ -0,0 +1,64 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#include <linux/linkage.h>
> +#include <asm/asm.h>
> +
> +ENTRY(__memmove)
> +WEAK(memmove)
> +        move    t0, a0
> +        move    t1, a1
> +
> +        beq     a0, a1, exit_memcpy
> +        beqz    a2, exit_memcpy
> +        srli    t2, a2, 0x2
> +
> +        slt     t3, a0, a1
> +        beqz    t3, do_reverse
> +
> +        andi    a2, a2, 0x3
> +        li      t4, 1
> +        beqz    t2, byte_copy
> +
> +word_copy:
> +        lw      t3, 0(a1)
> +        addi    t2, t2, -1
> +        addi    a1, a1, 4
> +        sw      t3, 0(a0)
> +        addi    a0, a0, 4
> +        bnez    t2, word_copy
> +        beqz    a2, exit_memcpy
> +        j       byte_copy
> +
> +do_reverse:
> +        add     a0, a0, a2
> +        add     a1, a1, a2
> +        andi    a2, a2, 0x3
> +        li      t4, -1
> +        beqz    t2, reverse_byte_copy
> +
> +reverse_word_copy:
> +        addi    a1, a1, -4
> +        addi    t2, t2, -1
> +        lw      t3, 0(a1)
> +        addi    a0, a0, -4
> +        sw      t3, 0(a0)
> +        bnez    t2, reverse_word_copy
> +        beqz    a2, exit_memcpy
> +
> +reverse_byte_copy:
> +        addi    a0, a0, -1
> +        addi    a1, a1, -1
> +
> +byte_copy:
> +        lb      t3, 0(a1)
> +        addi    a2, a2, -1
> +        sb      t3, 0(a0)
> +        add     a1, a1, t4
> +        add     a0, a0, t4
> +        bnez    a2, byte_copy
> +
> +exit_memcpy:
> +        move a0, t0
> +        move a1, t1
> +        ret
> +END(__memmove)

Thanks, this is on for-next.

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-11  1:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-30  9:13 [PATCH 0/1] Fix Kasan test module run failed in RISCV architecture Nylon Chen
2020-11-30  9:13 ` [PATCH 1/1] riscv: provide memmove implementation Nylon Chen
2020-12-11  1:43   ` Palmer Dabbelt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.