From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754400AbdLDOHc (ORCPT ); Mon, 4 Dec 2017 09:07:32 -0500 Received: from mail-by2nam03on0062.outbound.protection.outlook.com ([104.47.42.62]:24864 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754132AbdLDOHa (ORCPT ); Mon, 4 Dec 2017 09:07:30 -0500 From: "Cherian, George" To: "Du, Changbin" CC: "linux-acpi@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0 Thread-Topic: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0 Thread-Index: AQHTbOp6QPU4AzERv0uj2kP7w75OBaMzOH2a Date: Mon, 4 Dec 2017 14:07:28 +0000 Message-ID: References: <20171204101944.ppktvwcuf2md6kzt@intel.com> In-Reply-To: <20171204101944.ppktvwcuf2md6kzt@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=George.Cherian@cavium.com; x-originating-ip: [223.227.99.19] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;CY1PR0701MB1709;6:UQuggo1BOZriQintWjv6c3uQNsL5jZwI0ZcFA1P8jdO0oyANRmTROF/jSynnfNlcxxoZDHF7RP+X9uUN2rT7KSyT+Hq5oGL7NX/xVT+PF2tBL0yy0jplkOO259ie6/yaxI2OC3t7ITbTiEbJPF48LgF9PLEP/is6DlbXUezmLaOJcrQp/0d3MffImpgq76ZS5c37v0mtLjLS4a8VYM6txyk+aVgtCTKT+lIK7QSw2NMbDr6RQVhkexJMgWizKym66prz8ETmOcjsQS4BfrKEKMOvNy/CUE9FFK2uMDekxAbvQLVS1wF927HXbiwwccU6SKFc11CTGoeaT/PSP0Zps4L3MtHRZyHSY9y2w5VtZKk=;5:3gTxSdPX14bfHyxr2FAF9GTK4LWR7yJmHYM91goH9oINuOBvkaBq1Mlbo6jgBetxPOsiNCeoU3gE8pa8RtWO8OSb9duRcgpcXazhicGEBI187oUMqOCrHcPVa/uN11rpu89zJdX4xJ1aOxQR3604dsV1+lx4Tza+D/OFna/vC9Q=;24:Pz+I8iI/QB5KIodzmQsg8JgqpSEka+rdcRXclqVDWq74+0O9gTeBOZt/ZIG7h5+2V3Y+pmwBDUxxlu54M1a+TOhcljbGFo4VrNBql0fA/EI=;7:wsWyEj2R/yBVgYlRzq9KP0/yR9HMPqQUHdsDaJGAeUIaZnTDj65WVeNht7pESy7Y56o7VQpj0dxrTZ1hXWjKLGd+XsJVj33RBGnpy4nGfXWNaFosHN0YN/lbq3ockXewO2+feQQy5uOPbj0pff2D4ztwOxsWD+jph1YB6vVlWXYClkbRJr7iqddXNtfPWME420cN5WsD4+N7H8/GoSXn7mnFJAZHEH6xRDhS2qIh2rNREM/FW0mjQgkgzBflnZI4 x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 6e279f6f-7cea-4803-aecc-08d53b205a9e x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603286);SRVR:CY1PR0701MB1709; x-ms-traffictypediagnostic: CY1PR0701MB1709: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(9452136761055)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(3231022)(93006095)(93001095)(3002001)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(6072148)(201708071742011);SRVR:CY1PR0701MB1709;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CY1PR0701MB1709; x-forefront-prvs: 051158ECBB x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(366004)(346002)(376002)(199003)(189002)(575784001)(9686003)(86362001)(2900100001)(6436002)(25786009)(6506006)(77096006)(478600001)(72206003)(101416001)(229853002)(55016002)(81166006)(97736004)(54356011)(53936002)(7696005)(6916009)(54906003)(2950100002)(74316002)(76176011)(3846002)(102836003)(6116002)(7736002)(6246003)(5660300001)(81156014)(8676002)(305945005)(55236003)(189998001)(53546010)(14454004)(106356001)(316002)(99286004)(230783001)(3280700002)(66066001)(68736007)(8936002)(4326008)(2906002)(33656002)(3660700001)(105586002)(505234006);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR0701MB1709;H:CY1PR0701MB1709.namprd07.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-OriginatorOrg: cavium.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e279f6f-7cea-4803-aecc-08d53b205a9e X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2017 14:07:28.6728 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0701MB1709 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id vB4E7bZd002891 Hi Changbin, Thanks for pointing it out. I have sent out a fix for the same. Regards, -George ________________________________________ From: Du, Changbin Sent: Monday, December 4, 2017 3:49:45 PM To: Cherian, George Cc: changbin.du@intel.com; linux-acpi@vger.kernel.org; linux-kernel@vger.kernel.org Subject: BUG: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0 Hi Cherian, Your patch 'ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs' introduced a out-of-bounds BUG in kernel. The code need to check cpu_pcc_subspace_idx before use it since it can be -1. Thanks. [ 15.113449] ================================================================== [ 15.116983] BUG: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0 [ 15.116983] Read of size 8 at addr ffffffffb9a5c0d8 by task swapper/0/1 [ 15.116983] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2+ #2 [ 15.116983] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 [ 15.116983] Call Trace: [ 15.116983] dump_stack+0x7c/0xbb [ 15.116983] print_address_description+0x1df/0x290 [ 15.116983] kasan_report+0x28a/0x370 [ 15.116983] ? cppc_get_perf_caps+0xf3/0x3b0 [ 15.116983] cppc_get_perf_caps+0xf3/0x3b0 [ 15.116983] ? cpc_read+0x210/0x210 [ 15.116983] ? __rdmsr_on_cpu+0x90/0x90 [ 15.116983] ? rdmsrl_on_cpu+0xa9/0xe0 [ 15.116983] ? rdmsr_on_cpu+0x100/0x100 [ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0 [ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0 [ 15.116983] ? wrmsr_on_cpu+0xe0/0xe0 [ 15.116983] __intel_pstate_cpu_init.part.16+0x3a2/0x530 [ 15.116983] ? intel_pstate_init_cpu+0x197/0x390 [ 15.116983] ? show_no_turbo+0xe0/0xe0 [ 15.116983] ? __lockdep_init_map+0xa0/0x290 [ 15.116983] intel_pstate_cpu_init+0x30/0x60 [ 15.116983] cpufreq_online+0x155/0xac0 [ 15.116983] cpufreq_add_dev+0x9b/0xb0 [ 15.116983] subsys_interface_register+0x1ae/0x290 [ 15.116983] ? bus_unregister_notifier+0x40/0x40 [ 15.116983] ? mark_held_locks+0x83/0xb0 [ 15.116983] ? _raw_write_unlock_irqrestore+0x32/0x60 [ 15.116983] ? intel_pstate_setup+0xc/0x104 [ 15.116983] ? intel_pstate_setup+0xc/0x104 [ 15.116983] ? cpufreq_register_driver+0x1ce/0x2b0 [ 15.116983] cpufreq_register_driver+0x1ce/0x2b0 [ 15.116983] ? intel_pstate_setup+0x104/0x104 [ 15.116983] intel_pstate_register_driver+0x3a/0xa0 [ 15.116983] intel_pstate_init+0x3c4/0x434 [ 15.116983] ? intel_pstate_setup+0x104/0x104 [ 15.116983] ? intel_pstate_setup+0x104/0x104 [ 15.116983] do_one_initcall+0x9c/0x206 [ 15.116983] ? parameq+0xa0/0xa0 [ 15.116983] ? initcall_blacklisted+0x150/0x150 [ 15.116983] ? lock_downgrade+0x2c0/0x2c0 [ 15.116983] kernel_init_freeable+0x327/0x3f0 [ 15.116983] ? start_kernel+0x612/0x612 [ 15.116983] ? _raw_spin_unlock_irq+0x29/0x40 [ 15.116983] ? finish_task_switch+0xdd/0x320 [ 15.116983] ? finish_task_switch+0x8e/0x320 [ 15.116983] ? rest_init+0xd0/0xd0 [ 15.116983] kernel_init+0xf/0x11a [ 15.116983] ? rest_init+0xd0/0xd0 [ 15.116983] ret_from_fork+0x24/0x30 [ 15.116983] The buggy address belongs to the variable: [ 15.116983] __key.36299+0x38/0x40 [ 15.116983] Memory state around the buggy address: [ 15.116983] ffffffffb9a5bf80: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa [ 15.116983] ffffffffb9a5c000: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa [ 15.116983] >ffffffffb9a5c080: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00 [ 15.116983] ^ [ 15.116983] ffffffffb9a5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.116983] ffffffffb9a5c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.116983] ================================================================== -- Thanks, Changbin Du