Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kmemleak detected in ftgmac100 #188

Open
shenki opened this issue Apr 7, 2020 · 0 comments
Open

kmemleak detected in ftgmac100 #188

shenki opened this issue Apr 7, 2020 · 0 comments

Comments

@shenki
Copy link
Member

shenki commented Apr 7, 2020

Running 5.4.28-00243-g757f8a4d828d on tacoma (ast2600)

unreferenced object 0xb5971f00 (size 176):
  comm "softirq", pid 0, jiffies 874518 (age 39797.180s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 d8 79 b4 00 00 00 00  ..........y.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<db841d9f>] kmem_cache_alloc+0xe0/0x1f4
    [<a2e2b9fa>] __build_skb+0x2c/0x60
    [<c13a28b3>] __netdev_alloc_skb+0xd8/0x178
    [<49de749a>] ftgmac100_alloc_rx_buf.constprop.0+0x38/0x210
    [<1e72cf85>] ftgmac100_poll+0x344/0x4f4
    [<77fd780e>] net_rx_action+0x1b8/0x4e4
    [<bb56e53c>] __do_softirq+0xf0/0x374
    [<832558e1>] irq_exit+0xb0/0xe8
    [<f86f4ac3>] __handle_domain_irq+0x68/0xc4
    [<86a329c8>] gic_handle_irq+0x4c/0x94
    [<3533b6ec>] __irq_svc+0x6c/0x90
    [<8a922a87>] arch_cpu_idle+0x40/0x4c
    [<d35f6761>] default_idle_call+0x30/0x3c
    [<8756439b>] do_idle+0xd8/0x16c
    [<0a49cfa9>] cpu_startup_entry+0x28/0x2c
    [<2e04b462>] rest_init+0x9c/0xbc
unreferenced object 0xb5a12300 (size 176):
  comm "softirq", pid 0, jiffies 3256144 (age 15980.920s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 d8 79 b4 00 00 00 00  ..........y.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<db841d9f>] kmem_cache_alloc+0xe0/0x1f4
    [<a2e2b9fa>] __build_skb+0x2c/0x60
    [<c13a28b3>] __netdev_alloc_skb+0xd8/0x178
    [<49de749a>] ftgmac100_alloc_rx_buf.constprop.0+0x38/0x210
    [<1e72cf85>] ftgmac100_poll+0x344/0x4f4
    [<77fd780e>] net_rx_action+0x1b8/0x4e4
    [<bb56e53c>] __do_softirq+0xf0/0x374
    [<832558e1>] irq_exit+0xb0/0xe8
    [<f86f4ac3>] __handle_domain_irq+0x68/0xc4
    [<86a329c8>] gic_handle_irq+0x4c/0x94
    [<3533b6ec>] __irq_svc+0x6c/0x90
    [<8a922a87>] arch_cpu_idle+0x40/0x4c
    [<d35f6761>] default_idle_call+0x30/0x3c
    [<8756439b>] do_idle+0xd8/0x16c
    [<0a49cfa9>] cpu_startup_entry+0x28/0x2c
    [<2e04b462>] rest_init+0x9c/0xbc
shenki pushed a commit that referenced this issue Oct 30, 2020
@amitdanielkachhap @gregkh
arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions
e99cf7b 
[ Upstream commit 9339693 ]

Currently the ARMv8.3-PAuth combined branch instructions (braa, retaa
etc.) are not simulated for out-of-line execution with a handler. Hence the
uprobe of such instructions leads to kernel warnings in a loop as they are
not explicitly checked and fall into INSN_GOOD categories. Other combined
instructions like LDRAA and LDRBB can be probed.

The issue of the combined branch instructions is fixed by adding
group definitions of all such instructions and rejecting their probes.
The instruction groups added are br_auth(braa, brab, braaz and brabz),
blr_auth(blraa, blrab, blraaz and blrabz), ret_auth(retaa and retab) and
eret_auth(eretaa and eretab).

Warning log:
 WARNING: CPU: 0 PID: 156 at arch/arm64/kernel/probes/uprobes.c:182 uprobe_single_step_handler+0x34/0x50
 Modules linked in:
 CPU: 0 PID: 156 Comm: func Not tainted 5.9.0-rc3 #188
 Hardware name: Foundation-v8A (DT)
 pstate: 804003c9 (Nzcv DAIF +PAN -UAO BTYPE=--)
 pc : uprobe_single_step_handler+0x34/0x50
 lr : single_step_handler+0x70/0xf8
 sp : ffff800012af3e30
 x29: ffff800012af3e30 x28: ffff000878723b00
 x27: 0000000000000000 x26: 0000000000000000
 x25: 0000000000000000 x24: 0000000000000000
 x23: 0000000060001000 x22: 00000000cb000022
 x21: ffff800012065ce8 x20: ffff800012af3ec0
 x19: ffff800012068d50 x18: 0000000000000000
 x17: 0000000000000000 x16: 0000000000000000
 x15: 0000000000000000 x14: 0000000000000000
 x13: 0000000000000000 x12: 0000000000000000
 x11: 0000000000000000 x10: 0000000000000000
 x9 : ffff800010085c90 x8 : 0000000000000000
 x7 : 0000000000000000 x6 : ffff80001205a9c8
 x5 : ffff80001205a000 x4 : ffff80001233db80
 x3 : ffff8000100a7a60 x2 : 0020000000000003
 x1 : 0000fffffffff008 x0 : ffff800012af3ec0
 Call trace:
  uprobe_single_step_handler+0x34/0x50
  single_step_handler+0x70/0xf8
  do_debug_exception+0xb8/0x130
  el0_sync_handler+0x138/0x1b8
  el0_sync+0x158/0x180

Fixes: 74afda4 ("arm64: compile the kernel with ptrauth return address signing")
Fixes: 04ca320 ("arm64: enable pointer authentication")
Signed-off-by: Amit Daniel Kachhap <[email protected]>
Reviewed-by: Dave Martin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
amboar pushed a commit to amboar/linux that referenced this issue Nov 26, 2020
@amitdanielkachhap @gregkh
arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions
273d706 
[ Upstream commit 9339693 ]

Currently the ARMv8.3-PAuth combined branch instructions (braa, retaa
etc.) are not simulated for out-of-line execution with a handler. Hence the
uprobe of such instructions leads to kernel warnings in a loop as they are
not explicitly checked and fall into INSN_GOOD categories. Other combined
instructions like LDRAA and LDRBB can be probed.

The issue of the combined branch instructions is fixed by adding
group definitions of all such instructions and rejecting their probes.
The instruction groups added are br_auth(braa, brab, braaz and brabz),
blr_auth(blraa, blrab, blraaz and blrabz), ret_auth(retaa and retab) and
eret_auth(eretaa and eretab).

Warning log:
 WARNING: CPU: 0 PID: 156 at arch/arm64/kernel/probes/uprobes.c:182 uprobe_single_step_handler+0x34/0x50
 Modules linked in:
 CPU: 0 PID: 156 Comm: func Not tainted 5.9.0-rc3 openbmc#188
 Hardware name: Foundation-v8A (DT)
 pstate: 804003c9 (Nzcv DAIF +PAN -UAO BTYPE=--)
 pc : uprobe_single_step_handler+0x34/0x50
 lr : single_step_handler+0x70/0xf8
 sp : ffff800012af3e30
 x29: ffff800012af3e30 x28: ffff000878723b00
 x27: 0000000000000000 x26: 0000000000000000
 x25: 0000000000000000 x24: 0000000000000000
 x23: 0000000060001000 x22: 00000000cb000022
 x21: ffff800012065ce8 x20: ffff800012af3ec0
 x19: ffff800012068d50 x18: 0000000000000000
 x17: 0000000000000000 x16: 0000000000000000
 x15: 0000000000000000 x14: 0000000000000000
 x13: 0000000000000000 x12: 0000000000000000
 x11: 0000000000000000 x10: 0000000000000000
 x9 : ffff800010085c90 x8 : 0000000000000000
 x7 : 0000000000000000 x6 : ffff80001205a9c8
 x5 : ffff80001205a000 x4 : ffff80001233db80
 x3 : ffff8000100a7a60 x2 : 0020000000000003
 x1 : 0000fffffffff008 x0 : ffff800012af3ec0
 Call trace:
  uprobe_single_step_handler+0x34/0x50
  single_step_handler+0x70/0xf8
  do_debug_exception+0xb8/0x130
  el0_sync_handler+0x138/0x1b8
  el0_sync+0x158/0x180

Fixes: 74afda4 ("arm64: compile the kernel with ptrauth return address signing")
Fixes: 04ca320 ("arm64: enable pointer authentication")
Signed-off-by: Amit Daniel Kachhap <[email protected]>
Reviewed-by: Dave Martin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shenki