UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
916,901 Commits 6 Branches 39 Tags 3.3 GiB
C 97%
Assembly 1.4%
C++ 0.6%
Makefile 0.3%
Shell 0.3%
Other 0.3%
Go to file
Suzuki K Poulose 3f4943d422 coresight: etm4x: Fix use-after-free of per-cpu etm drvdata 
etm probe could be deferred due to the dependency in the trace
path chain and may be retried. We need to clear the per-cpu
etmdrvdata entry for the etm in case of a failure to avoid
use-after-free cases as reported below:

KASAN use-after-free bug in etm4_cpu_pm_notify():

[    8.574566] coresight etm0: CPU0: ETM v4.2 initialized
[    8.581920] BUG: KASAN: use-after-free in etm4_cpu_pm_notify+0x580/0x2024
[    8.581925] Read of size 8 at addr ffffff813304f8c8 by task swapper/3/0
[    8.581927]
[    8.581934] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G S      W         5.4.28 #314
[    8.587775] coresight etm1: CPU1: ETM v4.2 initialized
[    8.594195] Call trace:
[    8.594205]  dump_backtrace+0x0/0x188
[    8.594209]  show_stack+0x20/0x2c
[    8.594216]  dump_stack+0xdc/0x144
[    8.594227]  print_address_description+0x3c/0x494
[    8.594232]  __kasan_report+0x144/0x168
[    8.601598] coresight etm2: CPU2: ETM v4.2 initialized
[    8.602563]  kasan_report+0x10/0x18
[    8.602568]  check_memory_region+0x1a4/0x1b4
[    8.602572]  __kasan_check_read+0x18/0x24
[    8.602577]  etm4_cpu_pm_notify+0x580/0x2024
[    8.665945]  notifier_call_chain+0x5c/0x90
[    8.670166]  __atomic_notifier_call_chain+0x90/0xf8
[    8.675182]  cpu_pm_notify+0x40/0x6c
[    8.678858]  cpu_pm_enter+0x38/0x80
[    8.682451]  psci_enter_idle_state+0x34/0x70
[    8.686844]  cpuidle_enter_state+0xb8/0x20c
[    8.691143]  cpuidle_enter+0x38/0x4c
[    8.694820]  call_cpuidle+0x3c/0x68
[    8.698408]  do_idle+0x1a0/0x280
[    8.701729]  cpu_startup_entry+0x24/0x28
[    8.705768]  secondary_start_kernel+0x15c/0x170
[    8.710423]
[    8.711972] Allocated by task 242:
[    8.715473]  __kasan_kmalloc+0xf0/0x1ac
[    8.719426]  kasan_slab_alloc+0x14/0x1c
[    8.723375]  __kmalloc_track_caller+0x23c/0x388
[    8.728040]  devm_kmalloc+0x38/0x94
[    8.731632]  etm4_probe+0x48/0x3c8
[    8.735140]  amba_probe+0xbc/0x158
[    8.738645]  really_probe+0x144/0x408
[    8.742412]  driver_probe_device+0x70/0x140
[    8.746716]  __device_attach_driver+0x9c/0x110
[    8.751287]  bus_for_each_drv+0x90/0xd8
[    8.755236]  __device_attach+0xb4/0x164
[    8.759188]  device_initial_probe+0x20/0x2c
[    8.763490]  bus_probe_device+0x34/0x94
[    8.767436]  device_add+0x34c/0x3e0
[    8.771029]  amba_device_try_add+0x68/0x440
[    8.775332]  amba_deferred_retry_func+0x48/0xc8
[    8.779997]  process_one_work+0x344/0x648
[    8.784127]  worker_thread+0x2ac/0x47c
[    8.787987]  kthread+0x128/0x138
[    8.791313]  ret_from_fork+0x10/0x18
[    8.794993]
[    8.796532] Freed by task 242:
[    8.799684]  __kasan_slab_free+0x15c/0x22c
[    8.803897]  kasan_slab_free+0x10/0x1c
[    8.807761]  kfree+0x25c/0x4bc
[    8.810913]  release_nodes+0x240/0x2b0
[    8.814767]  devres_release_all+0x3c/0x54
[    8.818887]  really_probe+0x178/0x408
[    8.822661]  driver_probe_device+0x70/0x140
[    8.826963]  __device_attach_driver+0x9c/0x110
[    8.831539]  bus_for_each_drv+0x90/0xd8
[    8.835487]  __device_attach+0xb4/0x164
[    8.839431]  device_initial_probe+0x20/0x2c
[    8.843732]  bus_probe_device+0x34/0x94
[    8.847678]  device_add+0x34c/0x3e0
[    8.851274]  amba_device_try_add+0x68/0x440
[    8.855576]  amba_deferred_retry_func+0x48/0xc8
[    8.860240]  process_one_work+0x344/0x648
[    8.864366]  worker_thread+0x2ac/0x47c
[    8.868228]  kthread+0x128/0x138
[    8.871557]  ret_from_fork+0x10/0x18
[    8.875231]
[    8.876782] The buggy address belongs to the object at ffffff813304f800
[    8.876782]  which belongs to the cache kmalloc-1k of size 1024
[    8.889632] The buggy address is located 200 bytes inside of
[    8.889632]  1024-byte region [ffffff813304f800, ffffff813304fc00)
[    8.901761] The buggy address belongs to the page:
[    8.906695] page:ffffffff04ac1200 refcount:1 mapcount:0 mapping:ffffff8146c03800 index:0x0 compound_mapcount: 0
[    8.917047] flags: 0x4000000000010200(slab|head)
[    8.921799] raw: 4000000000010200 dead000000000100 dead000000000122 ffffff8146c03800
[    8.929753] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[    8.937703] page dumped because: kasan: bad access detected
[    8.943433]
[    8.944974] Memory state around the buggy address:
[    8.949903]  ffffff813304f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[    8.957320]  ffffff813304f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    8.964742] >ffffff813304f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    8.972157]                                               ^
[    8.977886]  ffffff813304f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    8.985298]  ffffff813304f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[    8.992713] ==================================================================

Fixes: f188b5e76a ("coresight: etm4x: Save/restore state across CPU low power states")
Reported-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Tested-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20200518180242.7916-22-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-05-19 16:33:20 +02:00
Documentation docs: trace: coresight-ect.rst: Fix a build warning 2020-05-19 16:31:16 +02:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
arch FPGA Manager changes for 5.8 2020-05-15 16:09:24 +02:00
block bdi: use bdi_dev_name() to get device name 2020-05-09 16:07:39 -06:00
certs .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
crypto gcc-10: avoid shadowing standard library 'free()' in crypto 2020-05-09 15:58:04 -07:00
drivers coresight: etm4x: Fix use-after-free of per-cpu etm drvdata 2020-05-19 16:33:20 +02:00
fs block-5.7-2020-05-09 2020-05-10 11:16:07 -07:00
include coresight: Fix support for sparsely populated ports 2020-05-19 16:31:16 +02:00
init gcc-10: mark more functions __init to avoid section mismatch warnings 2020-05-09 17:50:03 -07:00
ipc ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() 2020-05-07 19:27:20 -07:00
kernel Stop the ad-hoc games with -Wno-maybe-initialized 2020-05-09 13:57:10 -07:00
lib ubsan: disable UBSAN_ALIGNMENT under COMPILE_TEST 2020-05-07 19:27:21 -07:00
mm block-5.7-2020-05-09 2020-05-10 11:16:07 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-06 20:53:22 -07:00
samples tracing: Fix doc mistakes in trace sample 2020-05-07 13:32:57 -04:00
scripts scripts/gdb: repair rb_first() and rb_last() 2020-05-07 19:27:20 -07:00
security selinux/stable-5.7 PR 20200430 2020-04-30 16:35:45 -07:00
sound sound fixes for 5.7-rc4 2020-05-01 11:05:28 -07:00
tools A set of fixes for x86: 2020-05-10 11:59:53 -07:00
usr kbuild: fix comment about missing include guard detection 2020-04-11 12:09:48 +09:00
virt KVM: arm64: Fix 32bit PC wrap-around 2020-05-01 09:51:08 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2020-04-18 13:49:33 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
.mailmap mailmap: Add Sedat Dilek (replacement for expired email address) 2020-04-11 09:28:34 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Hand MIPS over to Thomas 2020-02-24 22:43:18 -08:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS Fixes for an endianness handling bug that prevented mounts on 2020-05-08 10:27:00 -07:00
Makefile Linux 5.7-rc5 2020-05-10 15:16:58 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.