iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Mukesh Ojha a4a62a23fa gcov: clang: fix the buffer overflow issue 
commit a6f810efabfd789d3bbafeacb4502958ec56c5ce upstream.

Currently, in clang version of gcov code when module is getting removed
gcov_info_add() incorrectly adds the sfn_ptr->counter to all the
dst->functions and it result in the kernel panic in below crash report.
Fix this by properly handling it.

[    8.899094][  T599] Unable to handle kernel write to read-only memory at virtual address ffffff80461cc000
[    8.899100][  T599] Mem abort info:
[    8.899102][  T599]   ESR = 0x9600004f
[    8.899103][  T599]   EC = 0x25: DABT (current EL), IL = 32 bits
[    8.899105][  T599]   SET = 0, FnV = 0
[    8.899107][  T599]   EA = 0, S1PTW = 0
[    8.899108][  T599]   FSC = 0x0f: level 3 permission fault
[    8.899110][  T599] Data abort info:
[    8.899111][  T599]   ISV = 0, ISS = 0x0000004f
[    8.899113][  T599]   CM = 0, WnR = 1
[    8.899114][  T599] swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000ab8de000
[    8.899116][  T599] [ffffff80461cc000] pgd=18000009ffcde003, p4d=18000009ffcde003, pud=18000009ffcde003, pmd=18000009ffcad003, pte=00600000c61cc787
[    8.899124][  T599] Internal error: Oops: 9600004f [#1] PREEMPT SMP
[    8.899265][  T599] Skip md ftrace buffer dump for: 0x1609e0
....
..,
[    8.899544][  T599] CPU: 7 PID: 599 Comm: modprobe Tainted: G S         OE     5.15.41-android13-8-g38e9b1af6bce #1
[    8.899547][  T599] Hardware name: XXX (DT)
[    8.899549][  T599] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[    8.899551][  T599] pc : gcov_info_add+0x9c/0xb8
[    8.899557][  T599] lr : gcov_event+0x28c/0x6b8
[    8.899559][  T599] sp : ffffffc00e733b00
[    8.899560][  T599] x29: ffffffc00e733b00 x28: ffffffc00e733d30 x27: ffffffe8dc297470
[    8.899563][  T599] x26: ffffffe8dc297000 x25: ffffffe8dc297000 x24: ffffffe8dc297000
[    8.899566][  T599] x23: ffffffe8dc0a6200 x22: ffffff880f68bf20 x21: 0000000000000000
[    8.899569][  T599] x20: ffffff880f68bf00 x19: ffffff8801babc00 x18: ffffffc00d7f9058
[    8.899572][  T599] x17: 0000000000088793 x16: ffffff80461cbe00 x15: 9100052952800785
[    8.899575][  T599] x14: 0000000000000200 x13: 0000000000000041 x12: 9100052952800785
[    8.899577][  T599] x11: ffffffe8dc297000 x10: ffffffe8dc297000 x9 : ffffff80461cbc80
[    8.899580][  T599] x8 : ffffff8801babe80 x7 : ffffffe8dc2ec000 x6 : ffffffe8dc2ed000
[    8.899583][  T599] x5 : 000000008020001f x4 : fffffffe2006eae0 x3 : 000000008020001f
[    8.899586][  T599] x2 : ffffff8027c49200 x1 : ffffff8801babc20 x0 : ffffff80461cb3a0
[    8.899589][  T599] Call trace:
[    8.899590][  T599]  gcov_info_add+0x9c/0xb8
[    8.899592][  T599]  gcov_module_notifier+0xbc/0x120
[    8.899595][  T599]  blocking_notifier_call_chain+0xa0/0x11c
[    8.899598][  T599]  do_init_module+0x2a8/0x33c
[    8.899600][  T599]  load_module+0x23cc/0x261c
[    8.899602][  T599]  __arm64_sys_finit_module+0x158/0x194
[    8.899604][  T599]  invoke_syscall+0x94/0x2bc
[    8.899607][  T599]  el0_svc_common+0x1d8/0x34c
[    8.899609][  T599]  do_el0_svc+0x40/0x54
[    8.899611][  T599]  el0_svc+0x94/0x2f0
[    8.899613][  T599]  el0t_64_sync_handler+0x88/0xec
[    8.899615][  T599]  el0t_64_sync+0x1b4/0x1b8
[    8.899618][  T599] Code: f905f56c f86e69ec f86e6a0f 8b0c01ec (f82e6a0c)
[    8.899620][  T599] ---[ end trace ed5218e9e5b6e2e6 ]---

Link: https://lkml.kernel.org/r/1668020497-13142-1-git-send-email-quic_mojha@quicinc.com
Fixes: e178a5beb369 ("gcov: clang support")
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Tom Rix <trix@redhat.com>
Cc: <stable@vger.kernel.org>	[5.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-02 17:40:04 +01:00
..
bpf
bpf: Initialize same number of free nodes for each pcpu_freelist
2022-11-25 17:45:45 +01:00
cgroup
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
2022-10-26 13:25:41 +02:00
configs
debug
lockdown: also lock down previous kgdb use
2022-05-30 09:33:22 +02:00
dma
swiotlb: max mapping size takes min align mask into account
2022-10-05 10:38:40 +02:00
entry
KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest
2021-10-06 15:55:49 +02:00
events
perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
2022-07-29 17:19:11 +02:00
gcov
gcov: clang: fix the buffer overflow issue
2022-12-02 17:40:04 +01:00
irq
genirq: GENERIC_IRQ_IPI depends on SMP
2022-08-21 15:15:28 +02:00
kcsan
kcsan: Fix debugfs initcall return type
2021-05-26 12:06:54 +02:00
livepatch
livepatch: fix race between fork and KLP transition
2022-10-26 13:25:14 +02:00
locking
locking/lockdep: Fix lockdep_init_map_*() confusion
2022-08-21 15:15:33 +02:00
power
PM: hibernate: Allow hybrid sleep to work with s2idle
2022-11-03 23:57:52 +09:00
printk
printk: fix return value of printk.devkmsg __setup handler
2022-04-08 14:40:08 +02:00
rcu
rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
2022-10-26 13:25:44 +02:00
sched
sched/fair: Fix fault in reweight_entity
2022-08-21 15:16:26 +02:00
time
timekeeping: contribute wall clock to rng on time change
2022-08-21 15:16:20 +02:00
trace
ring-buffer: Include dropped pages in counting dirty patches
2022-11-25 17:45:54 +01:00
.gitignore
kbuild: update config_data.gz only when the content of .config is changed
2021-05-11 14:47:37 +02:00
acct.c
kernel: acct.c: fix some kernel-doc nits
2020-10-16 11:11:19 -07:00
async.c
Revert "module, async: async_synchronize_full() on module init iff async is used"
2022-02-23 12:01:00 +01:00
audit_fsnotify.c
audit: fix potential double free on error path from fsnotify_add_inode_mark
2022-08-31 17:15:13 +02:00
audit_tree.c
audit: move put_tree() to avoid trim_trees refcount underflow and UAF
2021-09-03 10:09:31 +02:00
audit_watch.c
fsnotify: generalize handle_inode_event()
2020-12-30 11:54:18 +01:00
audit.c
audit: improve audit queue handling when "audit=1" on cmdline
2022-02-08 18:30:34 +01:00
audit.h
audit: log AUDIT_TIME_* records only from rules
2022-04-08 14:40:00 +02:00
auditfilter.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
auditsc.c
audit: log AUDIT_TIME_* records only from rules
2022-04-08 14:40:00 +02:00
backtracetest.c
treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()
2020-07-30 11:15:58 -07:00
bounds.c
capability.c
LSM: Signal to SafeSetID when setting group IDs
2020-10-13 09:17:34 -07:00
compat.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
configs.c
context_tracking.c
cpu_pm.c
PM: cpu: Make notifier chain use a raw_spinlock_t
2021-09-15 09:50:40 +02:00
cpu.c
random: clear fast pool, crng, and batches in cpuhp bring up
2022-05-30 09:33:36 +02:00
crash_core.c
crash_core, vmcoreinfo: append 'SECTION_SIZE_BITS' to vmcoreinfo
2021-06-23 14:42:52 +02:00
crash_dump.c
cred.c
Revert "Add a reference to ucounts for each cred"
2021-09-08 08:49:00 +02:00
delayacct.c
dma.c
exec_domain.c
exit.c
fix race between exit_itimers() and /proc/pid/timers
2022-07-21 21:19:59 +02:00
extable.c
fail_function.c
fail_function: Remove a redundant mutex unlock
2020-11-19 11:58:16 -08:00
fork.c
IB/core: Fix a nested dead lock as part of ODP flow
2022-09-15 11:32:05 +02:00
freezer.c
Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"
2021-04-07 15:00:14 +02:00
futex.c
mm, futex: fix shared futex pgoff on shmem huge page
2021-06-30 08:47:29 -04:00
gen_kheaders.sh
groups.c
LSM: Signal to SafeSetID when setting group IDs
2020-10-13 09:17:34 -07:00
hung_task.c
kernel/hung_task.c: make type annotations consistent
2020-11-02 12:14:19 -08:00
iomem.c
irq_work.c
jump_label.c
jump_label: Fix jump_label_text_reserved() vs __init
2021-07-20 16:05:58 +02:00
kallsyms.c
treewide: Convert macro and uses of __section(foo) to __section("foo")
2020-10-25 14:51:49 -07:00
kcmp.c
exec: Transform exec_update_mutex into a rw_semaphore
2021-01-09 13:46:24 +01:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: make some symbols static
2020-08-12 10:58:02 -07:00
kexec_core.c
kernel: kexec: remove the lock operation of system_transition_mutex
2021-02-03 23:28:37 +01:00
kexec_elf.c
kexec_file.c
ima: force signature verification when CONFIG_KEXEC_SIG is configured
2022-07-21 21:20:11 +02:00
kexec_internal.h
kexec.c
LSM: Introduce kernel_post_load_data() hook
2020-10-05 13:37:03 +02:00
kheaders.c
kmod.c
kmod: remove redundant "be an" in the comment
2020-08-12 10:58:01 -07:00
kprobes.c
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
2022-11-25 17:45:55 +01:00
ksysfs.c
kthread.c
kthread: Fix PF_KTHREAD vs to_kthread() race
2021-09-03 10:09:31 +02:00
latencytop.c
Makefile
kbuild: update config_data.gz only when the content of .config is changed
2021-05-11 14:47:37 +02:00
module_signature.c
module: harden ELF info handling
2021-03-25 09:04:11 +01:00
module_signing.c
module: harden ELF info handling
2021-03-25 09:04:11 +01:00
module-internal.h
module.c
module: check for exit sections in layout_sections() instead of module_init_section()
2022-05-25 09:18:02 +02:00
notifier.c
notifier: Fix broken error handling pattern
2020-09-01 09:58:03 +02:00
nsproxy.c
padata.c
padata: fix possible padata_works_lock deadlock
2020-09-04 17:51:55 +10:00
panic.c
panic: don't dump stack twice on warn
2020-11-14 11:26:04 -08:00
params.c
params: Replace zero-length array with flexible-array member
2020-10-29 17:22:59 -05:00
pid_namespace.c
memcg: enable accounting for pids in nested pid namespaces
2021-09-18 13:40:36 +02:00
pid.c
exec: Transform exec_update_mutex into a rw_semaphore
2021-01-09 13:46:24 +01:00
profile.c
profiling: fix shift too large makes kernel panic
2022-08-21 15:16:05 +02:00
ptrace.c
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
2022-06-09 10:20:49 +02:00
range.c
kernel.h: split out min()/max() et al. helpers
2020-10-16 11:11:19 -07:00
reboot.c
reboot: fix overflow parsing reboot cpu number
2020-11-14 11:26:03 -08:00
regset.c
regset: kill ->get()
2020-07-27 14:31:12 -04:00
relay.c
kernel/relay.c: drop unneeded initialization
2020-10-16 11:11:22 -07:00
resource.c
kernel/resource: make walk_mem_res() find all busy IORESOURCE_MEM resources
2021-05-19 10:13:09 +02:00
rseq.c
rseq: Remove broken uapi field layout on 32-bit little endian
2022-04-08 14:40:03 +02:00
scftorture.c
scftorture: Fix distribution of short handler delays
2022-06-09 10:21:01 +02:00
scs.c
mm: memcontrol: account kernel stack per node
2020-08-07 11:33:25 -07:00
seccomp.c
seccomp: Fix setting loaded filter count during TSYNC
2021-08-18 08:59:06 +02:00
signal.c
signal handling: don't use BUG_ON() for debugging
2022-07-21 21:20:18 +02:00
smp.c
smp: Fix offline cpu check in flush_smp_call_function_queue()
2022-04-20 09:23:29 +02:00
smpboot.c
sched/core: Initialize the idle task with preemption disabled
2021-07-14 16:55:50 +02:00
smpboot.h
softirq.c
softirq: Add debug check to __raise_softirq_irqoff()
2020-09-16 15:18:56 +02:00
stackleak.c
gcc-plugins/stackleak: Use noinstr in favor of notrace
2022-02-23 12:01:00 +01:00
stacktrace.c
stacktrace: Remove reliable argument from arch_stack_walk() callback
2020-09-18 14:24:16 +01:00
static_call.c
static_call: Fix unused variable warn w/o MODULE
2021-09-08 08:49:00 +02:00
stop_machine.c
stop_machine, rcu: Mark functions as notrace
2020-10-26 12:12:27 +01:00
sys_ni.c
kernel/sys_ni: add compat entry for fadvise64_64
2022-08-31 17:15:13 +02:00
sys.c
prctl: allow to setup brk for et_dyn executables
2021-09-26 14:08:57 +02:00
sysctl-test.c
sysctl.c
mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
2022-07-21 21:20:13 +02:00
task_work.c
task_work: cleanup notification modes
2020-10-17 15:05:30 -06:00
taskstats.c
taskstats: move specifying netlink policy back to ops
2020-10-02 19:11:12 -07:00
test_kprobes.c
torture.c
tracepoint.c
tracepoint: Use rcu get state and cond sync for static call updates
2021-09-03 10:09:30 +02:00
tsacct.c
taskstats: Cleanup the use of task->exit_code
2022-01-27 10:54:33 +01:00
ucount.c
Revert "Add a reference to ucounts for each cred"
2021-09-08 08:49:00 +02:00
uid16.c
uid16.h
umh.c
usermodehelper: reset umask to default before executing user process
2020-10-06 10:31:52 -07:00
up.c
smp: Fix smp_call_function_single_async prototype
2021-05-14 09:50:46 +02:00
user_namespace.c
Revert "Add a reference to ucounts for each cred"
2021-09-08 08:49:00 +02:00
user-return-notifier.c
user.c
usermode_driver.c
bpf: Fix umd memory leak in copy_process()
2021-03-30 14:32:03 +02:00
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: Fix missing locking in add_watch_to_object()
2022-08-03 12:00:44 +02:00
watchdog_hld.c
watchdog.c
watchdog: export lockup_detector_reconfigure
2022-08-25 11:38:20 +02:00
workqueue_internal.h
workqueue.c
workqueue: don't skip lockdep work dependency in cancel_work_sync()
2022-09-28 11:10:40 +02:00