Re: Linux 5.19-rc8

From: Russell King (Oracle)
Date: Tue Jul 26 2022 - 05:12:33 EST


On Mon, Jul 25, 2022 at 10:55:18AM -0700, Linus Torvalds wrote:
> On Mon, Jul 25, 2022 at 9:11 AM Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
> >
> > BUG: KFENCE: out-of-bounds read in _find_next_bit_le+0x10/0x48
>
> Ok, I was hoping somebody more ARMy would look at this, particularly
> since there is no call trace beyond the actual fault.

First I'm aware of it. Was it reported to linux-arm-kernel? I'm guessing
the report wasn't Cc'd to me - I can't find anything in my mailbox about
it.

> I think the fix might be something like this:
>
> diff --git a/arch/arm/lib/findbit.S b/arch/arm/lib/findbit.S
> index b5e8b9ae4c7d..b36ca301892e 100644
> --- a/arch/arm/lib/findbit.S
> +++ b/arch/arm/lib/findbit.S
> @@ -83,6 +83,8 @@ ENDPROC(_find_first_bit_le)
> ENTRY(_find_next_bit_le)
> teq r1, #0
> beq 3b
> + cmp r2, r1
> + bhs 3b
> ands ip, r2, #7
> beq 1b @ If new byte, goto old routine
> ARM( ldrb r3, [r0, r2, lsr #3] )
>
> but my ARM asm is so broken that the above is just really random noise
> that may or may not build - much less work.
>
> I'll leave it to Russell &co to have a tested and working patch.

I think it needs a bit more than that, but as you point out in later
emails, the compiler may do a better job for this.

One of the reasons for using byte loads was to avoid problems in the
early days of Linux where these took void pointers and thus could be
misaligned - and using word accesses would have resulted in much
pain. However, that was changed to unsigned long pointers back in
2017, so in theory that should no longer be a concern.

I don't remember why we used void pointers there originally - that's
something which dates back to the 1990s.

--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!