android_kernel_zuk_msm8996.git

diff options

author	Se Wang (Patrick) Oh <sewango@codeaurora.org>	2015-06-25 14:50:02 -0700
committer	David Keitel <dkeitel@codeaurora.org>	2016-03-22 11:10:44 -0700
commit	dae9a397e1d3d92b6f44f248972350cbc16828b5 (patch)
tree	14c7cdab9296dd89a6e390d501fe2310952675a5 /scripts
parent	7fc60d089e84a540706f1d274eb93491391dfc8f (diff)

kernel: fork: Call KASan alloc before release the thread info pages

the pages allocated for thread info is used for stack. KAsan marks some stack memory region for guarding area and the bitmasks for that region are not cleared until the pages are freed. When CONFIG_PAGE_POISONING is enabled, as the pages still have special bitmasks, a out of bound access KASan report arises during pages poisoning. So mark the pages as alloc status before poisoning the pages. ================================================================== BUG: KASan: out of bounds on stack in memset+0x24/0x44 at addr ffffffc0b8e3f000 Write of size 4096 by task swapper/0/0 page:ffffffbacc38e760 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.0-g5a4a5d5-07244-g488682c-dirty #12 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2.0 LiQUID (DT) Call trace: [<ffffffc00008c010>] dump_backtrace+0x0/0x250 [<ffffffc00008c270>] show_stack+0x10/0x1c [<ffffffc001b6f9e4>] dump_stack+0x74/0xfc [<ffffffc0002debf4>] kasan_report_error+0x2b0/0x408 [<ffffffc0002dee28>] kasan_report+0x34/0x40 [<ffffffc0002de240>] __asan_storeN+0x15c/0x168 [<ffffffc0002de47c>] memset+0x20/0x44 [<ffffffc0002d77bc>] kernel_map_pages+0x2e8/0x384 [<ffffffc000266458>] free_pages_prepare+0x340/0x3a0 [<ffffffc0002694cc>] __free_pages_ok+0x20/0x12c [<ffffffc00026a698>] __free_pages+0x34/0x44 [<ffffffc00026abb0>] free_kmem_pages+0x68/0x80 [<ffffffc0000b0424>] free_task+0x80/0xac [<ffffffc0000b05a8>] __put_task_struct+0x158/0x23c [<ffffffc0000b9194>] delayed_put_task_struct+0x188/0x1cc [<ffffffc00018586c>] rcu_process_callbacks+0x6cc/0xbb0 [<ffffffc0000bfdb0>] __do_softirq+0x368/0x750 [<ffffffc0000c0630>] irq_exit+0xd8/0x15c [<ffffffc00016f610>] __handle_domain_irq+0x108/0x168 [<ffffffc000081af8>] gic_handle_irq+0x50/0xc0 Memory state around the buggy address: ffffffc0b8e3f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0b8e3fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffc0b8e3fa80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 ^ ffffffc0b8e3fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0b8e3fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Change-Id: I90aa1c6e82a0bde58d2d5d68d84e67f932728a88 Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: