Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78

From: Sven Schnelle
Date: Tue Aug 08 2023 - 12:02:26 EST

Next message: Jason Gunthorpe: "Re: [PATCH 4/5] iommu: Support mm PASID 1:n with sva domains"
Previous message: Sven Schnelle: "[PATCH] tracing/synthetic: use union instead of casts"
Next in thread: Steven Rostedt: "Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Steven Rostedt <rostedt@xxxxxxxxxxx> writes:

> On Fri, 04 Aug 2023 08:20:23 +0200
> Sven Schnelle <svens@xxxxxxxxxxxxx> wrote:
>
>> Hi Steven,
>>
>> i noticed the following KASAN splat in CI (on s390):
>
> Could this actually be a bug in KASAN?
>
> The reason I ask, is because of the report.

I think the problem is that the code assigns data_offset with:

*(u32 *)&entry->fields[*n_u64] = data_offset;

but reads it with:

offset = (u32)entry->fields[n_u64];

which works on LE, but not BE.

I'm currently preparing the patch below, which also makes the code a bit
easier to read. I'm still seeing no stack traces, but at least the
random memory reads are gone and no KASAN warning anymore. I'll
continue fixing and sent a full patch as soon as everything is fixed.

Next message: Jason Gunthorpe: "Re: [PATCH 4/5] iommu: Support mm PASID 1:n with sva domains"
Previous message: Sven Schnelle: "[PATCH] tracing/synthetic: use union instead of casts"
Next in thread: Steven Rostedt: "Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]