51604246ae
find_first_bit() takes a parameter of size long, and performs arithmetic that assumes that the argument is of size long. Therefore we cannot pass a u32, since this will cause find_first_bit() to read outside the stack buffer and will produce the following print: BUG: KASAN: stack-out-of-bounds in find_next_bit+0xa4/0xf0. [ 1.262524] BUG: KASan: out of bounds access in find_next_bit+0xa4/0xf0 at addr ffffffc00e9af260 [ 1.262534] Read of size 8 by task swapper/0/1 [ 1.262546] page:ffffffbc00920d60 count:0 mapcount:0 mapping: (null) index:0x0 [ 1.262554] page flags: 0x0() [ 1.262570] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.49-gef71b0c-00348-g4f06d68-dirty #160 [ 1.262577] Call trace: [ 1.262594] [<ffffffc00040a2d4>] dump_backtrace+0x0/0x1d4 [ 1.262610] [<ffffffc00040a4b8>] show_stack+0x10/0x1c [ 1.262625] [<ffffffc000face70>] dump_stack+0x1c/0x28 [ 1.262641] [<ffffffc000552448>] kasan_report_error+0x294/0x3e4 [ 1.262656] [<ffffffc0005526a8>] kasan_report+0x68/0x78 [ 1.262671] [<ffffffc00055169c>] __asan_load8+0x90/0x9c [ 1.262686] [<ffffffc00076fff8>] find_next_bit+0xa0/0xf0 [ 1.262701] [<ffffffc000de37d0>] bam_pipe_set_desc_write_offset+0xc8/0x378 [ 1.262716] [<ffffffc000e005e4>] sps_bam_pipe_transfer_one+0x6b8/0x70c [ 1.262730] [<ffffffc000e04f84>] sps_transfer_one+0x230/0x298 [ 1.262746] [<ffffffc000da4c58>] ipa_replenish_rx_cache+0x2e8/0x430 [ 1.262762] [<ffffffc000da891c>] ipa_setup_sys_pipe+0x14a8/0x22bc [ 1.262779] [<ffffffc000d8a554>] ipa_setup_apps_pipes+0x580/0x6a0 [ 1.262797] [<ffffffc000d91ef0>] ipa_init.constprop.8+0x134c/0x1dd4 [ 1.262814] [<ffffffc000d93038>] ipa_plat_drv_probe+0x6c0/0x720 [ 1.262829] [<ffffffc0009b51e0>] platform_drv_probe+0x2c/0x3c [ 1.262842] [<ffffffc0009b32d0>] driver_probe_device+0x1f4/0x47c [ 1.262856] [<ffffffc0009b3644>] __driver_attach+0x88/0xc0 [ 1.262873] [<ffffffc0009b05b4>] bus_for_each_dev+0xdc/0x11c [ 1.262886] [<ffffffc0009b2a2c>] driver_attach+0x2c/0x3c [ 1.262903] [<ffffffc0009b237c>] bus_add_driver+0x1bc/0x32c [ 1.262916] [<ffffffc0009b3eb0>] driver_register+0x10c/0x1d8 [ 1.262931] [<ffffffc0009b5a28>] platform_driver_register+0x98/0xa8 [ 1.262946] [<ffffffc0018422d4>] ipa_module_init+0x3c/0x48 [ 1.262960] [<ffffffc000400b08>] do_one_initcall+0xcc/0x188 [ 1.262978] [<ffffffc001800bd0>] kernel_init_freeable+0x1c0/0x264 [ 1.262992] [<ffffffc000f9f338>] kernel_init+0x10/0xcc [ 1.263000] Memory state around the address: [ 1.263012] ffffffc00e9af100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1.263024] ffffffc00e9af180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1.263037] >ffffffc00e9af200: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 [ 1.263046] ^ [ 1.263058] ffffffc00e9af280: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4 [ 1.263071] ffffffc00e9af300: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 1.263079] ================================================================== Change-Id: Ie0bbfc0d9e6eb7f282f33aaf05009a71f6102261 Signed-off-by: Georgi Djakov <gdjako@codeaurora.org> |
||
|---|---|---|
| .. | ||
| chrome | ||
| goldfish | ||
| mellanox | ||
| mips | ||
| msm | ||
| olpc | ||
| x86 | ||
| Kconfig | ||
| Makefile | ||