Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit eb0eb49f authored by Patrick Daly's avatar Patrick Daly Committed by Swathi Sridhar
Browse files

lib: Ignore kasan errors from find_next_bit and last bit 



find_next_bit and find_last_bit code operates on the unsigned long *addr,
and without knowing the size of the actual buffer passed to it, Kasan
detects it as invalid Out of Bound read access.

find_next_bit and find_last_bit implementation is very generic
and it need not to be modified for the Kasan, so we are skipping
it from the sanitization.

Following is the Kasan error log for the reference.

[    1.262524] BUG: KASan: out of bounds access in find_next_bit+0xa4/0xf0 at addr ffffffc00e9af260
[    1.262534] Read of size 8 by task swapper/0/1
[    1.262546] page:ffffffbc00920d60 count:0 mapcount:0 mapping:          (null) index:0x0
[    1.262554] page flags: 0x0()
[    1.262570] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.49-gef71b0c-00348-g4f06d68-dirty #160
[    1.262577] Call trace:
[    1.262594] [<ffffffc00040a2d4>] dump_backtrace+0x0/0x1d4
[    1.262610] [<ffffffc00040a4b8>] show_stack+0x10/0x1c
[    1.262625] [<ffffffc000face70>] dump_stack+0x1c/0x28
[    1.262641] [<ffffffc000552448>] kasan_report_error+0x294/0x3e4
[    1.262656] [<ffffffc0005526a8>] kasan_report+0x68/0x78
[    1.262671] [<ffffffc00055169c>] __asan_load8+0x90/0x9c
[    1.262686] [<ffffffc00076fff8>] find_next_bit+0xa0/0xf0
[    1.262701] [<ffffffc000de37d0>] bam_pipe_set_desc_write_offset+0xc8/0x378
[    1.262716] [<ffffffc000e005e4>] sps_bam_pipe_transfer_one+0x6b8/0x70c
[    1.262730] [<ffffffc000e04f84>] sps_transfer_one+0x230/0x298
[    1.262746] [<ffffffc000da4c58>] ipa_replenish_rx_cache+0x2e8/0x430
[    1.262762] [<ffffffc000da891c>] ipa_setup_sys_pipe+0x14a8/0x22bc
[    1.262779] [<ffffffc000d8a554>] ipa_setup_apps_pipes+0x580/0x6a0
[    1.262797] [<ffffffc000d91ef0>] ipa_init.constprop.8+0x134c/0x1dd4
[    1.262814] [<ffffffc000d93038>] ipa_plat_drv_probe+0x6c0/0x720
[    1.262829] [<ffffffc0009b51e0>] platform_drv_probe+0x2c/0x3c
[    1.262842] [<ffffffc0009b32d0>] driver_probe_device+0x1f4/0x47c
[    1.262856] [<ffffffc0009b3644>] __driver_attach+0x88/0xc0
[    1.262873] [<ffffffc0009b05b4>] bus_for_each_dev+0xdc/0x11c
[    1.262886] [<ffffffc0009b2a2c>] driver_attach+0x2c/0x3c
[    1.262903] [<ffffffc0009b237c>] bus_add_driver+0x1bc/0x32c
[    1.262916] [<ffffffc0009b3eb0>] driver_register+0x10c/0x1d8
[    1.262931] [<ffffffc0009b5a28>] platform_driver_register+0x98/0xa8
[    1.262946] [<ffffffc0018422d4>] ipa_module_init+0x3c/0x48
[    1.262960] [<ffffffc000400b08>] do_one_initcall+0xcc/0x188
[    1.262978] [<ffffffc001800bd0>] kernel_init_freeable+0x1c0/0x264
[    1.262992] [<ffffffc000f9f338>] kernel_init+0x10/0xcc
[    1.263000] Memory state around the buggy address:
[    1.263012]  ffffffc00e9af100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263024]  ffffffc00e9af180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263037] >ffffffc00e9af200: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4
[    1.263046]                                                        ^
[    1.263058]  ffffffc00e9af280: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4
[    1.263071]  ffffffc00e9af300: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263079] ==================================================================

Change-Id: I7b7bde5f408dc1f04a773b7a314662ec91344a5e
Signed-off-by: default avatarPatrick Daly <pdaly@codeaurora.org>
Signed-off-by: default avatarPrasad Sodagudi <psodagud@codeaurora.org>
parent cf512e1d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment