On Wed, Mar 20, 2019 at 11:57 AM Eric Biggers wrote:
>
> On Tue, Mar 19, 2019 at 10:09:13AM -0700, Eric Biggers wrote:
> > On Tue, Mar 19, 2019 at 12:54:23PM +0100, Geert Uytterhoeven wrote:
> > > When running the sha1-asm crypto selftest on arm with
> > > CONFIG_HARDENED_USERCOPY_PAGESPAN=y:
> > >
> > > usercopy: Kernel memory overwrite attempt detected to spans
> > > multiple pages (offset 0, size 42)!
> > > [ cut here ]
> > > kernel BUG at mm/usercopy.c:102!
> > > Internal error: Oops - BUG: 0 [#1] SMP ARM
> > > Modules linked in:
> > > CPU: 0 PID: 35 Comm: cryptomgr_test Not tainted
> > > 5.1.0-rc1-koelsch-01109-gbeb7d6376ecfbf07-dirty #397
> > > Hardware name: Generic R-Car Gen2 (Flattened Device Tree)
> > > PC is at usercopy_abort+0x68/0x90
> > > LR is at usercopy_abort+0x68/0x90
> > > pc : []lr : []psr: 6013
> > > sp : ea54bc60 ip : 0010 fp : cccd
> > > r10: r9 : c0e0ce04 r8 : ea54d009
> > > r7 : ea54d00a r6 : r5 : 002a r4 : c09d1120
> > > r3 : dd6cd422 r2 : dd6cd422 r1 : 2abb4000 r0 : 005f
> > > Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> > > Control: 30c5387d Table: 40003000 DAC: fffd
> > > Process cryptomgr_test (pid: 35, stack limit = 0x(ptrval))
> > > Stack: (0xea54bc60 to 0xea54c000)
> > > bc60: c09d1120 c09d1120 c09d1120 002a 002a
> > > c0310060
> > > bc80: 002a 01c0 c0eb11e8
> > > ea54cfe0 ea538c00
> > > bca0: ea54cfe0 ebef73e0 002a ea538c20 ea54bd84
> > > 003a c0427a30
> > > bcc0: ea54bdbc c081cf70 eb074280 c081cf70
> > > 002a c081cf80
> > > bce0: 000e c07da138 ea54bd0c c084061c c04248e8
> > > c0e0a408 eb074240
> > > bd00: eb074200 c04253c8 eb074280 ea55 0012 dd6cd422
> > > ebef7480 eb074200
> > > bd20: ea54bd84 c081cf64 ea537200 0002 0014
> > > c084061c c0428c38
> > > bd40: ea54bd84 ea54bdbc c081cd34 c0e4e4b4 ea538c40
> > > 0002 eabe4e80
> > > bd60: ea538c00 0400 ea4f7a00 ea4f7a60 eb074240 0060
> > > 0006 c09d544c
> > > bd80: 0038 0003 0038 ea54bd7c 0001
> > > eb074200
> > > bda0: dead4ead ea54bdb0 ea54bdb0
> > > c081cf70
> > > bdc0: c081ce68 c081ce78 ea4f7480 eb000780 0dc0 eb000780
> > > c0e4ee80 443e9884
> > > bde0: 6ed23b1c a14aaeba e52951f9 f17046e5 fefefefe fefefefe
> > > fefefefe fefefefe
> > > be00: eb000780 c04292c4 c0e0a638 6013 6013 c0305298
> > > ea4f7a00 c03062bc
> > > be20: eb000780 0cc0 ea4f7a00 dd6cd422 0cc0 ea538c00
> > > 0002 eabe4e40
> > > be40: ea537200 0007 ea4f7a00 eb074200 c0429314
> > > eb074200 ea538c00
> > > be60: ea4f7a00 000a eabe4e80 c084061c c08405fc 0006
> > > c04dace8 0006
> > > be80: c084065c ea537200 000e 0400 eb04de08
> > > ea4f71a8 c0429420
> > > bea0: 0400 ea537200 000e ea537200 000e c0429374
> > > 0400
> > > bec0: 00a2 c042a414 0103 c0e0a408 c0e0a438
> > > c0e5a2a0 c0e5a2a0
> > > bee0: 0001 0001 0017 e000 6013
> > > c0e5a2a0 c0269470
> > > bf00: c09c9ed0 ea54bf5c 0103 c0e0a408
> > > ea537280 000e
> > > bf20: 0400 c0426500 eb04de08 ea4f71a8 c02694f4
> > > c09c9ed0 ea54bf5c
> > > bf40: ea54bf28 c02699d0 ea54bf5c dd6cd422 ea537200 dd6cd422
> > > c09c9ed0 ea537200
> > > bf60: ea4af1c0 ea54a000 ea537200 c0426500 eb04de08
> > > ea4f71a8 c0426524
> > > bf80: ea4f7180 c023dcec ea54a000 ea4af1c0 c023dbb4
> > >
> > > bfa0: c02010d8
> > >
> > > bfc0:
> > >
> > > bfe0: 0013
> > >
> > > [] (usercopy_abort) from []
> > > (__check_object_size+0x2d8/0x448)
> > > [] (__check_object_size) from []
> > > (build_test_sglist+0x268/0x2d8)
> > > [] (build_test_sglist) from []
> > > (test_hash_vec_cfg+0x110/0x694)
> > > [] (test_hash_vec_cfg) from []
> > > (__alg_test_hash+0x158/0x1b8)
> > > [] (__alg_test_hash) from []
> > > (alg_test_hash+0xac/0xf4)
> > > [] (alg_test_hash) from []
> > > (alg_test.part.4+0x264/0x2f8)
> > > [] (alg_test.part.4) from []
> > > (cryptomgr_test+0x24/0x44)
> > > [] (cryptomgr_test) from [] (kthread+0x138/0x150)
> > > [] (kthread) from [] (ret_from_fork+0x14/0x3c)
> > > Exception stack(0xea54bfb0 to 0xea54bff8)
> > > bfa0:
> > >
> > > bfc0:
> > >