lib: Ignore kasan errors from find_next_bit and last bit

find_next_bit and find_last_bit code operates on the unsigned long *addr,
and without knowing the size of the actual buffer passed to it, Kasan
detects it as invalid Out of Bound read access.

find_next_bit and find_last_bit implementation is very generic
and it need not to be modified for the Kasan, so we are skipping
it from the sanitization.

Following is the Kasan error log for the reference.

[    1.262524] BUG: KASan: out of bounds access in find_next_bit+0xa4/0xf0 at addr ffffffc00e9af260
[    1.262534] Read of size 8 by task swapper/0/1
[    1.262546] page:ffffffbc00920d60 count:0 mapcount:0 mapping:          (null) index:0x0
[    1.262554] page flags: 0x0()
[    1.262570] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.49-gef71b0c-00348-g4f06d68-dirty #160
[    1.262577] Call trace:
[    1.262594] [<ffffffc00040a2d4>] dump_backtrace+0x0/0x1d4
[    1.262610] [<ffffffc00040a4b8>] show_stack+0x10/0x1c
[    1.262625] [<ffffffc000face70>] dump_stack+0x1c/0x28
[    1.262641] [<ffffffc000552448>] kasan_report_error+0x294/0x3e4
[    1.262656] [<ffffffc0005526a8>] kasan_report+0x68/0x78
[    1.262671] [<ffffffc00055169c>] __asan_load8+0x90/0x9c
[    1.262686] [<ffffffc00076fff8>] find_next_bit+0xa0/0xf0
[    1.262701] [<ffffffc000de37d0>] bam_pipe_set_desc_write_offset+0xc8/0x378
[    1.262716] [<ffffffc000e005e4>] sps_bam_pipe_transfer_one+0x6b8/0x70c
[    1.262730] [<ffffffc000e04f84>] sps_transfer_one+0x230/0x298
[    1.262746] [<ffffffc000da4c58>] ipa_replenish_rx_cache+0x2e8/0x430
[    1.262762] [<ffffffc000da891c>] ipa_setup_sys_pipe+0x14a8/0x22bc
[    1.262779] [<ffffffc000d8a554>] ipa_setup_apps_pipes+0x580/0x6a0
[    1.262797] [<ffffffc000d91ef0>] ipa_init.constprop.8+0x134c/0x1dd4
[    1.262814] [<ffffffc000d93038>] ipa_plat_drv_probe+0x6c0/0x720
[    1.262829] [<ffffffc0009b51e0>] platform_drv_probe+0x2c/0x3c
[    1.262842] [<ffffffc0009b32d0>] driver_probe_device+0x1f4/0x47c
[    1.262856] [<ffffffc0009b3644>] __driver_attach+0x88/0xc0
[    1.262873] [<ffffffc0009b05b4>] bus_for_each_dev+0xdc/0x11c
[    1.262886] [<ffffffc0009b2a2c>] driver_attach+0x2c/0x3c
[    1.262903] [<ffffffc0009b237c>] bus_add_driver+0x1bc/0x32c
[    1.262916] [<ffffffc0009b3eb0>] driver_register+0x10c/0x1d8
[    1.262931] [<ffffffc0009b5a28>] platform_driver_register+0x98/0xa8
[    1.262946] [<ffffffc0018422d4>] ipa_module_init+0x3c/0x48
[    1.262960] [<ffffffc000400b08>] do_one_initcall+0xcc/0x188
[    1.262978] [<ffffffc001800bd0>] kernel_init_freeable+0x1c0/0x264
[    1.262992] [<ffffffc000f9f338>] kernel_init+0x10/0xcc
[    1.263000] Memory state around the buggy address:
[    1.263012]  ffffffc00e9af100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263024]  ffffffc00e9af180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263037] >ffffffc00e9af200: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4
[    1.263046]                                                        ^
[    1.263058]  ffffffc00e9af280: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4
[    1.263071]  ffffffc00e9af300: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263079] ==================================================================

Change-Id: I7b7bde5f408dc1f04a773b7a314662ec91344a5e
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
tirimbino
Patrick Daly 10 years ago committed by Prasad Sodagudi
parent b5ca255f11
commit 3f823802c5
  1. 1
      lib/Makefile

@ -34,6 +34,7 @@ lib-$(CONFIG_DMA_VIRT_OPS) += dma-virt.o
lib-y += kobject.o klist.o
obj-y += lockref.o
KASAN_SANITIZE_find_bit.o := n
obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
bust_spinlocks.o kasprintf.o bitmap.o scatterlist.o \
gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \

Loading…
Cancel
Save