From 3f823802c5481764ea7c8620f42c419d7f8fdb23 Mon Sep 17 00:00:00 2001
From: Patrick Daly <pdaly@codeaurora.org>
Date: Tue, 19 May 2015 19:28:50 -0700
Subject: [PATCH] lib: Ignore kasan errors from find_next_bit and last bit

find_next_bit and find_last_bit code operates on the unsigned long *addr,
and without knowing the size of the actual buffer passed to it, Kasan
detects it as invalid Out of Bound read access.

find_next_bit and find_last_bit implementation is very generic
and it need not to be modified for the Kasan, so we are skipping
it from the sanitization.

Following is the Kasan error log for the reference.

[    1.262524] BUG: KASan: out of bounds access in find_next_bit+0xa4/0xf0 at addr ffffffc00e9af260
[    1.262534] Read of size 8 by task swapper/0/1
[    1.262546] page:ffffffbc00920d60 count:0 mapcount:0 mapping:          (null) index:0x0
[    1.262554] page flags: 0x0()
[    1.262570] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.49-gef71b0c-00348-g4f06d68-dirty #160
[    1.262577] Call trace:
[    1.262594] [<ffffffc00040a2d4>] dump_backtrace+0x0/0x1d4
[    1.262610] [<ffffffc00040a4b8>] show_stack+0x10/0x1c
[    1.262625] [<ffffffc000face70>] dump_stack+0x1c/0x28
[    1.262641] [<ffffffc000552448>] kasan_report_error+0x294/0x3e4
[    1.262656] [<ffffffc0005526a8>] kasan_report+0x68/0x78
[    1.262671] [<ffffffc00055169c>] __asan_load8+0x90/0x9c
[    1.262686] [<ffffffc00076fff8>] find_next_bit+0xa0/0xf0
[    1.262701] [<ffffffc000de37d0>] bam_pipe_set_desc_write_offset+0xc8/0x378
[    1.262716] [<ffffffc000e005e4>] sps_bam_pipe_transfer_one+0x6b8/0x70c
[    1.262730] [<ffffffc000e04f84>] sps_transfer_one+0x230/0x298
[    1.262746] [<ffffffc000da4c58>] ipa_replenish_rx_cache+0x2e8/0x430
[    1.262762] [<ffffffc000da891c>] ipa_setup_sys_pipe+0x14a8/0x22bc
[    1.262779] [<ffffffc000d8a554>] ipa_setup_apps_pipes+0x580/0x6a0
[    1.262797] [<ffffffc000d91ef0>] ipa_init.constprop.8+0x134c/0x1dd4
[    1.262814] [<ffffffc000d93038>] ipa_plat_drv_probe+0x6c0/0x720
[    1.262829] [<ffffffc0009b51e0>] platform_drv_probe+0x2c/0x3c
[    1.262842] [<ffffffc0009b32d0>] driver_probe_device+0x1f4/0x47c
[    1.262856] [<ffffffc0009b3644>] __driver_attach+0x88/0xc0
[    1.262873] [<ffffffc0009b05b4>] bus_for_each_dev+0xdc/0x11c
[    1.262886] [<ffffffc0009b2a2c>] driver_attach+0x2c/0x3c
[    1.262903] [<ffffffc0009b237c>] bus_add_driver+0x1bc/0x32c
[    1.262916] [<ffffffc0009b3eb0>] driver_register+0x10c/0x1d8
[    1.262931] [<ffffffc0009b5a28>] platform_driver_register+0x98/0xa8
[    1.262946] [<ffffffc0018422d4>] ipa_module_init+0x3c/0x48
[    1.262960] [<ffffffc000400b08>] do_one_initcall+0xcc/0x188
[    1.262978] [<ffffffc001800bd0>] kernel_init_freeable+0x1c0/0x264
[    1.262992] [<ffffffc000f9f338>] kernel_init+0x10/0xcc
[    1.263000] Memory state around the buggy address:
[    1.263012]  ffffffc00e9af100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263024]  ffffffc00e9af180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263037] >ffffffc00e9af200: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4
[    1.263046]                                                        ^
[    1.263058]  ffffffc00e9af280: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4
[    1.263071]  ffffffc00e9af300: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[    1.263079] ==================================================================

Change-Id: I7b7bde5f408dc1f04a773b7a314662ec91344a5e
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
---
 lib/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/Makefile b/lib/Makefile
index b8f2c16fccaa..dbacf0c95d33 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -34,6 +34,7 @@ lib-$(CONFIG_DMA_VIRT_OPS) += dma-virt.o
 lib-y	+= kobject.o klist.o
 obj-y	+= lockref.o
 
+KASAN_SANITIZE_find_bit.o := n
 obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
 	 bust_spinlocks.o kasprintf.o bitmap.o scatterlist.o \
 	 gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \