BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 (v6.13-rc6, PowerMac G4)

Erhard Furtner erhard_f at mailbox.org
Wed Jan 22 08:00:27 AEDT 2025 

On Sun, 19 Jan 2025 22:06:42 +0530
Madhavan Srinivasan <maddy at linux.ibm.com> wrote:

> On 1/12/25 6:28 PM, Erhard Furtner wrote:
> > Greetings!
> > 
> > I am getting this at bootup on my PowerMac G4 with a KASAN-enabled kernel 6.13-rc6:  
> 
> Sorry for the delayed response,
> 
> Are you seeing this only in this kernel or this is the recent
> kernel you tried to boot?

Meanwhile I bisected the bug. Offending commit is:

 # git bisect good
32913f348229c9f72dda45fc2c08c6d9dfcd3d6d is the first bad commit
commit 32913f348229c9f72dda45fc2c08c6d9dfcd3d6d
Author: Linus Torvalds <torvalds at linux-foundation.org>
Date:   Mon Dec 9 10:00:25 2024 -0800

    futex: fix user access on powerpc
    
    The powerpc user access code is special, and unlike other architectures
    distinguishes between user access for reading and writing.
    
    And commit 43a43faf5376 ("futex: improve user space accesses") messed
    that up.  It went undetected elsewhere, but caused ppc32 to fail early
    during boot, because the user access had been started with
    user_read_access_begin(), but then finished off with just a plain
    "user_access_end()".
    
    Note that the address-masking user access helpers don't even have that
    read-vs-write distinction, so if powerpc ever wants to do address
    masking tricks, we'll have to do some extra work for it.
    
    [ Make sure to also do it for the EFAULT case, as pointed out by
      Christophe Leroy ]
    
    Reported-by: Andreas Schwab <schwab at linux-m68k.org>
    Cc: Christophe Leroy <christophe.leroy at csgroup.eu>
    Link: https://lore.kernel.org/all/87bjxl6b0i.fsf@igel.home/
    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>

 kernel/futex/futex.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Indeed, reverting 32913f348229c9f72dda45fc2c08c6d9dfcd3d6d on top of v6.13 makes the KASAN hit disappear.

Kernel .config and bisect.log attached.

Regards,
Erhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bisect.log
Type: text/x-log
Size: 3085 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20250121/c2ba02ba/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_613_g4
Type: application/octet-stream
Size: 116982 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20250121/c2ba02ba/attachment.obj>

More information about the Linuxppc-dev mailing list