| 2019-11-26 09:03:57 |
Fred Kimmy |
bug |
|
|
added bug |
| 2019-11-29 08:40:23 |
Ike Panhc |
nominated for series |
|
kunpeng920/upstream-kernel |
|
| 2019-11-29 08:40:23 |
Ike Panhc |
bug task added |
|
kunpeng920/upstream-kernel |
|
| 2019-11-29 08:40:23 |
Ike Panhc |
nominated for series |
|
kunpeng920/ubuntu-18.04-hwe |
|
| 2019-11-29 08:40:23 |
Ike Panhc |
bug task added |
|
kunpeng920/ubuntu-18.04-hwe |
|
| 2019-11-29 08:40:23 |
Ike Panhc |
nominated for series |
|
kunpeng920/ubuntu-20.04 |
|
| 2019-11-29 08:40:23 |
Ike Panhc |
bug task added |
|
kunpeng920/ubuntu-20.04 |
|
| 2019-11-29 08:40:30 |
Ike Panhc |
kunpeng920/upstream-kernel: milestone |
|
linux-v5.4 |
|
| 2019-11-29 08:40:35 |
Ike Panhc |
kunpeng920/upstream-kernel: status |
New |
Fix Released |
|
| 2019-11-29 09:06:43 |
Ike Panhc |
kunpeng920/ubuntu-20.04: milestone |
|
ubuntu-20.04-ga |
|
| 2019-11-29 09:06:49 |
Ike Panhc |
kunpeng920/ubuntu-18.04-hwe: milestone |
|
ubuntu-18.04.5 |
|
| 2019-12-11 00:19:10 |
dann frazier |
nominated for series |
|
kunpeng920/ubuntu-18.04 |
|
| 2019-12-11 00:19:10 |
dann frazier |
bug task added |
|
kunpeng920/ubuntu-18.04 |
|
| 2019-12-11 00:19:10 |
dann frazier |
nominated for series |
|
kunpeng920/ubuntu-19.04 |
|
| 2019-12-11 00:19:10 |
dann frazier |
bug task added |
|
kunpeng920/ubuntu-19.04 |
|
| 2019-12-11 00:19:10 |
dann frazier |
nominated for series |
|
kunpeng920/ubuntu-19.10 |
|
| 2019-12-11 00:19:10 |
dann frazier |
bug task added |
|
kunpeng920/ubuntu-19.10 |
|
| 2019-12-12 00:11:49 |
dann frazier |
kunpeng920/ubuntu-20.04: status |
New |
Fix Committed |
|
| 2019-12-12 00:11:52 |
dann frazier |
kunpeng920/ubuntu-18.04-hwe: status |
New |
Fix Committed |
|
| 2019-12-26 06:58:10 |
Ike Panhc |
bug task added |
|
linux (Ubuntu) |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
nominated for series |
|
Ubuntu Disco |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
bug task added |
|
linux (Ubuntu Disco) |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
nominated for series |
|
Ubuntu Focal |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
nominated for series |
|
Ubuntu Eoan |
|
| 2019-12-26 06:58:47 |
Ike Panhc |
bug task added |
|
linux (Ubuntu Eoan) |
|
| 2019-12-26 06:59:13 |
Ike Panhc |
linux (Ubuntu Eoan): status |
New |
In Progress |
|
| 2019-12-26 06:59:13 |
Ike Panhc |
linux (Ubuntu Eoan): assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 06:59:27 |
Ike Panhc |
linux (Ubuntu Disco): status |
New |
In Progress |
|
| 2019-12-26 06:59:27 |
Ike Panhc |
linux (Ubuntu Disco): assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:00:05 |
Ike Panhc |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-12-26 07:00:05 |
Ike Panhc |
linux (Ubuntu Bionic): assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:00:10 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2019-12-26 07:01:01 |
Ike Panhc |
linux (Ubuntu Focal): status |
Incomplete |
Fix Released |
|
| 2019-12-26 07:03:03 |
Ike Panhc |
kunpeng920/ubuntu-18.04: status |
New |
In Progress |
|
| 2019-12-26 07:03:03 |
Ike Panhc |
kunpeng920/ubuntu-18.04: assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:03:14 |
Ike Panhc |
kunpeng920/ubuntu-19.04: status |
New |
In Progress |
|
| 2019-12-26 07:03:14 |
Ike Panhc |
kunpeng920/ubuntu-19.04: assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:03:33 |
Ike Panhc |
kunpeng920/ubuntu-19.10: status |
New |
In Progress |
|
| 2019-12-26 07:03:33 |
Ike Panhc |
kunpeng920/ubuntu-19.10: assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:04:06 |
Ike Panhc |
kunpeng920: status |
New |
In Progress |
|
| 2019-12-26 07:07:14 |
Ike Panhc |
kunpeng920/ubuntu-18.04-hwe: status |
Fix Committed |
In Progress |
|
| 2019-12-26 07:07:14 |
Ike Panhc |
kunpeng920/ubuntu-18.04-hwe: milestone |
ubuntu-18.04.5 |
|
|
| 2019-12-26 07:07:14 |
Ike Panhc |
kunpeng920/ubuntu-18.04-hwe: assignee |
|
Ike Panhc (ikepanhc) |
|
| 2019-12-26 07:24:32 |
Ike Panhc |
description |
[Bug Description]
sas kasan test will produce this out bounds in sas module
[Steps to Reproduce]
1) enbale this kasn
2)
3)
[Actual Results]
30293.504016] sas: ata464: end_device-2:2:6: dev error handler
[30293.504041] sas: ata465: end_device-2:2:7: dev error handler
[30293.504059] sas: ata466: end_device-2:2:8: dev error handler
[30293.538746] ==================================================================
[30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.558642] Read of size 8 at addr ffffb72e47233540 by task kworker/u193:3/79165
[30293.566004]
[30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: G B O 5.1.0-rc1-g7a3fab8-dirty #1
[30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019
[30293.586037] Workqueue: events_unbound async_run_entry_fn
[30293.591331] Call trace:
[30293.593770] dump_backtrace+0x0/0x1f8
[30293.597419] show_stack+0x14/0x20
[30293.600726] dump_stack+0xc4/0xfc
[30293.604032] print_address_description+0x60/0x258
[30293.608716] kasan_report+0x164/0x1b8
[30293.612366] __asan_load8+0x84/0xa8
[30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170
[30293.625562] sas_ata_hard_reset+0x88/0x178
[30293.629646] ata_do_reset.constprop.6+0x80/0x90
[30293.634160] ata_eh_reset+0x71c/0x10e8
[30293.637897] ata_eh_recover+0x3d0/0x1a80
[30293.641804] ata_do_eh+0x50/0xd0
[30293.645020] ata_std_error_handler+0x78/0xa8
[30293.649273] ata_scsi_port_error_handler+0x288/0x930
[30293.654216] async_sas_ata_eh+0x68/0x90
[30293.658040] async_run_entry_fn+0x7c/0x1c0
[30293.662121] process_one_work+0x3c0/0x878
[30293.666115] worker_thread+0x70/0x670
[30293.669762] kthread+0x1b0/0x1b8
[30293.672978] ret_from_fork+0x10/0x18
[30293.676541]
[30293.678027] Allocated by task 16690:
[30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188
[30293.686018] kasan_kmalloc+0xc/0x18
[30293.689496] __kmalloc_node_track_caller+0x5c/0x98
[30293.694270] devm_kmalloc+0x44/0xb8
[30293.697746] hisi_sas_v3_probe+0x2ec/0x698
[30293.701828] local_pci_probe+0x74/0xf0
[30293.705562] work_for_cpu_fn+0x2c/0x48
[30293.709300] process_one_work+0x3c0/0x878
[30293.713294] worker_thread+0x400/0x670
[30293.717027] kthread+0x1b0/0x1b8
[30293.720241] ret_from_fork+0x10/0x18
[30293.723801]
[30293.725287] Freed by task 16227:
[30293.728503] __kasan_slab_free+0x108/0x210
[30293.732583] kasan_slab_free+0x10/0x18
[30293.736318] kfree+0x74/0x150
[30293.739276] devres_free+0x34/0x48
[30293.742665] devres_release+0x38/0x60
[30293.746313] devm_pinctrl_put+0x34/0x58
[30293.750136] pinctrl_bind_pins+0x164/0x248
[30293.754214] really_probe+0xc0/0x3b0
[30293.757777] driver_probe_device+0x70/0x138
[30293.761944] __device_attach_driver+0xc0/0xe0
[30293.766285] bus_for_each_drv+0xcc/0x150
[30293.770194] __device_attach+0x154/0x1c0
[30293.774101] device_initial_probe+0x10/0x18
[30293.778270] bus_probe_device+0xec/0x100
[30293.782178] device_add+0x5f8/0x9b8
[30293.785658] scsi_sysfs_add_sdev+0xa4/0x310
[30293.789825] scsi_probe_and_add_lun+0xe60/0x1240
[30293.794425] __scsi_scan_target+0x1ac/0x780
[30293.798591] scsi_scan_target+0x134/0x140
[30293.802586] sas_rphy_add+0x1fc/0x2c8
[30293.806234] sas_probe_devices+0x10c/0x1e8
[30293.810313] sas_discover_domain+0x754/0x998
[30293.814567] process_one_work+0x3c0/0x878
[30293.818560] worker_thread+0x70/0x670
[30293.822207] kthread+0x1b0/0x1b8
[30293.825423] ret_from_fork+0x10/0x18
[30293.828983]
[30293.830473] The buggy address belongs to the object at ffffb72e47233480
[30293.830473] which belongs to the cache kmalloc-256 of size 256
[30293.842934] The buggy address is located 192 bytes inside of
[30293.842934] 256-byte region [ffffb72e47233480, ffffb72e47233580)
[30293.854617] The buggy address belongs to the page:
[30293.859388] page:ffff7edcb91c8cc0 count:1 mapcount:0 mapping:ffff972e5f000200 index:0x0
[30293.867360] flags: 0xdfffe00000000200(slab)
[30293.871533] raw: dfffe00000000200 ffff7edcb915ca48 ffff7edcb93fdc08 ffff972e5f000200
[Expected Results]
[Reproducibility]
[Additional information]
(Firmware version, kernel version, affected hardware, etc. if required):
[Resolution]
scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() |
[Impact]
Potential NULL-pointer dereference.
[Test Case]
No known test case, but the issue is clear from code reading.
[Fix]
445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
[Regression Risk]
Patch restricted to hisi_sas driver.
[Bug Description]
sas kasan test will produce this out bounds in sas module
[Steps to Reproduce]
1) enbale this kasn
2)
3)
[Actual Results]
30293.504016] sas: ata464: end_device-2:2:6: dev error handler
[30293.504041] sas: ata465: end_device-2:2:7: dev error handler
[30293.504059] sas: ata466: end_device-2:2:8: dev error handler
[30293.538746] ==================================================================
[30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.558642] Read of size 8 at addr ffffb72e47233540 by task kworker/u193:3/79165
[30293.566004]
[30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: G B O 5.1.0-rc1-g7a3fab8-dirty #1
[30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019
[30293.586037] Workqueue: events_unbound async_run_entry_fn
[30293.591331] Call trace:
[30293.593770] dump_backtrace+0x0/0x1f8
[30293.597419] show_stack+0x14/0x20
[30293.600726] dump_stack+0xc4/0xfc
[30293.604032] print_address_description+0x60/0x258
[30293.608716] kasan_report+0x164/0x1b8
[30293.612366] __asan_load8+0x84/0xa8
[30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170
[30293.625562] sas_ata_hard_reset+0x88/0x178
[30293.629646] ata_do_reset.constprop.6+0x80/0x90
[30293.634160] ata_eh_reset+0x71c/0x10e8
[30293.637897] ata_eh_recover+0x3d0/0x1a80
[30293.641804] ata_do_eh+0x50/0xd0
[30293.645020] ata_std_error_handler+0x78/0xa8
[30293.649273] ata_scsi_port_error_handler+0x288/0x930
[30293.654216] async_sas_ata_eh+0x68/0x90
[30293.658040] async_run_entry_fn+0x7c/0x1c0
[30293.662121] process_one_work+0x3c0/0x878
[30293.666115] worker_thread+0x70/0x670
[30293.669762] kthread+0x1b0/0x1b8
[30293.672978] ret_from_fork+0x10/0x18
[30293.676541]
[30293.678027] Allocated by task 16690:
[30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188
[30293.686018] kasan_kmalloc+0xc/0x18
[30293.689496] __kmalloc_node_track_caller+0x5c/0x98
[30293.694270] devm_kmalloc+0x44/0xb8
[30293.697746] hisi_sas_v3_probe+0x2ec/0x698
[30293.701828] local_pci_probe+0x74/0xf0
[30293.705562] work_for_cpu_fn+0x2c/0x48
[30293.709300] process_one_work+0x3c0/0x878
[30293.713294] worker_thread+0x400/0x670
[30293.717027] kthread+0x1b0/0x1b8
[30293.720241] ret_from_fork+0x10/0x18
[30293.723801]
[30293.725287] Freed by task 16227:
[30293.728503] __kasan_slab_free+0x108/0x210
[30293.732583] kasan_slab_free+0x10/0x18
[30293.736318] kfree+0x74/0x150
[30293.739276] devres_free+0x34/0x48
[30293.742665] devres_release+0x38/0x60
[30293.746313] devm_pinctrl_put+0x34/0x58
[30293.750136] pinctrl_bind_pins+0x164/0x248
[30293.754214] really_probe+0xc0/0x3b0
[30293.757777] driver_probe_device+0x70/0x138
[30293.761944] __device_attach_driver+0xc0/0xe0
[30293.766285] bus_for_each_drv+0xcc/0x150
[30293.770194] __device_attach+0x154/0x1c0
[30293.774101] device_initial_probe+0x10/0x18
[30293.778270] bus_probe_device+0xec/0x100
[30293.782178] device_add+0x5f8/0x9b8
[30293.785658] scsi_sysfs_add_sdev+0xa4/0x310
[30293.789825] scsi_probe_and_add_lun+0xe60/0x1240
[30293.794425] __scsi_scan_target+0x1ac/0x780
[30293.798591] scsi_scan_target+0x134/0x140
[30293.802586] sas_rphy_add+0x1fc/0x2c8
[30293.806234] sas_probe_devices+0x10c/0x1e8
[30293.810313] sas_discover_domain+0x754/0x998
[30293.814567] process_one_work+0x3c0/0x878
[30293.818560] worker_thread+0x70/0x670
[30293.822207] kthread+0x1b0/0x1b8
[30293.825423] ret_from_fork+0x10/0x18
[30293.828983]
[30293.830473] The buggy address belongs to the object at ffffb72e47233480
[30293.830473] which belongs to the cache kmalloc-256 of size 256
[30293.842934] The buggy address is located 192 bytes inside of
[30293.842934] 256-byte region [ffffb72e47233480, ffffb72e47233580)
[30293.854617] The buggy address belongs to the page:
[30293.859388] page:ffff7edcb91c8cc0 count:1 mapcount:0 mapping:ffff972e5f000200 index:0x0
[30293.867360] flags: 0xdfffe00000000200(slab)
[30293.871533] raw: dfffe00000000200 ffff7edcb915ca48 ffff7edcb93fdc08 ffff972e5f000200
[Expected Results]
[Reproducibility]
[Additional information]
(Firmware version, kernel version, affected hardware, etc. if required):
[Resolution]
scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() |
|
| 2020-01-07 16:07:39 |
Kleber Sacilotto de Souza |
linux (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2020-01-07 16:08:40 |
Kleber Sacilotto de Souza |
linux (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
| 2020-01-07 16:13:05 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2020-01-08 05:01:06 |
Ike Panhc |
kunpeng920/ubuntu-19.10: status |
In Progress |
Fix Committed |
|
| 2020-01-08 05:01:18 |
Ike Panhc |
kunpeng920/ubuntu-19.04: status |
In Progress |
Fix Committed |
|
| 2020-01-08 05:01:31 |
Ike Panhc |
kunpeng920/ubuntu-18.04-hwe: status |
In Progress |
Fix Committed |
|
| 2020-01-08 05:01:44 |
Ike Panhc |
kunpeng920/ubuntu-18.04: status |
In Progress |
Fix Committed |
|
| 2020-01-10 18:03:01 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-disco |
|
| 2020-01-17 15:31:28 |
Ike Panhc |
tags |
verification-needed-disco |
verification-done-disco |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-14615 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-18885 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19050 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19077 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19078 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19082 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19332 |
|
| 2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2020-7053 |
|
| 2020-01-28 10:20:39 |
Andrew Cloke |
kunpeng920/ubuntu-19.04: status |
Fix Committed |
Fix Released |
|
| 2020-01-28 10:20:39 |
Andrew Cloke |
kunpeng920/ubuntu-19.04: milestone |
|
ubuntu-19.04-sru-12 |
|
| 2020-01-28 10:20:53 |
Andrew Cloke |
kunpeng920/ubuntu-18.04-hwe: status |
Fix Committed |
Fix Released |
|
| 2020-01-28 10:20:53 |
Andrew Cloke |
kunpeng920/ubuntu-18.04-hwe: milestone |
|
ubuntu-18.04.3-sru-7 |
|
| 2020-02-03 22:38:32 |
Ubuntu Kernel Bot |
tags |
verification-done-disco |
verification-done-disco verification-needed-bionic |
|
| 2020-02-03 22:44:16 |
Ubuntu Kernel Bot |
tags |
verification-done-disco verification-needed-bionic |
verification-done-disco verification-needed-bionic verification-needed-eoan |
|
| 2020-02-05 07:00:34 |
Ike Panhc |
tags |
verification-done-disco verification-needed-bionic verification-needed-eoan |
verification-done-bionic verification-done-disco verification-done-eoan |
|
| 2020-02-13 09:18:00 |
Andrew Cloke |
kunpeng920: status |
In Progress |
Fix Committed |
|
| 2020-02-17 10:23:38 |
Launchpad Janitor |
linux (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2020-02-17 10:23:38 |
Launchpad Janitor |
cve linked |
|
2019-19965 |
|
| 2020-02-17 10:36:02 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-02-17 10:36:02 |
Launchpad Janitor |
cve linked |
|
2019-20096 |
|
| 2020-02-17 10:36:02 |
Launchpad Janitor |
cve linked |
|
2019-5108 |
|
| 2020-02-17 14:29:59 |
Andrew Cloke |
kunpeng920/ubuntu-18.04: status |
Fix Committed |
Fix Released |
|
| 2020-02-17 14:30:26 |
Andrew Cloke |
kunpeng920/ubuntu-18.04: milestone |
|
ubuntu-18.04.4-sru-1 |
|
| 2020-02-27 09:05:04 |
Andrew Cloke |
kunpeng920/ubuntu-19.10: status |
Fix Committed |
Fix Released |
|
| 2020-04-24 10:50:18 |
Andrew Cloke |
kunpeng920/ubuntu-20.04: status |
Fix Committed |
Fix Released |
|
| 2020-04-27 06:57:00 |
Ike Panhc |
kunpeng920: status |
Fix Committed |
Fix Released |
|
