2014-12-22 23:39 GMT+03:00 Eric W. Biederman <ebiederm@xxxxxxxxxxxx>: > Sasha Levin <sasha.levin@xxxxxxxxxx> writes: > >> On 12/22/2014 12:52 PM, Andrey Ryabinin wrote: >>> 2014-12-22 18:51 GMT+03:00 Eric W. Biederman <ebiederm@xxxxxxxxxxxx>: >>>> These two instructions: >>>>>> 11: 4d 85 ff test %r15,%r15 >>>>>> 14: 0f 84 de 01 00 00 je 0x1f8 >>>> >>>> Should prevent a NULL %r15 value from ever reaching the trapping >>>> instruction. >>> >>> If they were executed, then yes. But I think there was jump from somewhere >>> to the instructions below those two. >> >> There is indeed a jump direct to that point, which avoids the %r15 >> check. > > Where do you see that direct jump, that certainly has not been posted > in this thread? > > There are certainly no such code paths I in the source code. There is > only one NULL pointer check in find_entry and it is executed every time > the loop executes. > > So at this point all I know is some set of tools has totally destroyed > the code and made what Sasha Levin's is testing so far from the source > code that this is a useless bug report. > > I have no reason to even suspect this bug is actually in the upstream > kernel. > Generated code looks correct to me (considering that it was built with sanitizer tools). So this looks like a real BUG to me. AFAICT this is 'head' == NULL: head = ctl_node->header; entry = &head->ctl_table[ctl_node - head->node]; > This appears to be a kind of testing that slows development and wastes > peoples time. Can someone give me a patch that sets the TAINTED flag > when KASAN is loaded? > Pay attention to the first line of report: [ 2015.960381] general protection fault: 0000 [#1] PREEMPT SMP KASAN -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
