kasan: bring up kasan

PD#172700:

1. Fix boot fail due to vmap exit problem after enable kasan;
2. Fix make fail problem when open stack/static size check
   after enable kasan;
3. fix dt-match problems reported by kasan:

==================================================================
BUG: KASAN: global-out-of-bounds in __of_match_node+0x78/0xc0
Read of size 1 at addr ffffff900a5696d0 by task swapper/0/1

CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.113 #5
Hardware name: Amlogic (DT)
Call trace:
[<ffffff900908ecc0>] dump_backtrace+0x0/0x368
[<ffffff900908f0cc>] show_stack+0x24/0x30
[<ffffff900963bdb0>] dump_stack+0xa0/0xc8
[<ffffff90092ba21c>] print_address_description+0x144/0x258
[<ffffff90092ba694>] kasan_report+0x264/0x338
[<ffffff90092b897c>] __asan_load1+0x4c/0x58
[<ffffff9009ab99c0>] __of_match_node+0x78/0xc0
[<ffffff9009ab9a48>] of_match_node+0x40/0x68
[<ffffff9009abcac8>] of_match_device+0x38/0x50
[<ffffff90097631c4>] platform_match+0x7c/0x128
[<ffffff900975fcdc>] __device_attach_driver+0x64/0x140
[<ffffff900975c8b4>] bus_for_each_drv+0xec/0x158
[<ffffff900975f694>] __device_attach+0x164/0x1c8
[<ffffff900975fe4c>] device_initial_probe+0x24/0x30
[<ffffff900975e3a8>] bus_probe_device+0xe8/0xf8
[<ffffff900975aae8>] device_add+0x548/0x880
[<ffffff9009abd21c>] of_device_add+0x64/0x90
[<ffffff9009abdbd8>] of_platform_device_create_pdata+0xc0/0x128
[<ffffff9009abde4c>] of_platform_bus_create+0x1c4/0x488
[<ffffff9009abe274>] of_platform_populate+0x74/0xd0
[<ffffff900abfeaa0>] of_platform_default_populate_init+0x78/0x88
[<ffffff900908421c>] do_one_initcall+0xac/0x1f8
[<ffffff900abb10bc>] kernel_init_freeable+0x254/0x2f4
[<ffffff900a290b40>] kernel_init+0x18/0x118
[<ffffff9009083e80>] ret_from_fork+0x10/0x50

The buggy address belongs to the variable:
meson_gxl_pinctrl_dt_match+0x190/0x840

Memory state around the buggy address:
ffffff900a569580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffff900a569600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffff900a569680: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
^
ffffff900a569700: 00 04 fa fa fa fa fa fa 00 06 fa fa fa fa fa fa
ffffff900a569780: 03 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa
==================================================================

Change-Id: I8b0a6369fbdc10ba5106bf4f40d4b82971b7ad23
Signed-off-by: tao zeng <tao.zeng@amlogic.com>

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 449cdf8..7362110 100644 (file)
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -585,8 +585,11 @@ static int __init check_pfn_overflow(unsigned long pfn)
        size = sizeof(struct page);
        pfn_up = ALIGN(max_pfn * size, PMD_SIZE);
        pfn_up = (pfn_up + size - 1) / size;    /* round up */
-       if (pfn >= pfn_up)
+       if (pfn >= pfn_up) {
+               pr_debug("%s, wrong pfn:%lx, max:%lx, up:%lx\n",
+                       __func__, pfn, max_pfn, pfn_up);
                return -ERANGE;
+       }
        return 0;
 }
 #endif /* CONFIG_AMLOGIC_MODIFY */
@@ -600,15 +603,19 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node)
        pmd_t *pmd;
 #ifdef CONFIG_AMLOGIC_MODIFY
        struct page *page;
+       bool in_vmap = false;
 
        page = (struct page *)start;
+       /* avoid check for KASAN */
+       if (start >= VMEMMAP_START)
+               in_vmap = true;
 #endif /* CONFIG_AMLOGIC_MODIFY */
        do {
                next = pmd_addr_end(addr, end);
 
        #ifdef CONFIG_AMLOGIC_MODIFY
                /* page address may not just same as next */
-               while (((unsigned long)page) < next)
+               while (in_vmap && ((unsigned long)page) < next)
                        page++;
        #endif /* CONFIG_AMLOGIC_MODIFY */
 
@@ -633,7 +640,7 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node)
                        vmemmap_verify((pte_t *)pmd, node, addr, next);
 
        #ifdef CONFIG_AMLOGIC_MODIFY
-               if (check_pfn_overflow(page_to_pfn(page)))
+               if (in_vmap && check_pfn_overflow(page_to_pfn(page)))
                        break;
        #endif /* CONFIG_AMLOGIC_MODIFY */
        } while (addr = next, addr != end);

diff --git a/drivers/amlogic/Makefile b/drivers/amlogic/Makefile
index 801a195..8228bd8 100644 (file)
--- a/drivers/amlogic/Makefile
+++ b/drivers/amlogic/Makefile
@@ -7,8 +7,14 @@
 ## Do not change.
 ##########################################
 
+ifndef CONFIG_KASAN
 KBUILD_CFLAGS += -Wlarger-than=28792
 KBUILD_CFLAGS += -Wstack-usage=1856
+else
+ifeq ($(call cc-ifversion, -lt, 0500, y), y)
+    $(error -----GCC VERSION TOO SMALL FOR KASAN -----)
+endif
+endif
 
 # These 2 marked sentence is just for generate warning messages
 #KBUILD_CFLAGS += -Wno-error=larger-than=28792
@@ -126,4 +132,4 @@ obj-$(CONFIG_AMLOGIC_DEBUG) += debug/
 
 obj-$(CONFIG_AMLOGIC_DEFENDKEY) += defendkey/
 
-obj-$(CONFIG_MTD_SPI_NOR) += spi-nor/
\ No newline at end of file
+obj-$(CONFIG_MTD_SPI_NOR) += spi-nor/

diff --git a/drivers/amlogic/cec/hdmi_ao_cec.c b/drivers/amlogic/cec/hdmi_ao_cec.c
index 9472b8b..8938d1b 100644 (file)
--- a/drivers/amlogic/cec/hdmi_ao_cec.c
+++ b/drivers/amlogic/cec/hdmi_ao_cec.c
@@ -2668,6 +2668,7 @@ static const struct of_device_id aml_cec_dt_match[] = {
                .compatible = "amlogic, aocec-txl",
                .data = &cec_txl_data,
        },
+       {}
 };
 #endif
 

diff --git a/drivers/amlogic/ddr_tool/ddr_bandwidth.c b/drivers/amlogic/ddr_tool/ddr_bandwidth.c
index e86286b..dd6771c 100644 (file)
--- a/drivers/amlogic/ddr_tool/ddr_bandwidth.c
+++ b/drivers/amlogic/ddr_tool/ddr_bandwidth.c
@@ -366,7 +366,8 @@ static int ddr_bandwidth_remove(struct platform_device *pdev)
 static const struct of_device_id aml_ddr_bandwidth_dt_match[] = {
        {
                .compatible = "amlogic, ddr-bandwidth",
-       }
+       },
+       {}
 };
 #endif
 

diff --git a/drivers/amlogic/media/video_processor/ionvideo/ionvideo.c b/drivers/amlogic/media/video_processor/ionvideo/ionvideo.c
index 0f61659..0254574 100644 (file)
--- a/drivers/amlogic/media/video_processor/ionvideo/ionvideo.c
+++ b/drivers/amlogic/media/video_processor/ionvideo/ionvideo.c
@@ -1334,6 +1334,7 @@ static const struct of_device_id ionvideo_dt_match[] = {
        {
                .compatible = "amlogic, ionvideo",
        },
+       {}
 };
 
 /* general interface for a linux driver .*/

diff --git a/drivers/amlogic/memory_ext/page_trace.c b/drivers/amlogic/memory_ext/page_trace.c
index b07800b..3f3c083 100644 (file)
--- a/drivers/amlogic/memory_ext/page_trace.c
+++ b/drivers/amlogic/memory_ext/page_trace.c
@@ -1095,6 +1095,9 @@ void __init page_trace_mem_init(void)
 #endif
 
        find_static_common_symbol();
+#ifdef CONFIG_KASAN    /* open multi_shot for kasan */
+       kasan_save_enable_multi_shot();
+#endif
 #ifdef CONFIG_64BIT
        /*
         * if this compiler error occurs, that means there are over 32 page

diff --git a/drivers/amlogic/pinctrl/pinctrl-meson-gxl.c b/drivers/amlogic/pinctrl/pinctrl-meson-gxl.c
index 720f112..a98e3e4 100644 (file)
--- a/drivers/amlogic/pinctrl/pinctrl-meson-gxl.c
+++ b/drivers/amlogic/pinctrl/pinctrl-meson-gxl.c
@@ -1231,7 +1231,7 @@ static const struct of_device_id meson_gxl_pinctrl_dt_match[] = {
                .compatible = "amlogic,meson-gxl-aobus-pinctrl",
                .data = &meson_gxl_aobus_pinctrl_data,
        },
-
+       {}      /* Let KASAN shut up */
 };
 
 static struct platform_driver meson_gxl_pinctrl_driver = {

diff --git a/drivers/amlogic/pinctrl/pinctrl-meson-txl.c b/drivers/amlogic/pinctrl/pinctrl-meson-txl.c
index 8732de0..889fe7d 100644 (file)
--- a/drivers/amlogic/pinctrl/pinctrl-meson-txl.c
+++ b/drivers/amlogic/pinctrl/pinctrl-meson-txl.c
@@ -1019,7 +1019,7 @@ static const struct of_device_id meson_txl_pinctrl_dt_match[] = {
                .compatible = "amlogic,meson-txl-aobus-pinctrl",
                .data = &meson_txl_aobus_pinctrl_data,
        },
-
+       {}      /* Make KASAN shut up */
 };
 
 static struct platform_driver meson_txl_pinctrl_driver = {

diff --git a/drivers/amlogic/pinctrl/pinctrl-meson-txlx.c b/drivers/amlogic/pinctrl/pinctrl-meson-txlx.c
index efd7418..5e5e5de 100644 (file)
--- a/drivers/amlogic/pinctrl/pinctrl-meson-txlx.c
+++ b/drivers/amlogic/pinctrl/pinctrl-meson-txlx.c
@@ -1460,7 +1460,7 @@ static const struct of_device_id meson_txlx_pinctrl_dt_match[] = {
                .compatible = "amlogic,meson-txlx-aobus-pinctrl",
                .data = &meson_txlx_aobus_pinctrl_data,
        },
-
+       {}      /* Let KASAN shut up */
 };
 
 static struct platform_driver meson_txlx_pinctrl_driver = {

diff --git a/drivers/amlogic/pinctrl/pinctrl-meson8b.c b/drivers/amlogic/pinctrl/pinctrl-meson8b.c
index 39795c9..96f1a20 100644 (file)
--- a/drivers/amlogic/pinctrl/pinctrl-meson8b.c
+++ b/drivers/amlogic/pinctrl/pinctrl-meson8b.c
@@ -978,7 +978,8 @@ static const struct of_device_id meson8b_pinctrl_dt_match[] = {
        {
                .compatible = "amlogic,meson8b-aobus-pinctrl",
                .data = &meson8b_aobus_pinctrl_data,
-       }
+       },
+       {}
 };
 
 static struct platform_driver meson8b_pinctrl_driver = {

diff --git a/drivers/amlogic/pm/gx_pm.c b/drivers/amlogic/pm/gx_pm.c
index a2cd9ac..d012ff1 100644 (file)
--- a/drivers/amlogic/pm/gx_pm.c
+++ b/drivers/amlogic/pm/gx_pm.c
@@ -264,7 +264,8 @@ static int __exit meson_pm_remove(struct platform_device *pdev)
 
 static const struct of_device_id amlogic_pm_dt_match[] = {
        {.compatible = "amlogic, pm",
-        },
+       },
+       {}
 };
 
 static struct platform_driver meson_pm_driver = {