Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934752AbcKWTtI (ORCPT <rfc822;w@1wt.eu>);
        Wed, 23 Nov 2016 14:49:08 -0500
Received: from mail-he1eur01on0118.outbound.protection.outlook.com ([104.47.0.118]:20299
        "EHLO EUR01-HE1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S933035AbcKWTtF (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Nov 2016 14:49:05 -0500
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=dsafonov@virtuozzo.com; 
From: Dmitry Safonov <dsafonov@virtuozzo.com>
To: <linux-kernel@vger.kernel.org>
CC: <0x7f454c46@gmail.com>, Dmitry Safonov <dsafonov@virtuozzo.com>,
        "Oleg Nesterov" <oleg@redhat.com>, Andy Lutomirski <luto@kernel.org>,
        "Thomas Gleixner" <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, <linux-mm@kvack.org>,
        <x86@kernel.org>
Subject: [PATCH] x86/coredump: always use user_regs_struct for compat_elf_gregset_t
Date: Wed, 23 Nov 2016 21:13:30 +0300
Message-ID: <20161123181330.10705-1-dsafonov@virtuozzo.com>
X-Mailer: git-send-email 2.10.2
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [195.214.232.10]
X-ClientProxiedBy: HE1PR0401CA0058.eurprd04.prod.outlook.com (10.168.27.26) To
 HE1PR0801MB1740.eurprd08.prod.outlook.com (10.168.150.7)
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;2:Qt/K0yd3weNxVQU6j5U1K+yTfj/gdb5IKP345gfIL6HUS78t99HX1nWHNMUeNOKfeMEM0PNdEYslPTmgH5xI0UzpTP0XDmYy7YV/XxTH8MeYIM+vLRPuR7w9pJlfVel3PRl2u6eduBbXTJ4Sm3tLlP7SI9abxOdoUf+fNB6dU38=;3:Cc4FqspMFIw9hbk+IXagK3BXzBFIucCpCO+ZTsRtMTbr7/bQzjnjtjEJkY/rA0kmfrMIwtw9x4x0lnRAUNdqHoGYc+uUIbDBq53vpoH5HGp5/sKtfQ742ZaR2JlA0fPosd561P2X2YZo+scnsrMLRdMONFbmZB9yO2zK4OehVno=
X-MS-Office365-Filtering-Correlation-Id: e2e70362-3fa6-440f-b617-08d413ccdb2d
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:HE1PR0801MB1740;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;25:Dg1TqEXlebyDFWfwg2CrN6uBNZZv3lRiEikOQWpOJWbL7UJwtpL1wfu8BJyB/tKOoaKalP3xaFR3gNBU4JO+Y3IfnT1EKMpwWMQbTeeCio5dDr5nONIiRK4sOkbvDcRNyiHSTXneJUgb/WRonxE8U+rCRNB6MNxvtxNepF5cppeZO2puKiIV0rWCcnq3fxjkvhO5FQKVZH5tSmI8TzQUL3Xa9ejyUO/oCz3M+4YTL9JcEnyCxlcgGPnB/Hh6TPVamH0lb5W/nLYzgBBWHtxAuOVaPrF6qol5NiB9QHS69i4NcpmKGcuazeEyeZT3vVHrvquaXRro0Vlw47yG2R4NeK1WpAJRG101jKx/3uRR61ybeD/6MOxvuR0B2jhzOymg1kXCm+4PpVbe/nrvGp4VFAtbuu7U7e3RWpo4zrpRuEgbbQ829aE4neI0HsMQyGhH7Q+aVj8IJxNQQ7MAiLkElrI9vM7IlRZVboI/WDxhYIhHa2U1W8OisWhc9WIFszsXAUGX2kkgj0Bci4COBDXN2+ychTd69eCAOcFwSBWQchNnEOwdtRU614L57+Kui4JflJMF1zCZLODJXX7PCrqxZonq6tTL5FiQFn1pbaQ6VNuCDuztLCWCnzXcDD4OTbnTNbYyFeRO7fw7Ckz5fmFbC21mEBe8cqgNK9aArB7LxquTBcmXfr7Iz+cW+IxYiRmOGu8poHylfVNDaDEshUuPMRFUCFaZzEdCjk6Y3/rc0MOrQvbeaA1ImZzPB05srg6mA6qJHOZrMKQYJ7nGAs0r0g==
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;31:r5tsXULTqAMktx04E17He+GGEYUg9gt0Gp4KmxAuLMepdncg7Cn7VvU23kpQkwyL4obyzT/dCOYHRXdRJQepFRe81nEfbYH1iV1Dsf/+bFu1B26P6p1ddk8bqhq5fMyYcl0Id2EMX4vMvjFGAimcAKNuj3u+iS0zSbCS9R5SSCOutErhkqo0hoWTZ5Y7EirvKBu72Acp7QbNssuQkVdnrDjAj2FeK+4DCjC51CV5c6a/Bbt7GiE6drYECDH4KN7HmLa76p5t+8kXhiOM/gmlgg==;20:AVqwycicyFM9VWpnml6f77lmUSVOeitF1sVRLmHcUJsacQOcZb6M5ppau4kWP3C09OrtNQfOngYI8dKdKr8QiBclqxYOEFL5z4VpB7y7+dLYlO8mmV3yxk/LNicFd2u+037ZPKNFbhw4OICYmXSLMW4d5hCkhw9DrfH0ANaNX+g=
X-Microsoft-Antispam-PRVS: <HE1PR0801MB1740D5B61218433D4570360CD1B70@HE1PR0801MB1740.eurprd08.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(278428928389397);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040307)(6060326)(6045199)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6061324)(6041248)(2016111802025)(6043046)(6072148);SRVR:HE1PR0801MB1740;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1740;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;4:oCJuBPlKZh2RLFCNVoTA/Ow+iNQ5nU/DOINksSk3l73f63h0d1+U64wj8ny4Y4ruXhe+nxFAMVoFh3VyZR8eyse/pm4ky+fa/ojvfvtdNvuUgVNvxSHsxTDU++v0Q0gj7PTRk1ChpYPXO4VAntdzNEUW0xnx3OCMzGxyJ+uWR7DfSk/J9nuD3PAMRUveiSP8xxGdEEWWdFdj54c1/C844ha6tff86za12TZ1l2aVW2WbSUN6lht+LO3zorwLVT9QlST21EWx0vTbkcQJA30DvkvhxZ6OdGLhQTp7xPwAhcbzytLIeNQkpzewj4jFzO/id0UXlll1dequW18hv8zgD/FMTkz3iHBekeR13TJc95b7184xsYGNGTyOE8sPaLISImeUzb8EUo2HLmUJ7nE/TdMbCarxuE+0LIqK0I9Pkrx3O04Ki45Hco9mIgaNm7UngqGgZBgkrk4OOuniA1B9rUuwd25FQOBny2RG9RFij12UnPCwdmuCvF6boGXURUlKbYJJ+VAdGSBW3NUCGiE80/PLPVsJU8fOQC7+f5JUNTBWXKndCIAubiQIgpmOddKlKpGXzWsbeHisSxd2JvVZ5w==
X-Forefront-PRVS: 013568035E
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(199003)(189002)(77096005)(69596002)(4326007)(50226002)(2906002)(81156014)(81166006)(7846002)(6916009)(3846002)(6116002)(5660300001)(48376002)(50466002)(1076002)(305945005)(7736002)(189998001)(97736004)(86362001)(101416001)(5003940100001)(106356001)(42186005)(92566002)(53416004)(110136003)(105586002)(8676002)(575784001)(2351001)(68736007)(33646002)(47776003)(38730400001)(50986999)(36756003)(39060400001)(66066001);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0801MB1740;H:dsafonov.sw.ru;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;HE1PR0801MB1740;23:rwmauuE3KP4MosdHFj9mm6prYBDzBJyKqY+hMWF?=
 =?us-ascii?Q?9WhemI/uSP8PDo1ByDv4pYEFG8+lCh1DY+PvvTNBQDuw1R11wdoTodpex/OG?=
 =?us-ascii?Q?QEF3Il+N0/paA5sAdGgDQexwPakq1U/btbhwbqF7YcGqK6JPsOm4qG1xVsyD?=
 =?us-ascii?Q?bcrtNjovQfrpbGxvViDHhw1NprzR+Tn2eHnh1D5pMUI4BcvY96cD0lVXwmTy?=
 =?us-ascii?Q?Jg6Zl05o7e7R0JelDQbicpd5LbnEKWuPc7G2fr0mWRNtB3zw4DPnMOiw8OG5?=
 =?us-ascii?Q?e2iJR7T5/RbMWuNo8MlGkWWBP+1lvEk/KW+VwAnPpS4GpnQbbjxWWez/uaLZ?=
 =?us-ascii?Q?zeLr0Kxb6+8DqWhSxBTOIuwzCSWvtqKl3Qeu3z/W66B9BuRRZsL3PxTJuN52?=
 =?us-ascii?Q?tmPXK9M7LYGv/uqRFYhRB7KTPc61jc/PdVbbJQ8MuLdKIF6OuyilNqcfCgLM?=
 =?us-ascii?Q?7XtaRu5NIz1h3e37tPuOMuEGmgVRnIl4rF6u3wtKnRi/WOI1b6XkMkdHcNn5?=
 =?us-ascii?Q?Qnxs7ebkVOycVO45Whtnn3wEdBhE/wk8BewgHTbfBh9V6NezzPGCR/48VVGd?=
 =?us-ascii?Q?2GLqSjmPf9UE9/tGBg7rXZ7sR4nyFFVVqR1RM3X9wtSMd4h8PR23XqZJ9WZZ?=
 =?us-ascii?Q?wZrSfVQeBpUDdMZrWWYsbw2tA21s8b/izYPhBEBOp5ziRL0CfA6tZdwmUteq?=
 =?us-ascii?Q?QPEbnp6+kQZZIvj+LyYvs83LVphM7sRX9w+mjXg8iNj0Tn2UYa0AefvwTxQa?=
 =?us-ascii?Q?JRVACqPEgq+zDUHRQk6SJo9kNmD0mchhoMLqFGZBE+Ye8ed9kRdvHNw+jIN+?=
 =?us-ascii?Q?lkjiM/SmxuDHYK08j6j8Ns5vYK4FJm9/c7oX4CDDxfo3bKkZba9CiwyHMH5k?=
 =?us-ascii?Q?kGeRwnKpwaEBk1WDk6M5WoLuEB2nwSY7wOM+VPE3zKq+hVlhP2u8q4fCM0EP?=
 =?us-ascii?Q?jTa1Tz3BNMsgOLTiY2vS4Tf3EBeSBG1VXsk9M445bS4R2sCkE5i0rQAxgXg2?=
 =?us-ascii?Q?nkaPYbN8MPx4ivlb68IpQHMjE2Nfw5wa7Qf5ER+NlVgPmvSpWBbnvhNne6po?=
 =?us-ascii?Q?RiU/wbB1S+85pRBZfTNeHoMEJglze+fgVYo1XSV/3gZsmnWBVW5i9js6K+69?=
 =?us-ascii?Q?d5p2+Jrb5Jps=3D?=
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;6:DweSLRicedklW+9zNNyPorMS6fnwOOiSDESXiykQ9d2paS3UNvixnY15+FpKd42q7rk8tjFIGMChT5u60vOyw9dkeG6XPDi4c11NryEZQzNn9t/tSPmPzNsps7DWn2HPIZs84SrGR8DIqFwvCtLhsWpCUTaGRtevbMtKzcZop9dvQTXepvcA01MbIVLhBokG2emve6310wqAOjXn3kNeBNvvrxV1N6eclQp6E1yrs+oZs1wakbRm/LgDptQeagI7x9TVTNwU+/NPwC3fKcDoJcZZBS6eKgivFUM4dLNYgLBxmbIcTuOeM+sPBUekINIFRAZrkqHL3uraIT3EfZceWDKqMzGzSFX7fFHQN/t0gqA9olifC4sFykn5cnt+Hb/O;5:LjaGdCbiJZ4Ro5UtSY2qT+g+/dHOK9smotwcMTQ8GzC48L+cvtPuAU2iKdA01xZ9YHeYnRoyezA4gnA4uYF3HaAVdKsMWu9BwO+tJ9PuEN3QZUvGXuxJ/+jNSKgjshwshmqcxJHQWj9hSqLULcqMxnTVOE2izg660ESJquVtLdQ=;24:0m6FBn6afLCY6gGlQX9Tg4qS60O3vgw5N+Ybm/Z3W6yI0nWtxvB43UJjrYxnc71bp0IEmYUyfNxmUxmOq3kYxOUFVshmnQAH3jr4l5XVEe8=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1740;7:xnaWj5vfpP5f8aSM3748YPd3QOSKqyr66QFg4rSygAVE174xR//LhizQmludqF0TTWR0CANHZ8tkCwdh9k62Fh0CWjWlBjisHAylr1dsgU9iIxg/BThge6HAXyeZ0Bh/lFcwDe93r7NacLVCC4FN89cjVXBNl4gUmClhKyBsg9Adr7yhlU2L3DChfsoaYVOpnWBZ0UulQJLMSL7gcgGen8GeTv+e/vvEZUzsoLZUJwFjXIZ6dk51DrNGY6NkAShdPt1camqlc4fq6IihYjJbH/akTgoPNQfWz6x//u2iACg1plPjOfBC3pnaZ+6ITjcft7zOPvD+cspXcrSS9ekJ8Y+tRL8EbuM6dkTq1xT1Olk=;20:3zI0yWZopDJYx80FGvGdwBsl4zT/MjPSCzgS6FoTIU9THWcqjdoIapKzsEWDRWKabVC71/WXrXwVBGUdirsjeNF9qrgWwTWAoUTE68/qcrpm9bd5QyC3ya0TziDJZtVuT9qt60OSBtfgh/qg1nd8mq3zUv7JQjx1alWgJ6AGcPU=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Nov 2016 18:16:32.8166 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1740
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4585
Lines: 104

>From commit 90954e7b9407 ("x86/coredump: Use pr_reg size, rather that
TIF_IA32 flag") elf coredump file is constructed according to register
set size - and that's good: if binary crashes with 32-bit code selector,
generate 32-bit ELF core, otherwise - 64-bit core.
That was made for restoring 32-bit applications on x86_64: we want
32-bit application after restore to generate 32-bit ELF dump on crash.
All was quite good and recently I started reworking 32-bit applications
dumping part of CRIU: now it has two parasites (32 and 64) for seizing
compat/native tasks, after rework it'll have one parasite, working in
64-bit mode, to which 32-bit prologue long-jumps during infection.

And while it has worked for my work machine, in VM with
!CONFIG_X86_X32_ABI during reworking I faced that segfault in 32-bit
binary, that has long-jumped to 64-bit mode results in dereference
of garbage:

 32-victim[19266]: segfault at f775ef65 ip 00000000f775ef65 sp 00000000f776aa50 error 14
 BUG: unable to handle kernel paging request at ffffffffffffffff
 IP: [<ffffffff81332ce0>] strlen+0x0/0x20
 PGD 1e09067 PUD 1e0b067 PMD 0
 Oops: 0000 [#1] SMP
 Modules linked in:
 CPU: 3 PID: 19266 Comm: 32-victim Not tainted 4.9.0-rc6 #18
 task: ffff88013a183500 task.stack: ffffc90009ca4000
 RIP: 0010:[<ffffffff81332ce0>]  [<ffffffff81332ce0>] strlen+0x0/0x20
 RSP: 0000:ffffc90009ca7a40  EFLAGS: 00010286
 RAX: 0000000000000030 RBX: ffff88013789add0 RCX: 0000000000000804
 RDX: 0000000000000002 RSI: ffffc90009ca7cf8 RDI: ffffffffffffffff
 RBP: ffffc90009ca7a68 R08: 0000000000000000 R09: 0000000000000000
 R10: ffff88013fd9b058 R11: 0000000000000000 R12: ffffc90009ca7cf8
 R13: ffffc90009ca7b18 R14: 0000000000000000 R15: ffff88013a77df60
 FS:  0000000000000000(0000) GS:ffff88013fd80000(0063) knlGS:00000000f75a06c0
 CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
 CR2: ffffffffffffffff CR3: 0000000137be5000 CR4: 00000000001406e0
 DR0: 00000000f775f420 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
 Stack:
  ffffffff811d6929 00000005378deda8 0000000200000200 ffff88013789ad00
  ffffc90009ca7cf8 ffffc90009ca7c18 ffffffff811d9479 ffff88013a183500
  00000000000000bc 0000000200000010 ffffc90009ca7b48 ffffc90009ca7b30
 Call Trace:
  [<ffffffff811d6929>] ? writenote+0x19/0xa0
  [<ffffffff811d9479>] elf_core_dump+0x11a9/0x1480
  [<ffffffff811dc70b>] do_coredump+0xa6b/0xe60
  [<ffffffff81065820>] ? signal_wake_up_state+0x20/0x30
  [<ffffffff81065941>] ? complete_signal+0xf1/0x1f0
  [<ffffffff810679e8>] get_signal+0x1a8/0x5c0
  [<ffffffff8101b1a3>] do_signal+0x23/0x660
  [<ffffffff811268d3>] ? printk+0x48/0x4a
  [<ffffffff810a37ba>] ? vprintk_default+0x1a/0x20
  [<ffffffff81055375>] ? bad_area+0x41/0x48
  [<ffffffff8104b4b3>] ? __do_page_fault+0x3e3/0x490
  [<ffffffff81054296>] exit_to_usermode_loop+0x34/0x65
  [<ffffffff8100178f>] prepare_exit_to_usermode+0x2f/0x40
  [<ffffffff818f861b>] retint_user+0x8/0x10

That's because we have 64-bit registers set (with according total size)
and we're writing it to elf_thread_core_info which has smaller size
on !CONFIG_X86_X32_ABI. That lead to overwriting ELF notes part.

Tested on 32-, 64-bit ELF crashes and on 32-bit binaries that have
jumped with 64-bit code selector - all is readable with gdb.

Fixes: commit 90954e7b9407 ("x86/coredump: Use pr_reg size, rather that
TIF_IA32 flag")

Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-mm@kvack.org
Cc: x86@kernel.org
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
---
 arch/x86/include/asm/compat.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h
index 03d269bed941..24118c0b4640 100644
--- a/arch/x86/include/asm/compat.h
+++ b/arch/x86/include/asm/compat.h
@@ -272,7 +272,6 @@ struct compat_shmid64_ds {
 /*
  * The type of struct elf_prstatus.pr_reg in compatible core dumps.
  */
-#ifdef CONFIG_X86_X32_ABI
 typedef struct user_regs_struct compat_elf_gregset_t;
 
 /* Full regset -- prstatus on x32, otherwise on ia32 */
@@ -281,10 +280,9 @@ typedef struct user_regs_struct compat_elf_gregset_t;
   do { *(int *) (((void *) &((S)->pr_reg)) + R) = (V); } \
   while (0)
 
+#ifdef CONFIG_X86_X32_ABI
 #define COMPAT_USE_64BIT_TIME \
 	(!!(task_pt_regs(current)->orig_ax & __X32_SYSCALL_BIT))
-#else
-typedef struct user_regs_struct32 compat_elf_gregset_t;
 #endif
 
 /*
-- 
2.10.2