Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751807AbdFIKBR (ORCPT ); Fri, 9 Jun 2017 06:01:17 -0400 Received: from foss.arm.com ([217.140.101.70]:35918 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751634AbdFIKBP (ORCPT ); Fri, 9 Jun 2017 06:01:15 -0400 Date: Fri, 9 Jun 2017 11:00:30 +0100 From: Mark Rutland To: Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, jolsa@kernel.org, mingo@kernel.org, akpm@linux-foundation.org, zhongjiang@huawei.com, labbott@fedoraproject.org Subject: Re: [PATCH 0/2] arm64: fix crash when reading /proc/kcore Message-ID: <20170609100029.GC10665@leverpostej> References: <20170608194139.9250-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170608194139.9250-1-ard.biesheuvel@linaro.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6790 Lines: 108 On Thu, Jun 08, 2017 at 07:41:37PM +0000, Ard Biesheuvel wrote: > This is a follow-up to patches from zhonjiang [0] and myself [1] that aim > to solve a problem in the kcore code, which gets confused by the presence > of block mappings in the vmalloc region. > > While fixing the crash is quite straight forward [2], we need to tweak > the kcore code itself to ensure that it operates correctly on arm64. > Fortunately, we can achieve this with two very simple changes: > > - replace a call to is_vmalloc_or_module_addr() in read_kcore() with a > comparison of the kclist type field (#1) > - enable CONFIG_ARCH_PROC_KCORE_TEXT for arm64 (#2) FWIW, I gave this a spin on a Juno R1 board, and can confirm this prevents the crash one could previously trigger with: # cat /proc/kcore > /dev/null FWIW, for the series: Acked-by: Mark Rutland Tested-by: Mark Rutland Prior to these patches, I'd get a splat after a couple of seconds, as below. Thanks, Mark. root@ribbensteg:/home/nanook# cat /proc/kcore > /dev/null [ 44.923557] Unable to handle kernel paging request at virtual address ffffa3a379000000 [ 44.931437] pgd = ffff800975e84000 [ 44.934832] [ffffa3a379000000] *pgd=0000000000000000 [ 44.939772] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 44.945295] Modules linked in: [ 44.948328] CPU: 4 PID: 2190 Comm: cat Not tainted 4.12.0-rc4-00006-gc50d1fe #2 [ 44.955573] Hardware name: ARM Juno development board (r1) (DT) [ 44.961441] task: ffff80097658e800 task.stack: ffff8009748bc000 [ 44.967316] PC is at __memcpy+0x100/0x180 [ 44.971294] LR is at vread+0x13c/0x260 [ 44.975009] pc : [] lr : [] pstate: 20000145 [ 44.982340] sp : ffff8009748bfca0 [ 44.985623] x29: ffff8009748bfca0 x28: ffff80097560f000 [ 44.990892] x27: ffff80097658e800 x26: ffff800977801380 [ 44.996162] x25: 0000000000001000 x24: ffff000008201000 [ 45.001431] x23: 0000000000001000 x22: ffff80097560f000 [ 45.006700] x21: ffff000008e8aa88 x20: ffff000008201000 [ 45.011980] x19: 0000000000001000 x18: 0000ffffeac5f340 [ 45.017259] x17: 0000ffff961def30 x16: ffff0000081fb098 [ 45.022537] x15: 0000ffff96268588 x14: 0000000000000000 [ 45.027815] x13: 0000000000000000 x12: 0000000000000000 [ 45.033094] x11: 0000000000000000 x10: 0000000000000000 [ 45.038372] x9 : 0000000000000000 x8 : 0000000000000000 [ 45.043649] x7 : 0000000000000000 x6 : ffff80097560f000 [ 45.048928] x5 : ffff8009778013b0 x4 : 0000000000000000 [ 45.054206] x3 : 0400000000000001 x2 : 0000000000000f80 [ 45.059484] x1 : ffffa3a379000000 x0 : ffff80097560f000 [ 45.064764] Process cat (pid: 2190, stack limit = 0xffff8009748bc000) [ 45.071158] Stack: (0xffff8009748bfca0 to 0xffff8009748c0000) [ 45.076866] fca0: ffff8009748bfd20 ffff00000826d848 ffff000008fb7958 000000000000d000 [ 45.084651] fcc0: 0000000000f5b000 ffff000008fb7948 ffff8009748bfeb8 0000000000003000 [ 45.092435] fce0: ffff80097658e800 ffff000008201000 ffff000008e8ff70 0000000000001000 [ 45.100219] fd00: ffff8009748bfeb8 0000000000001000 ffff80097560f000 0000000000001000 [ 45.108004] fd20: ffff8009748bfdb0 ffff00000825fd30 ffff80097643dc00 fffffffffffffffb [ 45.115788] fd40: 0000000000f58000 ffff8009748bfeb8 0000000060000000 0000000000000015 [ 45.123572] fd60: 0000000000000124 000000000000003f ffff000008952000 ffff80097658e800 [ 45.131356] fd80: 0000000000000124 ffff80097658e800 ffff80097658e800 ffff80097560f000 [ 45.139140] fda0: 0000000376521100 0000000000002000 ffff8009748bfdd0 ffff0000081f8924 [ 45.146924] fdc0: 0000000000010000 ffff800976521900 ffff8009748bfe50 ffff0000081f9bf0 [ 45.154709] fde0: 0000000000010000 ffff800976521900 0000000060000000 ffff0000081f9ae4 [ 45.162493] fe00: ffff8009748bfe30 ffff0000081f9ae4 ffff800976521900 0000000000000000 [ 45.170277] fe20: 0000000000f58000 ffff8009748bfeb8 ffff8009748bfe50 ffff0000081f9bcc [ 45.178062] fe40: 0000000000010000 ffff800976521900 ffff8009748bfe80 ffff0000081fb0dc [ 45.185846] fe60: ffff800976521900 ffff800976521900 0000000000f58000 0000000000010000 [ 45.193630] fe80: 0000000000000000 ffff000008082f30 0000000000000000 0000800977159000 [ 45.201415] fea0: ffffffffffffffff 0000ffff961def4c 0000000000000124 0000000008203000 [ 45.209199] fec0: 0000000000000003 0000000000f58000 0000000000010000 0000000000000000 [ 45.216983] fee0: 0000000000011011 0000000000000001 0000000000000011 0000000000000002 [ 45.224766] ff00: 000000000000003f ff53424451514e42 00000000ffffffff 0000000000000030 [ 45.232550] ff20: 0000000000000038 0000000000000000 0000ffff96121a94 0000ffff96268588 [ 45.240334] ff40: 0000000000000000 0000ffff961def30 0000ffffeac5f340 0000000000010000 [ 45.248118] ff60: 000000000041a310 0000000000f58000 0000000000000003 000000007fffe000 [ 45.255901] ff80: 00000000004088d0 0000000000010000 0000000000000000 0000000000000000 [ 45.263685] ffa0: 0000000000010000 0000ffffeac5f610 0000000000404dcc 0000ffffeac5f610 [ 45.271469] ffc0: 0000ffff961def4c 0000000060000000 0000000000000003 000000000000003f [ 45.279252] ffe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 45.287032] Call trace: [ 45.289466] Exception stack(0xffff8009748bfad0 to 0xffff8009748bfc00) [ 45.295861] fac0: 0000000000001000 0001000000000000 [ 45.303645] fae0: ffff8009748bfca0 ffff00000839fe00 ffff8009748bfb20 ffff0000080eca80 [ 45.311429] fb00: ffff8009748bfb20 ffff0000080ff95c 0000000000000000 0000000000000025 [ 45.319213] fb20: ffff8009748bfb50 ffff0000080eca80 ffff80097658e800 00000000000019a0 [ 45.326997] fb40: ffff80097658e800 0000000000000001 ffff8009748bfb70 ffff0000080edbbc [ 45.334782] fb60: ffff8009748bfb70 ffff0000080edbd0 ffff80097560f000 ffffa3a379000000 [ 45.342566] fb80: 0000000000000f80 0400000000000001 0000000000000000 ffff8009778013b0 [ 45.350349] fba0: ffff80097560f000 0000000000000000 0000000000000000 0000000000000000 [ 45.358132] fbc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 45.365916] fbe0: 0000000000000000 0000ffff96268588 ffff0000081fb098 0000ffff961def30 [ 45.373701] [] __memcpy+0x100/0x180 [ 45.378721] [] read_kcore+0x280/0x3b8 [ 45.383914] [] proc_reg_read+0x60/0x90 [ 45.389193] [] __vfs_read+0x1c/0x108 [ 45.394299] [] vfs_read+0x80/0x130 [ 45.399233] [] SyS_read+0x44/0xa0 [ 45.404082] [] el0_svc_naked+0x24/0x28 [ 45.409360] Code: d503201f d503201f d503201f d503201f (a8c12027) [ 45.415467] ---[ end trace 1e058edb915b6297 ]--- [ 45.420080] note: cat[2190] exited with preempt_count 2