Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp17090imm; Wed, 5 Sep 2018 12:58:47 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbkxdAmhNWbFht413caHYiRFTqsWqH7M0U5ST1LJ/Y/bkt7QDAm1ONvaxE1VDgCpuNTSpIv X-Received: by 2002:a17:902:7d83:: with SMTP id a3-v6mr40700465plm.0.1536177527014; Wed, 05 Sep 2018 12:58:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536177526; cv=none; d=google.com; s=arc-20160816; b=poCuhBp2KxN+3HFfsMyUAHT5MNzx2tiQsqUMxaNH6Ay4eHLg4lezYOHnEQlM6prsyd 5HVN7TUsX3H7+i0IkJTj408rxHEfK5Ys07BaX27ppo3VqHw20DNXz9M5e4QAt01lH9R5 I7WvMBuknFMu+tRD2lZ1EyzV8PF6PpjsLgvmHm5uBWv1FG1HIRD/f9VFCkz0WbqmpwnN O9paVH/eVj4MP7mk2shvfzYmrDUHa8E/dMv+/v8e0vdY1V5dTXn0FbTnAcU0NVduC5hm PhMORZFfyMZCKJfnEqon4e/m4JDKESt9Jx6dWolIuVEOxZjrkNzyRMQ0X3MgIIhkwkb9 HKww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version; bh=ULWOC2rFF1l9xcg8Wdpe1GnXzmo0Q30feOQBGs/6KFQ=; b=zbtJpBWONHTXOyRM1s+4hrnZEHRC13QPgJRBiNkSOKfl2eI0O1eI5Ojb+EBgwGhdWT go/oIIM0N6fni1uww3S3YNvUkw95NgDXGbq2YIX0yxj0obbrOiG4OcSqZc99ZFiFE7Ws FhJYXWkdiYkB6OHr2VZGtW6FWdoqXIKTWtQgMA3UeNNlfzG2uT4BqNyeRdePJdjXyWb4 ynhCNPh1zb3I574m8AIGBTMS1XpKzcUPD48TuAE7R+WQyknt9/SPbwr0d3WGpqY20tpl KhWsXBOmFXsdjgWnAtkoZHqEIkiHL6fAhHi2rACZaedNiOVLP719SzeBjrZNFKycXvSI eA+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y13-v6si2640591pgp.560.2018.09.05.12.58.31; Wed, 05 Sep 2018 12:58:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727795AbeIFA2c (ORCPT + 99 others); Wed, 5 Sep 2018 20:28:32 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:38276 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727494AbeIFA2b (ORCPT ); Wed, 5 Sep 2018 20:28:31 -0400 Received: by mail-lj1-f193.google.com with SMTP id p6-v6so7325377ljc.5 for ; Wed, 05 Sep 2018 12:56:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ULWOC2rFF1l9xcg8Wdpe1GnXzmo0Q30feOQBGs/6KFQ=; b=Kr7KCBcoLGaVJhPpYfZoJwNmJF0zyhE0VW12VBsltzKjSdBiK7wPlKvkQAufpTwz6d vU9QmehKKxFHovlb1apOjs6LF5c/o5NqXoOSZ7G4+oO60Cgu4HtljGeIFGDiyXRmKNHC jraPO2xdoFfuH0cf0add3wnZRfJWzdbWq4uMKVHXgdpB3A0KdJO18ypFlV2cUw2vOw+M XqmQLaIfJP4gV3fka6dqre8+U7mXszRdUu0XGtVjl3STmT7Tta7v0Ln4V6LXUBwNohtk 5JJfmOfKF7rXYi9FQFNmuV5N/Rg3DrwbMPOV0I79YhNZn4eYdPn/06p5CrwSEA4X/T7K mb5A== X-Gm-Message-State: APzg51BKFDDPMQ3w6oB/qY/piNbbTIdMbs4B3R5zebZKssukm9dkp/Ml 4iLDM4tU5mJz4IpRb3azZTlnTDusIoO8g9OgAPzkbg== X-Received: by 2002:a2e:8:: with SMTP id 8-v6mr24536515lja.112.1536177408164; Wed, 05 Sep 2018 12:56:48 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a2e:9357:0:0:0:0:0 with HTTP; Wed, 5 Sep 2018 12:56:47 -0700 (PDT) In-Reply-To: <20180904224150.GD24406@vader> References: <1536100545-26905-1-git-send-email-asmadeus@codewreck.org> <1536100702-28706-1-git-send-email-asmadeus@codewreck.org> <20180904224150.GD24406@vader> From: Bhupesh Sharma Date: Thu, 6 Sep 2018 01:26:47 +0530 Message-ID: Subject: Re: [PATCH v3] proc/kcore: fix invalid memory access in multi-page read optimization To: Omar Sandoval Cc: Dominique Martinet , Andrew Morton , Linux Kernel Mailing List , linux-fsdevel@vger.kernel.org, Alexey Dobriyan , Eric Biederman , James Morse , kernel-team@fb.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 5, 2018 at 4:11 AM, Omar Sandoval wrote: > On Wed, Sep 05, 2018 at 12:38:22AM +0200, Dominique Martinet wrote: >> The 'm' kcore_list item could point to kclist_head, and it is incorrect to >> look at m->addr / m->size in this case. >> There is no choice but to run through the list of entries for every address >> if we did not find any entry in the previous iteration >> >> Reset 'm' to NULL in that case at Omar Sandoval's suggestion. >> >> Fixes: bf991c2231117 ("proc/kcore: optimize multiple page reads") > > Reviewed-by: Omar Sandoval > > Thanks again for catching this! > >> Signed-off-by: Dominique Martinet >> --- >> >> Sorry, resent v2 because From didn't match sob tag >> >> fs/proc/kcore.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c >> index ad72261ee3fe..578926032880 100644 >> --- a/fs/proc/kcore.c >> +++ b/fs/proc/kcore.c >> @@ -464,6 +464,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) >> ret = -EFAULT; >> goto out; >> } >> + m = NULL; >> } else if (m->type == KCORE_VMALLOC) { >> vread(buf, (char *)start, tsz); >> /* we have to zero-fill user buffer even if no read */ >> -- >> 2.17.1 Looks sane to me, so: Reviewed-by: Bhupesh Sharma Thanks.