Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp911572ybt; Fri, 10 Jul 2020 16:01:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcM3I9ufD5FZs7c5fsxAA4Sr7HxReX2UgaZo7nNMDzS7IHkSib3obi3jou1UQ2xn2WJbGm X-Received: by 2002:a17:906:f911:: with SMTP id lc17mr65546877ejb.330.1594422065934; Fri, 10 Jul 2020 16:01:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594422065; cv=none; d=google.com; s=arc-20160816; b=0YtXagrAWtQ6wEIUI2EhepPMQpGHGiQsBUA5ae5BWRgmOLu2VGFBSVXISKUgWZus2K 3XC2w8OEZRWu9dztrdZ7UUVZHXqdVCzpncBwoPF6gF9gSZGruTTYNIQhvmZLO0SvAPmo s77nCtq6lJfQo8TgujtW2xDJg6u/LJl9QgA2ec7VJBPEw+xgEoKNpjUtqLTe7Vbstrsx LNKfHiXi6//vqcjzkEZ+valbJDi7ZIFqP5fpzRcDIqz7hdkr+8BlB6jRMf5OQRR+sTiQ yo1jRVA9emh3oR3vP6AeZE83XnVrqCgH1CiabZoQ+Wu5SA3Nt1Op/svWGxX7qKvOiY/g BuBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=zaGr1Nu6GQQp1jxSDJ4yzfhjg6UJvh2w5gtwh4d61xs=; b=LS+6l8br1zEIw5EU1xDiQ4YqENy8aLRzZr/2r2ZhFnr1y4Ih4sg0K1RU8zXluGW0l/ 349yKmUkjLbL3QNm0O9N1KFUhd3JHHjEUSIftwNRTnOB/YvRpJ7Oz5pppPDq4fpML5Q1 8dwQi1BAmtivPOLdmRvVNopFo2romPc1wjCzmwwvepeiHujV0n8yeX8Uo1QOSyXijJAJ HCkClkWFcu6jm9WWDndlZuUhcgZVuu4h2yOmaaZZkqJW+h5E6f03OGwyhlNzPqsSUksp +e/Kyk3cQHe08Kge2RKicQA6F/f5l7o6B2frxvbBRo8LLxb0SMVi8Nf8i73tGtlu+iR8 3Vog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=E9qYFGE0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g18si4449675ejp.681.2020.07.10.16.00.42; Fri, 10 Jul 2020 16:01:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=E9qYFGE0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726718AbgGJW7K (ORCPT + 99 others); Fri, 10 Jul 2020 18:59:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37932 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726630AbgGJW7J (ORCPT ); Fri, 10 Jul 2020 18:59:09 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35967C08E6DC for ; Fri, 10 Jul 2020 15:59:09 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id x11so2839436plo.7 for ; Fri, 10 Jul 2020 15:59:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=zaGr1Nu6GQQp1jxSDJ4yzfhjg6UJvh2w5gtwh4d61xs=; b=E9qYFGE0+l0YCV9UzR+G2McYBQmSQeFznqZAlltk8CGMkkJZfD2cqjwZprvjTv0RQj I4DWrNInpJ8TPQIe7Lu+ifSs3wKZd/lr+U50wrtRKZ7u36Knv6AfL+1+S3qzkkCXXL0Z at6s+kS03qv/c4IAS0rytCM6vNJLQUWIP6MNc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=zaGr1Nu6GQQp1jxSDJ4yzfhjg6UJvh2w5gtwh4d61xs=; b=DSp5I4N+HhmRTXZEnNElqN+msI/FjuczOVm+zCmuTqKyRQfuMuJZNe0dzCKgBoYpwA LE++KWbP96CpJJ1nNqr1rqY5Jtn/a1G4SjNxkfoswp3inCXULl/U+9dNFtNd0/cUD3hN oHiEPNL6aA3mjW1FoNGNGxJc/oNmQjAoSn+jpyxvj3+X0u05b6hyc/rF2qfjQkKnom/K CC675yF+i/0yryXbCvfKmO6ohojlypOND2YX4JgR8HBhZRk3CF5m6Xw/FR6SMuV7KPW8 OtsWs2Mv4SpJjACtV0OVQZjbIqcpZScIbNpC/zgAGAescBSMtAia7ZLeMGv6RNlMc/qo Gk1g== X-Gm-Message-State: AOAM532SfJoBHChw9Ew6z7VP3kTkGEh3y/+HjXUoqFDn0+oCSwTamkmN 0pNmxp/Mh6HzxMQ3z3iUnxXs9w== X-Received: by 2002:a17:90a:3aaa:: with SMTP id b39mr3160671pjc.73.1594421948367; Fri, 10 Jul 2020 15:59:08 -0700 (PDT) Received: from [10.136.13.65] ([192.19.228.250]) by smtp.gmail.com with ESMTPSA id b14sm6861545pfb.186.2020.07.10.15.58.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 10 Jul 2020 15:59:07 -0700 (PDT) Subject: Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums To: Kees Cook Cc: Matthew Wilcox , James Morris , Luis Chamberlain , Mimi Zohar , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Hans de Goede , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org References: <20200707081926.3688096-1-keescook@chromium.org> <20200707081926.3688096-3-keescook@chromium.org> <3fdb3c53-7471-14d8-ce6a-251d8b660b8a@broadcom.com> <20200710220411.GR12769@casper.infradead.org> <128120ca-7465-e041-7481-4c5d53f639dd@broadcom.com> <202007101543.912633AA73@keescook> From: Scott Branden Message-ID: <989a7560-29bb-a5ea-a03e-e2018c983829@broadcom.com> Date: Fri, 10 Jul 2020 15:58:59 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <202007101543.912633AA73@keescook> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kees, On 2020-07-10 3:44 p.m., Kees Cook wrote: > On Fri, Jul 10, 2020 at 03:10:25PM -0700, Scott Branden wrote: >> >> On 2020-07-10 3:04 p.m., Matthew Wilcox wrote: >>> On Fri, Jul 10, 2020 at 02:00:32PM -0700, Scott Branden wrote: >>>>> @@ -950,8 +951,8 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, >>>>> goto out; >>>>> } >>>>> - if (id != READING_FIRMWARE_PREALLOC_BUFFER) >>>>> - *buf = vmalloc(i_size); >>>>> + if (!*buf) >>>> The assumption that *buf is always NULL when id != >>>> READING_FIRMWARE_PREALLOC_BUFFER doesn't appear to be correct. >>>> I get unhandled page faults due to this change on boot. >>> Did it give you a stack backtrace? >> Yes, but there's no requirement that *buf need to be NULL when calling this >> function. >> To fix my particular crash I added the following locally: >> >> --- a/kernel/module.c >> +++ b/kernel/module.c >> @@ -3989,7 +3989,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char >> __user *, uargs, int, flags) >>  { >>      struct load_info info = { }; >>      loff_t size; >> -    void *hdr; >> +    void *hdr = NULL; >>      int err; >> >>      err = may_init_module(); > Thanks for the diagnosis and fix! I haven't had time to cycle back > around to this series yet. Hopefully soon. :) I don't consider this a complete fix as there may be other callers which do not initialize the *buf param to NULL before calling kernel_read_file. But, it does boot my system.  Also, I was able to make modifications for my pread changes that pass (and the IMA works with IMA patch in my series is dropped completely with your changes in place). So your changes work for me other than the hack needed above. >