Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp4778697pxb; Tue, 25 Jan 2022 19:23:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJxj1HcW6c6aeLjJrxKrYUG7Cr5GpQm4es4BfMPnOuT38Fsuv6U77ZY/3vnG5/mddWpmmZt7 X-Received: by 2002:a05:6402:26c9:: with SMTP id x9mr851330edd.362.1643167403867; Tue, 25 Jan 2022 19:23:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643167403; cv=none; d=google.com; s=arc-20160816; b=TfElQhzJtKM5uzIFbTbHn8NmMyEK4w+dxa6FuoBRFxCJfHKo2CH1evlfP7BntXUMsF 4N3QMEFQQMlyDY2lpL5cWdWZQrXKuoOaDu1sc6t8I7J2/l5N5o+i7AACv+fEhh8xsFqP vgOS84SrcSiea812vXy1FH/VqN3cEZ6htph3Y77PlK6JqZq6dgXLsmGUGlrZtpSDTwMU 8OLsxzS97R4ZNiSKetWg6N7YQjSQ719m/5fPCDEDpFqBJ3NQvEhRrS0GzwMFg6s5b2fw yyToKC+WHqJuIF8E+25BL1KDoYHYaCfZIxGir3GcgTBwZ/1EhaHilIPTe/9dl9cuGuEy wiMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=M3s699EVxCb56KZAXK+UJZIZV/pHJFXz3t4X5vkCuKc=; b=ex54UIWmT+biTeE/bSGOP47wv85yNvqJjRziY9pzlE3LvS2axuwXFp8S1OEe35XyVz bGvPiQ1QCIlNs5XmuPqGTd6IiUZ+xqLgV8sGiLtzSpbaLLU2ENmNh/le4rWfy/B68Pzz vYUUeXRNDmwsjkGo7piho0z0lPydUSfKycF7/fyxEz3YD0JhhsPmn/Sq+AoIcGx6Xe/C g1eQWmMCKyaTftrH7TrUnV1ebQhUbVO/0gbsJTD9Ol91AoVAlZl7+kO5dNbfFLaFGbkQ tnt2ax3UyTzDj8q7MNtXP6w7yONLlMTkTVehhtl2eCS5L4+vkElyKhfVM4gwyBTDkN4e T6Ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=K7wzsAzP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g3si12360782ejt.122.2022.01.25.19.22.57; Tue, 25 Jan 2022 19:23:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=K7wzsAzP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229555AbiAYSPp (ORCPT + 99 others); Tue, 25 Jan 2022 13:15:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229449AbiAYSPn (ORCPT ); Tue, 25 Jan 2022 13:15:43 -0500 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5857AC06173B; Tue, 25 Jan 2022 10:15:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=M3s699EVxCb56KZAXK+UJZIZV/pHJFXz3t4X5vkCuKc=; b=K7wzsAzPE9oRmTTee4QGCkMIHk GSUmlgI5RZ4Er2TXkLbsVMfd5xCs5YGSzfyvveCBtgWg5NzJD2RFRNRfSwlfOb+wt2ALkn51O44b7 m0ftmlEkdEKfiiBwpcQYToP9VuCUnfJUZoNaRgILBrI1mWht9JxZ/5MrY9ucmhkc4jk9QAZr6u8mF 10AGEjakjdbgHF6e31X6E3QGAyPo2JPc2LY6SD+kfw+OFDp/albY83Ito9VTTiuFzZ+shZH90M1nc MwjtrNycYwXCVcbY0szLiR0FtLa4BJcwV/XZk5I6EB6OF+sQw608qjcVdnFo6kCjq3EUx/OY4Q9O+ 6zjqUm0Q==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1nCQLw-009Bq2-QS; Tue, 25 Jan 2022 18:15:36 +0000 Date: Tue, 25 Jan 2022 10:15:36 -0800 From: Luis Chamberlain To: Tong Zhang Cc: Alexander Viro , Eric Biederman , Kees Cook , Iurii Zaikin , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Christian Brauner Subject: Re: [PATCH v2 1/2] binfmt_misc: fix crash when load/unload module Message-ID: References: <20220124104012.nblfd6b5on4kojgi@wittgenstein> <20220124181812.1869535-2-ztong0001@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220124181812.1869535-2-ztong0001@gmail.com> Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 24, 2022 at 10:18:12AM -0800, Tong Zhang wrote: > We should unregister the table upon module unload otherwise something > horrible will happen when we load binfmt_misc module again. Also note > that we should keep value returned by register_sysctl_mount_point() and > release it later, otherwise it will leak. > Also, per Christian's comment, to fully restore the old behavior that > won't break userspace the check(binfmt_misc_header) should be > eliminated. > > reproduce: > modprobe binfmt_misc > modprobe -r binfmt_misc > modprobe binfmt_misc > modprobe -r binfmt_misc > modprobe binfmt_misc > > [ 18.032038] Call Trace: > [ 18.032108] > [ 18.032169] dump_stack_lvl+0x34/0x44 > [ 18.032273] __register_sysctl_table+0x6f4/0x720 > [ 18.032397] ? preempt_count_sub+0xf/0xb0 > [ 18.032508] ? 0xffffffffc0040000 > [ 18.032600] init_misc_binfmt+0x2d/0x1000 [binfmt_misc] > [ 18.042520] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point > modprobe: can't load module binfmt_misc (kernel/fs/binfmt_misc.ko): Cannot allocate memory > [ 18.063549] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point > [ 18.204779] BUG: unable to handle page fault for address: fffffbfff8004802 > > Fixes: 3ba442d5331f ("fs: move binfmt_misc sysctl to its own file") > Co-developed-by: Christian Brauner > Signed-off-by: Tong Zhang Acked-by: Luis Chamberlain Luis