From patchwork Mon Jul 3 11:13:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 106894 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp5642539qge; Mon, 3 Jul 2017 04:14:04 -0700 (PDT) X-Received: by 10.84.217.152 with SMTP id p24mr10325794pli.276.1499080444489; Mon, 03 Jul 2017 04:14:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1499080444; cv=none; d=google.com; s=arc-20160816; b=NezGzwFjhomYx96azAiQ3GdPZwEnH7mpFNcvU591TcvuXDioy7w2qBLfCcrFNpntnP EVRSzvLkreY2RWgW1t1tPCZ4dOC7L8Ve78419lofDzilZJtONonRk+A9YOIcC/Qa9R40 n6kHhorsjUFuHymY5sLK3zeyBZpIBMZBIWo2Dkl105V+w8PnHV6oPjQy6pRHaBFF+ssr osfsX6aghSKqEJEbc+PGkxHChgqgOssXGEo4zGyLx6Mu0jih6zQdSAATKP6rlX5XZUAD CrMBapTMGS8yupR86MXUVsccfQXcbRtCp9tZjJANAsDkH/H1kfcLYq47VVbP49Qk/XJ5 1eMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=JxsbsXaUUVVkyOz5sFxU9vWqE5TknO6q+xWVqTYn2+Q=; b=Db7TZgzJPNh81P4nMN0KKvMSRq+p3XRakGKdLgRPKC7yy/1VO3iwJSw7slVRN2DCyS jW4R4nN9s9WTGY02g82lEp1z2Aq+OuN33IaxcwrQPYkUit0V22kSfv2I5Oopc/PTmFz7 vc4ENwkThGq0ZtP2bB8ggLB8I6uSNTuMXBaK0ufBWU4Anlrwa9kNuj+CkDOMnKbnT33a MHxHsvUlX/k5YQ55PYJQeWbSJd41be8LH+LqcES24kIPX1rTSdvTXLhx8mqsGdzGA7lr Hpry9uaRgTWawJLsCLtLS3/fz5CzcmE/M2UWgIAGgMsfS6wh92YPE3oPoO4i381YnhlQ cAug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=hJDMh9h/; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n5si12142619pgj.496.2017.07.03.04.14.04; Mon, 03 Jul 2017 04:14:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=hJDMh9h/; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752579AbdGCLOD (ORCPT + 6 others); Mon, 3 Jul 2017 07:14:03 -0400 Received: from mail-wr0-f179.google.com ([209.85.128.179]:36350 "EHLO mail-wr0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752573AbdGCLOC (ORCPT ); Mon, 3 Jul 2017 07:14:02 -0400 Received: by mail-wr0-f179.google.com with SMTP id c11so232660494wrc.3 for ; Mon, 03 Jul 2017 04:14:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=JxsbsXaUUVVkyOz5sFxU9vWqE5TknO6q+xWVqTYn2+Q=; b=hJDMh9h/zRIOrNH2Zs8kkleEcxhaguyVne8lUNYgnh3NcsN9zOJdBN9AP4sbFImx+N 0zJczendpOWcDtmw0rAxAAa8oERJLHANkobUp/Jq+DOTO/BK+jfnrO3kzDv1VIauHOH+ tCyIRoSBLiZU1W9zEjnYPgcQ+fx4WdUisS+fQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=JxsbsXaUUVVkyOz5sFxU9vWqE5TknO6q+xWVqTYn2+Q=; b=fpd/a7CwimGxSMOLiYcFs4sZQlEskSjJdTjo2ZMy/MJ/GjeYYdP9nRe2Pog5K+urUP nA1KLV38U54S+EkeWyg0dKZpIqxwvBrzh0SesDZ8c+XwmeaJui/CciHq37wutBmEdaNM vuC1DMHtv2mxlojWjTO/y8XwBTr5oqDZbMDUORiQdXo0hnhVRga/jo+lvLPyXNvmpOVJ kldBBdBvzd+jkUHnn1co3AsiDVSHkmGy2Wwgnafo7GEC4/1bPzsYryQv3TP2BMPfU6TB zsc8UBCkqghzFu86ON2r7bMgf/RNOlcYDZWC38+YmYIU3xlZB7JWj19zA5nZdaokDKgU ajsw== X-Gm-Message-State: AKS2vOzpaK98NKAmWjHSkrj+esMWeuOSgW72WmmmAlk5h1fqad+WTTnw giXz3M5pYCXYBODsMzq9bA== X-Received: by 10.223.164.83 with SMTP id e19mr34954212wra.101.1499080440292; Mon, 03 Jul 2017 04:14:00 -0700 (PDT) Received: from localhost.localdomain ([154.151.196.199]) by smtp.gmail.com with ESMTPSA id y192sm15177641wmy.6.2017.07.03.04.13.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Jul 2017 04:13:59 -0700 (PDT) From: Ard Biesheuvel To: stable@vger.kernel.org, gregkh@linux-foundation.org Cc: akpm@linux-foundation.org, broonie@kernel.org, mark.rutland@arm.com, labbott@redhat.com, Ard Biesheuvel , Michal Hocko , zhong jiang , Dave Hansen , Linus Torvalds Subject: [STABLE BACKPORT] mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings Date: Mon, 3 Jul 2017 12:13:51 +0100 Message-Id: <20170703111351.26561-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.9.3 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org Existing code that uses vmalloc_to_page() may assume that any address for which is_vmalloc_addr() returns true may be passed into vmalloc_to_page() to retrieve the associated struct page. This is not un unreasonable assumption to make, but on architectures that have CONFIG_HAVE_ARCH_HUGE_VMAP=y, it no longer holds, and we need to ensure that vmalloc_to_page() does not go off into the weeds trying to dereference huge PUDs or PMDs as table entries. Given that vmalloc() and vmap() themselves never create huge mappings or deal with compound pages at all, there is no correct answer in this case, so return NULL instead, and issue a warning. When reading /proc/kcore on arm64, you will hit an oops as soon as you hit the huge mappings used for the various segments that make up the mapping of vmlinux. With this patch applied, you will no longer hit the oops, but the kcore contents willl be incorrect (these regions will be zeroed out) We are fixing this for kcore specifically, so it avoids vread() for those regions. At least one other problematic user exists, i.e., /dev/kmem, but that is currently broken on arm64 for other reasons. Link: http://lkml.kernel.org/r/20170609082226.26152-1-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel Acked-by: Mark Rutland Reviewed-by: Laura Abbott Cc: Michal Hocko Cc: zhong jiang Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (cherry picked from commit 029c54b09599573015a5c18dbe59cbdf42742237) [ardb: non-trivial backport to v4.9] Signed-off-by: Ard Biesheuvel --- mm/vmalloc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- 2.9.3 diff --git a/mm/vmalloc.c b/mm/vmalloc.c index f2481cb4e6b2..195de42bea1f 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -244,11 +244,21 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) */ VIRTUAL_BUG_ON(!is_vmalloc_or_module_addr(vmalloc_addr)); + /* + * Don't dereference bad PUD or PMD (below) entries. This will also + * identify huge mappings, which we may encounter on architectures + * that define CONFIG_HAVE_ARCH_HUGE_VMAP=y. Such regions will be + * identified as vmalloc addresses by is_vmalloc_addr(), but are + * not [unambiguously] associated with a struct page, so there is + * no correct value to return for them. + */ if (!pgd_none(*pgd)) { pud_t *pud = pud_offset(pgd, addr); - if (!pud_none(*pud)) { + WARN_ON_ONCE(pud_bad(*pud)); + if (!pud_none(*pud) && !pud_bad(*pud)) { pmd_t *pmd = pmd_offset(pud, addr); - if (!pmd_none(*pmd)) { + WARN_ON_ONCE(pmd_bad(*pmd)); + if (!pmd_none(*pmd) && !pmd_bad(*pmd)) { pte_t *ptep, pte; ptep = pte_offset_map(pmd, addr);