From: Catalin Marinas <catalin.marinas@arm.com>
To: Will Deacon <will@kernel.org>, Seth Jenkins <sethjenkins@google.com>
Cc: Eric Biederman <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org
Subject: [PATCH 0/3] arm64: mte: Coredump fixes
Date: Thu, 22 Dec 2022 18:12:48 +0000 [thread overview]
Message-ID: <20221222181251.1345752-1-catalin.marinas@arm.com> (raw)
Hi,
As reported by Seth, there are two bugs in the arm64 MTE coredump code.
The first is a double freeing of the temporary tag storage object on an
error condition. The second is the racy traversing of the vma list and
fixing it required adding a struct coredump_params * parameter to the
elf_core_extra_phdrs() and elf_core_extra_data_size() functions. This
way the arm64 code can use the vma snapshot saved in cprm rather than
iterating over the vma list.
All patches are cc stable to 5.18 but I'm not aware of any MTE
deployment in production yet, so merging them in the new year is fine
(still aiming for the fix in one of the 6.2-rcX).
Thanks.
Catalin Marinas (3):
arm64: mte: Fix double-freeing of the temporary tag storage during
coredump
elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size}
arm64: mte: Avoid the racy walk of the vma list during core dump
arch/arm64/kernel/elfcore.c | 61 +++++++++++++++++--------------------
arch/ia64/kernel/elfcore.c | 4 +--
arch/x86/um/elfcore.c | 4 +--
fs/binfmt_elf.c | 4 +--
fs/binfmt_elf_fdpic.c | 4 +--
include/linux/elfcore.h | 8 ++---
6 files changed, 40 insertions(+), 45 deletions(-)
next reply other threads:[~2022-12-22 18:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-22 18:12 Catalin Marinas [this message]
2022-12-22 18:12 ` [PATCH 1/3] arm64: mte: Fix double-freeing of the temporary tag storage during coredump Catalin Marinas
2022-12-22 18:12 ` [PATCH 2/3] elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} Catalin Marinas
2023-01-24 21:36 ` Kees Cook
2022-12-22 18:12 ` [PATCH 3/3] arm64: mte: Avoid the racy walk of the vma list during core dump Catalin Marinas
2023-01-05 18:03 ` [PATCH 0/3] arm64: mte: Coredump fixes Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221222181251.1345752-1-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=sethjenkins@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).