From: Joel Granados <j.granados@samsung.com>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
"willy@infradead.org" <willy@infradead.org>,
"josh@joshtriplett.org" <josh@joshtriplett.org>,
Kees Cook <keescook@chromium.org>,
Phillip Potter <phil@philpotter.co.uk>,
Clemens Ladisch <clemens@ladisch.de>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Jiri Slaby <jirislaby@kernel.org>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Doug Gilbert <dgilbert@interlog.com>,
Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Leon Romanovsky <leon@kernel.org>,
Corey Minyard <minyard@acm.org>, Theodore Ts'o <tytso@mit.edu>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
David Ahern <dsahern@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Robin Holt <robinmholt@gmail.com>,
Steve Wahl <steve.wahl@hpe.com>,
Russ Weight <russell.h.weight@intel.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Song Liu <song@kernel.org>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
David Airlie <airlied@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"openipmi-developer@lists.sourceforge.net"
<openipmi-developer@lists.sourceforge.net>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 00/15] sysctl: Remove sentinel elements from drivers
Date: Mon, 2 Oct 2023 10:47:18 +0200 [thread overview]
Message-ID: <20231002084718.bmme7yi4xfs7sw4b@localhost> (raw)
In-Reply-To: <5fadd85e-f2d7-878c-b709-3523e89dd93a@csgroup.eu>
[-- Attachment #1: Type: text/plain, Size: 5216 bytes --]
On Thu, Sep 28, 2023 at 04:31:30PM +0000, Christophe Leroy wrote:
>
>
> Le 28/09/2023 à 15:21, Joel Granados via B4 Relay a écrit :
> > From: Joel Granados <j.granados@samsung.com>
>
> Automatic test fails on powerpc, see
> https://patchwork.ozlabs.org/project/linuxppc-dev/patch/20230928-jag-sysctl_remove_empty_elem_drivers-v1-15-e59120fca9f9@samsung.com/
From this I got to this URL
https://github.com/linuxppc/linux-snowpatch/actions/runs/6339718136/job/17221399242
and saw this message "sysctl table check failed: dev/tty/ No proc_handler".
This means that we hit the check for entry->proc_handler in
sysctl_check_table.
>
> Kernel attempted to read user page (1a111316) - exploit attempt? (uid: 0)
> BUG: Unable to handle kernel data access on read at 0x1a111316
> Faulting instruction address: 0xc0545338
> Oops: Kernel access of bad area, sig: 11 [#1]
> BE PAGE_SIZE=4K PowerPC 44x Platform
> Modules linked in:
> CPU: 0 PID: 1 Comm: swapper Not tainted 6.5.0-rc6-gdef13277bacb #1
> Hardware name: amcc,bamboo 440GR Rev. B 0x422218d3 PowerPC 44x Platform
> NIP: c0545338 LR: c0548468 CTR: ffffffff
> REGS: c084fae0 TRAP: 0300 Not tainted (6.5.0-rc6-gdef13277bacb)
> MSR: 00021000 <CE,ME> CR: 84004288 XER: 00000000
> DEAR: 1a111316 ESR: 00000000
> GPR00: c0548468 c084fbd0 c0888000 c084fc99 00000000 c084fc7c 1a110316
> 000affff
> GPR08: ffffffff c084fd18 1a111316 04ffffff 22000282 00000000 c00027c0
> 00000000
> GPR16: 00000000 00000000 c0040000 c003d544 00000001 c003eb2c 096023d4
> 00000000
> GPR24: c0636502 c0636502 c084fc74 c0588510 c084fc68 c084fc7c c084fc99
> 00000002
> NIP [c0545338] string+0x78/0x148
> LR [c0548468] vsnprintf+0x3d8/0x824
> Call Trace:
> [c084fbd0] [c084fc7c] 0xc084fc7c (unreliable)
> [c084fbe0] [c0548468] vsnprintf+0x3d8/0x824
> [c084fc30] [c0072dec] vprintk_store+0x17c/0x4c8
> [c084fcc0] [c007322c] vprintk_emit+0xf4/0x2a0
> [c084fd00] [c0073d04] _printk+0x60/0x88
> [c084fd40] [c01ab63c] sysctl_err+0x78/0xa4
> [c084fd80] [c01ab404] __register_sysctl_table+0x6a0/0x6c4
> [c084fde0] [c06a585c] __register_sysctl_init+0x30/0x78
> [c084fe00] [c06a8cc8] tty_init+0x44/0x168
> [c084fe30] [c00023c4] do_one_initcall+0x64/0x2a0
> [c084fea0] [c068f060] kernel_init_freeable+0x184/0x230
> [c084fee0] [c00027e4] kernel_init+0x24/0x124
> [c084ff00] [c000f1fc] ret_from_kernel_user_thread+0x14/0x1c
I followed this trace and proc_handler is correctly defined in tty_table
(struct ctl_table) in drivers/tty/tty_io.c:tty_init and there is not
path that changes these values.
Additionally, we then fail trying to print instead of continuing with
the initialization. My conjecture is that this might be due to something
different than tht sysctl register call.
Does this happen consistenly or is this just a one off issue?
To what branch are these patches being applied to?
I'm going to post my V2 and keep working on this issue if it pops up
again.
Thx for the report
Best
> --- interrupt: 0 at 0x0
> NIP: 00000000 LR: 00000000 CTR: 00000000
> REGS: c084ff10 TRAP: 0000 Not tainted (6.5.0-rc6-gdef13277bacb)
> MSR: 00000000 <> CR: 00000000 XER: 00000000
>
> GPR00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000
> GPR08: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000
> GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000
> GPR24: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000
> NIP [00000000] 0x0
> LR [00000000] 0x0
> --- interrupt: 0
> Code: 91610008 90e1000c 4bffd0b5 80010014 38210010 7c0803a6 4e800020
> 409d0008 99230000 38630001 38840001 4240ffd0 <7d2a20ae> 7f851840
> 5528063e 2c080000
> ---[ end trace 0000000000000000 ]---
>
> note: swapper[1] exited with irqs disabled
> Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>
>
> >
> > What?
> > These commits remove the sentinel element (last empty element) from the
> > sysctl arrays of all the files under the "drivers/" directory that use a
> > sysctl array for registration. The merging of the preparation patches
> > (in https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/)
> > to mainline allows us to just remove sentinel elements without changing
> > behavior (more info here [1]).
<--- snip --->
> > drivers/macintosh/mac_hid.c | 3 +-
> > drivers/md/md.c | 3 +-
> > drivers/misc/sgi-xp/xpc_main.c | 6 ++--
> > drivers/net/vrf.c | 3 +-
> > drivers/parport/procfs.c | 42 ++++++++++++---------------
> > drivers/scsi/scsi_sysctl.c | 3 +-
> > drivers/scsi/sg.c | 3 +-
> > drivers/tty/tty_io.c | 3 +-
> > drivers/xen/balloon.c | 3 +-
> > 18 files changed, 36 insertions(+), 60 deletions(-)
> > ---
> > base-commit: 0e945134b680040b8613e962f586d91b6d40292d
> > change-id: 20230927-jag-sysctl_remove_empty_elem_drivers-f034962a0d8c
> >
> > Best regards,
--
Joel Granados
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2023-10-02 8:45 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-28 13:21 [PATCH 00/15] sysctl: Remove sentinel elements from drivers Joel Granados via B4 Relay
[not found] ` <20230928-jag-sysctl_remove_empty_elem_drive>
2023-09-28 13:21 ` [PATCH 01/15] cdrom: Remove now superfluous sentinel element from ctl_table array Joel Granados via B4 Relay
2023-09-28 13:36 ` Greg Kroah-Hartman
2023-09-29 12:17 ` Joel Granados
2023-09-30 16:52 ` Phillip Potter
2023-10-02 7:39 ` Joel Granados
2023-09-28 13:21 ` [PATCH 02/15] hpet: " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 03/15] xen: " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 04/15] tty: " Joel Granados via B4 Relay
2023-10-02 8:17 ` Jiri Slaby
2023-10-02 8:47 ` Christophe Leroy
2023-10-02 9:02 ` Greg Kroah-Hartman
2023-09-28 13:21 ` [PATCH 05/15] scsi: " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 06/15] parport: Remove the " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 07/15] macintosh: " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 08/15] infiniband: " Joel Granados via B4 Relay
2023-09-28 13:21 ` [PATCH 09/15] char-misc: " Joel Granados via B4 Relay
[not found] ` <65157da7.5d0a0220.13b5e.9e95SMTPIN_ADDED_BROKEN@mx.google.com>
2023-09-28 15:20 ` [PATCH 13/15] raid: Remove " Song Liu
[not found] ` <65157da8.050a0220.fb263.fdb1SMTPIN_ADDED_BROKEN@mx.google.com>
2023-09-28 15:26 ` [PATCH 14/15] hyper-v/azure: " Wei Liu
2023-09-29 12:15 ` Joel Granados
2023-09-29 14:03 ` Joel Granados
2023-09-28 16:31 ` [PATCH 00/15] sysctl: Remove sentinel elements from drivers Christophe Leroy
2023-10-02 8:47 ` Joel Granados [this message]
2023-10-02 9:02 ` Christophe Leroy
[not found] ` <=?utf-8?q?=3C20230928-jag-sysctl=5Fremove=5Fempty=5Felem=5Fdrive?=>
2023-09-28 17:51 ` [PATCH 11/15] sgi-xp: Remove the now superfluous sentinel element from ctl_table array Steve Wahl
2023-09-29 12:14 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231002084718.bmme7yi4xfs7sw4b@localhost \
--to=j.granados@samsung.com \
--cc=Jason@zx2c4.com \
--cc=airlied@gmail.com \
--cc=arnd@arndb.de \
--cc=christophe.leroy@csgroup.eu \
--cc=clemens@ladisch.de \
--cc=daniel@ffwll.ch \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=dgilbert@interlog.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=jgg@ziepe.ca \
--cc=jgross@suse.com \
--cc=jirislaby@kernel.org \
--cc=joonas.lahtinen@linux.intel.com \
--cc=josh@joshtriplett.org \
--cc=keescook@chromium.org \
--cc=kuba@kernel.org \
--cc=kys@microsoft.com \
--cc=leon@kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=martin.petersen@oracle.com \
--cc=mcgrof@kernel.org \
--cc=minyard@acm.org \
--cc=netdev@vger.kernel.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=openipmi-developer@lists.sourceforge.net \
--cc=pabeni@redhat.com \
--cc=phil@philpotter.co.uk \
--cc=rafael@kernel.org \
--cc=robinmholt@gmail.com \
--cc=rodrigo.vivi@intel.com \
--cc=russell.h.weight@intel.com \
--cc=song@kernel.org \
--cc=sstabellini@kernel.org \
--cc=steve.wahl@hpe.com \
--cc=sudipm.mukherjee@gmail.com \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=tytso@mit.edu \
--cc=wei.liu@kernel.org \
--cc=willy@infradead.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).