From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752668AbcAVH7Y (ORCPT ); Fri, 22 Jan 2016 02:59:24 -0500 Received: from mail-am1on0093.outbound.protection.outlook.com ([157.56.112.93]:16000 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751416AbcAVH7S (ORCPT ); Fri, 22 Jan 2016 02:59:18 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=mika.penttila@nextfour.com; To: LKML CC: , Pekka Enberg , David Rientjes , Rusty Russell From: =?UTF-8?Q?Mika_Penttil=c3=a4?= Subject: [PATCH, REGRESSION v4] mm: make apply_to_page_range more robust X-Enigmail-Draft-Status: N1110 Message-ID: <56A1E147.9050803@nextfour.com> Date: Fri, 22 Jan 2016 09:59:03 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [194.157.170.34] X-ClientProxiedBy: HE1PR02CA0084.eurprd02.prod.outlook.com (25.163.170.52) To DB5PR07MB0901.eurprd07.prod.outlook.com (25.161.196.17) X-Microsoft-Exchange-Diagnostics: 1;DB5PR07MB0901;2:cxVJtSahVm6RDVfqfR0TXk5EPLTQltd/fhoPYch1LYp9xVwH8zy3kqcvHeysonUkENB4BX5g1m043ICMFD0AboDCXQCNDHUkAa65gfyPedQ1sVeCKqHQfexFAd2n5DJr8qKrV5DKr0A/lBrxCLvtGQ==;3:VTv0BWe0AQiW8qF4ZpV5OLX+kYpMLvb2fJPbxVQck9nLeXoHrj87IAMhXDdghogYGFhgmwsDYEn3NnG8MrkOst+NboaVmj9G+dwW+tYiBFJev3/k7Fn3vM25fZ4yX+yO;25:ZsURq/3ZK8Opmi8/deMtisIzGGZGJUh3kBo34ONZ7x7oWT2U6+9KA+fx+7W5gtjcLNIVQ73yRXpNzLP86XXFFP+PJNSuKXG53EcdlB1Ng0bm7tbIFreGe4bd7INSzBTnR5KhOvwbqNC/RhyXeVr4M29N5ylLVcVJqMCIfJjh5fjzx64Q99rDyKRh/QbXy9p6CJkbTOjxtOx3zVoDhuiJ+Oj6e0AveIPPADOHpSjzBWxoK56Zr2D7AM4STUBVdKG0;4:ET4cMRcBu+BUDYj7IEukJVGKr9VXU3Z90vFcQKqW7XD5N93nAjlokuAL5GfR9E4Xx98AN0c6aGpuqSSeUZ4nnnpPlg+ER8SwDjRNq1+X6MP6/VFnj3jR0CVYFojT/SwZtYObHCWnOeJZbZuw/dW9YYksBbBen0lH51MPQR84nrcHt0T1GJH+JU/PgJcMprGYvKS7ZVq+A211292Tv/YGLnG1S3y/qp64fXYIr3yBhJf94ijZ44fY2M1uX3W8kKewVhxfnbxruPHSVjIZlbwny4Z77/MhP9m9PnjWeb/1lcEBZRNeSCR7v1ZXIv2lxjMDM+BVCaDzew0S0cikAE//+Zqxn8kDPdQz2TPEPuBz+vhAm7GpGff62Ogn+5GFzdTt5dfEzWKYE8WFlEWZPyu6xQ== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR07MB0901; X-MS-Office365-Filtering-Correlation-Id: 877bb97d-77d9-4c6a-4cf1-08d32301ec2e X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(123027)(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001);SRVR:DB5PR07MB0901;BCL:0;PCL:0;RULEID:;SRVR:DB5PR07MB0901; X-Forefront-PRVS: 08296C9B35 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(199003)(189002)(3846002)(6116002)(586003)(105586002)(106356001)(66066001)(59896002)(122386002)(4326007)(36756003)(47776003)(5008740100001)(229853001)(65806001)(40100003)(65956001)(2906002)(2870700001)(1096002)(189998001)(5004730100002)(83506001)(87266999)(50466002)(65816999)(92566002)(5001960100002)(50986999)(19580395003)(42186005)(97736004)(80316001)(110136002)(77096005)(19580405001)(81156007)(575784001)(64126003)(33656002)(4001350100001)(87976001)(86362001)(101416001)(54356999)(23676002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB5PR07MB0901;H:[10.10.10.110];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjVQUjA3TUIwOTAxOzIzOllDZkdFbXR6K3V4TStmcHl4S1pnVGR0RUcv?= =?utf-8?B?cFB4RmZxV0hkblJGOW0yUWFoL3lSV05mOGlWM0hWeTBnSXh5N205L1NPbndZ?= =?utf-8?B?T3Z4b3lRblNUTVZFeWIwSTY5K0tqQ3l5VEhHZTlZd0ljQmJnaFVadWQ2TFNy?= =?utf-8?B?TmtDRldORWtTT3RYTTR5dzNvNW9uejRIS2ZtSm5WWXJUb1lmTGJYN1JIUnZM?= =?utf-8?B?aGtGQzBqOHhrVUJOZmF4N0xrSzYzK2RhcjJ6OTB0Rm12RW1mTUhMRjZ4Mjcy?= =?utf-8?B?ZGJ0NGlDVVhkZkNhSTlFT05UOHRGT3E0NHlSUDBFcWZNYXFEZ0tSaUdrK1My?= =?utf-8?B?VVlVcEV0elgvS3NuWTJ2SU1pckVWSHVCOWluTHpZcE8ydlJsWEpuREpYYSsw?= =?utf-8?B?YS9RQUVuNWtjcDlzUlNCUm8vT0tzaElxSkpZRDJMcWp6aWNBM0hscWR2bXh4?= =?utf-8?B?RVJYSVpwT25aMDVFMk51L3ppbUJNQTFCYVR3UkJsS1NvWk0vdThJZXU4c2Y5?= =?utf-8?B?TndRc3poSERxUUI5QXJoN2tHaGlOYitaUFRwakF4YmVRS1lOamIwaWFsV3dx?= =?utf-8?B?WkFEejRreXVrdkd3SE1RWmxteW9UWitWd2VlUXZZQkJLbytLMmlKdFVLdkp5?= =?utf-8?B?em9IREVBdEg5QWZ1bTB3RlZrUTdiaE5YZURSNHRleDA5OXd3YXhSWUNqSXJB?= =?utf-8?B?TUtCb0ZZVzRncVdPM1VjWWVGcVRlYXJINnBtck9rVEUyOVBiQmlQdE9FcXFr?= =?utf-8?B?bFVaTXhEM2VFNkRiMnlUMGEvWE9kbGlZM1FFTEVjTWZwUnh1Wk5Bc1c3SVYw?= =?utf-8?B?V3FoSmErVDUxVG5EYk9JeUxnSjFVMlI3cUNNdWcra1dvWDZUTlhmZnNDcUlo?= =?utf-8?B?N0RhK0RrdkxqVUxOeHc0VHZ6d2FoQ2NnWW8vVHN5WEhDcEJUMkhFYjBrakZs?= =?utf-8?B?amFBZTlNbnFaUlJIY3RCN3Zkekt5Uk1vSlhUT0lyTFhwcDRBRzNFSkdwQVps?= =?utf-8?B?a1ZoYXhBVWlOR3c2VW5QZ1NpbS9vdml2T3Q0RVNHVlNjckEvemJpRFZhTVhx?= =?utf-8?B?cXN2UmVOclJMWVhHRk93UnI5Z3lPQjJTYzFPTzlYcnJkaHdKMzlCVm9jZ3pU?= =?utf-8?B?S1ppRU1jQmxML1hDTEU2VHhIeXl1Znd6ZkNrdFBYUmFWSXMyK2dSR3BxcW4v?= =?utf-8?B?NnJndkw5VWQ3MGVPQzhnSW5JS1IzbW1ZQkZ6UnY1MldyOGhKbkVpNGVlem8v?= =?utf-8?B?dHJNVmFDTUhLUzl6MUNpYkFSQlZNeHNGZTVNVWNrNWcvYklVSU14MG41aXlT?= =?utf-8?B?ZW5KWmhLUzl5T1hsQnNoeG81cUhlYXo2WFdicmhmM0xGZjVPTjhTMmFmZTBW?= =?utf-8?B?bUFvcUJQbFNzRDQ2SWJGclIwWk9vQWg1OFd1WEFVQ3h2dVNjeDE2UXdLODV3?= =?utf-8?B?SEhzNnNxNjF1R2J1c0pCY3VVRVYvM3ZYV1JxMTZEL0xvb05RTjRBcDVmdkZj?= =?utf-8?B?NyszVWxvYXN5ZWJmUUtoV1gvYU1kcGI1Q0lPR1hOOEt0bUtEcHdwQW9pWkpU?= =?utf-8?B?cW5qVGVHK2Frb1VNSVRkOGJZTWQ0VjFkR01MamVGK3lEc3p2NWZLQUExd2V0?= =?utf-8?B?QkNqbDJiSnRpYm92NmJ5MGFPdFdTU1AzLzBIcVFDRVMrNTZldHRRejQzdzdT?= =?utf-8?Q?1L0IBE7LfzvB+d6Uv0=3D?= X-Microsoft-Exchange-Diagnostics: 1;DB5PR07MB0901;5:wP/tubgWcSBUSaukQaEA1/fAtmxmdpLDmEWPdxrpQHHDlKnv/w6VFi0BRwx1lAiB6dUXyfwpgIf2hitwCH+42ZxNnolLfVzYQSCZKHPS2djXBjOy+UhNtNKMHgj445/LJuhDSckPO3ADrcNM7WPI3w==;24:vj0KmXMts6gu+UwAAJSznN2T3qPsQp7cx1qDNITnIzN9mdYg3AJ4GBGSMxClClpfkXYr49rWjdkpBnI3A/oqmQmNrHLmRugWOkTruigJtP8= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nextfour.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jan 2016 07:59:14.9081 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0901 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Recent changes (4.4.0+) in module loader triggered oops on ARM : The module in question is in-tree module : drivers/misc/ti-st/st_drv.ko The BUG is here : [ 53.638335] ------------[ cut here ]------------ [ 53.642967] kernel BUG at mm/memory.c:1878! [ 53.647153] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM [ 53.652987] Modules linked in: [ 53.656061] CPU: 0 PID: 483 Comm: insmod Not tainted 4.4.0 #3 [ 53.661808] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 53.668338] task: a989d400 ti: 9e6a2000 task.ti: 9e6a2000 [ 53.673751] PC is at apply_to_page_range+0x204/0x224 [ 53.678723] LR is at change_memory_common+0x90/0xdc [ 53.683604] pc : [<800ca0ec>] lr : [<8001d668>] psr: 600b0013 [ 53.683604] sp : 9e6a3e38 ip : 8001d6b4 fp : 7f0042fc [ 53.695082] r10: 00000000 r9 : 9e6a3e90 r8 : 00000080 [ 53.700309] r7 : 00000000 r6 : 7f008000 r5 : 7f008000 r4 : 7f008000 [ 53.706837] r3 : 8001d5a4 r2 : 7f008000 r1 : 7f008000 r0 : 80b8d3c0 [ 53.713368] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 53.720504] Control: 10c5387d Table: 2e6b804a DAC: 00000055 [ 53.726252] Process insmod (pid: 483, stack limit = 0x9e6a2210) [ 53.732173] Stack: (0x9e6a3e38 to 0x9e6a4000) [ 53.736532] 3e20: 7f007fff 7f008000 [ 53.744714] 3e40: 80b8d3c0 80b8d3c0 00000000 7f007000 7f00426c 7f008000 00000000 7f008000 [ 53.752895] 3e60: 7f004140 7f008000 00000000 00000080 00000000 00000000 7f0042fc 8001d668 [ 53.761076] 3e80: 9e6a3e90 00000000 8001d6b4 7f00426c 00000080 00000000 9e6a3f58 7f004140 [ 53.769257] 3ea0: 7f004240 7f00414c 00000000 8008bbe0 00000000 7f000000 00000000 00000000 [ 53.777438] 3ec0: a8b12f00 0001cfd4 7f004250 7f004240 80b8159c 00000000 000000e0 7f0042fc [ 53.785619] 3ee0: c183d000 000074f8 000018fd 00000000 0b30000c 00000000 00000000 7f002024 [ 53.793800] 3f00: 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 53.801980] 3f20: 00000000 00000000 00000000 00000000 00000040 00000000 00000003 0001cfd4 [ 53.810161] 3f40: 0000017b 8000f7e4 9e6a2000 00000000 00000002 8008c498 c183d000 000074f8 [ 53.818342] 3f60: c1841588 c1841409 c1842950 00005000 000052a0 00000000 00000000 00000000 [ 53.826523] 3f80: 00000023 00000024 0000001a 0000001e 00000016 00000000 00000000 00000000 [ 53.834703] 3fa0: 003e3d60 8000f640 00000000 00000000 00000003 0001cfd4 00000000 003e3d60 [ 53.842884] 3fc0: 00000000 00000000 003e3d60 0000017b 003e3d20 7eabc9d4 76f2c000 00000002 [ 53.851065] 3fe0: 7eabc990 7eabc980 00016320 76e81d00 600b0010 00000003 00000000 00000000 [ 53.859256] [<800ca0ec>] (apply_to_page_range) from [<8001d668>] (change_memory_common+0x90/0xdc) [ 53.868139] [<8001d668>] (change_memory_common) from [<8008bbe0>] (load_module+0x194c/0x2068) [ 53.876671] [<8008bbe0>] (load_module) from [<8008c498>] (SyS_finit_module+0x64/0x74) [ 53.884512] [<8008c498>] (SyS_finit_module) from [<8000f640>] (ret_fast_syscall+0x0/0x34) [ 53.892694] Code: e0834104 eaffffbc e51a1008 eaffffac (e7f001f2) [ 53.898792] ---[ end trace fe43fc78ebde29a3 ]--- apply_to_page_range gets zero length resulting in triggering : BUG_ON(addr >= end) This is regression and a consequence of changes in module section handling. BUG_ON() is not needed here and would need all call sites to be checked because there may be callers that expect zero size to succeed and BUG_ON allows easy way to DOS. With this patch loading this module throws out a warning but that can be handled in arch code with a separate patch. v2: add more explanation v3: added even more explanation and stack trace, tagged as regression v4: change BUG_ON() to WARN_ON() and return -EINVAL Signed-off-by: Mika Penttilä mika.penttila@nextfour.com --- diff --git a/mm/memory.c b/mm/memory.c index 30991f8..9178ee6 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1871,7 +1871,9 @@ int apply_to_page_range(struct mm_struct *mm, unsigned long addr, unsigned long end = addr + size; int err; - BUG_ON(addr >= end); + if (WARN_ON(addr >= end)) + return -EINVAL; + pgd = pgd_offset(mm, addr); do { next = pgd_addr_end(addr, end);