From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, chenlinxuan@deepin.org
Cc: Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH stable 6.6] lib/buildid: Handle memfd_secret() files in build_id_parse()
Date: Thu, 13 Mar 2025 05:01:15 -0400 [thread overview]
Message-ID: <20250312205209-b20fd2c367e55db9@stable.kernel.org> (raw)
In-Reply-To: <05D0A9F7DE394601+20250311100555.310788-2-chenlinxuan@deepin.org>
[ Sasha's backport helper bot ]
Hi,
Summary of potential issues:
⚠️ Found matching upstream commit but patch is missing proper reference to it
Found matching upstream commit: 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f
WARNING: Author mismatch between patch and found commit:
Backport author: Chen Linxuan<chenlinxuan@deepin.org>
Commit author: Andrii Nakryiko<andrii@kernel.org>
Status in newer kernel trees:
6.13.y | Present (exact SHA1)
6.12.y | Present (exact SHA1)
Note: The patch differs from the upstream commit:
---
1: 5ac9b4e935dfc ! 1: 9a5818b460ee4 lib/buildid: Handle memfd_secret() files in build_id_parse()
@@
## Metadata ##
-Author: Andrii Nakryiko <andrii@kernel.org>
+Author: Chen Linxuan <chenlinxuan@deepin.org>
## Commit message ##
lib/buildid: Handle memfd_secret() files in build_id_parse()
- >From memfd_secret(2) manpage:
+ Backport of a similar change from commit 5ac9b4e935df ("lib/buildid:
+ Handle memfd_secret() files in build_id_parse()") to address an issue
+ where accessing secret memfd contents through build_id_parse() would
+ trigger faults.
- The memory areas backing the file created with memfd_secret(2) are
- visible only to the processes that have access to the file descriptor.
- The memory region is removed from the kernel page tables and only the
- page tables of the processes holding the file descriptor map the
- corresponding physical memory. (Thus, the pages in the region can't be
- accessed by the kernel itself, so that, for example, pointers to the
- region can't be passed to system calls.)
-
- We need to handle this special case gracefully in build ID fetching
- code. Return -EFAULT whenever secretmem file is passed to build_id_parse()
- family of APIs. Original report and repro can be found in [0].
+ Original report and repro can be found in [0].
[0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/
- Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction")
- Reported-by: Yi Lai <yi1.lai@intel.com>
- Suggested-by: Shakeel Butt <shakeel.butt@linux.dev>
- Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
- Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
- Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
- Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com
- Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org
+ This repro will cause BUG: unable to handle kernel paging request in
+ build_id_parse in 5.15/6.1/6.6.
+
+ Some other discussions can be found in [1].
+
+ [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u
+
+ Cc: stable@vger.kernel.org
+ Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event")
+ Signed-off-by: Chen Linxuan <chenlinxuan@deepin.org>
## lib/buildid.c ##
@@
@@ lib/buildid.c
#define BUILD_ID 3
-@@ lib/buildid.c: static int freader_get_folio(struct freader *r, loff_t file_off)
-
- freader_put_folio(r);
+@@ lib/buildid.c: int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id,
+ if (!vma->vm_file)
+ return -EINVAL;
++#ifdef CONFIG_SECRETMEM
+ /* reject secretmem folios created with memfd_secret() */
-+ if (secretmem_mapping(r->file->f_mapping))
++ if (vma->vm_file->f_mapping->a_ops == &secretmem_aops)
+ return -EFAULT;
++#endif
+
- r->folio = filemap_get_folio(r->file->f_mapping, file_off >> PAGE_SHIFT);
-
- /* if sleeping is allowed, wait for the page, if necessary */
+ page = find_get_page(vma->vm_file->f_mapping, 0);
+ if (!page)
+ return -EFAULT; /* page not mapped */
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.6.y | Success | Success |
next prev parent reply other threads:[~2025-03-13 9:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-11 10:05 [PATCH stable 6.6] lib/buildid: Handle memfd_secret() files in build_id_parse() Chen Linxuan
2025-03-11 11:14 ` Greg KH
2025-03-12 3:03 ` Chen Linxuan
2025-03-12 18:43 ` Andrii Nakryiko
2025-03-13 16:04 ` Greg KH
2025-03-13 9:01 ` Sasha Levin [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-03-14 9:03 Chen Linxuan
2025-03-14 23:10 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250312205209-b20fd2c367e55db9@stable.kernel.org \
--to=sashal@kernel.org \
--cc=chenlinxuan@deepin.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox