From: Anders Roxell <anders.roxell@linaro.org>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
David Rientjes <rientjes@google.com>,
Marco Elver <elver@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
linux-mm@kvack.org, Andrey Konovalov <andreyknvl@gmail.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v4] mempool: Do not use ksize() for poisoning
Date: Mon, 31 Oct 2022 11:55:14 +0100 [thread overview]
Message-ID: <20221031105514.GB69385@mutt> (raw)
In-Reply-To: <20221028154823.you.615-kees@kernel.org>
On 2022-10-28 08:53, Kees Cook wrote:
> Nothing appears to be using ksize() within the kmalloc-backed mempools
> except the mempool poisoning logic. Use the actual pool size instead
> of the ksize() to avoid needing any special handling of the memory as
> needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.
>
> Suggested-by: Vlastimil Babka <vbabka@suse.cz>
> Link: https://lore.kernel.org/lkml/f4fc52c4-7c18-1d76-0c7a-4058ea2486b9@suse.cz/
> Cc: David Rientjes <rientjes@google.com>
> Cc: Marco Elver <elver@google.com>
> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: linux-mm@kvack.org
> Acked-by: Vlastimil Babka <vbabka@suse.cz>
> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> This replaces mempool-use-kmalloc_size_roundup-to-match-ksize-usage.patch
> v4: add review/ack tags, explicitly call out subject change
> v3: https://lore.kernel.org/lkml/20221025233421.you.825-kees@kernel.org/
> v2: https://lore.kernel.org/lkml/20221018090323.never.897-kees@kernel.org/
> v1: https://lore.kernel.org/lkml/20220923202822.2667581-14-keescook@chromium.org/
> ---
> mm/mempool.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
Hi,
I see the following kernel paninc when I boot an arm64 allmodconfig kernel from todays linux-next tag next-20221031
This is the .config file I built [1], and here is the full log [2].
[ 17.445316][ T1] [fffe00001188f9bf] address between user and kernel address ranges
[ 17.449021][ T1] Internal error: Oops: 0000000096000044 [#1] PREEMPT SMP
[ 17.453097][ T1] Modules linked in:
[ 17.455384][ T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B T 6.1.0-rc3-next-20221031 #2 1e3e4f9d63a6fa6d1a293981bef64866cf5e5454
[ 17.463100][ T1] Hardware name: linux,dummy-virt (DT)
[ 17.466247][ T1] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 17.470778][ T1] pc : __poison_element+0x3c/0x80
[ 17.473688][ T1] lr : __poison_element+0x38/0x80
[ 17.476614][ T1] sp : ffff80000eea7b50
[ 17.478996][ T1] x29: ffff80000eea7b50 x28: ffff000008c88468 x27: ffff000008c88450
[ 17.483694][ T1] x26: 0000000000000cc0 x25: ffff000008c88448 x24: ffff000008b3cf80
[ 17.488338][ T1] x23: ffff000008c8844c x22: ffff000008c88460 x21: ffff000008d52a40
[ 17.493032][ T1] x20: ffff000008d52a40 x19: ffff000008b3cf7f x18: 0000000000000000
[ 17.497707][ T1] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 17.502413][ T1] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
[ 17.507109][ T1] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
[ 17.511775][ T1] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 17.516447][ T1] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
[ 17.521116][ T1] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000ffffffa5
[ 17.525782][ T1] Call trace:
[ 17.527664][ T1] __poison_element+0x3c/0x80
[ 17.530409][ T1] poison_element.isra.0+0x50/0x180
[ 17.533419][ T1] mempool_init_node+0x224/0x340
[ 17.536298][ T1] mempool_create+0x78/0x100
[ 17.538989][ T1] dma_bus_init+0x124/0x2a4
[ 17.541607][ T1] do_one_initcall+0x29c/0x680
[ 17.544381][ T1] do_initcalls+0x178/0x240
[ 17.547005][ T1] kernel_init_freeable+0x2e4/0x36c
[ 17.550018][ T1] kernel_init+0x30/0x180
[ 17.552534][ T1] ret_from_fork+0x10/0x20
[ 17.555130][ T1] Code: 94057fb5 8b130280 940575a3 12800b40
(38336a80)
[ 17.559124][ T1] ---[ end trace 0000000000000000 ]---
[ 17.562259][ T1] Kernel panic - not syncing: Oops: Fatal exception
[ 17.566094][ T1] ---[ end Kernel panic - not syncing: Oops: Fatal exception ]---
When I revert this patch the kernel boots fine.
Any idea what goes wrong?
Cheers,
Anders
[1] https://people.linaro.org/~anders.roxell/next-20221031.config
[2] http://ix.io/4eAH
next prev parent reply other threads:[~2022-10-31 10:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-28 15:53 [PATCH v4] mempool: Do not use ksize() for poisoning Kees Cook
2022-10-31 10:55 ` Anders Roxell [this message]
2022-10-31 15:00 ` Vlastimil Babka
2022-10-31 15:12 ` Matthew Wilcox
2022-10-31 15:22 ` Kees Cook
2022-10-31 15:40 ` Matthew Wilcox
2022-11-01 17:15 ` Kees Cook
2022-11-01 19:35 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221031105514.GB69385@mutt \
--to=anders.roxell@linaro.org \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=elver@google.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rientjes@google.com \
--cc=vbabka@suse.cz \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.