* [PATCH RFC v2] module: Use ARG_MAX as second argument of strndup_user() in load_module()
@ 2021-04-13 3:23 Tiezhu Yang
0 siblings, 0 replies; only message in thread
From: Tiezhu Yang @ 2021-04-13 3:23 UTC (permalink / raw)
To: Jessica Yu, Thomas Bogendoerfer; +Cc: linux-mips, linux-kernel, Xuefeng Li
When update kernel with the latest mips-next, we can not login through a
graphical interface, this is because drm radeon GPU driver does not work,
we can not see the boot message "[drm] radeon kernel modesetting enabled."
through the serial console.
drivers/gpu/drm/radeon/radeon_drv.c
static int __init radeon_module_init(void)
{
[...]
DRM_INFO("radeon kernel modesetting enabled.\n");
[...]
}
I use git bisect to find out the commit 04324f44cb69 ("MIPS: Remove
get_fs/set_fs") is the first bad commit.
I analysis and test the changes in the above first bad commit and then
find out the following obvious difference which leads to the login issue.
arch/mips/include/asm/uaccess.h
static inline long strnlen_user(const char __user *s, long n)
{
[...]
if (!access_ok(s, n))
return -0;
[...]
}
I use dump_stack() to find out the following call trace:
load_module()
strndup_user()
strnlen_user()
load_module() failed in the following error path, we can see that the
second argument of strndup_user() is very big.
static int load_module(struct load_info *info, const char __user *uargs,
int flags)
{
[...]
mod->args = strndup_user(uargs, ~0UL >> 1);
if (IS_ERR(mod->args)) {
err = PTR_ERR(mod->args);
goto free_arch_cleanup;
}
[...]
}
As discussed earlier [1], it seems that just modify the exception check
condition in strnlen_user() to fix load_module() failure, like this:
arch/mips/include/asm/uaccess.h
static inline long strnlen_user(const char __user *s, long n)
{
[...]
if (!access_ok(s, 1))
return 0;
[...]
}
At the other hand, I search strndup_user() in the kernel tree, the second
argument of them are almost a macro or a fixed value which is relatively
small, such as PAGE_SIZE, PATH_MAX. So I think maybe we can use ARG_MAX as
second argument of strndup_user() in load_module().
With this patch, the load_module() failure disappered and we can login
normally through a graphical interface.
[1] https://lore.kernel.org/patchwork/patch/1411214/
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
---
v2: Update the commit message to avoid using diff content - patch(1) might not work
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 3047935..30d320b 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3998,7 +3998,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
/* Now copy in args */
- mod->args = strndup_user(uargs, ~0UL >> 1);
+ mod->args = strndup_user(uargs, ARG_MAX);
if (IS_ERR(mod->args)) {
err = PTR_ERR(mod->args);
goto free_arch_cleanup;
--
2.1.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-13 3:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-13 3:23 [PATCH RFC v2] module: Use ARG_MAX as second argument of strndup_user() in load_module() Tiezhu Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).