stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Bin Yang <bin.yang@intel.com>,
	Kees Cook <keescook@chromium.org>
Subject: [PATCH 4.9 048/111] pstore: Fix incorrect persistent ram buffer mapping
Date: Mon, 24 Sep 2018 13:52:15 +0200	[thread overview]
Message-ID: <20180924113109.824014224@linuxfoundation.org> (raw)
In-Reply-To: <20180924113103.337261320@linuxfoundation.org>

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bin Yang <bin.yang@intel.com>

commit 831b624df1b420c8f9281ed1307a8db23afb72df upstream.

persistent_ram_vmap() returns the page start vaddr.
persistent_ram_iomap() supports non-page-aligned mapping.

persistent_ram_buffer_map() always adds offset-in-page to the vaddr
returned from these two functions, which causes incorrect mapping of
non-page-aligned persistent ram buffer.

By default ftrace_size is 4096 and max_ftrace_cnt is nr_cpu_ids. Without
this patch, the zone_sz in ramoops_init_przs() is 4096/nr_cpu_ids which
might not be page aligned. If the offset-in-page > 2048, the vaddr will be
in next page. If the next page is not mapped, it will cause kernel panic:

[    0.074231] BUG: unable to handle kernel paging request at ffffa19e0081b000
...
[    0.075000] RIP: 0010:persistent_ram_new+0x1f8/0x39f
...
[    0.075000] Call Trace:
[    0.075000]  ramoops_init_przs.part.10.constprop.15+0x105/0x260
[    0.075000]  ramoops_probe+0x232/0x3a0
[    0.075000]  platform_drv_probe+0x3e/0xa0
[    0.075000]  driver_probe_device+0x2cd/0x400
[    0.075000]  __driver_attach+0xe4/0x110
[    0.075000]  ? driver_probe_device+0x400/0x400
[    0.075000]  bus_for_each_dev+0x70/0xa0
[    0.075000]  driver_attach+0x1e/0x20
[    0.075000]  bus_add_driver+0x159/0x230
[    0.075000]  ? do_early_param+0x95/0x95
[    0.075000]  driver_register+0x70/0xc0
[    0.075000]  ? init_pstore_fs+0x4d/0x4d
[    0.075000]  __platform_driver_register+0x36/0x40
[    0.075000]  ramoops_init+0x12f/0x131
[    0.075000]  do_one_initcall+0x4d/0x12c
[    0.075000]  ? do_early_param+0x95/0x95
[    0.075000]  kernel_init_freeable+0x19b/0x222
[    0.075000]  ? rest_init+0xbb/0xbb
[    0.075000]  kernel_init+0xe/0xfc
[    0.075000]  ret_from_fork+0x3a/0x50

Signed-off-by: Bin Yang <bin.yang@intel.com>
[kees: add comments describing the mapping differences, updated commit log]
Fixes: 24c3d2f342ed ("staging: android: persistent_ram: Make it possible to use memory outside of bootmem")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/pstore/ram_core.c |   17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -421,7 +421,12 @@ static void *persistent_ram_vmap(phys_ad
 	vaddr = vmap(pages, page_count, VM_MAP, prot);
 	kfree(pages);
 
-	return vaddr;
+	/*
+	 * Since vmap() uses page granularity, we must add the offset
+	 * into the page here, to get the byte granularity address
+	 * into the mapping to represent the actual "start" location.
+	 */
+	return vaddr + offset_in_page(start);
 }
 
 static void *persistent_ram_iomap(phys_addr_t start, size_t size,
@@ -440,6 +445,11 @@ static void *persistent_ram_iomap(phys_a
 	else
 		va = ioremap_wc(start, size);
 
+	/*
+	 * Since request_mem_region() and ioremap() are byte-granularity
+	 * there is no need handle anything special like we do when the
+	 * vmap() case in persistent_ram_vmap() above.
+	 */
 	return va;
 }
 
@@ -460,7 +470,7 @@ static int persistent_ram_buffer_map(phy
 		return -ENOMEM;
 	}
 
-	prz->buffer = prz->vaddr + offset_in_page(start);
+	prz->buffer = prz->vaddr;
 	prz->buffer_size = size - sizeof(struct persistent_ram_buffer);
 
 	return 0;
@@ -507,7 +517,8 @@ void persistent_ram_free(struct persiste
 
 	if (prz->vaddr) {
 		if (pfn_valid(prz->paddr >> PAGE_SHIFT)) {
-			vunmap(prz->vaddr);
+			/* We must vunmap() at page-granularity. */
+			vunmap(prz->vaddr - offset_in_page(prz->paddr));
 		} else {
 			iounmap(prz->vaddr);
 			release_mem_region(prz->paddr, prz->size);

  parent reply	other threads:[~2018-09-24 18:03 UTC|newest]

Thread overview: 121+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-24 11:51 [PATCH 4.9 000/111] 4.9.129-stable review Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 001/111] be2net: Fix memory leak in be_cmd_get_profile_config() Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 002/111] rds: fix two RCU related problems Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 003/111] net/mlx5: Fix use-after-free in self-healing flow Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 004/111] net/mlx5: Fix debugfs cleanup in the device init/remove flow Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 005/111] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 006/111] ALSA: msnd: Fix the default sample sizes Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 007/111] ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 008/111] xfrm: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 009/111] gfs2: Special-case rindex for gfs2_grow Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 010/111] clk: imx6ul: fix missing of_node_put() Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 011/111] clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 012/111] kbuild: add .DELETE_ON_ERROR special target Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 013/111] media: tw686x: Fix oops on buffer alloc failure Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 014/111] dmaengine: pl330: fix irq race with terminate_all Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 015/111] MIPS: ath79: fix system restart Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 016/111] media: videobuf2-core: check for q->error in vb2_core_qbuf() Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 017/111] IB/rxe: Drop QP0 silently Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 018/111] mtd/maps: fix solutionengine.c printk format warnings Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 019/111] perf test: Fix subtest number when showing results Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 020/111] gfs2: Dont reject a supposedly full bitmap if we have blocks reserved Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 021/111] fbdev: omapfb: off by one in omapfb_register_client() Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 022/111] video: goldfishfb: fix memory leak on driver remove Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 023/111] fbdev/via: fix defined but not used warning Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 024/111] perf powerpc: Fix callchain ip filtering when return address is in a register Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 025/111] video: fbdev: pxafb: clear allocated memory for video modes Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 026/111] fbdev: Distinguish between interlaced and progressive modes Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 027/111] ARM: exynos: Clear global variable on init error path Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 028/111] perf powerpc: Fix callchain ip filtering Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 029/111] powerpc/powernv: opal_put_chars partial write fix Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 030/111] MIPS: jz4740: Bump zload address Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 031/111] mac80211: restrict delayed tailroom needed decrement Greg Kroah-Hartman
2018-09-24 11:51 ` [PATCH 4.9 032/111] Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 033/111] wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 034/111] efi/arm: preserve early mapping of UEFI memory map longer for BGRT Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 035/111] nfp: avoid buffer leak when FW communication fails Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 036/111] xen-netfront: fix queue name setting Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 037/111] arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 038/111] ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 039/111] s390/qeth: fix race in used-buffer accounting Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 040/111] s390/qeth: reset layer2 attribute on layer switch Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 041/111] platform/x86: toshiba_acpi: Fix defined but not used build warnings Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 042/111] KVM: arm/arm64: Fix vgic init race Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 043/111] drivers/base: stop new probing during shutdown Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 044/111] dmaengine: mv_xor_v2: kill the tasklets upon exit Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 045/111] crypto: sharah - Unregister correct algorithms for SAHARA 3 Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 046/111] xen-netfront: fix warn message as irq device name has / Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 047/111] RDMA/cma: Protect cma dev list with lock Greg Kroah-Hartman
2018-09-24 11:52 ` Greg Kroah-Hartman [this message]
2018-09-24 11:52 ` [PATCH 4.9 049/111] xen/netfront: fix waiting for xenbus state change Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 050/111] IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 051/111] mmc: omap_hsmmc: fix wakeirq handling on removal Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 052/111] Tools: hv: Fix a bug in the key delete code Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 053/111] misc: hmc6352: fix potential Spectre v1 Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 054/111] usb: Dont die twice if PCI xhci host is not responding in resume Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 055/111] mei: ignore not found client in the enumeration Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 056/111] USB: Add quirk to support DJI CineSSD Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 057/111] usb: uas: add support for more quirk flags Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 058/111] usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 059/111] usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 060/111] USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 061/111] usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 062/111] USB: net2280: Fix erroneous synchronization change Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 063/111] USB: serial: io_ti: fix array underflow in completion handler Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 064/111] usb: misc: uss720: Fix two sleep-in-atomic-context bugs Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 065/111] USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 066/111] USB: yurex: Fix buffer over-read in yurex_write() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 067/111] usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 068/111] Revert "cdc-acm: implement put_char() and flush_chars()" Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 069/111] cifs: prevent integer overflow in nxt_dir_entry() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 070/111] CIFS: fix wrapping bugs in num_entries() Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 071/111] perf/core: Force USER_DS when recording user stack data Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 072/111] NFSv4.1 fix infinite loop on I/O Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 073/111] binfmt_elf: Respect error return from `regset->active Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 074/111] audit: fix use-after-free in audit_add_watch Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 075/111] mtdchar: fix overflows in adjustment of `count` Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 076/111] evm: Dont deadlock if a crypto algorithm is unavailable Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 077/111] MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 078/111] configfs: fix registered group removal Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 079/111] efi/esrt: Only call efi_mem_reserve() for boot services memory Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 080/111] ARM: hisi: handle of_iomap and fix missing of_node_put Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 081/111] ARM: hisi: fix error handling and " Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 082/111] ARM: hisi: check of_iomap and fix " Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 083/111] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 084/111] mmc: tegra: prevent HS200 on Tegra 3 Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 085/111] mmc: sdhci: do not try to use 3.3V signaling if not supported Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 086/111] drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 087/111] parport: sunbpp: fix error return code Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 088/111] coresight: Handle errors in finding input/output ports Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 089/111] coresight: tpiu: Fix disabling timeouts Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 090/111] gpio: pxa: Fix potential NULL dereference Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 091/111] gpiolib: Mark gpio_suffixes array with __maybe_unused Greg Kroah-Hartman
2018-09-24 11:52 ` [PATCH 4.9 092/111] mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 093/111] input: rohm_bu21023: " Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 094/111] rcu: Fix grace-period hangs due to race with CPU offline Greg Kroah-Hartman
2018-09-24 16:45   ` Paul E. McKenney
2018-09-24 11:53 ` [PATCH 4.9 095/111] drm/amdkfd: Fix error codes in kfd_get_process Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 096/111] rtc: bq4802: add error handling for devm_ioremap Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 097/111] ALSA: pcm: Fix snd_interval_refine first/last with open min/max Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 098/111] selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 099/111] drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 100/111] IB/nes: Fix a compiler warning Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 101/111] gpiolib: Respect error code of ->get_direction() Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 102/111] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 103/111] mei: bus: type promotion bug in mei_nfc_if_version() Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 104/111] MIPS: VDSO: Match data page cache colouring when D$ aliases Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 105/111] e1000e: Remove Other from EIAC Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 106/111] Partial revert "e1000e: Avoid receiver overrun interrupt bursts" Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 107/111] e1000e: Fix queue interrupt re-raising in Other interrupt Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 108/111] e1000e: Avoid missed interrupts following ICR read Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 109/111] Revert "e1000e: Separate signaling for link check/link up" Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 110/111] e1000e: Fix link check race condition Greg Kroah-Hartman
2018-09-24 11:53 ` [PATCH 4.9 111/111] MIPS: VDSO: Drop gic_get_usm_range() usage Greg Kroah-Hartman
2018-09-25  1:35   ` Guenter Roeck
2018-09-25  3:38     ` SZ Lin (林上智)
2018-09-25  8:57       ` Greg Kroah-Hartman
2018-09-24 18:06 ` [PATCH 4.9 000/111] 4.9.129-stable review Nathan Chancellor
2018-09-24 22:21 ` Shuah Khan
2018-09-24 22:25 ` Dan Rue
2018-09-25  9:07 ` Greg Kroah-Hartman
2018-09-25 20:42 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180924113109.824014224@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=bin.yang@intel.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).