| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <569F184D.8020602@nextfour.com>
Date: Wed, 20 Jan 2016 07:17:01 +0200
From: Mika Penttilä <mika.penttila@...tfour.com>
To: LKML <linux-kernel@...r.kernel.org>
CC: <linux-mm@...ck.org>, David Rientjes <rientjes@...gle.com>,
Pekka Enberg <penberg@...nel.org>,
Rusty Russell <rusty@...tcorp.com.au>
Subject: [PATCH v2] mm: make apply_to_page_range more robust
Recent changes (4.4.0+) in module loader triggered oops on ARM.
can be 0 triggering the bug BUG_ON(addr >= end);.
The call path is SyS_init_module()->set_memory_xx()->apply_to_page_range(),
and apply_to_page_range gets zero length resulting in triggering :
BUG_ON(addr >= end)
This is a consequence of changes in module section handling (Rusty CC:ed).
This may be triggable only with certain modules and/or gcc versions.
Plus, I think the spirit of the BUG_ON is to catch overflows,
not to bug on zero length legitimate callers. So whatever the
reason for this triggering, some day we have another caller with
zero length.
Fix by letting call with zero size succeed.
v2: add more explanation
Signed-off-by: Mika Penttilä mika.penttila@...tfour.com
Reviewed-by: Pekka Enberg <penberg@...nel.org>
---
diff --git a/mm/memory.c b/mm/memory.c
index c387430..c3d1a2e 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1884,6 +1884,9 @@ int apply_to_page_range(struct mm_struct *mm, unsigned long addr,
unsigned long end = addr + size;
int err;
+ if (!size)
+ return 0;
+
BUG_ON(addr >= end);
pgd = pgd_offset(mm, addr);
do {
Powered by blists - more mailing lists