lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190424080842.wjo2aj3g4sy4rkz7@mbp>
Date:   Wed, 24 Apr 2019 09:08:43 +0100
From:   Catalin Marinas <catalin.marinas@....com>
To:     Qian Cai <cai@....pw>
Cc:     bp@...en8.de, tglx@...utronix.de, mingo@...hat.com,
        dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
        x86@...nel.org, linux-kernel@...r.kernel.org, brijesh.singh@....com
Subject: Re: [PATCH] x86/mm: fix a crash with kmemleak_scan()

On Tue, Apr 23, 2019 at 12:58:11PM -0400, Qian Cai wrote:
> The first kmemleak_scan() after boot would trigger a crash below because
> 
> kernel_init
>   free_initmem
>     mem_encrypt_free_decrypted_mem
>       free_init_pages
> 
> unmapped some memory inside the .bss with DEBUG_PAGEALLOC=y. Since
> kmemleak_init() will register the .data/.bss sections (only register
> .data..ro_after_init if not within .data) and then kmemleak_scan() will
> scan those address and dereference them looking for pointer referencing.
> If free_init_pages() free and unmap pages in those sections,
> kmemleak_scan() will trigger a crash if referencing one of those
> addresses.
> 
> BUG: unable to handle kernel paging request at ffffffffbd402000
> CPU: 12 PID: 325 Comm: kmemleak Not tainted 5.1.0-rc4+ #4
> RIP: 0010:scan_block+0x58/0x160
> Call Trace:
>  scan_gray_list+0x1d9/0x280
>  kmemleak_scan+0x485/0xad0
>  kmemleak_scan_thread+0x9f/0xc4
>  kthread+0x1d2/0x1f0
>  ret_from_fork+0x35/0x40
> 
> Since kmemleak_free_part() is tolerant to unknown objects (not tracked by
> kmemleak), it is fine to call it from free_init_pages() even if not all
> address ranges passed to this function are known to kmemleak.
> 
> Signed-off-by: Qian Cai <cai@....pw>

Reviewed-by: Catalin Marinas <catalin.marinas@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ