| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230418031243.GA2845864@hori.linux.bs1.fc.nec.co.jp>
Date: Tue, 18 Apr 2023 03:13:10 +0000
From: HORIGUCHI NAOYA(堀口 直也)
<naoya.horiguchi@....com>
To: Kefeng Wang <wangkefeng.wang@...wei.com>
CC: Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Miaohe Lin <linmiaohe@...wei.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Tong Tiangen <tongtiangen@...wei.com>,
Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH v2] mm: hwpoison: coredump: support recovery from
dump_user_range()
On Mon, Apr 17, 2023 at 12:53:23PM +0800, Kefeng Wang wrote:
> The dump_user_range() is used to copy the user page to a coredump file,
> but if a hardware memory error occurred during copy, which called from
> __kernel_write_iter() in dump_user_range(), it crashes,
>
> CPU: 112 PID: 7014 Comm: mca-recover Not tainted 6.3.0-rc2 #425
>
> pc : __memcpy+0x110/0x260
> lr : _copy_from_iter+0x3bc/0x4c8
> ...
> Call trace:
> __memcpy+0x110/0x260
> copy_page_from_iter+0xcc/0x130
> pipe_write+0x164/0x6d8
> __kernel_write_iter+0x9c/0x210
> dump_user_range+0xc8/0x1d8
> elf_core_dump+0x308/0x368
> do_coredump+0x2e8/0xa40
> get_signal+0x59c/0x788
> do_signal+0x118/0x1f8
> do_notify_resume+0xf0/0x280
> el0_da+0x130/0x138
> el0t_64_sync_handler+0x68/0xc0
> el0t_64_sync+0x188/0x190
>
> Generally, the '->write_iter' of file ops will use copy_page_from_iter()
> and copy_page_from_iter_atomic(), change memcpy() to copy_mc_to_kernel()
> in both of them to handle #MC during source read, which stop coredump
> processing and kill the task instead of kernel panic, but the source
> address may not always a user address, so introduce a new copy_mc flag in
> struct iov_iter{} to indicate that the iter could do a safe memory copy,
> also introduce the helpers to set/cleck the flag, for now, it's only
> used in coredump's dump_user_range(), but it could expand to any other
> scenarios to fix the similar issue.
>
> Cc: Alexander Viro <viro@...iv.linux.org.uk>
> Cc: Christian Brauner <brauner@...nel.org>
> Cc: Miaohe Lin <linmiaohe@...wei.com>
> Cc: Naoya Horiguchi <naoya.horiguchi@....com>
> Cc: Tong Tiangen <tongtiangen@...wei.com>
> Cc: Jens Axboe <axboe@...nel.dk>
> Signed-off-by: Kefeng Wang <wangkefeng.wang@...wei.com>
> ---
> v2:
> - move the helper functions under pre-existing CONFIG_ARCH_HAS_COPY_MC
> - reposition the copy_mc in struct iov_iter for easy merge, suggested
> by Andrew Morton
> - drop unnecessary clear flag helper
> - fix checkpatch warning
> fs/coredump.c | 1 +
> include/linux/uio.h | 16 ++++++++++++++++
> lib/iov_iter.c | 17 +++++++++++++++--
> 3 files changed, 32 insertions(+), 2 deletions(-)
>
...
> @@ -371,6 +372,14 @@ size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
> EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
> #endif /* CONFIG_ARCH_HAS_COPY_MC */
>
> +static void *memcpy_from_iter(struct iov_iter *i, void *to, const void *from,
> + size_t size)
> +{
> + if (iov_iter_is_copy_mc(i))
> + return (void *)copy_mc_to_kernel(to, from, size);
Is it helpful to call memory_failure_queue() if copy_mc_to_kernel() fails
due to a memory error?
Thanks,
Naoya Horiguchi
> + return memcpy(to, from, size);
> +}
> +
> size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
> {
> if (WARN_ON_ONCE(!i->data_source))
Powered by blists - more mailing lists