From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A12B2C433EF for ; Sat, 29 Jan 2022 02:14:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 393756B00CE; Fri, 28 Jan 2022 21:14:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 232096B00D0; Fri, 28 Jan 2022 21:14:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 00C846B00D1; Fri, 28 Jan 2022 21:14:19 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0132.hostedemail.com [216.40.44.132]) by kanga.kvack.org (Postfix) with ESMTP id DE2716B00CE for ; Fri, 28 Jan 2022 21:14:19 -0500 (EST) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id A5C0A98C0D for ; Sat, 29 Jan 2022 02:14:19 +0000 (UTC) X-FDA: 79081705038.12.140E050 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 3D1864001D for ; Sat, 29 Jan 2022 02:14:19 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7341D6177C; Sat, 29 Jan 2022 02:14:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7D409C340E7; Sat, 29 Jan 2022 02:14:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1643422457; bh=o9FJcR3CE2EuiyMRNdDYsWdrJgrEoJgxM4P+Gb4bVug=; h=Date:From:To:Subject:In-Reply-To:From; b=1YJ2AlvySrpmMn1jKd5IKJAjGFz7ZRgdyMuT5TFAYwkCurKAgrKO92ty5hmZMbqd+ y7KmlQnAuhLX2jTOlVZkE6UuauM5cMqJb1jpC90WDr/bsGbkSpK1a8La2CyWR4cEff r+ONAEvquDPp84ezyxJEWxx9HpJ0c42pGnn4uLAU= Date: Fri, 28 Jan 2022 18:14:17 -0800 From: Andrew Morton To: akpm@linux-foundation.org, brauner@kernel.org, ebiederm@xmission.com, keescook@chromium.org, linux-mm@kvack.org, mcgrof@kernel.org, mm-commits@vger.kernel.org, torvalds@linux-foundation.org, yzaikin@google.com, ztong0001@gmail.com Subject: [patch 2/7] binfmt_misc: fix crash when load/unload module Message-ID: <20220129021417.-McVoYDIW%akpm@linux-foundation.org> In-Reply-To: <20220128181341.2103de95948608a65958ae40@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 3D1864001D X-Stat-Signature: o8grt6ww5nxbxn488phpuzk6grcouoz9 X-Rspam-User: nil Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=1YJ2Alvy; spf=pass (imf27.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-HE-Tag: 1643422459-856642 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tong Zhang Subject: binfmt_misc: fix crash when load/unload module We should unregister the table upon module unload otherwise something horrible will happen when we load binfmt_misc module again. Also note that we should keep value returned by register_sysctl_mount_point() and release it later, otherwise it will leak. Also, per Christian's comment, to fully restore the old behavior that won't break userspace the check(binfmt_misc_header) should be eliminated. reproduce: modprobe binfmt_misc modprobe -r binfmt_misc modprobe binfmt_misc modprobe -r binfmt_misc modprobe binfmt_misc [ 18.032038] Call Trace: [ 18.032108] [ 18.032169] dump_stack_lvl+0x34/0x44 [ 18.032273] __register_sysctl_table+0x6f4/0x720 [ 18.032397] ? preempt_count_sub+0xf/0xb0 [ 18.032508] ? 0xffffffffc0040000 [ 18.032600] init_misc_binfmt+0x2d/0x1000 [binfmt_misc] [ 18.042520] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point modprobe: can't load module binfmt_misc (kernel/fs/binfmt_misc.ko): Cannot allocate memory [ 18.063549] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point [ 18.204779] BUG: unable to handle page fault for address: fffffbfff8004802 Link: https://lkml.kernel.org/r/20220124181812.1869535-2-ztong0001@gmail.com Fixes: 3ba442d5331f ("fs: move binfmt_misc sysctl to its own file") Signed-off-by: Tong Zhang Co-developed-by: Christian Brauner Acked-by: Luis Chamberlain Cc: Eric Biederman Cc: Kees Cook Cc: Iurii Zaikin Signed-off-by: Andrew Morton --- fs/binfmt_misc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/fs/binfmt_misc.c~binfmt_misc-fix-crash-when-load-unload-module +++ a/fs/binfmt_misc.c @@ -817,20 +817,20 @@ static struct file_system_type bm_fs_typ }; MODULE_ALIAS_FS("binfmt_misc"); +static struct ctl_table_header *binfmt_misc_header; + static int __init init_misc_binfmt(void) { int err = register_filesystem(&bm_fs_type); if (!err) insert_binfmt(&misc_format); - if (!register_sysctl_mount_point("fs/binfmt_misc")) { - pr_warn("Failed to create fs/binfmt_misc sysctl mount point"); - return -ENOMEM; - } + binfmt_misc_header = register_sysctl_mount_point("fs/binfmt_misc"); return 0; } static void __exit exit_misc_binfmt(void) { + unregister_sysctl_table(binfmt_misc_header); unregister_binfmt(&misc_format); unregister_filesystem(&bm_fs_type); } _