From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27F6EC433EF for ; Sat, 29 Jan 2022 21:41:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 994346B0075; Sat, 29 Jan 2022 16:40:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9466B6B0078; Sat, 29 Jan 2022 16:40:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 80B5C6B007B; Sat, 29 Jan 2022 16:40:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0156.hostedemail.com [216.40.44.156]) by kanga.kvack.org (Postfix) with ESMTP id 7452B6B0075 for ; Sat, 29 Jan 2022 16:40:59 -0500 (EST) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 23EE9181BCDD2 for ; Sat, 29 Jan 2022 21:40:59 +0000 (UTC) X-FDA: 79084645038.31.B64000C Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf29.hostedemail.com (Postfix) with ESMTP id AC15B120002 for ; Sat, 29 Jan 2022 21:40:58 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4CF39B8281C; Sat, 29 Jan 2022 21:40:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BFBF3C340E8; Sat, 29 Jan 2022 21:40:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1643492456; bh=o9FJcR3CE2EuiyMRNdDYsWdrJgrEoJgxM4P+Gb4bVug=; h=Date:From:To:Subject:In-Reply-To:From; b=hbQlqkoGPit2wfrWVY8pJyLOda7ztnc+yV97i/Ri7MLaPQhfydK4KKpwfVOHpqok2 ah+zbgUmxWLOwprMiZ2HB/ayLgyVRQsyvXIx0HM09O+/qv4y2G9OS/ZjTwdsltitW4 3smxTECJTHB90d3prJB4so43J3zvu2bE8FHOQ9I8= Date: Sat, 29 Jan 2022 13:40:55 -0800 From: Andrew Morton To: akpm@linux-foundation.org, brauner@kernel.org, ebiederm@xmission.com, keescook@chromium.org, linux-mm@kvack.org, mcgrof@kernel.org, mm-commits@vger.kernel.org, torvalds@linux-foundation.org, yzaikin@google.com, ztong0001@gmail.com Subject: [patch 02/12] binfmt_misc: fix crash when load/unload module Message-ID: <20220129214055._3bzAxRq5%akpm@linux-foundation.org> In-Reply-To: <20220129134026.8ccf701012f26eb2c2c269c9@linux-foundation.org> User-Agent: s-nail v14.8.16 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=hbQlqkoG; spf=pass (imf29.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Rspam-User: nil X-Rspamd-Queue-Id: AC15B120002 X-Stat-Signature: kyi9t1d4a9uuef4j35f4ip93dk85it51 X-Rspamd-Server: rspam12 X-HE-Tag: 1643492458-194263 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tong Zhang Subject: binfmt_misc: fix crash when load/unload module We should unregister the table upon module unload otherwise something horrible will happen when we load binfmt_misc module again. Also note that we should keep value returned by register_sysctl_mount_point() and release it later, otherwise it will leak. Also, per Christian's comment, to fully restore the old behavior that won't break userspace the check(binfmt_misc_header) should be eliminated. reproduce: modprobe binfmt_misc modprobe -r binfmt_misc modprobe binfmt_misc modprobe -r binfmt_misc modprobe binfmt_misc [ 18.032038] Call Trace: [ 18.032108] [ 18.032169] dump_stack_lvl+0x34/0x44 [ 18.032273] __register_sysctl_table+0x6f4/0x720 [ 18.032397] ? preempt_count_sub+0xf/0xb0 [ 18.032508] ? 0xffffffffc0040000 [ 18.032600] init_misc_binfmt+0x2d/0x1000 [binfmt_misc] [ 18.042520] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point modprobe: can't load module binfmt_misc (kernel/fs/binfmt_misc.ko): Cannot allocate memory [ 18.063549] binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point [ 18.204779] BUG: unable to handle page fault for address: fffffbfff8004802 Link: https://lkml.kernel.org/r/20220124181812.1869535-2-ztong0001@gmail.com Fixes: 3ba442d5331f ("fs: move binfmt_misc sysctl to its own file") Signed-off-by: Tong Zhang Co-developed-by: Christian Brauner Acked-by: Luis Chamberlain Cc: Eric Biederman Cc: Kees Cook Cc: Iurii Zaikin Signed-off-by: Andrew Morton --- fs/binfmt_misc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/fs/binfmt_misc.c~binfmt_misc-fix-crash-when-load-unload-module +++ a/fs/binfmt_misc.c @@ -817,20 +817,20 @@ static struct file_system_type bm_fs_typ }; MODULE_ALIAS_FS("binfmt_misc"); +static struct ctl_table_header *binfmt_misc_header; + static int __init init_misc_binfmt(void) { int err = register_filesystem(&bm_fs_type); if (!err) insert_binfmt(&misc_format); - if (!register_sysctl_mount_point("fs/binfmt_misc")) { - pr_warn("Failed to create fs/binfmt_misc sysctl mount point"); - return -ENOMEM; - } + binfmt_misc_header = register_sysctl_mount_point("fs/binfmt_misc"); return 0; } static void __exit exit_misc_binfmt(void) { + unregister_sysctl_table(binfmt_misc_header); unregister_binfmt(&misc_format); unregister_filesystem(&bm_fs_type); } _