Jann: I guess a environ_(mem_)release is needed because private_data of mem
and environ are now different.

On Thu, Sep 29, 2016 at 11:58 PM kernel test robot <xiaolong.ye@intel.com>
wrote:

> FYI, we noticed the following commit:
>
> https://github.com/0day-ci/linux
> Jann-Horn/fs-exec-don-t-force-writing-memory-access/20160929-222244
> commit 3f40a9185af5f5335b8117178c706b74537b960b ("mm: add LSM hook for
> writes to readonly memory")
>
> in testcase: boot
>
> on test machine: qemu-system-i386 -enable-kvm -cpu Haswell,+smep,+smap -m
> 360M
>
> caused below changes:
>
>
> +------------------------------------------+------------+------------+
> |                                          | dc00268ef0 | 3f40a9185a |
> +------------------------------------------+------------+------------+
> | boot_successes                           | 24         | 2          |
> | boot_failures                            | 0          | 18         |
> | kernel_BUG_at_kernel/cred.c              | 0          | 12         |
> | invalid_opcode:#[##]SMP                  | 0          | 12         |
> | EIP_is_at__invalid_creds                 | 0          | 12         |
> | calltrace:SyS_exit_group                 | 0          | 18         |
> | Kernel_panic-not_syncing:Fatal_exception | 0          | 18         |
> | BUG:unable_to_handle_kernel              | 0          | 10         |
> | Oops                                     | 0          | 10         |
> | EIP_is_at_mem_release                    | 0          | 10         |
> +------------------------------------------+------------+------------+
>
>
>
> [   23.725743] trinity-c0 (12124) used greatest stack depth: 6144 bytes
> left
> [   23.729863] CRED: ->security {83184389, d88918c4}
> [   23.730466] ------------[ cut here ]------------
> [   23.731054] kernel BUG at kernel/cred.c:768!
> [   23.731770] invalid opcode: 0000 [#1] SMP
> [   23.732270] Modules linked in:
> [   23.732674] CPU: 0 PID: 10617 Comm: trinity-main Not tainted
> 4.8.0-rc8-00015-g3f40a91 #78
> [   23.733678] task: 8c79a6c0 task.stack: 8c48c000
> [   23.734248] EIP: 0060:[<8104cad8>] EFLAGS: 00010292 CPU: 0
> [   23.734962] EIP is at __invalid_creds+0x35/0x37
> [   23.735523] EAX: 00000025 EBX: 8d11a458 ECX: 8106ce3c EDX: 00000001
> [   23.736304] ESI: 813d667c EDI: 0000010f EBP: 8c48ded4 ESP: 8c48deb8
> [   23.737080]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [   23.737750] CR0: 80050033 CR2: 7fc1ed30 CR3: 01647000 CR4: 00040690
> [   23.738529] DR0: c0100220 DR1: 00000000 DR2: 00000000 DR3: 00000000
> [   23.739308] DR6: ffff0ff0 DR7: 00050602
> [   23.739793] Stack:
> [   23.740054]  813d6660 813d667c 0000010f 813d6643 8d11a458 8d03ab80
> 8847b8e4 8c48dee4
> [   23.741161]  811153aa 8ca8f6c0 00000010 8c48df08 810de5a9 8ca8f6c8
> 88460a18 8847b8e4
> [   23.742265]  93c83c50 8ca8f6c0 8c79a6c0 8ca8e700 8c48df10 810de65c
> 8c48df28 8104a7a7
> [   23.743369] Call Trace:
> [   23.743700]  [<811153aa>] mem_release+0x35/0x4e
> [   23.744284]  [<810de5a9>] __fput+0xd8/0x162
> [   23.744815]  [<810de65c>] ____fput+0x8/0xa
> [   23.745333]  [<8104a7a7>] task_work_run+0x54/0x78
> [   23.745935]  [<8103a20a>] do_exit+0x33c/0x7ec
> [   23.746478]  [<810dd644>] ? vfs_write+0x9a/0xa4
> [   23.747051]  [<8103a711>] do_group_exit+0x30/0x86
> [   23.747634]  [<8103a778>] SyS_exit_group+0x11/0x11
> [   23.748236]  [<81000e0b>] do_int80_syscall_32+0x43/0x55
> [   23.748909]  [<812b8911>] entry_INT80_32+0x31/0x31
> [   23.749503] Code: 89 cf 68 43 66 3d 81 e8 1e 9a 05 00 57 56 68 60 66 3d
> 81 e8 12 9a 05 00 64 8b 0d dc 8a 4f 81 ba 72 66 3d 81 89 d8 e8 ac fe ff ff
> <0f> 0b 81 78 0c 64 65 73 43 74 08 55 89 e5 e8 b8 ff ff ff c3 55
> [   23.753032] EIP: [<8104cad8>] __invalid_creds+0x35/0x37 SS:ESP
> 0068:8c48deb8
> [   23.753971] ---[ end trace e46a82be55c05913 ]---
> [   23.754894] BUG: unable to handle kernel NULL pointer dereference at
>  (null)
>
>
>
>
>
> Thanks,
> Kernel Test Robot
>