From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 476B0C433EF for ; Sun, 12 Jun 2022 18:05:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D59D8D012E; Sun, 12 Jun 2022 14:05:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 65CE98D011D; Sun, 12 Jun 2022 14:05:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D7048D012E; Sun, 12 Jun 2022 14:05:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 372E68D011D for ; Sun, 12 Jun 2022 14:05:51 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 0FB48208F8 for ; Sun, 12 Jun 2022 18:05:51 +0000 (UTC) X-FDA: 79570362102.19.34A695F Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf30.hostedemail.com (Postfix) with ESMTP id 2F0ED80082 for ; Sun, 12 Jun 2022 18:05:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=7Nnl5YE6Nlyi6nNG3WhEXA+A0IHz8VS9qyuPEsMmlBg=; b=ZIDtl94J7yI3edbWezhoJ/4XqN 2Eu/GSyuq4UqtA1cM2joO1Tdgo5ARiWnb9onXe8TCGqhMHv1u1yW/FX8mIlsYc0sxVE7zWGi8qjhT wzZgALuMWwvKBEkJYhx8aVqQvsFtIRLsBQm720zFxZ2W1FqdNy83cqHLBDbZodddYJQdASExCp+VE jE+V8yZfZ/n0KxvVd+wy1tk34s+ZcMi7eu8SfxLFkk/PBTa27YxUlpjN67aBFA3y3RvWAWcWGYOC1 p3fzsVI3RhTyat5Rq1vVXnfAqi7tNU3wVG5khIAcuX2+EOGAHD5sVG5Ngd3mext09rXKk+3mErLaU Fur5n1sg==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1o0Rxz-00GB1o-K9; Sun, 12 Jun 2022 18:05:39 +0000 Date: Sun, 12 Jun 2022 19:05:39 +0100 From: Matthew Wilcox To: Yu Zhao Cc: Uladzislau Rezki , Zorro Lang , Alexander Gordeev , bugzilla-daemon@kernel.org, linux-s390@vger.kernel.org, linux-xfs@vger.kernel.org, Andrew Morton , Linux-MM , Kees Cook Subject: Re: [Bug 216073] New: [s390x] kernel BUG at mm/usercopy.c:101! usercopy: Kernel memory exposure attempt detected from vmalloc 'n o area' (offset 0, size 1)! Message-ID: References: <20220606151312.6a9d098c85ed060d36519600@linux-foundation.org> <20220608021922.n2izu7n4yoadknkx@zlang-mailbox> <20220612044230.murerhsa765akogj@zlang-mailbox> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655057150; a=rsa-sha256; cv=none; b=S9YDN1tnfLbLFPGG/On83ZRhoaBgbBOmvm55RJAjGi+UKlqZLtP9vWO2ZiGn4kElQMspFo ssgRPYwWsDYI7oOF3UsM+wL2py9Z9hiRjVAVcswSkL3N5pstwUsJ0AqICPBYO5nVp8+f4j kz98vixnFmnYRSjirKHyRH52or1QXAk= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=ZIDtl94J; dmarc=none; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655057150; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7Nnl5YE6Nlyi6nNG3WhEXA+A0IHz8VS9qyuPEsMmlBg=; b=JRVp/c3pRDe0NNP3DhWi1cemMUPzwMm/tYL5ZwvBPuW0CjXCFY9om6tizB8G+W9XnrvMZz 9iXZZIcNiYT/8kQ4j539bNpaV5+mRmRY4bTmWnCyCCwbu8iuilTCjIwEtwmDCUt3Z0Sjwc G/8e8Xus797zIKg5TqZRNtAqJvROSRo= X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 2F0ED80082 Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=ZIDtl94J; dmarc=none; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org X-Stat-Signature: 7htsi7hojeqecrpyk8fkisqzn3j1uycc X-HE-Tag: 1655057150-746855 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sun, Jun 12, 2022 at 11:59:58AM -0600, Yu Zhao wrote: > Please let me know if there is something we want to test -- I can > reproduce the problem reliably: > > ------------[ cut here ]------------ > kernel BUG at mm/usercopy.c:101! The line right before cut here would have been nice ;-) https://lore.kernel.org/linux-mm/YqXU+oU7wayOcmCe@casper.infradead.org/ might fix your problem, but I can't be sure without that line. > Internal error: Oops - BUG: 0 [#1] PREEMPT SMP > CPU: 4 PID: 3259 Comm: iptables Not tainted 5.19.0-rc1-lockdep+ #1 > pc : usercopy_abort+0x9c/0xa0 > lr : usercopy_abort+0x9c/0xa0 > sp : ffffffc010bd78d0 > x29: ffffffc010bd78e0 x28: 42ffff80ac08d8ec x27: 42ffff80ac08d8ec > x26: 42ffff80ac08d8c0 x25: 000000000000000a x24: ffffffdf4c7e5120 > x23: 000000000bec44c2 x22: efffffc000000000 x21: ffffffdf2896b0c0 > x20: 0000000000000001 x19: 000000000000000b x18: 0000000000000000 > x17: 2820636f6c6c616d x16: 0000000000000042 x15: 6574636574656420 > x14: 74706d6574746120 x13: 0000000000000018 x12: 000000000000000d > x11: ff80007fffffffff x10: 0000000000000001 x9 : db174b7f89103400 > x8 : db174b7f89103400 x7 : 0000000000000000 x6 : 79706f6372657375 > x5 : ffffffdf4d9c617e x4 : 0000000000000000 x3 : ffffffdf4b7d017c > x2 : ffffff80eb188b18 x1 : 42ffff80ac08d8c8 x0 : 0000000000000066 > Call trace: > usercopy_abort+0x9c/0xa0 > __check_object_size+0x38c/0x400 > xt_obj_to_user+0xe4/0x200 > xt_compat_target_to_user+0xd8/0x18c > compat_copy_entries_to_user+0x278/0x424 > do_ipt_get_ctl+0x7bc/0xb2c > nf_getsockopt+0x7c/0xb4 > ip_getsockopt+0xee8/0xfa4 > raw_getsockopt+0xf4/0x23c > sock_common_getsockopt+0x48/0x54 > __sys_getsockopt+0x11c/0x2f8 > __arm64_sys_getsockopt+0x60/0x70 > el0_svc_common+0xfc/0x1cc > do_el0_svc_compat+0x38/0x5c > el0_svc_compat+0x68/0xf4 > el0t_32_sync_handler+0xc0/0xf0 > el0t_32_sync+0x190/0x194 > Code: aa0903e4 a9017bfd 910043fd 9438be18 (d4210000) > ---[ end trace 0000000000000000 ]---