[pull] master from torvalds:master #349

pull · 2020-12-09T05:30:25Z

See Commits and Changes for more details.

Can you help keep this open source service alive? 💖 Please sponsor : )

Jann spotted the security hole due to race of mm ownership check. If the task is sharing the mm_struct but goes through execve() before mm_access(), it could skip process_madvise_behavior_valid check. That makes *any advice hint* to reach into the remote process. This patch removes the mm ownership check. With it, it will lose the ability that local process could give *any* advice hint with vector interface for some reason (e.g., performance). Since there is no concrete example in upstream yet, it would be better to remove the abiliity at this moment and need to review when such new advice comes up. Fixes: ecb8ac8 ("mm/madvise: introduce process_madvise() syscall: an external memory hinting API") Reported-by: Jann Horn <jannh@google.com> Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extents_status.c:203! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 945 Comm: cat Not tainted 6.0.0-next-20221007-dirty #349 RIP: 0010:ext4_es_end.isra.0+0x34/0x42 RSP: 0018:ffffc9000143b768 EFLAGS: 00010203 RAX: 0000000000000000 RBX: ffff8881769cd0b8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8fc27cf7 RDI: 00000000ffffffff RBP: ffff8881769cd0bc R08: 0000000000000000 R09: ffffc9000143b5f8 R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881769cd0a0 R13: ffff8881768e5668 R14: 00000000768e52f0 R15: 0000000000000000 FS: 00007f359f7f05c0(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f359f5a2000 CR3: 000000017130c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __es_tree_search.isra.0+0x6d/0xf5 ext4_es_cache_extent+0xfa/0x230 ext4_cache_extents+0xd2/0x110 ext4_find_extent+0x5d5/0x8c0 ext4_ext_map_blocks+0x9c/0x1d30 ext4_map_blocks+0x431/0xa50 ext4_mpage_readpages+0x48e/0xe40 ext4_readahead+0x47/0x50 read_pages+0x82/0x530 page_cache_ra_unbounded+0x199/0x2a0 do_page_cache_ra+0x47/0x70 page_cache_ra_order+0x242/0x400 ondemand_readahead+0x1e8/0x4b0 page_cache_sync_ra+0xf4/0x110 filemap_get_pages+0x131/0xb20 filemap_read+0xda/0x4b0 generic_file_read_iter+0x13a/0x250 ext4_file_read_iter+0x59/0x1d0 vfs_read+0x28f/0x460 ksys_read+0x73/0x160 __x64_sys_read+0x1e/0x30 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> ================================================================== In the above issue, ioctl invokes the swap_inode_boot_loader function to swap inode<5> and inode<12>. However, inode<5> contain incorrect imode and disordered extents, and i_nlink is set to 1. The extents check for inode in the ext4_iget function can be bypassed bacause 5 is EXT4_BOOT_LOADER_INO. While links_count is set to 1, the extents are not initialized in swap_inode_boot_loader. After the ioctl command is executed successfully, the extents are swapped to inode<12>, in this case, run the `cat` command to view inode<12>. And Bug_ON is triggered due to the incorrect extents. When the boot loader inode is not initialized, its imode can be one of the following: 1) the imode is a bad type, which is marked as bad_inode in ext4_iget and set to S_IFREG. 2) the imode is good type but not S_IFREG. 3) the imode is S_IFREG. The BUG_ON may be triggered by bypassing the check in cases 1 and 2. Therefore, when the boot loader inode is bad_inode or its imode is not S_IFREG, initialize the inode to avoid triggering the BUG. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20221026042310.3839669-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org

Enable the cpu v4 tests for LoongArch. Currently, we don't have BPF trampoline in LoongArch JIT, so the fentry test `test_ptr_struct_arg` still failed, will followup. Test result attached below: # ./test_progs -t verifier_sdiv,verifier_movsx,verifier_ldsx,verifier_gotol,verifier_bswap #316/1 verifier_bswap/BSWAP, 16:OK #316/2 verifier_bswap/BSWAP, 16 @unpriv:OK #316/3 verifier_bswap/BSWAP, 32:OK #316/4 verifier_bswap/BSWAP, 32 @unpriv:OK #316/5 verifier_bswap/BSWAP, 64:OK #316/6 verifier_bswap/BSWAP, 64 @unpriv:OK #316 verifier_bswap:OK #330/1 verifier_gotol/gotol, small_imm:OK #330/2 verifier_gotol/gotol, small_imm @unpriv:OK #330 verifier_gotol:OK #338/1 verifier_ldsx/LDSX, S8:OK #338/2 verifier_ldsx/LDSX, S8 @unpriv:OK #338/3 verifier_ldsx/LDSX, S16:OK #338/4 verifier_ldsx/LDSX, S16 @unpriv:OK #338/5 verifier_ldsx/LDSX, S32:OK #338/6 verifier_ldsx/LDSX, S32 @unpriv:OK #338/7 verifier_ldsx/LDSX, S8 range checking, privileged:OK #338/8 verifier_ldsx/LDSX, S16 range checking:OK #338/9 verifier_ldsx/LDSX, S16 range checking @unpriv:OK #338/10 verifier_ldsx/LDSX, S32 range checking:OK #338/11 verifier_ldsx/LDSX, S32 range checking @unpriv:OK #338 verifier_ldsx:OK #349/1 verifier_movsx/MOV32SX, S8:OK #349/2 verifier_movsx/MOV32SX, S8 @unpriv:OK #349/3 verifier_movsx/MOV32SX, S16:OK #349/4 verifier_movsx/MOV32SX, S16 @unpriv:OK #349/5 verifier_movsx/MOV64SX, S8:OK #349/6 verifier_movsx/MOV64SX, S8 @unpriv:OK #349/7 verifier_movsx/MOV64SX, S16:OK #349/8 verifier_movsx/MOV64SX, S16 @unpriv:OK #349/9 verifier_movsx/MOV64SX, S32:OK #349/10 verifier_movsx/MOV64SX, S32 @unpriv:OK #349/11 verifier_movsx/MOV32SX, S8, range_check:OK #349/12 verifier_movsx/MOV32SX, S8, range_check @unpriv:OK #349/13 verifier_movsx/MOV32SX, S16, range_check:OK #349/14 verifier_movsx/MOV32SX, S16, range_check @unpriv:OK #349/15 verifier_movsx/MOV32SX, S16, range_check 2:OK #349/16 verifier_movsx/MOV32SX, S16, range_check 2 @unpriv:OK #349/17 verifier_movsx/MOV64SX, S8, range_check:OK #349/18 verifier_movsx/MOV64SX, S8, range_check @unpriv:OK #349/19 verifier_movsx/MOV64SX, S16, range_check:OK #349/20 verifier_movsx/MOV64SX, S16, range_check @unpriv:OK #349/21 verifier_movsx/MOV64SX, S32, range_check:OK #349/22 verifier_movsx/MOV64SX, S32, range_check @unpriv:OK #349/23 verifier_movsx/MOV64SX, S16, R10 Sign Extension:OK #349/24 verifier_movsx/MOV64SX, S16, R10 Sign Extension @unpriv:OK #349 verifier_movsx:OK #361/1 verifier_sdiv/SDIV32, non-zero imm divisor, check 1:OK #361/2 verifier_sdiv/SDIV32, non-zero imm divisor, check 1 @unpriv:OK #361/3 verifier_sdiv/SDIV32, non-zero imm divisor, check 2:OK #361/4 verifier_sdiv/SDIV32, non-zero imm divisor, check 2 @unpriv:OK #361/5 verifier_sdiv/SDIV32, non-zero imm divisor, check 3:OK #361/6 verifier_sdiv/SDIV32, non-zero imm divisor, check 3 @unpriv:OK #361/7 verifier_sdiv/SDIV32, non-zero imm divisor, check 4:OK #361/8 verifier_sdiv/SDIV32, non-zero imm divisor, check 4 @unpriv:OK #361/9 verifier_sdiv/SDIV32, non-zero imm divisor, check 5:OK #361/10 verifier_sdiv/SDIV32, non-zero imm divisor, check 5 @unpriv:OK #361/11 verifier_sdiv/SDIV32, non-zero imm divisor, check 6:OK #361/12 verifier_sdiv/SDIV32, non-zero imm divisor, check 6 @unpriv:OK #361/13 verifier_sdiv/SDIV32, non-zero imm divisor, check 7:OK #361/14 verifier_sdiv/SDIV32, non-zero imm divisor, check 7 @unpriv:OK #361/15 verifier_sdiv/SDIV32, non-zero imm divisor, check 8:OK #361/16 verifier_sdiv/SDIV32, non-zero imm divisor, check 8 @unpriv:OK #361/17 verifier_sdiv/SDIV32, non-zero reg divisor, check 1:OK #361/18 verifier_sdiv/SDIV32, non-zero reg divisor, check 1 @unpriv:OK #361/19 verifier_sdiv/SDIV32, non-zero reg divisor, check 2:OK #361/20 verifier_sdiv/SDIV32, non-zero reg divisor, check 2 @unpriv:OK #361/21 verifier_sdiv/SDIV32, non-zero reg divisor, check 3:OK #361/22 verifier_sdiv/SDIV32, non-zero reg divisor, check 3 @unpriv:OK #361/23 verifier_sdiv/SDIV32, non-zero reg divisor, check 4:OK #361/24 verifier_sdiv/SDIV32, non-zero reg divisor, check 4 @unpriv:OK #361/25 verifier_sdiv/SDIV32, non-zero reg divisor, check 5:OK #361/26 verifier_sdiv/SDIV32, non-zero reg divisor, check 5 @unpriv:OK #361/27 verifier_sdiv/SDIV32, non-zero reg divisor, check 6:OK #361/28 verifier_sdiv/SDIV32, non-zero reg divisor, check 6 @unpriv:OK #361/29 verifier_sdiv/SDIV32, non-zero reg divisor, check 7:OK #361/30 verifier_sdiv/SDIV32, non-zero reg divisor, check 7 @unpriv:OK #361/31 verifier_sdiv/SDIV32, non-zero reg divisor, check 8:OK #361/32 verifier_sdiv/SDIV32, non-zero reg divisor, check 8 @unpriv:OK #361/33 verifier_sdiv/SDIV64, non-zero imm divisor, check 1:OK #361/34 verifier_sdiv/SDIV64, non-zero imm divisor, check 1 @unpriv:OK #361/35 verifier_sdiv/SDIV64, non-zero imm divisor, check 2:OK #361/36 verifier_sdiv/SDIV64, non-zero imm divisor, check 2 @unpriv:OK #361/37 verifier_sdiv/SDIV64, non-zero imm divisor, check 3:OK #361/38 verifier_sdiv/SDIV64, non-zero imm divisor, check 3 @unpriv:OK #361/39 verifier_sdiv/SDIV64, non-zero imm divisor, check 4:OK #361/40 verifier_sdiv/SDIV64, non-zero imm divisor, check 4 @unpriv:OK #361/41 verifier_sdiv/SDIV64, non-zero imm divisor, check 5:OK #361/42 verifier_sdiv/SDIV64, non-zero imm divisor, check 5 @unpriv:OK #361/43 verifier_sdiv/SDIV64, non-zero imm divisor, check 6:OK #361/44 verifier_sdiv/SDIV64, non-zero imm divisor, check 6 @unpriv:OK #361/45 verifier_sdiv/SDIV64, non-zero reg divisor, check 1:OK #361/46 verifier_sdiv/SDIV64, non-zero reg divisor, check 1 @unpriv:OK #361/47 verifier_sdiv/SDIV64, non-zero reg divisor, check 2:OK #361/48 verifier_sdiv/SDIV64, non-zero reg divisor, check 2 @unpriv:OK #361/49 verifier_sdiv/SDIV64, non-zero reg divisor, check 3:OK #361/50 verifier_sdiv/SDIV64, non-zero reg divisor, check 3 @unpriv:OK #361/51 verifier_sdiv/SDIV64, non-zero reg divisor, check 4:OK #361/52 verifier_sdiv/SDIV64, non-zero reg divisor, check 4 @unpriv:OK #361/53 verifier_sdiv/SDIV64, non-zero reg divisor, check 5:OK #361/54 verifier_sdiv/SDIV64, non-zero reg divisor, check 5 @unpriv:OK #361/55 verifier_sdiv/SDIV64, non-zero reg divisor, check 6:OK #361/56 verifier_sdiv/SDIV64, non-zero reg divisor, check 6 @unpriv:OK #361/57 verifier_sdiv/SMOD32, non-zero imm divisor, check 1:OK #361/58 verifier_sdiv/SMOD32, non-zero imm divisor, check 1 @unpriv:OK #361/59 verifier_sdiv/SMOD32, non-zero imm divisor, check 2:OK #361/60 verifier_sdiv/SMOD32, non-zero imm divisor, check 2 @unpriv:OK #361/61 verifier_sdiv/SMOD32, non-zero imm divisor, check 3:OK #361/62 verifier_sdiv/SMOD32, non-zero imm divisor, check 3 @unpriv:OK #361/63 verifier_sdiv/SMOD32, non-zero imm divisor, check 4:OK #361/64 verifier_sdiv/SMOD32, non-zero imm divisor, check 4 @unpriv:OK #361/65 verifier_sdiv/SMOD32, non-zero imm divisor, check 5:OK #361/66 verifier_sdiv/SMOD32, non-zero imm divisor, check 5 @unpriv:OK #361/67 verifier_sdiv/SMOD32, non-zero imm divisor, check 6:OK #361/68 verifier_sdiv/SMOD32, non-zero imm divisor, check 6 @unpriv:OK #361/69 verifier_sdiv/SMOD32, non-zero reg divisor, check 1:OK #361/70 verifier_sdiv/SMOD32, non-zero reg divisor, check 1 @unpriv:OK #361/71 verifier_sdiv/SMOD32, non-zero reg divisor, check 2:OK #361/72 verifier_sdiv/SMOD32, non-zero reg divisor, check 2 @unpriv:OK #361/73 verifier_sdiv/SMOD32, non-zero reg divisor, check 3:OK #361/74 verifier_sdiv/SMOD32, non-zero reg divisor, check 3 @unpriv:OK #361/75 verifier_sdiv/SMOD32, non-zero reg divisor, check 4:OK #361/76 verifier_sdiv/SMOD32, non-zero reg divisor, check 4 @unpriv:OK #361/77 verifier_sdiv/SMOD32, non-zero reg divisor, check 5:OK #361/78 verifier_sdiv/SMOD32, non-zero reg divisor, check 5 @unpriv:OK #361/79 verifier_sdiv/SMOD32, non-zero reg divisor, check 6:OK #361/80 verifier_sdiv/SMOD32, non-zero reg divisor, check 6 @unpriv:OK #361/81 verifier_sdiv/SMOD64, non-zero imm divisor, check 1:OK #361/82 verifier_sdiv/SMOD64, non-zero imm divisor, check 1 @unpriv:OK #361/83 verifier_sdiv/SMOD64, non-zero imm divisor, check 2:OK #361/84 verifier_sdiv/SMOD64, non-zero imm divisor, check 2 @unpriv:OK #361/85 verifier_sdiv/SMOD64, non-zero imm divisor, check 3:OK #361/86 verifier_sdiv/SMOD64, non-zero imm divisor, check 3 @unpriv:OK #361/87 verifier_sdiv/SMOD64, non-zero imm divisor, check 4:OK #361/88 verifier_sdiv/SMOD64, non-zero imm divisor, check 4 @unpriv:OK #361/89 verifier_sdiv/SMOD64, non-zero imm divisor, check 5:OK #361/90 verifier_sdiv/SMOD64, non-zero imm divisor, check 5 @unpriv:OK #361/91 verifier_sdiv/SMOD64, non-zero imm divisor, check 6:OK #361/92 verifier_sdiv/SMOD64, non-zero imm divisor, check 6 @unpriv:OK #361/93 verifier_sdiv/SMOD64, non-zero imm divisor, check 7:OK #361/94 verifier_sdiv/SMOD64, non-zero imm divisor, check 7 @unpriv:OK #361/95 verifier_sdiv/SMOD64, non-zero imm divisor, check 8:OK #361/96 verifier_sdiv/SMOD64, non-zero imm divisor, check 8 @unpriv:OK #361/97 verifier_sdiv/SMOD64, non-zero reg divisor, check 1:OK #361/98 verifier_sdiv/SMOD64, non-zero reg divisor, check 1 @unpriv:OK #361/99 verifier_sdiv/SMOD64, non-zero reg divisor, check 2:OK #361/100 verifier_sdiv/SMOD64, non-zero reg divisor, check 2 @unpriv:OK #361/101 verifier_sdiv/SMOD64, non-zero reg divisor, check 3:OK #361/102 verifier_sdiv/SMOD64, non-zero reg divisor, check 3 @unpriv:OK #361/103 verifier_sdiv/SMOD64, non-zero reg divisor, check 4:OK #361/104 verifier_sdiv/SMOD64, non-zero reg divisor, check 4 @unpriv:OK #361/105 verifier_sdiv/SMOD64, non-zero reg divisor, check 5:OK #361/106 verifier_sdiv/SMOD64, non-zero reg divisor, check 5 @unpriv:OK #361/107 verifier_sdiv/SMOD64, non-zero reg divisor, check 6:OK #361/108 verifier_sdiv/SMOD64, non-zero reg divisor, check 6 @unpriv:OK #361/109 verifier_sdiv/SMOD64, non-zero reg divisor, check 7:OK #361/110 verifier_sdiv/SMOD64, non-zero reg divisor, check 7 @unpriv:OK #361/111 verifier_sdiv/SMOD64, non-zero reg divisor, check 8:OK #361/112 verifier_sdiv/SMOD64, non-zero reg divisor, check 8 @unpriv:OK #361/113 verifier_sdiv/SDIV32, zero divisor:OK #361/114 verifier_sdiv/SDIV32, zero divisor @unpriv:OK #361/115 verifier_sdiv/SDIV64, zero divisor:OK #361/116 verifier_sdiv/SDIV64, zero divisor @unpriv:OK #361/117 verifier_sdiv/SMOD32, zero divisor:OK #361/118 verifier_sdiv/SMOD32, zero divisor @unpriv:OK #361/119 verifier_sdiv/SMOD64, zero divisor:OK #361/120 verifier_sdiv/SMOD64, zero divisor @unpriv:OK #361 verifier_sdiv:OK Summary: 5/163 PASSED, 0 SKIPPED, 0 FAILED # ./test_progs -t ldsx_insn test_map_val_and_probed_memory:PASS:test_ldsx_insn__open 0 nsec test_map_val_and_probed_memory:PASS:test_ldsx_insn__load 0 nsec libbpf: prog 'test_ptr_struct_arg': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'test_ptr_struct_arg': failed to auto-attach: -524 test_map_val_and_probed_memory:FAIL:test_ldsx_insn__attach unexpected error: -524 (errno 524) #116/1 ldsx_insn/map_val and probed_memory:FAIL #116/2 ldsx_insn/ctx_member_sign_ext:OK #116/3 ldsx_insn/ctx_member_narrow_sign_ext:OK #116 ldsx_insn:FAIL All error logs: test_map_val_and_probed_memory:PASS:test_ldsx_insn__open 0 nsec test_map_val_and_probed_memory:PASS:test_ldsx_insn__load 0 nsec libbpf: prog 'test_ptr_struct_arg': failed to attach: ERROR: strerror_r(-524)=22 libbpf: prog 'test_ptr_struct_arg': failed to auto-attach: -524 test_map_val_and_probed_memory:FAIL:test_ldsx_insn__attach unexpected error: -524 (errno 524) #116/1 ldsx_insn/map_val and probed_memory:FAIL #116 ldsx_insn:FAIL Summary: 0/2 PASSED, 0 SKIPPED, 1 FAILED Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>

Add a test case to assert that the skb->pkt_type which was set from the BPF program is retained from the netkit xmit side to the peer's device at tcx ingress location. # ./vmtest.sh -- ./test_progs -t netkit [...] ./test_progs -t netkit [ 1.140780] bpf_testmod: loading out-of-tree module taints kernel. [ 1.141127] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel [ 1.284601] tsc: Refined TSC clocksource calibration: 3408.006 MHz [ 1.286672] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fd9b189d, max_idle_ns: 440795225691 ns [ 1.290384] clocksource: Switched to clocksource tsc #345 tc_netkit_basic:OK #346 tc_netkit_device:OK #347 tc_netkit_multi_links:OK #348 tc_netkit_multi_opts:OK #349 tc_netkit_neigh_links:OK #350 tc_netkit_pkt_type:OK Summary: 6/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20240524163619.26001-4-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov <ast@kernel.org>

pull bot added the ⤵️ pull label Dec 9, 2020

pull bot merged commit a68a026 into bergwolf:master Dec 9, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[pull] master from torvalds:master #349

[pull] master from torvalds:master #349

Uh oh!

pull bot commented Dec 9, 2020 •

edited

Loading

Uh oh!

Uh oh!

[pull] master from torvalds:master #349

[pull] master from torvalds:master #349

Uh oh!

Conversation

pull bot commented Dec 9, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

pull bot commented Dec 9, 2020 •

edited

Loading