| Message ID | 20221222181251.1345752-1-catalin.marinas@arm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | arm64: mte: Coredump fixes | expand |
On Thu, 22 Dec 2022 18:12:48 +0000, Catalin Marinas wrote: > As reported by Seth, there are two bugs in the arm64 MTE coredump code. > The first is a double freeing of the temporary tag storage object on an > error condition. The second is the racy traversing of the vma list and > fixing it required adding a struct coredump_params * parameter to the > elf_core_extra_phdrs() and elf_core_extra_data_size() functions. This > way the arm64 code can use the vma snapshot saved in cprm rather than > iterating over the vma list. > > [...] Applied to arm64 (for-next/fixes), thanks! [1/3] arm64: mte: Fix double-freeing of the temporary tag storage during coredump https://git.kernel.org/arm64/c/736eedc974ea [2/3] elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} https://git.kernel.org/arm64/c/19e183b54528 [3/3] arm64: mte: Avoid the racy walk of the vma list during core dump https://git.kernel.org/arm64/c/4f4c549feb4e Cheers,
Hi, As reported by Seth, there are two bugs in the arm64 MTE coredump code. The first is a double freeing of the temporary tag storage object on an error condition. The second is the racy traversing of the vma list and fixing it required adding a struct coredump_params * parameter to the elf_core_extra_phdrs() and elf_core_extra_data_size() functions. This way the arm64 code can use the vma snapshot saved in cprm rather than iterating over the vma list. All patches are cc stable to 5.18 but I'm not aware of any MTE deployment in production yet, so merging them in the new year is fine (still aiming for the fix in one of the 6.2-rcX). Thanks. Catalin Marinas (3): arm64: mte: Fix double-freeing of the temporary tag storage during coredump elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} arm64: mte: Avoid the racy walk of the vma list during core dump arch/arm64/kernel/elfcore.c | 61 +++++++++++++++++-------------------- arch/ia64/kernel/elfcore.c | 4 +-- arch/x86/um/elfcore.c | 4 +-- fs/binfmt_elf.c | 4 +-- fs/binfmt_elf_fdpic.c | 4 +-- include/linux/elfcore.h | 8 ++--- 6 files changed, 40 insertions(+), 45 deletions(-)