From patchwork Thu Dec 22 18:12:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 13080210 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3BD40C4332F for ; Thu, 22 Dec 2022 18:14:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=4wfIbxDe5WGgElntwUkjgkLwdVK2lqJ12WvSnLQAf8U=; b=1Ea6aeUBzOMImA Azba8aUsmfn+K4J8eWlGl3IwM1E0T3XIoqfyh5MsH9+H9M0dN+Tt6aK6HqPY5jioqcptbelnKqurV X8jg0/i3SwVeUIsxlmocPmAw6C6srAWUGkjAZv7wBWVFb5Ue0nDFwFQLbcb5Wvp1oglft9HZ9Fi5B R5MKZ4UiBhXyOZdR+P+JYH9A8WpDSz3IaaQQQcIZRH9L9WDZjlYqnPiBBriwCVtmrGK9hXW328134 zTQox31E7PgXGEYIt342C9PgmGErRW/grMSnN6iyW/AqCtvsObQnJNycufuKG+y0XrDBy5Ymqr4Gj UBc9R+EmFXOhC7SpfeXg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p8Q4D-00FRBm-CR; Thu, 22 Dec 2022 18:13:17 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p8Q3t-00FR5d-Gr for linux-arm-kernel@lists.infradead.org; Thu, 22 Dec 2022 18:12:59 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 62AE861D10; Thu, 22 Dec 2022 18:12:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57317C433D2; Thu, 22 Dec 2022 18:12:54 +0000 (UTC) From: Catalin Marinas To: Will Deacon , Seth Jenkins Cc: Eric Biederman , Kees Cook , Greg Kroah-Hartman , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org Subject: [PATCH 0/3] arm64: mte: Coredump fixes Date: Thu, 22 Dec 2022 18:12:48 +0000 Message-Id: <20221222181251.1345752-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221222_101257_614434_55678BA4 X-CRM114-Status: GOOD ( 12.15 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi, As reported by Seth, there are two bugs in the arm64 MTE coredump code. The first is a double freeing of the temporary tag storage object on an error condition. The second is the racy traversing of the vma list and fixing it required adding a struct coredump_params * parameter to the elf_core_extra_phdrs() and elf_core_extra_data_size() functions. This way the arm64 code can use the vma snapshot saved in cprm rather than iterating over the vma list. All patches are cc stable to 5.18 but I'm not aware of any MTE deployment in production yet, so merging them in the new year is fine (still aiming for the fix in one of the 6.2-rcX). Thanks. Catalin Marinas (3): arm64: mte: Fix double-freeing of the temporary tag storage during coredump elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} arm64: mte: Avoid the racy walk of the vma list during core dump arch/arm64/kernel/elfcore.c | 61 +++++++++++++++++-------------------- arch/ia64/kernel/elfcore.c | 4 +-- arch/x86/um/elfcore.c | 4 +-- fs/binfmt_elf.c | 4 +-- fs/binfmt_elf_fdpic.c | 4 +-- include/linux/elfcore.h | 8 ++--- 6 files changed, 40 insertions(+), 45 deletions(-)