From patchwork Tue Oct 1 20:35:20 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 2972151 Return-Path: X-Original-To: patchwork-linux-parisc@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 99D7EBFF0B for ; Tue, 1 Oct 2013 20:35:28 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id BA1EF2037F for ; Tue, 1 Oct 2013 20:35:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B67DE203DF for ; Tue, 1 Oct 2013 20:35:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752342Ab3JAUf0 (ORCPT ); Tue, 1 Oct 2013 16:35:26 -0400 Received: from mout.gmx.net ([212.227.17.22]:50251 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751493Ab3JAUfZ (ORCPT ); Tue, 1 Oct 2013 16:35:25 -0400 Received: from p100.box ([84.173.31.92]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lm2lZ-1W0AV00DYH-00ZjFL for ; Tue, 01 Oct 2013 22:35:23 +0200 Date: Tue, 1 Oct 2013 22:35:20 +0200 From: Helge Deller To: Tejun Heo , Libin , linux-kernel@vger.kernel.org, linux-parisc@vger.kernel.org, James Bottomley Subject: [PATCH] [workqueue] check values of pwq and wq in print_worker_info() before use Message-ID: <20131001203520.GA8248@p100.box> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Provags-ID: V03:K0:suYwB9LFadVZIivJX4B/qWw9jDKQ/3TDiEhFLDCZcH27BCeditF YdFe7XEsyvUtL1Jzv0y9BNWd63vYRUlfLRICCqLPbPxpDOs09gN1ANwWhc63ThleK5ASMDt JO/UBNfCSlvOIlvVYLDcwFSf51/CN7FDYP05QBnil3XWkl2pzT81DEWw5sfwEOuxBnPdDmf 8A6zifUfOmv0DwJNjYGWA== Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP print_worker_info() includes no validity check on the pwq and wq pointers before handing them over to the probe_kernel_read() functions. It seems that most architectures don't care about that, but at least on the parisc architecture this leads to a kernel crash since accesses to page zero are protected by the kernel for security reasons. Fix this problem by verifying the contents of pwq and wq before usage. Even if probe_kernel_read() usually prevents such crashes by disabling page faults, clean code should always include such checks. Without this fix issuing "echo t > /proc/sysrq-trigger" will immediately crash the Linux kernel on the parisc architecture. CC: Tejun Heo CC: Libin CC: linux-parisc@vger.kernel.org CC: James.Bottomley@HansenPartnership.com Signed-off-by: Helge Deller --- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 987293d..c03b47f 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -4512,8 +4512,10 @@ void print_worker_info(const char *log_lvl, struct task_struct *task) */ probe_kernel_read(&fn, &worker->current_func, sizeof(fn)); probe_kernel_read(&pwq, &worker->current_pwq, sizeof(pwq)); - probe_kernel_read(&wq, &pwq->wq, sizeof(wq)); - probe_kernel_read(name, wq->name, sizeof(name) - 1); + if (pwq) + probe_kernel_read(&wq, &pwq->wq, sizeof(wq)); + if (wq) + probe_kernel_read(name, wq->name, sizeof(name) - 1); /* copy worker description */ probe_kernel_read(&desc_valid, &worker->desc_valid, sizeof(desc_valid));