• Robin Murphy's avatar
    mm/debug.c: fix __dump_page() for poisoned pages · 311ade0e
    Robin Murphy authored
    Evaluating page_mapping() on a poisoned page ends up dereferencing junk
    and making PF_POISONED_CHECK() considerably crashier than intended:
    
        Unable to handle kernel NULL pointer dereference at virtual address 0000000000000006
        Mem abort info:
          ESR = 0x96000005
          Exception class = DABT (current EL), IL = 32 bits
          SET = 0, FnV = 0
          EA = 0, S1PTW = 0
        Data abort info:
          ISV = 0, ISS = 0x00000005
          CM = 0, WnR = 0
        user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c2f6ac38
        [0000000000000006] pgd=0000000000000000, pud=0000000000000000
        Internal error: Oops: 96000005 [#1] PREEMPT SMP
        Modules linked in:
        CPU: 2 PID: 491 Comm: bash Not tainted 5.0.0-rc1+ #1
        Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Dec 17 2018
        pstate: 00000005 (nzcv daif -PAN -UAO)
        pc : page_mapping+0x18/0x118
        lr : __dump_page+0x1c/0x398
        Process bash (pid: 491, stack limit = 0x000000004ebd4ecd)
        Call trace:
         page_mapping+0x18/0x118
         __dump_page+0x1c/0x398
         dump_page+0xc/0x18
         remove_store+0xbc/0x120
         dev_attr_store+0x18/0x28
         sysfs_kf_write+0x40/0x50
         kernfs_fop_write+0x130/0x1d8
         __vfs_write+0x30/0x180
         vfs_write+0xb4/0x1a0
         ksys_write+0x60/0xd0
         __arm64_sys_write+0x18/0x20
         el0_svc_common+0x94/0xf8
         el0_svc_handler+0x68/0x70
         el0_svc+0x8/0xc
        Code: f9400401 d1000422 f240003f 9a801040 (f9400402)
        ---[ end trace cdb5eb5bf435cecb ]---
    
    Fix that by not inspecting the mapping until we've determined that it's
    likely to be valid.  Now the above condition still ends up stopping the
    kernel, but in the correct manner:
    
        page:ffffffbf20000000 is uninitialized and poisoned
        raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
        raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
        page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
        ------------[ cut here ]------------
        kernel BUG at ./include/linux/mm.h:1006!
        Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
        Modules linked in:
        CPU: 1 PID: 483 Comm: bash Not tainted 5.0.0-rc1+ #3
        Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Dec 17 2018
        pstate: 40000005 (nZcv daif -PAN -UAO)
        pc : remove_store+0xbc/0x120
        lr : remove_store+0xbc/0x120
        ...
    
    Link: http://lkml.kernel.org/r/03b53ee9d7e76cda4b9b5e1e31eea080db033396.1550071778.git.robin.murphy@arm.com
    Fixes: 1c6fb1d8 ("mm: print more information about mapping in __dump_page")
    Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
    Acked-by: default avatarMichal Hocko <mhocko@suse.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    311ade0e
debug.c 5.9 KB