mmap for /proc/vmcore broken since 3.12-rc1

d.hatayama@xxxxxxxxxxxxxx (HATAYAMA Daisuke) · Mon, 14 Oct 2013 13:52:40 +0900

(2013/10/13 5:32), Alexey Dobriyan wrote:
> On Wed, Oct 09, 2013 at 07:14:55PM +0900, HATAYAMA Daisuke wrote:
>> Hello,
>>
>> (2013/10/08 21:49), Alexey Dobriyan wrote:
>>> On Mon, Oct 7, 2013 at 5:42 AM, HATAYAMA Daisuke
>>> <d.hatayama at jp.fujitsu.com> wrote:
>>>
>>>> +static unsigned long
>>>> +get_unmapped_area_vmcore(struct file *filp, unsigned long addr,
>>>> +                        unsigned long len, unsigned long pgoff,
>>>> +                        unsigned long flags)
>>>> +{
>>>> +#ifdef CONFIG_MMU
>>>> +       return current->mm->get_unmapped_area(filp, addr, len, pgoff,
>>>> flags);
>>>> +#else
>>>> +       return -EIO;
>>>> +#endif
>>>> +}
>>>> +
>>>>    static const struct file_operations proc_vmcore_operations = {
>>>>           .read           = read_vmcore,
>>>>           .llseek         = default_llseek,
>>>>           .mmap           = mmap_vmcore,
>>>> +       .get_unmapped_area = get_unmapped_area_vmcore,
>>>
>>> I think current->mm->get_unmapped_area should be used by core proc code.
>>
>> What do you actually suggest here? You mean moving this code in proc code?
>> I don't think you suggest so.
>
> Please, try this patch, I don't have kexec setup handy.
>
> --- a/fs/proc/inode.c
> +++ b/fs/proc/inode.c
> @@ -291,7 +291,11 @@ static unsigned long proc_reg_get_unmapped_area(struct file *file, unsigned long
>   	int rv = -EIO;
>   	unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
>   	if (use_pde(pde)) {
> -		get_unmapped_area = pde->proc_fops->get_unmapped_area;
> +		get_unmapped_area = current->mm->get_unmapped_area;
> +#ifdef CONFIG_MMU
> +		if (pde->proc_fops->get_unmapped_area)
> +			get_unmapped_area = pde->proc_fops->get_unmapped_area;
> +#endif
>   		if (get_unmapped_area)
>   			rv = get_unmapped_area(file, orig_addr, len, pgoff, flags);
>   		unuse_pde(pde);
>

Slight modification to #ifdef ...

get_unmapped_area = NULL;
#ifdef CONFIG_MMU
get_unmapped_area = current->mm->get_unmapped_area
#endif
if (pde->proc_fops->get_unmapped_area)
   get_unmapped_area = pde->proc_fops->get_unmapped_area;

And, I found the bug. The variable rv should have been defined as unsigned
long. sizeof(int) is 4 bytes but sizeof(long) is 8 bytes at least on x86_64.

The reason why returned value looked like kernel virtual address was due to
signed extension performed during conversion from negative 32-bit signed
integer to 64-bit unsigned long integer.

Hmm, I first checked signature of related functions but overlooked...

Anyway, I'll post fixing patch soon.

-- 
Thanks.
HATAYAMA, Daisuke