Re: Backport request to fix a WARNING in sco_sock_sendmsg on LTS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 27, 2022 at 01:26:49PM +0530, Harshit Mogalapalli wrote:
> Hi,
> 
> We have seen a WARNING message while fuzzing with syzkaller.
> 
> 
> Kernel 5.15.54 on an x86_64
> 
> localhost login: [  104.557712] ------------[ cut here ]------------
> [  104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358
> __alloc_pages+0x38a/0x410
> [  104.559584] Modules linked in:
> [  104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
> [  104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.11.0-2.el7 04/01/2014
> [  104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
> [  104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00
> 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f>
> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
> [  104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
> [  104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX:
> dffffc0000000000
> [  104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI:
> 0000000000040cc0
> [  104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09:
> 0000000000000000
> [  104.569196] R10: fffffff900000000 R11: 0000000000000001 R12:
> 0000000000000001
> [  104.570194] R13: 0000000000000000 R14: 0000000000000000 R15:
> 0000000000000000
> [  104.571201] FS:  00007fda701c7740(0000) GS:ffff888107080000(0000)
> knlGS:0000000000000000
> [  104.572330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4:
> 00000000000006e0
> [  104.574149] Call Trace:
> [  104.574503]  <TASK>
> [  104.574838]  ? __sanitizer_cov_trace_cmp4+0x25/0x90
> [  104.575535]  ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
> [  104.576391]  ? bpf_ksym_find+0x171/0x1c0
> [  104.576985]  ? selinux_socket_sendmsg+0x207/0x2d0
> [  104.577938]  ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
> [  104.578739]  alloc_pages+0x191/0x3f0
> [  104.579258]  kmalloc_order+0x34/0xb0
> [  104.579794]  kmalloc_order_trace+0x19/0xa0
> [  104.580375]  sco_sock_sendmsg+0x10f/0x300
> [  104.581228]  ? security_socket_sendmsg+0x8e/0xc0
> 
> 
> I have attached the report and the reproducer. A similar warning is seen
> on some testing previously.
> 
> Ref: https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@xxxxxxxxxx/
> 
> Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
> memcpy_from_msg()") is backported to LTS. So we have this bug on LTS
> branches.
> 
> The Fix commit is not backported to LTS.
> Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg
> with bt_skb_sendmsg")
> 
> I have tried backporting onto LTS locally.
> 
> Can you please backport the following commits to these branches.
> 4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7)
> 
> 1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream
> 	("Bluetooth: Add bt_skb_sendmsg helper")
> 2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream
> 	("Bluetooth: Add bt_skb_sendmmsg helper")
> 3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream
> 	("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
> 4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream
> 	("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
> 5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream
> 	("Bluetooth: Fix passing NULL to PTR_ERR")
> 6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream
> 	("Bluetooth: SCO: Fix sco_send_frame returning
> skb->len")
> 7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream
> 	("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks")
> 
> 
> Notes:
> 3 is the fix for the WARNING.
> 1,2 are prerequisites for applying 3. At this stage the WARNING is fixed.
> 4,5,6,7 are necessary as they are fixing newly introduced commits by us.
> 
> This is a clean cherry-pick series(7 commits) on all mentioned branches(LTS
> 4.14->5.15)
> 
> I have tested all mentioned LTS branches with the reproducer(only) and the
> WARNING is fixed after applying these 7 patches.

All now queued up, thanks.

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux