On 6/10/21 4:56 PM, Kees Cook wrote: >>>> |Stack Trace: >>>> | memfd_fcntl+0x0/0x470 >>>> | usercopy_abort+0x8a/0x8c >>>> | __check_object_size+0x10e/0x138 >>>> | copy_strings+0x1f4/0x38c >>>> | __do_execve_file+0x352/0x848 >>>> | EV_Trap+0xcc/0xd0 >>> What was the root cause here? Was it that the init section gets freed >>> and reused for kmalloc? >> Right. ARC _stext was encompassing the init section (to cover the init >> code) so when init gets freed and used by kmalloc, >> check_kernel_text_object() trips as it thinks the allocated pointer is >> in kernel .text. Actually I should have added this to changelog. > Great! Yeah, if you respin it with that added, please consider it: > > Reviewed-by: Kees Cook <keesc...@chromium.org>
Thx. I added this and pushed to ARC for-curr ---> The issue is triggered by an allocation in "init reclaimed" region. ARC _stext emcompasses the init region (for historical reasons we wanted the init.text to be under .text as well). This however trips up __check_object_size()->check_kernel_text_object() which treats this as object bleedign into kernel text. Fix that by rezoning _stext to start from regular kernel .text and leave out .init altogether. _______________________________________________ linux-snps-arc mailing list linux-snps-arc@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-snps-arc
