mirror of
https://github.com/torvalds/linux.git
synced 2024-12-19 01:23:20 +00:00
bf42daed6b
If I attach a vfio-ccw device to my guest, I get the following warning on the host when the host kernel is CONFIG_HARDENED_USERCOPY=y [250757.595325] Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'dma-kmalloc-512' (offset 64, size 124)! [250757.595365] WARNING: CPU: 2 PID: 10958 at mm/usercopy.c:81 usercopy_warn+0xac/0xd8 [250757.595369] Modules linked in: kvm vhost_net vhost tap xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c devlink tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables sunrpc dm_multipath s390_trng crc32_vx_s390 ghash_s390 prng aes_s390 des_s390 des_generic sha512_s390 sha1_s390 eadm_sch tape_3590 tape tape_class qeth_l2 qeth ccwgroup vfio_ccw vfio_mdev zcrypt_cex4 mdev vfio_iommu_type1 zcrypt vfio sha256_s390 sha_common zfcp scsi_transport_fc qdio dasd_eckd_mod dasd_mod [250757.595424] CPU: 2 PID: 10958 Comm: CPU 2/KVM Not tainted 4.18.0-derp #2 [250757.595426] Hardware name: IBM 3906 M05 780 (LPAR) ...snip regs... [250757.595523] Call Trace: [250757.595529] ([<0000000000349210>] usercopy_warn+0xa8/0xd8) [250757.595535] [<000000000032daaa>] __check_heap_object+0xfa/0x160 [250757.595540] [<0000000000349396>] __check_object_size+0x156/0x1d0 [250757.595547] [<000003ff80332d04>] vfio_ccw_mdev_write+0x74/0x148 [vfio_ccw] [250757.595552] [<000000000034ed12>] __vfs_write+0x3a/0x188 [250757.595556] [<000000000034f040>] vfs_write+0xa8/0x1b8 [250757.595559] [<000000000034f4e6>] ksys_pwrite64+0x86/0xc0 [250757.595568] [<00000000008959a0>] system_call+0xdc/0x2b0 [250757.595570] Last Breaking-Event-Address: [250757.595573] [<0000000000349210>] usercopy_warn+0xa8/0xd8 While vfio_ccw_mdev_{write|read} validates that the input position/count does not run over the ccw_io_region struct, the usercopy code that does copy_{to|from}_user doesn't necessarily know this. It sees the variable length and gets worried that it's affecting a normal kmalloc'd struct, and generates the above warning. Adjust how the ccw_io_region is alloc'd with a whitelist to remove this warning. The boundary checking will continue to do its thing. Signed-off-by: Eric Farman <farman@linux.ibm.com> Message-Id: <20180921204013.95804-3-farman@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
||
|---|---|---|
| .. | ||
| airq.c | ||
| blacklist.c | ||
| blacklist.h | ||
| ccwgroup.c | ||
| ccwreq.c | ||
| chp.c | ||
| chp.h | ||
| chsc_sch.c | ||
| chsc_sch.h | ||
| chsc.c | ||
| chsc.h | ||
| cio_debug.h | ||
| cio.c | ||
| cio.h | ||
| cmf.c | ||
| crw.c | ||
| css.c | ||
| css.h | ||
| device_fsm.c | ||
| device_id.c | ||
| device_ops.c | ||
| device_pgid.c | ||
| device_status.c | ||
| device.c | ||
| device.h | ||
| eadm_sch.c | ||
| eadm_sch.h | ||
| fcx.c | ||
| idset.c | ||
| idset.h | ||
| io_sch.h | ||
| ioasm.c | ||
| ioasm.h | ||
| isc.c | ||
| itcw.c | ||
| Makefile | ||
| orb.h | ||
| qdio_debug.c | ||
| qdio_debug.h | ||
| qdio_main.c | ||
| qdio_setup.c | ||
| qdio_thinint.c | ||
| qdio.h | ||
| scm.c | ||
| trace.c | ||
| trace.h | ||
| vfio_ccw_cp.c | ||
| vfio_ccw_cp.h | ||
| vfio_ccw_drv.c | ||
| vfio_ccw_fsm.c | ||
| vfio_ccw_ops.c | ||
| vfio_ccw_private.h | ||
| vfio_ccw_trace.h | ||