git.baikalelectronics.ru Git - kernel.git/commit

author	Sergei Trofimovich <slyfox@gentoo.org>
	Fri, 30 Apr 2021 05:53:48 +0000 (22:53 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 30 Apr 2021 18:20:35 +0000 (11:20 -0700)
commit	82e3ffa78e666e8bdbf78f0ae96aa2ec901e2353
tree	95ce93c001ab5b06fbdd378eb79ec0a81fe392dc	tree \| snapshot
parent	85d614d46ba910c227989cc21a19b5edd6c3d9cd	commit \| diff

ia64: module: fix symbolizer crash on fdescr

Noticed failure as a crash on ia64 when tried to symbolize all backtraces
collected by page_owner=on:

    $ cat /sys/kernel/debug/page_owner
    <oops>

    CPU: 1 PID: 2074 Comm: cat Not tainted 5.12.0-rc4 #226
    Hardware name: hp server rx3600, BIOS 04.03 04/08/2008
    ip is at dereference_module_function_descriptor+0x41/0x100

Crash happens at dereference_module_function_descriptor() due to
use-after-free when dereferencing ".opd" section header.

All section headers are already freed after module is laoded successfully.

To keep symbolizer working the change stores ".opd" address and size after
module is relocated to a new place and before section headers are
discarded.

To make similar errors less obscure module_finalize() now zeroes out all
variables relevant to module loading only.

Link: https://lkml.kernel.org/r/20210403074803.3309096-1-slyfox@gentoo.org
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

arch/ia64/include/asm/module.h		diff \| blob \| history
arch/ia64/kernel/module.c		diff \| blob \| history