Re: Backport request to fix a WARNING in sco_sock_sendmsg on LTS

From: Greg KH
Date: Wed Jul 27 2022 - 04:20:56 EST

Next message: Conor.Dooley: "Re: [PATCH 6/6] riscv: dts: renesas: Add initial devicetree for Renesas RZ/Five SoC"
Previous message: Lad, Prabhakar: "Re: [PATCH 5/6] RISC-V: Kconfig.socs: Add Renesas RZ/Five SoC kconfig option"
In reply to: Harshit Mogalapalli: "Backport request to fix a WARNING in sco_sock_sendmsg on LTS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 27, 2022 at 01:26:49PM +0530, Harshit Mogalapalli wrote:
> Hi,
>
> We have seen a WARNING message while fuzzing with syzkaller.
>
>
> Kernel 5.15.54 on an x86_64
>
> localhost login: [ 104.557712] ------------[ cut here ]------------
> [ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358
> __alloc_pages+0x38a/0x410
> [ 104.559584] Modules linked in:
> [ 104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
> [ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.11.0-2.el7 04/01/2014
> [ 104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
> [ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00
> 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f>
> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
> [ 104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
> [ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX:
> dffffc0000000000
> [ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI:
> 0000000000040cc0
> [ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09:
> 0000000000000000
> [ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12:
> 0000000000000001
> [ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15:
> 0000000000000000
> [ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000)
> knlGS:0000000000000000
> [ 104.572330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4:
> 00000000000006e0
> [ 104.574149] Call Trace:
> [ 104.574503] <TASK>
> [ 104.574838] ? __sanitizer_cov_trace_cmp4+0x25/0x90
> [ 104.575535] ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
> [ 104.576391] ? bpf_ksym_find+0x171/0x1c0
> [ 104.576985] ? selinux_socket_sendmsg+0x207/0x2d0
> [ 104.577938] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
> [ 104.578739] alloc_pages+0x191/0x3f0
> [ 104.579258] kmalloc_order+0x34/0xb0
> [ 104.579794] kmalloc_order_trace+0x19/0xa0
> [ 104.580375] sco_sock_sendmsg+0x10f/0x300
> [ 104.581228] ? security_socket_sendmsg+0x8e/0xc0
>
>
> I have attached the report and the reproducer. A similar warning is seen
> on some testing previously.
>
> Ref: https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@xxxxxxxxxx/
>
> Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
> memcpy_from_msg()") is backported to LTS. So we have this bug on LTS
> branches.
>
> The Fix commit is not backported to LTS.
> Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg
> with bt_skb_sendmsg")
>
> I have tried backporting onto LTS locally.
>
> Can you please backport the following commits to these branches.
> 4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7)
>
> 1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream
> ("Bluetooth: Add bt_skb_sendmsg helper")
> 2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream
> ("Bluetooth: Add bt_skb_sendmmsg helper")
> 3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream
> ("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
> 4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream
> ("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
> 5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream
> ("Bluetooth: Fix passing NULL to PTR_ERR")
> 6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream
> ("Bluetooth: SCO: Fix sco_send_frame returning
> skb->len")
> 7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream
> ("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks")
>
>
> Notes:
> 3 is the fix for the WARNING.
> 1,2 are prerequisites for applying 3. At this stage the WARNING is fixed.
> 4,5,6,7 are necessary as they are fixing newly introduced commits by us.
>
> This is a clean cherry-pick series(7 commits) on all mentioned branches(LTS
> 4.14->5.15)
>
> I have tested all mentioned LTS branches with the reproducer(only) and the
> WARNING is fixed after applying these 7 patches.

All now queued up, thanks.

greg k-h

Next message: Conor.Dooley: "Re: [PATCH 6/6] riscv: dts: renesas: Add initial devicetree for Renesas RZ/Five SoC"
Previous message: Lad, Prabhakar: "Re: [PATCH 5/6] RISC-V: Kconfig.socs: Add Renesas RZ/Five SoC kconfig option"
In reply to: Harshit Mogalapalli: "Backport request to fix a WARNING in sco_sock_sendmsg on LTS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]