Message ID | ccadf5d7-e22a-ab5b-21e8-18a788251845@redhat.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | parisc: fix inability to allocate stack pages on exec | expand |
On Mon, 3 Jul 2023 at 12:59, Mikulas Patocka <mpatocka@redhat.com> wrote: > > The patch 8d7071af8907 ("mm: always expand the stack with the mmap write > lock held") breaks PA-RISC. > > The breakage happens if we attempt to pass more arguments to execve than > what fits into the initial stack page - we get -E2BIG in such a case. > > The reason for the breakage is that the commit 8d7071af8907 adds the test > "if (!(vma->vm_flags & VM_GROWSDOWN)) return -EFAULT;" to the function > expand_downwards. Heh. See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f66066bc5136f25e36a2daff4896c768f18c211e which fixes this differently (and, I think, much better). Just removing the VM_GROWSDOWN test will actually break some of the other users. Notably the new and improved expand_stack() function that now handles all the complicated *cough*ia64*cough* cases automatically, which allowed unifying the page fault handling code around this area. Linus
On Mon, 3 Jul 2023, Linus Torvalds wrote: > On Mon, 3 Jul 2023 at 12:59, Mikulas Patocka <mpatocka@redhat.com> wrote: > > > > The patch 8d7071af8907 ("mm: always expand the stack with the mmap write > > lock held") breaks PA-RISC. > > > > The breakage happens if we attempt to pass more arguments to execve than > > what fits into the initial stack page - we get -E2BIG in such a case. > > > > The reason for the breakage is that the commit 8d7071af8907 adds the test > > "if (!(vma->vm_flags & VM_GROWSDOWN)) return -EFAULT;" to the function > > expand_downwards. > > Heh. See > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f66066bc5136f25e36a2daff4896c768f18c211e > > which fixes this differently (and, I think, much better). > > Just removing the VM_GROWSDOWN test will actually break some of the other users. > > Notably the new and improved expand_stack() function that now handles > all the complicated *cough*ia64*cough* cases automatically, which > allowed unifying the page fault handling code around this area. > > Linus Yes - I confirm that this fixes it. (please, also send this patch to Greg, so that it will be included in 6.4.2) Mikulas
On Mon, 3 Jul 2023 at 13:40, Mikulas Patocka <mpatocka@redhat.com> wrote: > > (please, also send this patch to Greg, so that it will be included in > 6.4.2) Already part of the -rc1 review commits https://lore.kernel.org/lkml/20230703184519.261119397@linuxfoundation.org/ Thanks, Linus
Index: linux-6.4.1/mm/mmap.c =================================================================== --- linux-6.4.1.orig/mm/mmap.c 2023-07-03 18:17:35.000000000 +0200 +++ linux-6.4.1/mm/mmap.c 2023-07-03 21:22:44.000000000 +0200 @@ -2036,9 +2036,6 @@ int expand_downwards(struct vm_area_stru struct vm_area_struct *prev; int error = 0; - if (!(vma->vm_flags & VM_GROWSDOWN)) - return -EFAULT; - address &= PAGE_MASK; if (address < mmap_min_addr || address < FIRST_USER_ADDRESS) return -EPERM;
Hi The patch 8d7071af8907 ("mm: always expand the stack with the mmap write lock held") breaks PA-RISC. The breakage happens if we attempt to pass more arguments to execve than what fits into the initial stack page - we get -E2BIG in such a case. The reason for the breakage is that the commit 8d7071af8907 adds the test "if (!(vma->vm_flags & VM_GROWSDOWN)) return -EFAULT;" to the function expand_downwards. expand_downwards is called from get_arg_page to allocate initial stack pages. With the added test for VM_GROWSDOWN, it is not able to allocate any pages on PA-RISC at all, and execve fails as soon as it tries to allocate a stack page. The bug can be fixed by dropping the test for VM_GROWSDOWN from expand_downwards. Fixes: 8d7071af8907 ("mm: always expand the stack with the mmap write lock held") Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org # v6.4 --- mm/mmap.c | 3 --- 1 file changed, 3 deletions(-)