Re: 4.3 regression: task_work corruption in vm86 mode?

[Stas Sergeev]

31.10.2015 08:43, Andy Lutomirski ÐÐÑÐÑ:
> On Fri, Oct 30, 2015 at 6:44 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> > Hi all-
> >
> > In 4.3-rc7, running dosemu2 (https://github.com/stsp/dosemu2/) oopses
> > the system very quickly, as long as CONFIG_VM86=y.  It blows up
> > because snd_seq_delete_port walks ports_list_head, finds two valid
> > ports, and then starts finding obviously invalid pointers in the list.
> >
> > git bisect blames:
> >
> > commit 5ed92a8ab71f8865ba07811429c988c72299b315
> > Author: Brian Gerst <brgerst@xxxxxxxxx>
> > Date:   Wed Jul 29 01:41:19 2015 -0400
> >
> >      x86/vm86: Use the normal pt_regs area for vm86
> >
> > I haven't spotted the problem yet.  It seems to happen when
> > task_work_run fires in get_signal, which happens before
> > save_v86_state.  I'm not entirely sure what causes task work to be
> > scheduled at all while in v86 land.  Could we somehow be processing
> > task_work later than we should?
> Nope, the bug has nothing to do with task_work.  Patches sent.
Andy, thanks for finally fixing this attack surface!
So after all, the comments you put into Kconfig, were justified.
Now I can seriously consider the dosemu2-specific vm86-light.
Having the machine to crash, was not a good starting point for
the clean-ups.
Also there is an interesting thread here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1499089
I wonder if they are affected now by that bug or not...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/