[PATCH] usb: mon: make mmapped memory read only

2 views
Skip to first unread message

Tadeusz Struk

unread,
Sep 18, 2022, 5:25:17 PM9/18/22
to syzbot+43438a...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c
index f48a23adbc35..f452fc03093c 100644
--- a/drivers/usb/mon/mon_bin.c
+++ b/drivers/usb/mon/mon_bin.c
@@ -1268,6 +1268,7 @@ static int mon_bin_mmap(struct file *filp, struct vm_area_struct *vma)
{
/* don't do anything here: "fault" will set up page table entries */
vma->vm_ops = &mon_bin_vm_ops;
+ vma->vm_flags &= ~VM_WRITE;
vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
vma->vm_private_data = filp->private_data;
mon_bin_vma_open(vma);
--
2.37.3

syzbot

unread,
Sep 18, 2022, 5:53:20 PM9/18/22
to syzkaller-a...@googlegroups.com, syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: rcu detected stall in corrupted

rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P4078 } 2641 jiffies s: 2569 root: 0x0/T
rcu: blocking rcu_node structures (internal RCU debug):


Tested on:

commit: 521a547c Linux 6.0-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=128ae87f080000
kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=43438abe71dab88140c2
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=120ae87f080000

Tadeusz Struk

unread,
Sep 19, 2022, 12:10:40 PM9/19/22
to syzbot+43438a...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com

syzbot

unread,
Sep 19, 2022, 12:43:21 PM9/19/22
to syzkaller-a...@googlegroups.com, syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: rcu detected stall in corrupted

rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P4076 } 2665 jiffies s: 2721 root: 0x0/T
rcu: blocking rcu_node structures (internal RCU debug):


Tested on:

commit: 521a547c Linux 6.0-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17f2060f080000
kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=43438abe71dab88140c2
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=108f767f080000

Tadeusz Struk

unread,
Sep 19, 2022, 2:15:45 PM9/19/22
to syzbot+23f57c...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10-lts

diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c
index f48a23adbc35..094e812e9e69 100644
--- a/drivers/usb/mon/mon_bin.c
+++ b/drivers/usb/mon/mon_bin.c
@@ -1268,6 +1268,11 @@ static int mon_bin_mmap(struct file *filp, struct vm_area_struct *vma)
{
/* don't do anything here: "fault" will set up page table entries */
vma->vm_ops = &mon_bin_vm_ops;
+
+ if (vma->vm_flags & VM_WRITE)
+ return -EPERM;
+
+ vma->vm_flags &= ~VM_MAYWRITE;
vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
vma->vm_private_data = filp->private_data;
mon_bin_vma_open(vma);
--
2.37.3

syzbot

unread,
Sep 19, 2022, 11:12:23 PM9/19/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+23f57c...@syzkaller.appspotmail.com

Tested on:

commit: 59390358 Merge 5.10.140 into android12-5.10-lts
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=1725b890880000
kernel config: https://syzkaller.appspot.com/x/.config?x=710ac82b1e8d5ed2
dashboard link: https://syzkaller.appspot.com/bug?extid=23f57c5ae902429285d7
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11703a54880000

Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages