Commit e7f1e883 authored by Tong Zhang's avatar Tong Zhang Committed by Linus Torvalds

binfmt_misc: fix crash when load/unload module

We should unregister the table upon module unload otherwise something
horrible will happen when we load binfmt_misc module again.  Also note
that we should keep value returned by register_sysctl_mount_point() and
release it later, otherwise it will leak.

Also, per Christian's comment, to fully restore the old behavior that
won't break userspace the check(binfmt_misc_header) should be
eliminated.

To reproduce:
  modprobe binfmt_misc
  modprobe -r binfmt_misc
  modprobe binfmt_misc
  modprobe -r binfmt_misc
  modprobe binfmt_misc

resulting in

  modprobe: can't load module binfmt_misc (kernel/fs/binfmt_misc.ko): Cannot allocate memory

and an unhappy kernel:

  binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point
  binfmt_misc: Failed to create fs/binfmt_misc sysctl mount point
  BUG: unable to handle page fault for address: fffffbfff8004802
  Call Trace:
    init_misc_binfmt+0x2d/0x1000 [binfmt_misc]

Link: https://lkml.kernel.org/r/20220124181812.1869535-2-ztong0001@gmail.com
Fixes: 3ba442d5 ("fs: move binfmt_misc sysctl to its own file")
Signed-off-by: default avatarTong Zhang <ztong0001@gmail.com>
Co-developed-by: Christian Brauner<brauner@kernel.org>
Acked-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Iurii Zaikin <yzaikin@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 6cb91741
...@@ -817,20 +817,20 @@ static struct file_system_type bm_fs_type = { ...@@ -817,20 +817,20 @@ static struct file_system_type bm_fs_type = {
}; };
MODULE_ALIAS_FS("binfmt_misc"); MODULE_ALIAS_FS("binfmt_misc");
static struct ctl_table_header *binfmt_misc_header;
static int __init init_misc_binfmt(void) static int __init init_misc_binfmt(void)
{ {
int err = register_filesystem(&bm_fs_type); int err = register_filesystem(&bm_fs_type);
if (!err) if (!err)
insert_binfmt(&misc_format); insert_binfmt(&misc_format);
if (!register_sysctl_mount_point("fs/binfmt_misc")) { binfmt_misc_header = register_sysctl_mount_point("fs/binfmt_misc");
pr_warn("Failed to create fs/binfmt_misc sysctl mount point");
return -ENOMEM;
}
return 0; return 0;
} }
static void __exit exit_misc_binfmt(void) static void __exit exit_misc_binfmt(void)
{ {
unregister_sysctl_table(binfmt_misc_header);
unregister_binfmt(&misc_format); unregister_binfmt(&misc_format);
unregister_filesystem(&bm_fs_type); unregister_filesystem(&bm_fs_type);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment