From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67379C433E1 for ; Wed, 19 Aug 2020 19:28:06 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2C3442078D for ; Wed, 19 Aug 2020 19:28:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="YuF6qagm" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C3442078D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id B13A18D004B; Wed, 19 Aug 2020 15:28:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AC70D8D0003; Wed, 19 Aug 2020 15:28:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 962FB8D004B; Wed, 19 Aug 2020 15:28:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0100.hostedemail.com [216.40.44.100]) by kanga.kvack.org (Postfix) with ESMTP id 7EC1D8D0003 for ; Wed, 19 Aug 2020 15:28:05 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 3C285180AD80F for ; Wed, 19 Aug 2020 19:28:05 +0000 (UTC) X-FDA: 77168303730.05.use18_0a0d00d2702a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin05.hostedemail.com (Postfix) with ESMTP id 0E7B6180219F5 for ; Wed, 19 Aug 2020 19:28:05 +0000 (UTC) X-HE-Tag: use18_0a0d00d2702a X-Filterd-Recvd-Size: 3671 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf48.hostedemail.com (Postfix) with ESMTP for ; Wed, 19 Aug 2020 19:28:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:In-Reply-To:References; bh=ip+la9z7G7aZ/lnT14s++68ZesvV53glBDRn9/hcFAE=; b=YuF6qagmWBE+gMDZpAQgYB4/0t GKlWyw2ltmpyxyYuhU+2FGFC85nbCLLzSvkVWfXFtZDOmIlSIjKfkOwlrV6Rs9Ckf8/8ZbROV4sue MjBw/pnY3d4Y4QeUHM53rfNVbwOM48Nv3VsAPTovMJRmS6GYsNgl1Dy2/gk5WpvHUt/W0n6Ka5LIk EykfBk0lNiuMAknagQGFNVGEfCkw8YV+/+RuCKKc6NNnm27fUWfIrZRSZsbRmN+mhJEfpKRV2vzvV hk40lA5ChOCKdYrCby9iW1zWlAec+MKwLgQAIkFBNFmKR06Z693vMd/8S6xIRN699eM1DfNZNjTw1 uYdIX6NA==; Received: from willy by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1k8TGq-0007M6-OP; Wed, 19 Aug 2020 18:57:12 +0000 From: "Matthew Wilcox (Oracle)" To: linux-mm@kvack.org Cc: "Matthew Wilcox (Oracle)" , Andrew Morton , John Hubbard , Mike Rapoport , Vlastimil Babka Subject: [PATCH] mm/debug: Do not dereference i_ino blindly Date: Wed, 19 Aug 2020 19:57:10 +0100 Message-Id: <20200819185710.28180-1-willy@infradead.org> X-Mailer: git-send-email 2.21.3 MIME-Version: 1.0 X-Rspamd-Queue-Id: 0E7B6180219F5 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We check i_dentry is fetchable and i_ino is earlier in the struct than i_ino, so it ought to work fine, but it's possible that struct randomisation has reordered i_ino after i_dentry and the pointer is just wild enough that i_dentry is fetchable and i_ino isn't. Also print the inode number if the dentry is invalid. Reported-by: Vlastimil Babka Signed-off-by: Matthew Wilcox (Oracle) --- mm/debug.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mm/debug.c b/mm/debug.c index ca8d1cacdecc..2a767865145c 100644 --- a/mm/debug.c +++ b/mm/debug.c @@ -120,6 +120,7 @@ void __dump_page(struct page *page, const char *reaso= n) struct hlist_node *dentry_first; struct dentry *dentry_ptr; struct dentry dentry; + unsigned long ino; =20 /* * mapping can be invalid pointer and we don't want to crash @@ -136,21 +137,22 @@ void __dump_page(struct page *page, const char *rea= son) goto out_mapping; } =20 - if (get_kernel_nofault(dentry_first, &host->i_dentry.first)) { + if (get_kernel_nofault(dentry_first, &host->i_dentry.first) || + get_kernel_nofault(ino, &host->i_ino)) { pr_warn("aops:%ps with invalid host inode %px\n", a_ops, host); goto out_mapping; } =20 if (!dentry_first) { - pr_warn("aops:%ps ino:%lx\n", a_ops, host->i_ino); + pr_warn("aops:%ps ino:%lx\n", a_ops, ino); goto out_mapping; } =20 dentry_ptr =3D container_of(dentry_first, struct dentry, d_u.d_alias); if (get_kernel_nofault(dentry, dentry_ptr)) { - pr_warn("aops:%ps with invalid dentry %px\n", a_ops, - dentry_ptr); + pr_warn("aops:%ps ino:%lx with invalid dentry %px\n", + a_ops, ino, dentry_ptr); } else { /* * if dentry is corrupted, the %pd handler may still @@ -158,7 +160,7 @@ void __dump_page(struct page *page, const char *reaso= n) * corrupted struct page */ pr_warn("aops:%ps ino:%lx dentry name:\"%pd\"\n", - a_ops, host->i_ino, &dentry); + a_ops, ino, &dentry); } } out_mapping: --=20 2.28.0