From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E6F1CC00140
	for <linux-mm@archiver.kernel.org>; Fri, 12 Aug 2022 18:45:41 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 27EBA6B0072; Fri, 12 Aug 2022 14:45:41 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 22E618E0002; Fri, 12 Aug 2022 14:45:41 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0F5FC8E0001; Fri, 12 Aug 2022 14:45:41 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 00D2D6B0072
	for <linux-mm@kvack.org>; Fri, 12 Aug 2022 14:45:40 -0400 (EDT)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id C7894C1C05
	for <linux-mm@kvack.org>; Fri, 12 Aug 2022 18:45:40 +0000 (UTC)
X-FDA: 79791819240.13.DBABC18
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179])
	by imf30.hostedemail.com (Postfix) with ESMTP id E06DA800C6
	for <linux-mm@kvack.org>; Fri, 12 Aug 2022 18:45:39 +0000 (UTC)
Received: by mail-pl1-f179.google.com with SMTP id p18so1470617plr.8
        for <linux-mm@kvack.org>; Fri, 12 Aug 2022 11:45:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc;
        bh=EsyzVUQW3lhq8PbIpm+iMiCgj6eBjplWp2G/k27ML9c=;
        b=lwmwMFDeg573WZwqyjRAzteMIgokt2V8ryD597LyJwUT2wsXbXpLyCl6o0XVaaPKlu
         VLbf4K+sm2GmB51znjagi/AXR/RsSGRs+ORlfjqVeSXqtbCaV77YQAgm75OEzEq+mgm/
         lAUtJxyL7z4DA+JAESVdWlr40z9dsx1JPDbZQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc;
        bh=EsyzVUQW3lhq8PbIpm+iMiCgj6eBjplWp2G/k27ML9c=;
        b=sXeYhQCKyeNn7KE5HMDDY2jM1nJEy+w5XeA6P58fT/m+qVgyGEavCYt1Xk3MCiLkMV
         SLlJBTSlsv/mt7SM2DSWWvF6XkM/uQZcNwsqVKGbSuKdCjMp1l/5OlYkS9U9a/k9j+rY
         qeZWhrR/FFWkyp00TBRfZfA2ueB7wapTq2Ztou6LCs5LTuZwPeuLQV1F0FYdBJHb7eUf
         1g9rZoAZlXVKqMRvVVeWAiABDnJFDBV+rb0sZ8oIltqqOeBAoz8e1RPhHSUslzUeQZII
         AlpBv1ge73oe2xNV9tRpJ7iQB+UoNdzrbvSImOsnUFVbYW+35lEzoLkp4FAGkIjjfysB
         jgwg==
X-Gm-Message-State: ACgBeo3QIzRxavw12Q5OISTDJcplOhT6Mg0B8uutDdRWO/2+ggYJi0UE
	jKU2+CH2Bfmi1cGGlYRObZJlVg==
X-Google-Smtp-Source: AA6agR48xHogCuZSvWQIVxaaZq+M/JOYoLiUJolsdt3Y1iss2UZsRE019KovrKanKfS5CEKWVQ6WCQ==
X-Received: by 2002:a17:90b:3805:b0:1f4:ebfe:558b with SMTP id mq5-20020a17090b380500b001f4ebfe558bmr15283844pjb.48.1660329938127;
        Fri, 12 Aug 2022 11:45:38 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id y12-20020a170903010c00b0016db51ca7dfsm2080847plc.15.2022.08.12.11.45.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 12 Aug 2022 11:45:37 -0700 (PDT)
Date: Fri, 12 Aug 2022 11:45:36 -0700
From: Kees Cook <keescook@chromium.org>
To: ira.weiny@intel.com
Cc: syzbot+3250d9c8925ef29e975f@syzkaller.appspotmail.com,
	"Fabio M. De Francesco" <fmdefrancesco@gmail.com>,
	ebiederm@xmission.com, viro@zeniv.linux.org.uk,
	sfr@canb.auug.org.au, syzkaller-bugs@googlegroups.com,
	linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fs/exec: Test patch for syzkaller crash
Message-ID: <202208121144.E9E5EE9E@keescook>
References: <20220812000919.408614-1-ira.weiny@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220812000919.408614-1-ira.weiny@intel.com>
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660329940; a=rsa-sha256;
	cv=none;
	b=aHTru9akCSfsDB34Ewe5eUb15SliaGwfYs9RNVAnc3zCDUgmzdTqCPMtPZo1oUD2MRi6oV
	dYtMJrk4JSqIY6Dwzh3IpUIksSEFc1hjHiEqHNT0UccQM1KrmNq3KDT3Nzh34jSYt49zFb
	2yRO5ggysK8VW0r/RtdBvXvqsAMFIJs=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=lwmwMFDe;
	spf=pass (imf30.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.179 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1660329940;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=EsyzVUQW3lhq8PbIpm+iMiCgj6eBjplWp2G/k27ML9c=;
	b=FebQ4GNiOfoFAiY3WqPTdTaI4y8C0yHgrNo5LjyNjxaOWkeKCUi52RPqrmtkL6cfn7QG0i
	yCexF5b/OGRUmk2wgKRHbtA2f5zAepNy16T3rONFrsFGVCYsiug6NWy+otvldWK7quyfJU
	MjGezIyEj113vUcsBAfPy7ZrF9PoOeE=
X-Stat-Signature: j766iq3paexgtx9pcbukiy3e6mwec6un
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: E06DA800C6
Authentication-Results: imf30.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=lwmwMFDe;
	spf=pass (imf30.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.179 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
X-Rspam-User: 
X-HE-Tag: 1660329939-227595
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000008, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Aug 11, 2022 at 05:09:19PM -0700, ira.weiny@intel.com wrote:
> From: Ira Weiny <ira.weiny@intel.com>
> 
> Kees reported that it looked like the kmap_local_page() conversion in
> fs/exec.c was causing a crash with the syzkaller.[1]
> 
> At first glance it appeared this was due to the lack of pagefaults not
> being disabled as was done by kmap_atomic().
> 
> Unfortunately, after deeper investigation we don't see how this is a
> problem.  The crash does not appear to be happening in the
> memcpy_to_page() call.[2]
> 
> For testing, add back pagefault disable in copy_string_kernel() to see
> if it makes syzkaller happy.  If so more investigation will need to be
> done to understand exactly what is happening.
> 
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6e8e36c6ae4b11bed5643317afb66b6c3cadba8
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/fs/exec.c?id=40d43a7507e1547dd45cb02af2e40d897c591870#n616
> 
> Cc: Kees Cook <keescook@chromium.org>
> Reported-by: syzbot+3250d9c8925ef29e975f@syzkaller.appspotmail.com
> Signed-off-by: Ira Weiny <ira.weiny@intel.com>

Thanks for spinning this. As noted in the other thread, I'm going to
wait and see if the crashes return. It looks like it may have been an
unrelated problem that got fix in -next (no crashes for a day now...)

But we'll have this in our back pocket if we need it. :)

-Kees

-- 
Kees Cook