From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 051D8FA372C for ; Fri, 13 Sep 2024 08:11:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 614D36B00BB; Fri, 13 Sep 2024 04:11:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C38D6B00BD; Fri, 13 Sep 2024 04:11:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48B486B00BF; Fri, 13 Sep 2024 04:11:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 2A5CA6B00BB for ; Fri, 13 Sep 2024 04:11:34 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id C4A751218FF for ; Fri, 13 Sep 2024 08:11:33 +0000 (UTC) X-FDA: 82558995666.30.7148D65 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf30.hostedemail.com (Postfix) with ESMTP id 3B62C80003 for ; Fri, 13 Sep 2024 08:11:32 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ABuq6HTx; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726214974; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RczkyL2ad7NU3sgvf2agE8SAp20QcNIW3ejv2FVS4OA=; b=znmevQ41XehOnNRsEJvPl447fkIG0Z3bPBYqEI1ATkwj6/kvrdWyVbHTZzZhm582EvvMl4 UwaRf+fBa3zknDsXqw3FAfELc9o7zexMDymiz7QsmrqrPb0i5E28+3YvkN1lnXGpsaUhCP N/pOKxSnIOZAf3OX+h4BNXqveDd2xyg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726214974; a=rsa-sha256; cv=none; b=Lt0/qYGo6dVLCdYvnS2J/v/oat/lrtqFQiXB73iQ3OC8xXqV1V9LVkNxmESN5OI+732dvH ZUTuN0ST7EMH13IU/0/hSeoulZQeWk9VAMSwvgB21+FFkZwnN+UVxGszT/GbBcNJdK2Kwj RnmzL8oFqX2Fpn7i5CHZC8y9oRNNX/w= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ABuq6HTx; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id C7DF5A45B6E; Fri, 13 Sep 2024 08:11:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B5AE4C4CEC0; Fri, 13 Sep 2024 08:11:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726215091; bh=AIKqGRT9z6TNOCU+Dxb1n/JCJbKQDW7PvIqp4JjiXGM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ABuq6HTxG/iCyFHmWishG138K96W6MpO9djxA1czxjfbuBBFg4fDWZalwjTT/Ae2X DWgrcLEmjYeVBCN0EjfMQqCW8seJCMNFrBwMzKPfH9zVT2bJH46HMcMxf/fDYeFzXh rGD7wuYjid9mqiRrj33ANoH0PtOXXxlffRaSKk4ZLTGrA5Rrrc29SxlhIf10xheaLN KTMz7yicy16S+Cb0Hlt1B+34FFadTpdOIKsgDIIQ+9uMP6aoVR0CO052BVkx0x/BOv fwAy+8AxdcAY9AcKl6fMrETWjDIHulvF1ymp4ha85lGM+68rrgWyRO9QrDh5jM0vhK 3VBqQGOjfPj3A== Date: Fri, 13 Sep 2024 10:11:25 +0200 From: Christian Brauner To: David Howells Cc: kernel test robot , oe-lkp@lists.linux.dev, lkp@intel.com, Linux Memory Management List , Jeff Layton , netfs@lists.linux.dev, linux-fsdevel@vger.kernel.org Subject: Re: [linux-next:master] [netfs] a05b682d49: BUG:KASAN:slab-use-after-free_in_copy_from_iter Message-ID: <20240913-felsen-nervig-7ea082a2702c@brauner> References: <202409131438.3f225fbf-oliver.sang@intel.com> <1263138.1726214359@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1263138.1726214359@warthog.procyon.org.uk> X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 3B62C80003 X-Stat-Signature: 8ck3yow8o7wxnfd7eq6ts6otjuqpw4ze X-Rspam-User: X-HE-Tag: 1726215092-449464 X-HE-Meta: U2FsdGVkX1+5mW1hc8Cv4ORFGld+xdcBRpQf0ytiozVz8Hjmgc4RTWiMzOvv5IEyxuMIHHkCYIp19VaYIdYnOaRLGPE7Hd//0hdGd57kwiF3kiqgUssd0yyEFWc1tFIFhqF4hntCsM6r6lnDGqmtFfUGrb9o8ql/YG38xTcXq+OwAUTidxNNaeiMXF8XMjn+SU/gM4SXAojw+K8PyIn5EE5/4XZeORBXlM2t99NR7Gb1uhSa1nTTAD8wtmFwsq7wcbWaw7vFRKh2KZp8/scSJsYthum9/z9lRacA0AtPqSNjmFu82VKO7U/L3cpc9EHuOeJxWU+6UuVGbS/TT4lf7attkGqkvJYQIP21prPRHct4K1fHFShHq/ZUYWc+JcmaGKpItPgdQOLuY28VEwgQx1hcPicxfW7lW7vqJwZCRRCzHJVo5CIRW6uVcoFS/CaEU+SVoKFBZCUSzYWPPvYoxZNo2l2XLWpcXHsn5JBE0dH5gsdMdBSULionQsOxWxnOFIU2H1If7q98Ru8+aI/Tc4lBfnwZRuGGU0gQi9z6xBGQJ8Smoil+bTWCLSt5xRxZre78mdgtPJ772+fuOG0MInFzHZSgxQOAh48E8hfofDsa+xJeIg86fCPV6+tJ+2aQviDIb7ukhufTtS+2YfXuM+lPJnkLUv8MPt6ahB4iG9Fq3oKg+o+FGIFEL8V0t0vFt785XVaQdcJx+B7UiSUnQJg+3dTnLNlSSe+m3rYbg2mD1PZXKKIHxhuS48c56lrkKGD2oliU8leuYAVg/7LFSeV8rakTMZPxdOpzh8o5iXjesI7pLc6en0C1f4w4lHRMJBdg/Q+Tr0wpyc7/LVw8/zZWD8+DIzMOECD2i340MV8KP0XV07nQlcMid0+GAHGtes7tSZ2o48Eky8iPKenfCnzR6CuAVdo+JZqvajAGXD93TsS8WJmy/NiHq86dNW6Cy+oKeisGmBvOxYgjKH3 XuwOi1V9 htMmxv8yQ2svPW1ZawtGrHXzKsZEpXtiyklPRWUs7XXRE4JgFl+aD+7ho3Hsk8032AgFyU+VpvIf50kE6GtzBW3EET/E6Xgrq25JcaReDsRP/PKxnEbTYuNOuq7TljF7N53IoFHPJp4+WfHF4modhxAk52FFin44IAQoeR5V4sESD9yV22ORhy1WQVkCozBrf1rNzH43f8/YPphypjwxm4ZEWfu3kar14fTxhw9A1d/sFv3E2e4pKUO9C7yg7Y2kZUwZHVYGUrkRcfgJDxoMNR6+lLfqCvnJGtIMr7plrHatMdc/WNkWrL/KQQVshZ0TCy7IUKPkC+zW1ThhuIq9ft8TiIEIFxp67L5xzTFxyIXsMe1TzaT6Dd2t8gQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Sep 13, 2024 at 08:59:19AM GMT, David Howells wrote: > Can you try with the attached change? It'll get folded into Christian's > vfs.netfs branch at some point. The fix you pasted below is already applied and folded into vfs.netfs. But what the kernel test robot tested was an old version of that branch. The commit hash that kernel test robot tested was: commit: a05b682d498a81ca12f1dd964f06f3aec48af595 ("netfs: Use new folio_queue data type and iterator instead of xarray iter") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master but in vfs.netfs we have: cd0277ed0c188dd40e7744e89299af7b78831ca4 ("netfs: Use new folio_queue data type and iterator instead of xarray iter") and the diff between the two is: diff --git a/lib/iov_iter.c b/lib/iov_iter.c index 84a517a0189d..97003155bfac 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -1026,7 +1026,7 @@ static ssize_t iter_folioq_get_pages(struct iov_iter *iter, iov_offset += part; extracted += part; - *pages = folio_page(folio, offset % PAGE_SIZE); + *pages = folio_page(folio, offset / PAGE_SIZE); get_page(*pages); pages++; maxpages--; So this is a bug report for an old version of vfs.netfs. > > David > --- > diff --git a/lib/iov_iter.c b/lib/iov_iter.c > index 84a517a0189d..97003155bfac 100644 > --- a/lib/iov_iter.c > +++ b/lib/iov_iter.c > @@ -1026,7 +1026,7 @@ static ssize_t iter_folioq_get_pages(struct iov_iter *iter, > iov_offset += part; > extracted += part; > > - *pages = folio_page(folio, offset % PAGE_SIZE); > + *pages = folio_page(folio, offset / PAGE_SIZE); > get_page(*pages); > pages++; > maxpages--; >