From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7624C77B75 for ; Mon, 8 May 2023 23:37:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 53ED1280004; Mon, 8 May 2023 19:37:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4EEFC280001; Mon, 8 May 2023 19:37:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 39056280004; Mon, 8 May 2023 19:37:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 26406280001 for ; Mon, 8 May 2023 19:37:12 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id C6FAD1201E0 for ; Mon, 8 May 2023 23:37:11 +0000 (UTC) X-FDA: 80768701062.18.B4079B9 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf11.hostedemail.com (Postfix) with ESMTP id 7A3D24000B for ; Mon, 8 May 2023 23:37:09 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=bJs2WAhj; spf=pass (imf11.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683589029; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sHw0dcZ3TJiP+2hAhevqrsae4S2DerKf8toQzKblr+M=; b=AGo/BZewNyKEILPLaqwlCNUo07puvfKO9TI1/kuFSr9z00lpJCHDp9ykbyX5OU449P5e+U 6P37eXc0a1K8QG2VzwxI3CLlbHTK1bcK3ymMbMgHc6BGFFt7vPz7cUNma2FlfiZWFWU6DM /oUQ6WwMzGM1LkPgmuaULLkbJT5EPTo= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=bJs2WAhj; spf=pass (imf11.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683589029; a=rsa-sha256; cv=none; b=vDXFvs5wG6ijq/a7698v7ti6sjbq39MLfsU8wG5S8/1u+rzJoihmeGGxbgqIiYQH0yZLEb EZcGA2gAey5RcLu2Iv45J/pVy9IT5LlmGyYBuowNfDNFci9SA939Jyg0nfDR3z1HU91HST YnzfnR5zmgm8PLP7YYi43GR6BMakQ1Q= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683589028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sHw0dcZ3TJiP+2hAhevqrsae4S2DerKf8toQzKblr+M=; b=bJs2WAhjF99s9KnWWwW+Nq6ZsMBabdIqAWjw4B3NIJPJBOXJxlrt8WLnd0AaFwxhC7Fm5j AmYSMp8CAYHNQFBY3QQsKdc04eDdD5B8I8+y1kgx3J4kENFCtdgkgXB3Ce+BfSS3UZiyuW cUTGNxVTFe3xiRckD+mBW/kDjipdBvk= Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-281-l0eNIV-NMcmGdSPGIlBEpA-1; Mon, 08 May 2023 19:37:05 -0400 X-MC-Unique: l0eNIV-NMcmGdSPGIlBEpA-1 Received: by mail-pf1-f198.google.com with SMTP id d2e1a72fcca58-644c382a49aso1398755b3a.2 for ; Mon, 08 May 2023 16:37:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683589024; x=1686181024; h=content-transfer-encoding:in-reply-to:organization:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=sHw0dcZ3TJiP+2hAhevqrsae4S2DerKf8toQzKblr+M=; b=PjQ58LZwgD7sbv3AtwAW2kJeHN/puUOmOPP1U8np+5vCkdYrygL/5h2qfSJZtMLkvX lksC2wae/ckYsogeywiiId7L4hhW3DAd2S/IJJFId9+jxorrhFOQleIxIZMib+ISCYUD L8ePYfGaAGtCSJp/Bi50yKzNY4E0ccgTwLOoq/0JEwwJqhFas/UpFU3oWoxj3Mx/iy/h +ibEQv4XiKeO/QWvrKAzmaHjsBN6eO+Isn+PyuFPRtgHPc19o+e72JmkdBbxktoN3lD8 MskUb+MZmjXwhuTtZ5ulse+WIR02kbYQLy27u6f6fuJMW5/QDCO37swI5pcQkvfqpQeG dBLA== X-Gm-Message-State: AC+VfDw3BNuAX5T+37NS2S8kD0j3FdpiMuyUXufteWFPd3il6GReTjk+ Sd3J5uzODxLvEbBraWqsT+A1h5kEpnjSYT8bPHe+x2RBUfuv0Cg26yM6ETppfJ2wzHkV3ktUXwM qAPWEG1bbl2Y= X-Received: by 2002:a17:902:b94c:b0:1a9:8769:36b7 with SMTP id h12-20020a170902b94c00b001a9876936b7mr12204921pls.5.1683589024518; Mon, 08 May 2023 16:37:04 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4X8+T9VIV0+w2ym+yJ6iL2lnqWuPkUZ1mXJ9TEjevEZjwzya7Qb3Y/35civQ+382IVFajw/g== X-Received: by 2002:a17:902:b94c:b0:1a9:8769:36b7 with SMTP id h12-20020a170902b94c00b001a9876936b7mr12204902pls.5.1683589024209; Mon, 08 May 2023 16:37:04 -0700 (PDT) Received: from ?IPV6:2001:4958:15a0:30:5835:5bd3:f0c8:e5ef? ([2001:4958:15a0:30:5835:5bd3:f0c8:e5ef]) by smtp.gmail.com with ESMTPSA id w11-20020a170902d70b00b001ac452bbe2asm26868ply.199.2023.05.08.16.37.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 08 May 2023 16:37:03 -0700 (PDT) Message-ID: <366ab078-1101-421c-691d-34f5efe006b5@redhat.com> Date: Tue, 9 May 2023 01:37:03 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: usbdev_mmap causes type confusion in page_table_check To: Pasha Tatashin Cc: Matthew Wilcox , Ruihan Li , syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <000000000000258e5e05fae79fc1@google.com> <20230507135844.1231056-1-lrh2000@pku.edu.cn> From: David Hildenbrand Organization: Red Hat In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 7A3D24000B X-Stat-Signature: ranr7w47smpx11n585jnyhy41mnninzi X-HE-Tag: 1683589029-509998 X-HE-Meta: U2FsdGVkX192EdXW/qrObpME+2kL+EMCmFFkG+vkoVYxKpcBz2KO2PxItyN5IGxdEtJ8LbOJOF6kRXSPfLFEZjDDvXkiOwRWsx9CrD2woLdLp+mqWQ7kOTeAofHVeKcjHZfDJ5BO9iIkfXPlCn4B4QNleYbqwYxQEB86mzjczDUjX5MwJC3CF8EsE5j3/YIbyXhvvi5/yltpZ7PGl7ddJAh7JF/k6IRuvsLJ45NutSUqf29Kden/PtMeWST9ItjnfVpLasYTPR6vZC5Nco96EWJlVarB9yoClpe3Oh1Uh7wFL6t9DL8TiPyyzH4v1zscTthGKlDdozDjNW8Ohj2Iz0BiCxIZodkkFrQjYUnW3Wi20ZxgdGQej3UnK/L0L9AILWVi7HmAaQCZPdjIDPzbK1p69I0gpOkeB3R4LZaO6NlvuJzuHlt4ueSA1NiuFvnud0llo8nEECCss936ElJc/FdVajKvVZHeL/3Qd0cJ4gBdecLLGhB63KQqQvrxyhdEHl1Sli6OEqbVc79Z8PQameyLdbOXlL/Eupv9fZGVa1EC9qpF+MdaV7X4h27gNMIapJhpFpybngT4YSZmcjyWp7GTl+77aQkNHaYPhS0IXCpWG9rJy70XGQsTux1vk12XJTW3YWd0KRAr0UqdKKJcHsuY40VLbh73VHRBE2YZVkkWVcspNPJQjhRVsy+i6zARRyY6v0ZfwnBf+2VKwywfcp7JGwPVzj0lqxvSsngqIkc2OQI/Tlzed1bzhLmX2jBbndALUAr/I+Y8ahIv8pL49QDl3fy5r0pdYO0RBfLSNTfDj5ZJ+tKKxgTxOJshgVbkkfhs1NTFPMSSyY+msZyjlTXBErKDhngLhVBw/cEvivpYEdwEeZB4biAZF7s7dIZNEccltirUVNxqVCtlrlLo8JI5b8EyB816Rn6nZNVR1m1uV1YkBP24lyRXX0SB2eO5VkEVqYmElTfvvDrEUF/ NTl2+aVi YSXyT5m6fTdoaeLSMfmG2Kg3ecu5DQMXqy1sRWNHpDRs9yxr8D9kaySdhZOZOP8lg2Y2EQJlFrOXKjYcalOaXeKeaDQe3kD+urXK5syM62CJXKe2aoW9AL8mjuFSPCzUc+mx+//7Wb4n1dfzk5FedUWFPqk29L4/5VOwSglo8KPtDG8o7Yc9H3bUT09AlCmddsW3/2cK7Zl26J6uj8tJV0ETJ4s1u7RzwfH99tqqtudiLopy6+N3uoj3sFOXf4IVnFhV2s8oeSaha6uYXKcQUSNwrNZuXmnKqn6csBweZWIlT6/keMO55dP7KDjhkV4z0Ai9wyQXwiPgBl2LbeA8ELYXe1QzUgyOuCRxB2YosSNW6pFqgx2b1Fj8Cqt+Hq4vWXxsnI6uKQ2IZuY6twx5fGRecLOZW3k1oCSM7MNGssjPP+gjVXpihXm9fFjs96VRFOei9FVIi2hUmgzApLGiISNS7n3cWwAssWexlmHg+p8X5wx0XHMPU4amiy9HMQ4iOv2Xp18yNtgatQni0Rr7/VHD5vE/UUXKl9nJXhRnHbXnYJ/9hqAI+e3tCg7kvwTnrCYrUPSOlVfRlWA8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 09.05.23 01:21, Pasha Tatashin wrote: >> For normal Kernel-MM operations, vm_normal_page() should be used to >> get "struct page" based on vma+addr+pte combination, but >> page_table_check does not use vma for its operation in order to >> strengthen the verification of no invalid page sharing. But, even I'm not sure if that's the right approach for this case here, though. >> vm_normal_page() can cause access to the "struct page" for VM_PFNMAP >> if pfn_valid(pfn) is true. So, vm_normal_page() can return a struct >> page for a user mapped slab page. > > Only for !ARCH_HAS_PTE_SPECIAL case, otherwise NULL is returned. That would violate VM_PFNMAP semantics, though. I remember that there was a trick to it. Assuming we map /dev/mem, what stops a page we mapped and determined to be !anon to be freed and reused, such that we suddenly have an anon page mappped? In that case, we really don't want to look at the "struct page" ever, no? -- Thanks, David / dhildenb