From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53FC5CFC299 for ; Tue, 15 Oct 2024 11:57:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B00796B0085; Tue, 15 Oct 2024 07:57:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AB05E6B0088; Tue, 15 Oct 2024 07:57:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 99E826B008A; Tue, 15 Oct 2024 07:57:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 7DFF66B0085 for ; Tue, 15 Oct 2024 07:57:56 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A624F41519 for ; Tue, 15 Oct 2024 11:57:50 +0000 (UTC) X-FDA: 82675687584.11.93966F8 Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by imf14.hostedemail.com (Postfix) with ESMTP id AD62C10000F for ; Tue, 15 Oct 2024 11:57:45 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=R08+bPjP; spf=pass (imf14.hostedemail.com: domain of gianf.trad@gmail.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=gianf.trad@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728993401; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZdiZfnvhG5YsMD0eaXsVxZWVn5zxKhg6IVuE5un0X8E=; b=yyUFMj+reLYpaey4GIxuahzw0OTzheppg4sKZXKeESBUbhVcf4dD7vrcKNeSPeFr5CQKUr L56QJMgf1pDeMsgkgf4z7sSeFdmnxEwGjRepJEcXCbQAUfeot+P0NdBMJ95P34icDSPp1u BqxDjCr0BvluFuoTKwRIPTKnZdoqFyw= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=R08+bPjP; spf=pass (imf14.hostedemail.com: domain of gianf.trad@gmail.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=gianf.trad@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728993401; a=rsa-sha256; cv=none; b=UtZpQ3eLR/SvwmwmUi/OVgRpKmbG3fJ+RU0HMNWB0TSkGwFeISXPU20D47q9IOsVvbwqWO PkjQSwYFBc/LFBJZk3/8aJpZ/RlaRBnkH2Mjq9RjEOHHkVgVcPEoiRurjd4Rfws7k4j9sP CZmAjqQsQGmS46FskmYdVxABXVAyPPQ= Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5c94dd7e1c0so5449911a12.0 for ; Tue, 15 Oct 2024 04:57:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728993472; x=1729598272; darn=kvack.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=ZdiZfnvhG5YsMD0eaXsVxZWVn5zxKhg6IVuE5un0X8E=; b=R08+bPjPnWCqayEiz4Vpw+NrEyj+E2IXhDIGUS2ho32wt59kSUXs4+Ts0uobAaGERu 8I0rnRI6mVU+sdLMVXpE8E9bFQBUt5JepDeR7AZ6i/vl1tiBNUwYMwW1oBr7nlL/H6za dr4HBgSVG9dc8//M/yPtuvgLPNjEEpz3T4c53yDFPgCGLkr1bB2M+z/PdyBmbYZXLU3r GJnPt+jIkJZtWkrxxx3qUFxHvyh9vse+uD9xSuH3EvZTSp1mTj8dMtdOpBvOFKpDTwAN Naf94oeiluMCL+UUnm3n2cCkTC2209g+Z9/unRLCdlMS+NNz8N43+vAr7MsDYt6YKudq RkLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728993472; x=1729598272; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZdiZfnvhG5YsMD0eaXsVxZWVn5zxKhg6IVuE5un0X8E=; b=ElJKVyX0WmkZ0FkXw14LAEJ6p4IoUEKMJBkmNSRNThj8kfmXmyF3Xppa7oo5rnsWr7 BptJ0ie3tHqgFLryxjxRQUY1bVBD6BVinAK1D8aMkBQHMoy30djkfiNeU0eDzgFsTv+3 L9HW9RREwFP9nkoRiM7r51uufxLD5veWbWbwhuC51UalJULyQRwIDanXzWROcHfG1CXk Z9z1MclVsEZO6IcTiTLGXNvJiDVQ97kMsvWAtoBXbvq3YM8IouAzkpl4hIxi+Ed1a6Wa w7YPAC03m+yF9Ar0phJt6mhOzojhp3DfKBQGeMKhsNSuesNSnbVjfsCHblvfVySDwRjA Ly9A== X-Forwarded-Encrypted: i=1; AJvYcCUDp13vMPSliyHlRIbjaFQfjjDl8xk31wk73Qr5XOxfEdGT9Y+KyUQeH9bzMZJsCxRdmYYu7PA/hw==@kvack.org X-Gm-Message-State: AOJu0YyIFTmrpSah6Da8emOMNQbqbyqLWNdPVgdoWeEGTfVBBeJSuUzm R0/3rWOII7ZsMSb86Ye6lxLmw5uvh3/JrXT4MHTzqfuya3k2+Y1k5tsjjULh3u8= X-Google-Smtp-Source: AGHT+IE7aQ12blyPbk3gKJQP1ZO2wA/0lbJ9xXyHgPphIpxaYqg6nyZBIGmlSM4oQ1yLDDxqbJAiPg== X-Received: by 2002:a05:6402:2753:b0:5c9:4c7a:b001 with SMTP id 4fb4d7f45d1cf-5c95ac60455mr8278461a12.30.1728993472057; Tue, 15 Oct 2024 04:57:52 -0700 (PDT) Received: from ?IPV6:2a01:e11:5400:7400:5411:6fe9:5d33:c711? ([2a01:e11:5400:7400:5411:6fe9:5d33:c711]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c98d778b80sm613820a12.78.2024.10.15.04.57.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Oct 2024 04:57:51 -0700 (PDT) Message-ID: <8bb6722b-52d8-4585-8377-194c241462f1@gmail.com> Date: Tue, 15 Oct 2024 13:57:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] mm: fix null pointer dereference in read_cache_folio From: Gianfranco Trad To: Matthew Wilcox Cc: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, skhan@linuxfoundation.org, syzbot+4089e577072948ac5531@syzkaller.appspotmail.com References: <20240929230548.370027-3-gianf.trad@gmail.com> <20240930090225.28517-2-gianf.trad@gmail.com> <991c8404-1c1c-47c7-ab27-2117d134b59b@gmail.com> Content-Language: en-US, it In-Reply-To: <991c8404-1c1c-47c7-ab27-2117d134b59b@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: AD62C10000F X-Stat-Signature: kscksr6ozytg39b1ap1z9x333yyqauud X-HE-Tag: 1728993465-785135 X-HE-Meta: U2FsdGVkX1+BiKNLuO1nJ4lBT2uyIhekBzX8DhRhHzHo/vqcw9NVRRNaBectHWqkBmKvle7vqC6nCnNfrhSP3Uffh2AE+6r5zqkpM1+/HdOR2WGIU83YAyYbn6AsjzLto+VQNpGgQfPyyhrCW3P/iMBZ7jKduQzkquihhZp936EKe3+x0pThGKZl3NlRJo1eOnfjeVsS4lqxOs/zvwCD5k89f6NUjxG7c70kcqRjjAruNce6CdvFj3qRiTYj1SFCctYUAb3I3KGzR+rthlR8KnQlr81HgeUKvZ/rIv2PNbgxHfatvROVFYmowSSgQsumBwVeATDsaUMEMNp28huMyeP2MaKouerSHlFS5pqtVdJb9eH29UR1jNUuEq46udUsCzVN3qTmU5uUktbOdc/+P8NHZnQbAjIWvXrfQKQmuj7/rbpzNfqWBaCW/bfdJvZP0FBS8QktS8m6bVOX77KmvY7hqEQZOFsZes/vWOnzyvRqwArfWk//HkIbP3mzVIVQYTzLQY3vUc0OsD9Ba+tR95hJL+CSOUik/BVMGPWBm/PArfL0e4x5WGC/i8VWkWRlRzhUz8Yzq+dm0UnVztHU4QcR1m3wYurNWxzILPtLDMfKWGHnxveDIiTggzgQ5UAzKKeNN8kI+zMG5ro6e+bxllyZ6NaxJnWILU4byj7Q+mpEkKvAbwFno9hSy55qXzgbtNcKCwa0Y7L/ERvD+Jh9KjcMjpMNEfhofJwo+R9ReAL8Qmn3rVHuXFBEfTThE3ntXkqN70EbaUdSj0RENE3d7AP87duJHyorxewjoCAMYCqaRWoG2GiZ6i5U9tOuyk6Y/lpqa8fY1hxudAZCnBzcFZSZCRWms6Xs9DNjAPxKcbVtryYiisEYaTbcMpFtxjqEjnGfxLhK2RxiNoqQaSgtwOqLQaoyck9RHjpfxANm+3bQOBcad8gf/nBasmmHKv1ugsAWEVGLracm6wQwfi5 e2P5hr9f tMojcSwiq205OIVlLq6dfnS9Zw5Q//S8Ohbp/CnUzD/h27vM+hspwEYJzFHjisdxyaObhHQmiQXnG5O/9hpzgkbZQvBspyFxWWuKXxExYDjaDJLLUpXm6+uTDucNOIdq1/xcIG8ZrRnuIrSDXc1AB4xBG3Xy4l5+bIsDwMvCdcH9ofa7vhJpV4gDQyo3DRfOdGFuEv8Mtiydhgek3pJ6YJ3N039PxJzBY2mbSaNJ0fV/u0memnlH3QJdXzJGo5k0KgjS26JsgJ64iilLfGWZ4F7XglGrQUW7UxZnP6Eh24Dr5ZmIvZjH/GiztY3JyK4HhxlZtm5Ceha3cR5PRrJcDMLuiGuG4rQ+AoXjUPHihTtL3U+VcV4LKZ0vEz50L3O7uF8R9AszNWuqaKtGmP6yT3pl1XRDNDpiGNb7XnkNRmgbV4IwOJ4pm5xyfD34jbj0yBr+Ullc++f77gAL/i3tBK/+koJ5PNOIoWAiPB7reRKoLIH7lI6pCTI1klYX30CE+2DcgzdWnR25Xjow7CB982VJLdvyGxQ8bLzgFQo86SL6TFRKebRoT5kvQImVKqi7zr5gmaGBpotbeF9OZ9IRner+Fqhn9q6JerIgNy78CMtNHEp1+GpZHVoTwB9LtbxcjzuE67+44COd8XQDjmIMRY50nnQX6nAPv+Bac X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 04/10/24 14:07, Gianfranco Trad wrote: > On 30/09/24 20:14, Matthew Wilcox wrote: >> On Mon, Sep 30, 2024 at 11:02:26AM +0200, Gianfranco Trad wrote: >>> @@ -2360,6 +2360,8 @@ static int filemap_read_folio(struct file >>> *file, filler_t filler, >>>       /* Start the actual read. The read will unlock the page. */ >>>       if (unlikely(workingset)) >>>           psi_memstall_enter(&pflags); >>> +    if (!filler) >>> +        return -EIO; >> >> This is definitely wrong because you enter memstall, but do not exit it. > > Got it, thanks. > >> >> As Andrew says, the underlying problem is that the filesystem does not >> implement ->read_folio.  Which filesystem is this? > > Reproducer via procfs accesses a bpf map backed by an anonymous > inode (anon_inode_fs_type), with mapping->a_ops pointing to anon_aops, > hence, read_folio() undefined. > >> >>>       error = filler(file, folio); >>>       if (unlikely(workingset)) >>>           psi_memstall_leave(&pflags); >>> -- >>> 2.43.0 >>> > > I suppose the next step would be to contact the proper maintainers(?) > If you have any additional suggestions, I'd be more than glad to listen. > > Thanks to both of you for your time, > > --Gian > Hello, While studying how to implement read_folio in anon_aops for this specific case (bpf map backed by anon_inode_fs_type) I've come up with an intermediate solution that mitigates the null pointer dereference and avoids the memstall issue (compared to my previous patch) immediately, for all filesystems that do not implement read_folio in their address_space_operations. The patch [1] looks like this: diff --git a/mm/filemap.c b/mm/filemap.c index 4f3753f0a158..680d98086c00 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -3775,6 +3775,8 @@ static struct folio *do_read_cache_folio(struct address_space *mapping, struct folio *folio; int err; + if (!filler && (!mapping->a_ops || !mapping->a_ops->read_folio)) + return ERR_PTR(-ENOSYS); if (!filler) filler = mapping->a_ops->read_folio; repeat: Patch was already tested with syzbot on the same reproducer case. Reproducer did not trigger any issue [2]. Let me know if for now this patch looks good enough, therefore I'll send it to you, or if I should work on it more. Thanks for your time, [1] https://syzkaller.appspot.com/text?tag=Patch&x=142e045f980000 [2] https://syzkaller.appspot.com/x/log.txt?x=1551045f980000 -- Gian