From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9D44C021A0 for ; Thu, 13 Feb 2025 23:35:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 16B8E6B0095; Thu, 13 Feb 2025 18:35:56 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0F4276B0096; Thu, 13 Feb 2025 18:35:56 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EFCD86B0098; Thu, 13 Feb 2025 18:35:55 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D09166B0095 for ; Thu, 13 Feb 2025 18:35:55 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 851DE160C79 for ; Thu, 13 Feb 2025 23:35:55 +0000 (UTC) X-FDA: 83116531470.23.A1CF12C Received: from out-175.mta1.migadu.com (out-175.mta1.migadu.com [95.215.58.175]) by imf06.hostedemail.com (Postfix) with ESMTP id 8D0B0180007 for ; Thu, 13 Feb 2025 23:35:53 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=DT6cQfZp; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf06.hostedemail.com: domain of yosry.ahmed@linux.dev designates 95.215.58.175 as permitted sender) smtp.mailfrom=yosry.ahmed@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739489753; a=rsa-sha256; cv=none; b=LLTfH7xDma47EsnY1Q3RweJX1KgiXBjGF3cVFnkF6nCI4YOOvN7SzlcObh0nuULyZid4lb lSVKZOanbyWKavEzdrKMDy2DsQkfnaFFdqcw5lb3N5WwKiia0AX39gXHIi4LzAfPn8i4BJ 4Lq8mCvKHfxbzRamVy9RgexGD0PJj1g= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=DT6cQfZp; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf06.hostedemail.com: domain of yosry.ahmed@linux.dev designates 95.215.58.175 as permitted sender) smtp.mailfrom=yosry.ahmed@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739489753; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZVVBeRB4R/p/jAbEkhJ7/AqaFgJout4r3zmt9lw3r2Q=; b=v9hzh5lVQ8h74ZLn05BAFtFKn/Nvj/GGPu4VhpbXePSiANZiX7ewnbtzO70bwuAdc40Klu n2qDU5+pTnABL8FOVphwov0h/N/aEe2cxZ1HOC7cC/HPTmzSGqg3JpKRnvRwNwIQ0j0hsx Ky45btBoVqPqIeCBWC7N+LoHEb6CReU= Date: Thu, 13 Feb 2025 23:35:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1739489751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZVVBeRB4R/p/jAbEkhJ7/AqaFgJout4r3zmt9lw3r2Q=; b=DT6cQfZpCOxdnphDHwOkRLYR+GDquD4//LAN2QijU/f4luFyUCS9hBZ7XUOa6Y0BBUQXG9 zQnCdCUawiz8hC7O9ddgJRs6qQ4YI8ZuRzL9xrsbw7/BFNUUukZW+UBvjVxRtzk9cf35fN Anz7mQz2JMvVOqgazBimlflbLZUsst8= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Yosry Ahmed To: gaoxu Cc: Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , Suren Baghdasaryan , Barry Song <21cnbao@gmail.com>, yipengxiang , Hugh Dickins , Chris Li Subject: Re: =?utf-8?B?5Zue5aSNOiBbUEFUQ0hdIG1t?= =?utf-8?Q?=3A?= Fix possible NULL pointer dereference in __swap_duplicate Message-ID: References: <44655569e3a1419f800952004f07e714@honor.com> <20250212161820.4fda79a3333d2345b60cef72@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 8D0B0180007 X-Stat-Signature: 1iuyqefgttciz68zhhwjp3r9acon9xuz X-Rspam-User: X-HE-Tag: 1739489753-660521 X-HE-Meta: U2FsdGVkX1/KnWKAq/nlubJEDEb/WDG5JxIBiY4ritO3877xnWH/46psTl5ZNiLv+ZrInzjN3iNx0bgEFhBN0wL6lio9FWbLvV237nR4GM21FHgRE2ov5FPFhKphCgd47qvwx0OZoaa3aseA3znNRyoCIurbFD2zvZ+fHBap582nc8LDusxK9nNAHkS6HnroXN5uciaxcztPkLfQniJlyFVjZ7hyaIi/ZPwBTcjYWFsotxQrs9o7Fw/qv0ErpmMFADZgmfOgN6MDCNaPlSH/JYYaXif6tZ61D+uJHknK1WBYzkBkZQRhPwUugzTlQV2JOxLzNfEVJaVl5/fcaWvVW9U+tlbOvIBEMior92pXLEmuNBnpjMY6RKbiAvkt34TFZKUeAmpHsM1czPqQb5VsmklYgVIlIV+cu776bxQYx8L1BGMiBMQ4tyNf6E3ljrAdGxeiUPwFl+Jfgocw8bKL/T8mfXdNN+rC/CJ8Y5ihLVWkHcL4YtnlCx35L2C77hR4qQQ0HYvLUaz7otmgCaRrZPJ3mC2CufQ5vCNPvrB1p/zwUvXKSTCdmLJAU8CoIwcKjpUPix18SxVmtgxBrb//7/yTfRtykx2lnLsSiIrPbfQ25mKsnkoEf6xr0tWuTCLKkQHQP/awyW0QhEYK+yGrac8V1/NPxUk/7D6JvoohQo9sJt38UiGZOSN0OWIVTnOB2kbMZGHM0ZxTAUf4aVwRGQZjXfWMpWmA140Zh0N4bhcaz3RzlCwFLgG+AMaV2T1a9/ZUuTv1YfVK1TFcQTGQehkAldhW/sUc2pLtfPZtOmhAp1xIXn4RoefEhFC7qaFXa02wfXwIpX8jMHkgmndtt2rpX+NLppLFBkMisKIY6gvb+VjIfFrYfDVO9Nry8lM2pjg9Xp2ySkhOpvlarqQBahCzaOKQZQdSqizfWR+p741T2b3ZRFQdrXr4ojXLuZJHXoXHlSNM/dzlgr2XlbT MaDedXnH 9rA60wjWOKdDAxzurN4TOc/CYTqwoPLn+NasdwGwNSzGXG1a3iXLuN1cmul6RzD2/ExUkNtBOl/7UJNHtVL84aVqKUugOdAgqqJErhhbZLPCBDBsKn4urKw4etaG+VPGDG1tO5zWpoilfCUYmf1aClTQBVYWbhbC+9/WLsgTzkNSQ+QTvor08H4xYOK7ySoNmzO5ZkeSrftWyyEQJ9ogg5Nhe0OhLixkCSk+/jODTpzS/me6pLjUXO7amKVUZX2Tzyg57heizHv4i6uZkUR8H7UK1SIF1pfTaxasMwPwW+De5xGZGAyG++Edkp/Azs52HbEdbjwI3u/XIA+7ExmVn9HMQS3jI08Wp/76KkF2GDXhZFiWFecC0K5Nubt2Yl89gmlpPhXvZjNsMzIgRKQhKGi6DXJmcOJy2FZX9 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Feb 13, 2025 at 01:08:54PM +0000, gaoxu wrote: > > > > On Wed, 12 Feb 2025 03:13:46 +0000 gaoxu wrote: > > > > > swp_swap_info() may return null; it is necessary to check the return > > > value to avoid NULL pointer dereference. The code for other calls to > > > swp_swap_info() includes checks, and __swap_duplicate() should also > > > include checks. > > > > Actually very few of the swp_swap_info() callers check for a NULL return. > The swapfile.c file contains three instances where the return value of > swp_swap_info() is checked for a NULL return. In other files that call > swp_swap_info(), I have confirmed that there are no such checks. > The description in the patch is inaccurate, and I have made modifications > in patch v2. > > > > > The reason why swp_swap_info() returns NULL is unclear; it may be due > > > to CPU cache issues or DDR bit flips. > > > > Quite possibly it's a kernel bug. > > > > > The probability of this issue is very > > > small, and the stack info we encountered is as follows: > > > Unable to handle kernel NULL pointer dereference at virtual address > > > 0000000000000058 > > > > > > ... > > > > > > --- a/mm/swapfile.c > > > +++ b/mm/swapfile.c > > > @@ -3521,6 +3521,8 @@ static int __swap_duplicate(swp_entry_t entry, > > unsigned char usage, int nr) > > > int err, i; > > > > > > si = swp_swap_info(entry); > > > + if (unlikely(!si)) > > > + return -EINVAL; > > > > > > offset = swp_offset(entry); > > > VM_WARN_ON(nr > SWAPFILE_CLUSTER - offset % SWAPFILE_CLUSTER); > > > > OK, I guess avoiding the crash is good. But please let's include a WARN so that > > we can perhaps fix the bug, if one is there. > Good. I'll change it as mentioned and send a new patch. > si = swp_swap_info(entry); > + if (unlikely(!si)) { > + WARN(1, KERN_ERR "%s: %s%08lx\n", __func__, Bad_file, entry.val); WARN() already contains unlikely(). Also, no need to print the function name it's already in the stack trace. We should probably just do if (WARN_ON_ONCE(!si)). > + return -EINVAL; > + } > >