From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68DDCC77B6F for ; Tue, 11 Apr 2023 12:16:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 92C866B0074; Tue, 11 Apr 2023 08:16:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8DC1A6B0075; Tue, 11 Apr 2023 08:16:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7CAF76B0078; Tue, 11 Apr 2023 08:16:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6C5CD6B0074 for ; Tue, 11 Apr 2023 08:16:33 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2F59F40D05 for ; Tue, 11 Apr 2023 12:16:33 +0000 (UTC) X-FDA: 80669008266.27.72DE85A Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf13.hostedemail.com (Postfix) with ESMTP id 4659020007 for ; Tue, 11 Apr 2023 12:16:29 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=iIm8ek+8; spf=none (imf13.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681215389; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PSKpztcZcWeU0kqRgz9frUyvV6Ecus1e6AXUQcG7EVg=; b=4XIgrTixOBFRtg4d80gywXscOvbSPE9TWoL7+BG3BuIu4Y2byc5ae3z1qRpmriK1WlYlyF pAO6qPIEapu1BNnq1WP+K0/8OHgtP8Y013aXaEXE4Qjww0EfKLDYAIEwecSICT9Mhqgdjv Y/vMZ2MkgSUJ8Tw0RQN+p0XcppcjcAc= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=iIm8ek+8; spf=none (imf13.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681215389; a=rsa-sha256; cv=none; b=7iQSWkt7hfx7mWa9VfvhqwX5Yv04H3Hw/psAifPPq0NkQP+CpYUNV8C3IGya8bGe95daz3 XSavZ+PHAsfeW0RiXE4bpDX/j90pS3Lovnk42wi9YlnJ+T/4Lnsd5usUFcsJHGn15/uFfM vbAbBy6KeC6ewHTG5SXzLOmvwryn5qw= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=PSKpztcZcWeU0kqRgz9frUyvV6Ecus1e6AXUQcG7EVg=; b=iIm8ek+8RoCroDqOegul4nnU9G fn+k7FBPrkSlGGlzMcBn1uip3KN+bWl5RrpHgjUiGpUThJ9ehvN6HtImi0PApeN20gma3lcr9DwYs GBbjYODLzLZAdzuYWya9CRZCpqn3YdGE/preUDPlc21mbwCr4p0ltdSXHiA1KGZvaReegUbopnFzl CJ6kNV62NZwbRdj/0rBGMGcHAGOZpfLtwZ+ZMMNIA9kPze5y+3zpq3vabFw4iJ/4SrVwk1Ze52BIp q3PsGFHHvPHbSXO8zO4XNCErP99CHupr22ClPJ9FEavw9unyEp7QcZLszAadOJIQ3jJzuJM6oDog6 xkMJDkrA==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1pmCv4-005t7p-O1; Tue, 11 Apr 2023 12:16:18 +0000 Date: Tue, 11 Apr 2023 13:16:18 +0100 From: Matthew Wilcox To: "xiaosong.ma" Cc: Andrew Morton , Alexander Viro , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Zhaoyang Huang , yuming.han@unisoc.com, ke.wang@unisoc.com Subject: Re: [PATCH V2] fs: perform the check when page without mapping but page->mapping contains junk or random bitscribble Message-ID: References: <1681091102-31907-1-git-send-email-Xiaosong.Ma@unisoc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1681091102-31907-1-git-send-email-Xiaosong.Ma@unisoc.com> X-Stat-Signature: 96ucpt4p7pafw8tsmwrok9h9ocqgp8bh X-Rspam-User: X-Rspamd-Queue-Id: 4659020007 X-Rspamd-Server: rspam06 X-HE-Tag: 1681215389-325104 X-HE-Meta: U2FsdGVkX19vET/tt66CoogWbovUSndd5yYJ0PMqY9tSJNoTaOXa/0iPMdcXb/mcapHygc6BJkMSFdKVLqvaQWmWL2hDzzSwUGej39FkWvxFoPmuJnn03WcLlD3s3j98ssKdXCALm73bRSfTwsDWWEcjkUPbqUw2DlMGj3Ek9KUOoMfe/kcY1QGpsyb8h7JsCEcQmHyqvmeHF6fNQ7ZeGjTKKxcmqL/ebcLsWzGVqRsvP9Zasg/K+1jRFc+lMle8BBb8toYcv0RI+1kheMFF/Q3nAJEqGBAnzAvbWDLFP4URMPWq6k+vONrgLodZ8ku5JK6mzbHSQf9wV/C/ndWszLn+STJR/ELqYbVrKiviSszeo2N0m5y/eLNd1kgRyvBHNFcT1CFMAV4T8MvWVCnJUgCl4tII/EpAuvPh5jDTr4jjuOlAK51tnoMyv1wHSD1AZsyivtYOIl2TfO7BYMa4yu8OI5y21c3SOtfeB2GvoZ9SDgWQj1ErJ2CG66dull0AM8o3m0la9LpwhekGfpOXxaOlPNGtBf46vp5hbLGJJJzL8IcFEH7Gu0h1hyleurlcXHeZ0QigBRGDX1uFo2b29saCtlcFgL13aiEkzup8TyCMGk5CppEf9sNz8XceuLLQ8xnCOvwMjDdpet91RLi63FhHeNrtJMH9GwbjnrovaZVdyjpV/Oc+/J0apil4XC1n+bn4EkdeOMsIq6HOaUpCgQ2cPY3FNBSLlG8s4/vwEmfGTOvKTnfVnEnEVCbbC7zb7/kU0+MubLTDpFzXbID7UOOdUURRioIOGjqpTi8YDGkGbnTxiNWrBL4Vu520GWeQHCAPs37KPw25cwRO06rFRGgJ/vFMyeZg/fuHCOKQ8STbHw+mDBynxAp23pbkSsnZNKsFQ28ynYuyX5GrjIdMTXTeE+s0xzTdwpEBCmdJn+zUSRTjRMwm1yaB8t5yfdco343GEbs6ZkptHrlQflq 39tB5JD8 lo1z/fCgvYpkeaxuMq2+AC9Z8jMLPDdf1Wu0tM924Je6O+lOtRrrnTWEPj5/MSdgs3FQrCiu5qcbXruqKu1+7A3gc9x5+Vo3qIw9IUszm26zeqp2x28H0Ryy25m9qjmBWUhBWZPONb1waL6V1A+cmcPtcZg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Apr 10, 2023 at 09:45:02AM +0800, xiaosong.ma wrote: > perform the check in dump_mapping() to print warning info and avoid crash with invalid non-NULL page->mapping. > For example, a panic with following backtraces show dump_page will show wrong info and panic when the bad page > is non-NULL mapping and page->mapping is 0x80000000000. > > crash_arm64> bt > PID: 232 TASK: ffffff80e8c2c340 CPU: 0 COMMAND: "Binder:232_2" > #0 [ffffffc013e5b080] sysdump_panic_event$b2bce43a479f4f7762201bfee02d7889 at ffffffc0108d7c2c > #1 [ffffffc013e5b0c0] atomic_notifier_call_chain at ffffffc010300228 > #2 [ffffffc013e5b2c0] panic at ffffffc0102c926c > #3 [ffffffc013e5b370] die at ffffffc010267670 > #4 [ffffffc013e5b3a0] die_kernel_fault at ffffffc0102808a4 > #5 [ffffffc013e5b3d0] __do_kernel_fault at ffffffc010280820 > #6 [ffffffc013e5b410] do_bad_area at ffffffc01028059c > #7 [ffffffc013e5b440] do_translation_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc0111149c8 > #8 [ffffffc013e5b470] do_mem_abort at ffffffc0100a4488 > #9 [ffffffc013e5b5e0] el1_ia at ffffffc0100a6c00 > #10 [ffffffc013e5b5f0] __dump_page at ffffffc0104beecc This doesn't show a crash in dump_mapping(), it shows a crash in __dump_page(). > diff --git a/fs/inode.c b/fs/inode.c > index f453eb5..c9021e5 100644 > --- a/fs/inode.c > +++ b/fs/inode.c > @@ -564,7 +564,8 @@ void dump_mapping(const struct address_space *mapping) > * If mapping is an invalid pointer, we don't want to crash > * accessing it, so probe everything depending on it carefully. > */ > - if (get_kernel_nofault(host, &mapping->host) || > + if (get_kernel_nofault(mapping, &mapping) || > + get_kernel_nofault(host, &mapping->host) || This patch makes no sense. Essentially, you're saying mapping = &mapping which is obviously wrong.