From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4906DC48BD7
	for <linux-mm@archiver.kernel.org>; Wed, 15 Nov 2023 14:19:38 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C52576B035E; Wed, 15 Nov 2023 09:19:37 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C029C6B0363; Wed, 15 Nov 2023 09:19:37 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ACB4D6B0365; Wed, 15 Nov 2023 09:19:37 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 9CC946B035E
	for <linux-mm@kvack.org>; Wed, 15 Nov 2023 09:19:37 -0500 (EST)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 6B3A7160271
	for <linux-mm@kvack.org>; Wed, 15 Nov 2023 14:19:37 +0000 (UTC)
X-FDA: 81460396794.13.262CE93
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf07.hostedemail.com (Postfix) with ESMTP id 4893B40014
	for <linux-mm@kvack.org>; Wed, 15 Nov 2023 14:19:35 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=CkLWirzP;
	dmarc=none;
	spf=none (imf07.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1700057975;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=8wVh7DNUM7SnBmRuhtk1Q8XS+buoIAZhntJMpDAZN9s=;
	b=tqqObFGtQjmD6PG5w8gX3+omYvkqOfJK+YLKRLYPQJOp8ssm08oJT+99ouPHzzr67lium5
	XhjvhI845QvrYQLtdUeg4QtuoD+6cyJNE+3QdQ4UVOLk4NPBDxkZTjM9eWKK9V/R3r8inI
	47yi5hqebzADdYMjRrLrrvIFBaoX6NE=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=CkLWirzP;
	dmarc=none;
	spf=none (imf07.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700057975; a=rsa-sha256;
	cv=none;
	b=dOFwphut2px7jHkZUxgMTPQvNsmt0FKlLxl872MXFUMVIbDCLbrNEUc47OXZDK1z5/ob3f
	DmKIe1Vxup9YTalAKQZ/IVonOnaBEGrTLuNzvijzif27412TZUjro6Ws4oyVwvUJUL+JU8
	kz10bWIGNv3fJLgsfGMYAmqIw2fZPhY=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding:
	Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:
	Sender:Reply-To:Content-ID:Content-Description;
	bh=8wVh7DNUM7SnBmRuhtk1Q8XS+buoIAZhntJMpDAZN9s=; b=CkLWirzPtZyuIqJtO/yj4dR8ED
	VmPqsDv+N0TdxUVmsRFwrWQj428Pmah59NVEjJB74wg7JRFWMvDES4RAXI9s7RpUvvjsPrNIaaXVg
	N4T8JsQefBRczx7SkSy1sCw/4fIDjOfo6LYqXqTQDZtZppFsQ5g7OUqg31qMMKPCBM4LATNf2eueY
	0ZKJKBE/hNWqK1goS88kx5kDx3DD1zY6cawzbRihDONBejLL2aXY9GaNa8LZigajivqS5JyVvHK20
	qcUrWVVlFGUmCAfPwFZSQa/9cUWiN1fNuN1bmLu26zaIonEcKla7dquCqe2QTG+ymhPukrViod3+v
	YRk+8CXw==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux))
	id 1r3Gjm-00EekH-Dv; Wed, 15 Nov 2023 14:19:26 +0000
Date: Wed, 15 Nov 2023 14:19:26 +0000
From: Matthew Wilcox <willy@infradead.org>
To: =?iso-8859-1?Q?Jos=E9?= Pekkarinen <jose.pekkarinen@foxhound.fi>
Cc: akpm@linux-foundation.org, skhan@linuxfoundation.org,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	linux-kernel-mentees@lists.linux.dev,
	syzbot+89edd67979b52675ddec@syzkaller.appspotmail.com,
	Hugh Dickins <hughd@google.com>
Subject: Re: [PATCH] mm/pgtable: return null if no ptl in
 __pte_offset_map_lock
Message-ID: <ZVTTbuviH9/RWYyI@casper.infradead.org>
References: <20231115065506.19780-1-jose.pekkarinen@foxhound.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20231115065506.19780-1-jose.pekkarinen@foxhound.fi>
X-Rspamd-Queue-Id: 4893B40014
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Stat-Signature: hcbt59s4i49r6qa3eehos7sq5xaj1auu
X-HE-Tag: 1700057975-462167
X-HE-Meta: U2FsdGVkX1/M5nqO405WIQtI6oQqFkE28Zwq9XD9nNP9yZ57f6MBWqwBWshoKrJvks85GUwiVU5ophVzjUf+YKpmgCkMU3nQK8E/PkVbRLBxArM8tVQiLgLoi+F3u5ORzfx2VeF2Zqw4WxJUmA8lQlYD6nrP76szcEDpG8l4zR4mZNVvwBcDN7spzPwOb4iRyFQdiWOn+1QPkA08uDO2WOMwfbGeDUMXWqSyhcoIrIScNYnN789Dtcdq3N8xul+Z6OlASUH4L6GTQlM2+Ofq21svrla6NRB/XmGzqo+Rs3hheIY8Y64OvJMZloXy+qCve+odLdd5jsYl3yj0a7MNwOG0d1YtjmJw4O236T+pwb8mjiWEd9DNLcs3UT+8FFKDHb2mzNUqB6NBDea0IuylNk0ei/AniKR+whdEOBVhvJ3G36bBlYGBX82yMKba70sgELvsPtkhqFrKvBLnhVALidefuFfmliu6M8k8e5cUFOhGH2J+/vY+ABnIzNgCh6jVfJl1gkfRg96QDXaNPkaYKVPEHtvk6jSqLRPDoodztMZ0wKh+km9q4ngXPe/Yj0sLBF0+TxDCnkShGYGFBI0oGZw6iAbF/mHaiKKUiQzYzeqx0R0MndzTjsxYyuiigbpVJlS3CRCl9sSqcHn8J2ElPgn0Psv67B3jjhh802VGkYIxhmzHTV7XTxVHOipAyVJMywlsxJG3xaS6Hbp8/G+WERRhfu6jwZwTYuRBHXN418L8ejgKpiN/ZCwb/DAKxooyf8DAupI6kBH5hW+Ew1ETOgUNSrIKzy+SPbHc8TwQSMIPdzQlfx9Hd/FSZ0w5rUG9PnCOHuE7trkYizh3FbwqlsvUC5AcAl26dAPOwgRWLhJngurevWWUijgDN5jHdWM7F2M9I1eILwNXtK7l1Q5k9w/PxQzh9fTec/ALG3Lvs1JW7fTzm5yCq12q9xJ1BsBHGPeA4xAE6j3qUzVDCAN
 AWPPaaXW
 DH9p2t1gaQPn8MfKnPuu9JOLpcGeqTOsmUrEKRA3RH+ptHxhiQhOJahQZZLhLx0h0ini2utXTQ2rrIEwQpmtteUaujPVSRS1fAv/QND7Z/Iaw45gcBftCBUM4LjL1k6twZOJmocMxU9sNUtDm1ExBOIAtz8Zlgm2RmRnEx8kZrHDzpEo3p4KKdjpVjIQdzdjebhUJlCyjJHvTAGMFZe3i3BEfZvz4SiGJem+LHAmGT1rYJBl/anO507cYr6t8e4w7WnKxJVLH5Xt7XQcv04BAjYePYw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Nov 15, 2023 at 08:55:05AM +0200, José Pekkarinen wrote:
> Documentation of __pte_offset_map_lock suggest there is situations where

You should have cc'd Hugh who changed all this code recently.

> a pmd may not have a corresponding page table, in which case it should
> return NULL without changing ptlp. Syzbot found its ways to produce a
> NULL dereference in the function showing this case. This patch will
> provide the exit path suggested if this unlikely situation turns up. The
> output of the kasan null-ptr-report follows:

There's no need to include all this nonsense in the changelog.

>  spin_lock include/linux/spinlock.h:351 [inline]
>  __pte_offset_map_lock+0x154/0x360 mm/pgtable-generic.c:373
>  pte_offset_map_lock include/linux/mm.h:2939 [inline]
>  filemap_map_pages+0x698/0x11f0 mm/filemap.c:3582

This was the only interesting part.

> +++ b/include/linux/mm.h
> @@ -2854,7 +2854,7 @@ void ptlock_free(struct ptdesc *ptdesc);
>  
>  static inline spinlock_t *ptlock_ptr(struct ptdesc *ptdesc)
>  {
> -	return ptdesc->ptl;
> +	return (likely(ptdesc)) ? ptdesc->ptl : NULL;
>  }

I don't think we should be changing ptlock_ptr().

> +++ b/mm/pgtable-generic.c
> @@ -370,6 +370,8 @@ pte_t *__pte_offset_map_lock(struct mm_struct *mm, pmd_t *pmd,
>  	if (unlikely(!pte))
>  		return pte;
>  	ptl = pte_lockptr(mm, &pmdval);
> +	if (unlikely(!ptl))
> +		return NULL;
>  	spin_lock(ptl);

I don't understand how this could possibly solve the problem.  If there's
no PTE level, then __pte_offset_map() should return NULL and we'd already
return due to the check for !pte.