From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9B4BCFA77A for ; Fri, 4 Oct 2024 13:21:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3AD846B0402; Fri, 4 Oct 2024 09:21:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 35DC66B0405; Fri, 4 Oct 2024 09:21:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2264A6B0408; Fri, 4 Oct 2024 09:21:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 026DA6B0402 for ; Fri, 4 Oct 2024 09:21:30 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6F2F3C175E for ; Fri, 4 Oct 2024 13:21:30 +0000 (UTC) X-FDA: 82635981540.10.EE5B1AB Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf24.hostedemail.com (Postfix) with ESMTP id 4A0D2180014 for ; Fri, 4 Oct 2024 13:21:27 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LtuBCmo8; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf24.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728047991; a=rsa-sha256; cv=none; b=rx4KIg5eryhs1eQl1vBFsaaZffneO0QbnWFAMlGcm27sDfKUJoSvqcnHhglJ1xF61L6UHl V3bIakgR+QLKnmFTth5JCsoLHkWwjMz4RTlncZqL7XSBl2vobKGDaW4p3dpWMe4+3ABvlN WkDF9QX1lqhYfh9F/Ku6338T07CY3fU= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=LtuBCmo8; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf24.hostedemail.com: domain of peterx@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=peterx@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728047991; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2UIepWR+azDXM2XI21WjHLnX4WwxE2FD8gQl9unO1KA=; b=vnyRtYxjDkgVL0JGlOD8W/o0w1j1aY444wPpYz9+LMpaER+1DZGtpDrB1+4eoAnGbfbNK2 F1mr0ePyddLUv5wY2SxPp6LtW91pHpVduTSGxwlflh16c7mfcLsCet8yMjSHy4kw9xFK5c QVQb3jN9HxqW1rmjnUBZWOX7Prw/jK8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728048086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2UIepWR+azDXM2XI21WjHLnX4WwxE2FD8gQl9unO1KA=; b=LtuBCmo8qqg/0rw6bbg06OON9nTaFBqRLc15Sd3E+3k1UISQRVZ8tnQS/RiH0bwtukccfn A+53MExSHE89GT0kQSL6wk8caDhKswGeiRTt3eP5a3wExlGrL4IqH0eeP4k2uchQEu4X1P y+4xnkXT2kAXKZ4s27TbyL/o4FeUh30= Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-197-VK9yUM5jPUqekMCM727kVQ-1; Fri, 04 Oct 2024 09:21:25 -0400 X-MC-Unique: VK9yUM5jPUqekMCM727kVQ-1 Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-20b410f0acfso20868195ad.0 for ; Fri, 04 Oct 2024 06:21:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728048083; x=1728652883; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=2UIepWR+azDXM2XI21WjHLnX4WwxE2FD8gQl9unO1KA=; b=Gnqfn5KMzmLIveIDTq8thsb0L/bYKYVo5WjUOqBY+RvCwzvSkGci2NTq8KUW0/X5M2 E7SGpYcvmNyzTtJPuHgr15JYHpnB1xDXGMxoYD2NbKU6mYpziFDlaTHHqeb5H/ideH43 Ptbyz/gB6mb+ZRLrraAf3sx6k10oOZyDVkEKOb41J7eqgB8YT/qextJJq46mg8kWdC/I cf/FSuwxJrd1o+TnqW7hzH5uovZ3AsAbxUfHpOiXC2GY2l0VN+KG5CuP7GBwTSgjacAD IdjQ5U7Fwat3wdXoS6YjxM0zsHha6qIzgaeLAQTToT/D+jTeaQlaHj2srCtcoEfsfSDY 23gg== X-Forwarded-Encrypted: i=1; AJvYcCUx3WVe8L08YOQTdB94CtZgOQG7i/l4abjYT6UGQf1qPWQT4i0t3bm+OLFA2AxU7vKHbw2MBCEfAg==@kvack.org X-Gm-Message-State: AOJu0YykdDbhXfGzzzsXSlDV/hR45UKp9HZZkkHfIFAUzuhG7M7EOfeG 01XgqbEkaWejAy/6BG3ekDP9WBSXTYgRz2LQsBjTZ3bDJi7J66Zr2syxNJdRY7uOE5vL0fY4rUa 0TAY1FAPXUdJUgK00Qytt+x9m98OBWVPr7OAim2eYpsgkul+P X-Received: by 2002:a17:902:dac5:b0:20b:b132:4dec with SMTP id d9443c01a7336-20bfde57e80mr47654725ad.11.1728048083536; Fri, 04 Oct 2024 06:21:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6yX1SDrKOeIEH4urURKmqoAQn45vWsdXdcXjDTbJ96B/vFkxqFrL/fI+/e8RvQY6Mi6I27Q== X-Received: by 2002:a17:902:dac5:b0:20b:b132:4dec with SMTP id d9443c01a7336-20bfde57e80mr47654425ad.11.1728048083179; Fri, 04 Oct 2024 06:21:23 -0700 (PDT) Received: from x1n (pool-99-254-114-190.cpe.net.cable.rogers.com. [99.254.114.190]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20bef70695bsm23648605ad.273.2024.10.04.06.21.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Oct 2024 06:21:22 -0700 (PDT) Date: Fri, 4 Oct 2024 09:21:19 -0400 From: Peter Xu To: manas18244@iiitd.ac.in Cc: Andrew Morton , Shuah Khan , Anup Sharma , linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzbot+093d096417e7038a689b@syzkaller.appspotmail.com Subject: Re: [PATCH v2] Fixes: null pointer dereference in pfnmap_lockdep_assert Message-ID: References: <20241004-fix-null-deref-v2-1-23ad90999cd1@iiitd.ac.in> MIME-Version: 1.0 In-Reply-To: <20241004-fix-null-deref-v2-1-23ad90999cd1@iiitd.ac.in> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Queue-Id: 4A0D2180014 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: yyroauafh1xzsqturiinhtaydg5i8c8t X-HE-Tag: 1728048087-137106 X-HE-Meta: U2FsdGVkX19sG/FtvzTs54F2xZofJsNBMN8Kh7Wia6KbxQcajAf+VijD55oTnC1EKgKBr8w50efolaRW4EQM14yr8Kcbg204X8yNn0ea0vP/GKjM7+c5Get2PwgYwzkb/Jx4oV6+Hhi+zt0lql1CJTtH+ymp1p6m8S9NE23sxcM3JzimQuaw+DJrvOFztx9N+6VQk9GBQaJ3zX1slQ7AmgDhv2VtQ1QGqsXMaHkNq4LG7FaXtQ0WIVh9pfZXAeeI67Va3aOwGk8gTZUtlFiJgTJXEEl+arIlROS3PyC0hNaKSPvPeKDs1WX+ZtDHfSvFNaKPHTVcMcUnVb3VSr+S/L6NGI8cZ3kzKG/vOqYR7tK2EKhp0FZUYUJVGzsJX8jVJLkBJwN/OjleHf2a2lCTnwAyYXEEKbnrEeVPmqf+BfwxomHnFvommAIyftQn4GWahakEiKuMa/0YU1zqW8MgwlORFILgMy1fadUOkiLdltxjUHJaQXKBolfEzObcwGnd6L/wELKtvVgv1N2+8/VcrOHC4sSXr1bcxKceeUAqu+jFef2Tqob1gUD1tVkig3Fye/JURyHl7LT13wEAys3q0T4E7EpXllFjGYFdTPHXQa0jJjwVxrGaXEoh+aueS6j5peoNjyPQhy7/4GddZSlxsII77YxTyFQaVGNsIC+iZ6OBISQRkqaWgjTkvQL0Bu8ewtxniZ+Nx5oRiOYW9OILS97bbMtVtERTLoGauXPjDCCoCEkrmjJpaeKXA7KU9h9lypmksdGcOXSh6m8r8BxoD4miXWVay/rbRTpAHStVEcpk4s70uoBwnlms9kfdx2p9JKre7D6siUwrmMLnysUje3HcTxZKzakd5vagzZc8EPZniCydaTWL8/Cnogx3Uj46QWCB6LRpdeAEiRZa24fP18JueBDjvDFBNYqnectOj32xPkcKsq/Ksj3/ife/vzT805FWdKctZy+ecf5kUIk EUJ/awZt f2QkEwYHRewTBWlEFwiqhUUV5UFTC9TcyBc3o0EbvDR7AK/yF0wsXcPOQVyEJQ0cPyBxIYicYdivWcFCdcAfNG81hX2v/Fl1zClhqsxmz14j6A1vpt5XyIKSfeyFSlqfNyZqMFTjSVY5kb8EvJCl1EYuELZlFvFr1QLJ6Dhi7FEqc8mvDNgx0IVoG0mh8guF4tSzhxbAW36SF9FP605Rm5ShY4mgUAO4kjKj4y+bQZC4GUwCQ4jRSihBv5reL5RwjOg2IB+5EBS+LWWuQ/TuGfyUMIrVpn1Shz8sraX9/N4EptYTL26DN2oND9LDu/cd6BGfYjfAvHwUDZEDhpO5VgSL+VOIQU4LadKS56rVbKIQpYsLmDhltU0f18lHX1M4zg5XPzO2Uh1URgfJV4OwO7g7jbEluTUE3Rrvcti1GYO4f7VKDRNmNOVo0NkW988fiPeApLIUAbkolALH2c8Y3zCAW4KdsfPrckUlvLP5pRyX96j5qzhTbPWFQNBzYEzqgq5Ld6QsVXIqS/giCkG6Q8hxKxnNyN9XSBnZ4hIusUsaw5EJDSovphyV/TIAgRW8puUNzPor8DIrGONsZvFAccyiFt5Vhzd86NLqsYXgjgj0tZOZK6GVuwQ5dvWlEnQ6zU34XW0EL61z0EZhy1kJnAGqUgT9GPUEc5eHQFbBUg/Tg8r4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Oct 04, 2024 at 06:35:53PM +0530, Manas via B4 Relay wrote: > From: Manas > > syzbot has pointed to a possible null pointer dereference in > pfnmap_lockdep_assert. vm_file member of vm_area_struct is being > dereferenced without any checks. > > This fix returns if vm_file member in vm_area_struct is NULL. > > Reported-by: syzbot+093d096417e7038a689b@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b > --- > This bug[1] triggers a general protection fault in follow_pfnmap_start > function. An assertion pfnmap_lockdep_assert inside this function > dereferences vm_file member of vm_area_struct. And panic gets triggered > when vm_file is NULL. > > This patch returns from the assertion pfnmap_lockdep_assert if vm_file > is found to be NULL. > > [1] https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b > > Signed-off-by: Manas Reviewed-by: Peter Xu One nitpick: > --- > Changes in v2: > - v2: use ternary operator according to feedback > - Link to v1: https://lore.kernel.org/r/20241003-fix-null-deref-v1-1-0a45df9d016a@iiitd.ac.in > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index 2366578015ad..5ed109a8f02e 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -6346,7 +6346,7 @@ static inline void pfnmap_args_setup(struct follow_pfnmap_args *args, > static inline void pfnmap_lockdep_assert(struct vm_area_struct *vma) > { > #ifdef CONFIG_LOCKDEP > - struct address_space *mapping = vma->vm_file->f_mapping; > + struct address_space *mapping = vma->vm_file ? vma->vm_file->f_mapping : NULL; > > if (mapping) > lockdep_assert(lockdep_is_held(&vma->vm_file->f_mapping->i_mmap_rwsem) || This can use "mapping" directly, as I mentioned in previous email (but probably got overlooked..). Thanks! > > --- > base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc > change-id: 20241003-fix-null-deref-6bfa0337efc3 > > Best regards, > -- > Manas > > -- Peter Xu