From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96B10C77B7C for ; Wed, 25 Jun 2025 15:24:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A0FD6B00D5; Wed, 25 Jun 2025 11:24:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 351C36B00D6; Wed, 25 Jun 2025 11:24:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 28F2E6B00D7; Wed, 25 Jun 2025 11:24:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 17FD06B00D5 for ; Wed, 25 Jun 2025 11:24:26 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id AE676160547 for ; Wed, 25 Jun 2025 15:24:25 +0000 (UTC) X-FDA: 83594294490.06.229A017 Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) by imf22.hostedemail.com (Postfix) with ESMTP id 8D4CCC0017 for ; Wed, 25 Jun 2025 15:24:23 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; spf=pass (imf22.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.171 as permitted sender) smtp.mailfrom=cb@df7cb.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750865064; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n+aPWayqMfQpJ8NXif238YrvcvsZn5uwpuj427Rn7SY=; b=prK+UdfJpV5THWlCzkV9uvygQCk4Xw4hT8AyGeO8i8A5u4WpTUIjBsfz8UoOTCiTaxn2mT U4sOk61zt+RpkcLaxMxlJoDXEJ9+v2i9Z7+aNB2fazBltUp2dYkBFVs6vf06K4q1C24ewl bGMaVFt89wra5gyAXkvPok76Ngd2dTc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750865064; a=rsa-sha256; cv=none; b=tXjQD+H1bedhDwyc1yLb6rnCQ07j0BrdIc29M9PtRLh2aIe74aYoYcMjVm3NF1ACna4rZ7 UdUDk6xfUDofeGmXIyl14sfvXF5qjraBDea35CMe+2Kd2syBWXYYs/9YBOjg+Vt4WyNJO0 5Q1YV2Prir3eOCUxXofAvOy43tcRrc8= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=none; spf=pass (imf22.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.171 as permitted sender) smtp.mailfrom=cb@df7cb.de; dmarc=none Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4bS5Fv3GSHz9v0M; Wed, 25 Jun 2025 17:24:19 +0200 (CEST) Date: Wed, 25 Jun 2025 17:24:14 +0200 From: Christoph Berg To: Andrew Morton , David Hildenbrand , Zi Yan , Matthew Brost , Joshua Hahn , Rakie Kim , Byungchul Park , Gregory Price , Ying Huang , Alistair Popple , "open list:MEMORY MANAGEMENT - MEMORY POLICY AND MIGRATION" , open list Subject: [PATCH] Fix do_pages_stat to use compat_uptr_t Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 8D4CCC0017 X-Stat-Signature: q4prcq544gub1yn5kzbt6ge1yab8iq74 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1750865063-348046 X-HE-Meta: U2FsdGVkX19H5Cf3o/M5HSfCj0hKbVATlT8wcgVy0arnF0iORY8TzRUGilOk3AyupDor44ayp49fUyX4MeyIFeaalRU5Tf6BSr9cwUWsTlvf/9Tu0UG0FLAnEod93RFiKGJhx96IXbwRzmV7I5iuNulkxmYYusbLSxI0oQaIky8s57TgtQQMctoqT7BU9BShTuqOxXCqF9uZ0n5oiAFGSgSGwVsJZhfkZ2xPKFsJQttoWMRkelntB1mikJgMFH9+S4HTHlOCT08FzUDY1mdmg1EWrChW/QNcwJh6l2bStWin6f7QbD6Xg0aGYEz0c1sltocJkSPN6LHl356bxAFFTAhghx2K4czRVxj6GiGWUmslgtIe692Z+dhVWUKXfnYOsQFi/XDdCiHDs3I+cdlO7M42Sty0dO4tx7fVXL1/kWS482kzJqR/E07nWHbg3mPickoe5KCydHyB37PcXheEuPHZTrA9+bmkHeS9qMxLXNo3mO7o0XA63F696Y3X1Sam8UVv1Sr8/5K2rvwb83/LIT1UX0Xc2Jvb0bZd863WpZ+QfLnErlvwW5TwrPJhS/2RjBGeqIIQUDTKgCU/FuBpdhV5P3RvIKVz0lxb2919ZIfHIwtjRZ1zf1fk1+nsY7FgBPMlFg1AKqxFRd7pNLeJrhicJhB+uIQ/LFm///JSKd7nM8Fm2z2iKb9IXwXvErHUE6D8TLE8d+Cw1xz0Os+04HQD7ctZlLcQFo2Kdxc3axnBHB5PvtGpAA8KkWTtF5O95tN9+s6zCgauSFlatamBfMxyFjUULbH/Y9d0ecb6DW6avOgViIzO4sBb1Xxf770gF0CQUrp4E1Sa4guoOAktAIxq+GmrSQq24COrge4mwtTkTr2u7GigyCun6RKTyg/nyhXCYAmV5KbSLTYKLdn5ZUCAkRMEa4KmWUAP9cF1m+aE+4d9gwG+2RBDvpp7JjPKFbaPwrR8zoT7i4vnevA S+C5ZDJj jGEJRjfZNF4p+BnH6psyRKY5m/9XbyBmR9tk99vx6JUhMwVL3dchhNI+8spbtAiAnVQjRmoE8McNjdUExx6ZVT8oTEW6WPdAixsXlSimK4gkVKqShe1NGPhaYXTCEZLBHmWSzooWWHVqLr5gYiktx6jK4zkP4PQgCDOvBMGm9Rjr9FFdhjaaSQrwDRejBwJb6gbcBZLKtUfafd4eMlJuPpJSz1fU8O2eXfx2MHePYoFRjV4Spzf2gSrMjkkqb+Vqz2F6GxV6iVXG7oDZGFo29nBOic/b4ME5G4nHs/gUSUtl1zyImMSgAO2t3nRvXB8QNx+SzOYmUlYXvQ6z99YT5k99gJpnmmOEh7qndlgRCHiRKReP/4Y4R06zHMDYJ6lobTMOkdFnB0C4ATeY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: For arrays with more than 16 entries, the old code would incorrectly advance the pages pointer by 16 words instead of 16 compat_uptr_t. Signed-off-by: Christoph Berg Suggested-by: Bertrand Drouvot --- mm/migrate.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index 8cf0f9c9599..542c81ec3ed 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2444,7 +2444,13 @@ static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages, if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status))) break; - pages += chunk_nr; + if (in_compat_syscall()) { + compat_uptr_t __user *pages32 = (compat_uptr_t __user *)pages; + + pages32 += chunk_nr; + pages = (const void __user * __user *) pages32; + } else + pages += chunk_nr; status += chunk_nr; nr_pages -= chunk_nr; } -- 2.47.2