From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B763C83038 for ; Tue, 1 Jul 2025 20:26:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3AB7D6B00B7; Tue, 1 Jul 2025 16:26:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 35BC56B00B8; Tue, 1 Jul 2025 16:26:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 272296B00B9; Tue, 1 Jul 2025 16:26:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1355D6B00B7 for ; Tue, 1 Jul 2025 16:26:06 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3D738140627 for ; Tue, 1 Jul 2025 20:26:05 +0000 (UTC) X-FDA: 83616827490.21.195892E Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) by imf24.hostedemail.com (Postfix) with ESMTP id 53EDB180008 for ; Tue, 1 Jul 2025 20:26:03 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; spf=pass (imf24.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.171 as permitted sender) smtp.mailfrom=cb@df7cb.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751401563; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=zKPRJ7OdQE8RJNyAjG9f2qKkD58Y+h5cXEH9zoKy2TE=; b=7qYTx3HFVMcEsV2ImzSoVJJKthZxJ3I9VoBq5QphAeScmSRCj1hrwevDcVikOe0FRQ859z NJwh7+v9fA8fJxGY/Q3RhiR9MMW8n0llSYpCvpeYLGUxsOGBo3HCy8WEnTKVVXPR8bFdYr LUsOebrM80XtcBnoeQ/qFIGcZei6n+Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751401563; a=rsa-sha256; cv=none; b=Wv4NjFpevm3pQaNaSdfsqh5ksmxU4iNugqg+fwfaHsxaKdWuzKGqMhCwzfq6orRaz1uYYp 2oxzABvuNZRPxusMbnWUYmE8+UpEImaxjEHt/XvH2gzyNHjbl4Mg+nesZzHqraPdBTKaWe 8ydjoAwsb0exabM9sBVx9jUZgJxd2v0= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf24.hostedemail.com: domain of cb@df7cb.de designates 80.241.56.171 as permitted sender) smtp.mailfrom=cb@df7cb.de Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4bWvgB3cZwz9tLX; Tue, 1 Jul 2025 22:25:58 +0200 (CEST) Date: Tue, 1 Jul 2025 22:25:55 +0200 From: Christoph Berg To: David Hildenbrand Cc: Zi Yan , Andrew Morton , Matthew Brost , Joshua Hahn , Rakie Kim , Byungchul Park , Gregory Price , Ying Huang , Alistair Popple , "open list:MEMORY MANAGEMENT - MEMORY POLICY AND MIGRATION" , open list Subject: [PATCH v4] mm/migrate: Fix do_pages_stat in 32-bit mode Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 53EDB180008 X-Stat-Signature: 7cbjprtnarhjkdx8jt9i1fg5qm895fpk X-Rspam-User: X-HE-Tag: 1751401563-23798 X-HE-Meta: U2FsdGVkX1/XIT/35BJ6VsFRbRY1CNRmxbASqW8Ea3I6RCfa8B0VMZVBXZLuvhl/ZqzZ49em4sBN+FhOFtBNvkRQFj3TSsAxLhlyy2NiThjPgPdNNrjGlrmqY16atyWXEXc5XTsjcSsraymZ8kYTdudJ7rzHkums5bA7/ZaX5KLQbLz//gTXmSBlNKwrxbXUr9jkJVFlfTeZz4ZhvuqEjLAbd0y5hMNEjxSe2BEy1gHRTd/2Q0ydy8zkj892KMyab8T2J+oXxjaD4fbE0itvKXrC2LWpoMdxKCi7TtSqy+4IGLlkG16syp2hYbPnDlKxPj/plkiYf9QB3MBI7AnQ0pTnLQmVmGXHnZu2EunBWjLvIKbTYIgAyKUVN422ce4TF1oPFaX2wlIdFwFcIUgfcrfq09RN8MSag7YcRQrCRqp7WWhzgYGa+asVkmRe1gCjS8aUjku06PIMazSGnL6/IOFXPTAQlCkeOMxwdY36v8EyoYTiJoas2Qt2q/rdObwAaYvy6qyeahpQcAIw6JGeB2gg6iS6JwmLEmWaT2iJI/5tIFj/l/vLg+SILYRy+V/zy7Pad6iVA8JqOsXpWeBiZzcfvRVCNBh+OG/xodWGdugsTvAQLdHuQdy2NkAlw1dhSVG8i8eLau/SOGv0Zi1wDMDvOPkxz+yIQ5hIg0xWaUVGrMf3MBJ4zVy+JlQzkcm3txOpf6MyfWVwMJOMkx6Vie7/StGvIIJNSINUeZZqmIn5ZsWxUotYnwpdPYQugG47hlZBlMANfTIh4lJodcmey8CPpfTIiPqpIaTrtOY3/ZF0+lmX71uiDNaRjyg4TeUJotwsYjsnPKbKjY/hYDCsu3+hed8K1jOc6w64QXuckqqEHxcZG0M/moHaOhuDUvVSuoRpJMXYaD4IfuKH0efxmrgL03OU6HW19GM+28eE2hjhediwGhTH/s9U1orhiCqvtfKC7X6HgxR8c++SCNX PyV8t/LH QKOMEfIgrYj5NZxujyV1oH6sBl5As1oJBOXql3W2BA5ddBxVgHscQJnUTh7KdSvuaazxJNvlrMbh+qvBntNBIreC3aEdUDNr9qfZQfyrtk3UM6bZp8y+R9eEeREgA/AkiQoTSPnggcoNN+3TJ7x1ss76rKVBMuWV8h+kA+xSCODlUlIwpjNcVuoBushi8z6c9W/ELGZ2mqOcVYxSk1ESS60iv1tYmKle0PH+NfeFS8LgUrFlZ8yod6Iqx2TQtpoaGDCfJtp3A4S9QOScwfQJG+zQS/4IlrT7kCJG+1MZH0+mE3HWNMrHcQP7EA/kXhzZNyEEF/zbPK3JLpQPCF3AT2sIUvlV83vjjeGukySwqintByjcopsYF/mwiDldNQfH6LFyXqZFrlKx+yXVfkP1uSYSBJR8GRlslEN7O X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: >From c5d55a4c6d8674ee30c14bf4291a507f11885de1 Mon Sep 17 00:00:00 2001 From: Christoph Berg Date: Tue, 24 Jun 2025 16:44:27 +0200 Subject: [PATCH v4] mm/migrate: Fix do_pages_stat in compat mode For arrays with more than 16 entries, the old code would incorrectly advance the pages pointer by 16 words instead of 16 compat_uptr_t. Fix by doing the pointer arithmetic inside get_compat_pages_array where pages32 is already a correctly-typed pointer. Discovered while working on PostgreSQL 18's new NUMA introspection code. Signed-off-by: Christoph Berg Acked-by: David Hildenbrand Suggested-by: David Hildenbrand Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages") Reported-by: Bertrand Drouvot Reported-by: Tomas Vondra Closes: https://www.postgresql.org/message-id/flat/6342f601-77de-4ee0-8c2a-3deb50ceac5b%40vondra.me#86402e3d80c031788f5f55b42c459471 --- mm/migrate.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index 8cf0f9c9599d..2c88f3b33833 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2399,6 +2399,7 @@ static void do_pages_stat_array(struct mm_struct *mm, unsigned long nr_pages, static int get_compat_pages_array(const void __user *chunk_pages[], const void __user * __user *pages, + unsigned long chunk_offset, unsigned long chunk_nr) { compat_uptr_t __user *pages32 = (compat_uptr_t __user *)pages; @@ -2406,7 +2407,7 @@ static int get_compat_pages_array(const void __user *chunk_pages[], int i; for (i = 0; i < chunk_nr; i++) { - if (get_user(p, pages32 + i)) + if (get_user(p, pages32 + chunk_offset + i)) return -EFAULT; chunk_pages[i] = compat_ptr(p); } @@ -2425,27 +2426,28 @@ static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages, #define DO_PAGES_STAT_CHUNK_NR 16UL const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR]; int chunk_status[DO_PAGES_STAT_CHUNK_NR]; + unsigned long chunk_offset = 0; while (nr_pages) { unsigned long chunk_nr = min(nr_pages, DO_PAGES_STAT_CHUNK_NR); if (in_compat_syscall()) { if (get_compat_pages_array(chunk_pages, pages, - chunk_nr)) + chunk_offset, chunk_nr)) break; } else { - if (copy_from_user(chunk_pages, pages, + if (copy_from_user(chunk_pages, pages + chunk_offset, chunk_nr * sizeof(*chunk_pages))) break; } do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status); - if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status))) + if (copy_to_user(status + chunk_offset, chunk_status, + chunk_nr * sizeof(*status))) break; - pages += chunk_nr; - status += chunk_nr; + chunk_offset += chunk_nr; nr_pages -= chunk_nr; } return nr_pages ? -EFAULT : 0; -- 2.47.2