From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFBA6EB64D8 for ; Wed, 21 Jun 2023 11:24:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 780258D0002; Wed, 21 Jun 2023 07:24:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 709018D0001; Wed, 21 Jun 2023 07:24:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5829F8D0002; Wed, 21 Jun 2023 07:24:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 455D68D0001 for ; Wed, 21 Jun 2023 07:24:21 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 1AF27B0294 for ; Wed, 21 Jun 2023 11:24:21 +0000 (UTC) X-FDA: 80926521522.02.25343CC Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf17.hostedemail.com (Postfix) with ESMTP id B967540013 for ; Wed, 21 Jun 2023 11:24:18 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="O02EKwB/"; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf17.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687346658; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PhG9z8WhxY8ghgEkWTlVwX9fWROkNVNYh+iHtGDS+xM=; b=xmwhMGO6yQrp35dplyx5yNtbpAPPIOpIFwpTqP5CPPuiXKorsLd5vFlQpj/nn4T+dCRY2W Fn7bWvdBE/QyCL1hfXcyD07ECgu1L/3wiWezksVPGLC5DJQt3hzgbxS4110e1Sxc6GTgTv lfvXTExKqIallT28PuSDPKRI0clvIXg= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="O02EKwB/"; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf17.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687346658; a=rsa-sha256; cv=none; b=dKarFZRz2szLfh2f69S205jgEeOXP0SXn4btIIs7LPKCU+Jzkje/vxodm+dIoMxtoyHWin o6P45vv3mqQE0NprLJC64J8WKBoDUr4UPdU/w43NghFxpfgkg19umIPJvok9LBHbz5LE8R xYbRpLC60lW7okBCfKkdBUT0vJT9coE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687346658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PhG9z8WhxY8ghgEkWTlVwX9fWROkNVNYh+iHtGDS+xM=; b=O02EKwB/apOM8xf7ielwMa/qlfl4VIONEqzVGg17ajgekSM/7vxgTuhfpO84dy1Zo3x1Hr isvxIRs68cGGPoFb+V44UNEJhT1vX0zP+moiLxdO1mQ1iBB/64jj5hmhc2juuTqEUA9sia WVF99R2smcplAE8HA2hkTs606c9kPls= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-288-13Guqw5wM5yRNjfT645d_g-1; Wed, 21 Jun 2023 07:24:16 -0400 X-MC-Unique: 13Guqw5wM5yRNjfT645d_g-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-3f42bcef2acso23429445e9.2 for ; Wed, 21 Jun 2023 04:24:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687346655; x=1689938655; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PhG9z8WhxY8ghgEkWTlVwX9fWROkNVNYh+iHtGDS+xM=; b=C5PdM2BqAc4NzlwZJuG/lH5xId/68s3HLXaHLIRmkgMMIKB9gFfhlZ9/Z589gOlujc AqU6yCcQjjR5Fu+vamcm/ENcJ3yq3JkS25upZ7AQ/hb16foZlFM8pqXvGXpKTgb7kUA1 lb3Ul/eEKBts/fRLtdczMOLEHa7RmzT82Hf50x65dl/LAzwOViSywTXoRpeE3hRHKAXT RU1d0MxcICxGhpb9xFIwor4n7jQWRkm53Ct1YyFrBw2CwK1w8cjF7O0rI/oOVPgPXJ7R ituRfKt+tbwynHHz0zWMpMSmaOG4LuzGxk5ZeGhO5qjR1QVvh+SQFxFu3Fdtx+2kq6L5 l85Q== X-Gm-Message-State: AC+VfDy+vi55MSNRo5/pQzbs2JM65nwQsOY6a06L0CmpYDkOZZYWqkdk EHohLWsmbJT9MGghZ8oUK2rxJtEiNBzgBh1XooScNotETvfItHikgZ/CYsl6oDdXnoS4jLGHZQV c1SSw0VXfbw0= X-Received: by 2002:a1c:7514:0:b0:3f8:fe2a:25c2 with SMTP id o20-20020a1c7514000000b003f8fe2a25c2mr9457535wmc.38.1687346655747; Wed, 21 Jun 2023 04:24:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4sD50ElxCSrjikU182ZhswqxSQimN6pcxqdpdG30E46ETvvlGdJm6SV3zsmkxKimL7nYF6iQ== X-Received: by 2002:a1c:7514:0:b0:3f8:fe2a:25c2 with SMTP id o20-20020a1c7514000000b003f8fe2a25c2mr9457521wmc.38.1687346655402; Wed, 21 Jun 2023 04:24:15 -0700 (PDT) Received: from ?IPV6:2003:cb:c70b:9c00:7978:3030:9d9a:1aef? (p200300cbc70b9c00797830309d9a1aef.dip0.t-ipconnect.de. [2003:cb:c70b:9c00:7978:3030:9d9a:1aef]) by smtp.gmail.com with ESMTPSA id x23-20020a1c7c17000000b003f72468833esm4735432wmc.26.2023.06.21.04.24.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 21 Jun 2023 04:24:15 -0700 (PDT) Message-ID: Date: Wed, 21 Jun 2023 13:24:14 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH] mm/gup: Do not return 0 from pin_user_pages_fast() for bad args To: Jason Gunthorpe , Andrew Morton , John Hubbard , linux-mm@kvack.org, Lorenzo Stoakes Cc: syzbot+353c7be4964c6253f24a@syzkaller.appspotmail.com References: <0-v1-3d5ed1f20d50+104-gup_overflow_jgg@nvidia.com> From: David Hildenbrand Organization: Red Hat In-Reply-To: <0-v1-3d5ed1f20d50+104-gup_overflow_jgg@nvidia.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Stat-Signature: fsp77iosawfefepjmomhwwpr7krre7bg X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: B967540013 X-HE-Tag: 1687346658-582098 X-HE-Meta: U2FsdGVkX19UqJ8jk7wF86DqtqVvjr4xGQD0MtlJ42CH6BqvYO1YX6SY7Ee4JAnE/TJ8e5eT0sNuqC/H6+ODqBzW85hMG0BCGgoGTh0DZKdvH04S4Lcu9RUBFuWZz4eA5SMNCrbBtbdGFbUaxlmJHS4mwOC2A7OMGTpwK7U5Ajv6zp6qk6rcY3ftJHfjpxYyQlPgSY7ykc9A8yBmKaVBwLzr5aUmvaajm6QprVK3PotIbowmyNsdVeKwHJDyzo5NFQI9n/aHGCyPIRx4QuDvAoIuFEmqv9VO4KucVWa6hR/VKrGkAK4Ozt8GozXIlg+UKsldA3/cuY6CwsJWiDYmHUEDfCc/GwcKIu4kGepflUn06QE1AdyElUT0R07wG5B3XPcmO7R0Tmp4vSx8xhbcQyNfseLiOqeU0Db1OW25+rWEvpESxRFITVWHJRaBFZSwo0pOLnNP47WUSAfM7ywn+kZwKeHtb3hPvx03VCPk8GGMxCizucs80n7VGUa5UgOqawkuqi2GX385dq2FRhNoNYfrXLhLZO2KTPSpFXnRdM6cwlsEHF2Ro0JqoKMlJhoFev7utptTjCk72INSRf5Hwvc9KV3nl7YbB+2wyTO19VKJUe9dVkGamvHonp6R4nNzs6IczFG2kkeRvMM+Q8Ft4MBd4+GIpgoFfj/nQ6waWfAL4pPCmaSEpYnYnAqpOywxYYiR5iJLwvt47iN9/uD0bDSxZgbyRXDPe2jQwCdaENrDA1fy98Gd8jlGdSOgIdPrISTx30awfT93nrVNeNl2sYIQPnrG/zN0ZE7HSqdFCgtXqQMSQH74POiOTZVb5vHmLIeVWYfTTtxZEMq3/Ofs/5R9I/y8scT0/x4ipH2imFXQI2XriJIfWu2ECj4JKAUqIIMlVt8Mlyu97hXKnVhZ3NSV1GESu0KFqKNgU0AylrWqu1H9N4DSXTRTRHxqklaQiwDPGqRRPCCe94n74ae FBIludaI E/wNY5Ee3co539DM88sI8aJ+X5g18g0HsoP5zXQXo/V3A/iPcjKvGQzgfuNex69heNObYoK6YxYMneyrnAhxhZAwfbp5KvQ+HCL+nFsp/4M1ibntol7DkaqzvtzI0OJRTfS4R3ettoSqnqC8HV30H9zIgq7c2ebT276O2n3oViRG2/7QlUCIJ5bMavS4w3x1WJkd2N+fuo6fJLI77jcF2CTajDssdXszhU2hZBHr/aFippAp3JSp8G0I17awyn3kDjWM8pnQ99QmCIPm3JplMmhIdHsY4WfEi0emMKYfgxn+H+j80lkb9fWMs//vDEg3ZJUkwE/gz2++aghq+q4kdK2uw65QXJw79Jj65vE72oYFPk82pOh78sfHbcknVUWK+oESk2EctHl0lVYv5nylMeNF5C9muR3/m5KHOZxmcAnKiQUpUCd2npDV0meWXD80axy7vc2ZKh1Mv9cmwzPnTQA/TSL8/68+SjaoUBYSuOdXtOqlmfqXbvANdX+yHRw2XMKxmJozpcW3XlD1UQOshAH7XNO5PDZVg5JLJg4zzqI10Wph/XF2jJTIfDdzfEEwI4k2U8MwMDI58yRtdRt6KwvWWU1aGEAsqmHIq78+pVZxJ4CP/mNpKxAdIk1CCopUn5d2lp8W3D8pxUlTlwLRzujEBNz7h+lK88ksuO7annQqQ9mBWFGkR0dt6f0kt5VcfKdLesO3glsEncSSvUTFb8p6KJBCIx3pjXpfX3A/S7D/aLHZUKrGMI0KuIE0KWaGpS4j7R0Jvd7O6qmtb/H9RzARqeQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 19.06.23 20:27, Jason Gunthorpe wrote: > These routines are not intended to return zero, the callers cannot do > anything sane with a 0 return. They should return an error which means > future calls to GUP will not succeed, or they should return some non-zero > number of pinned pages which means GUP should be called again. > > If start + nr_pages overflows it should return -EOVERFLOW to signal the > arguments are invalid. > > Syzkaller keeps tripping on this when fuzzing GUP arguments. > > Reported-by: syzbot+353c7be4964c6253f24a@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/000000000000094fdd05faa4d3a4@google.com > Signed-off-by: Jason Gunthorpe > --- > mm/gup.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/gup.c b/mm/gup.c > index bbe4162365933e..36c587fec574fd 100644 > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -2969,7 +2969,7 @@ static int internal_get_user_pages_fast(unsigned long start, > start = untagged_addr(start) & PAGE_MASK; > len = nr_pages << PAGE_SHIFT; > if (check_add_overflow(start, len, &end)) > - return 0; > + return -EOVERFLOW; I'm curious if there is any sane use case where that could actually trigger. Smells like something that should be a WARN_ON_ONCE(), but maybe some callers simply pass through what user-space gave them. Anyhow. Reviewed-by: David Hildenbrand -- Cheers, David / dhildenb