From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF179EB64D7 for ; Tue, 20 Jun 2023 21:20:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5FA8C8D0002; Tue, 20 Jun 2023 17:20:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5AA4E8D0001; Tue, 20 Jun 2023 17:20:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 499C18D0002; Tue, 20 Jun 2023 17:20:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 37E7F8D0001 for ; Tue, 20 Jun 2023 17:20:18 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 0C634B01F0 for ; Tue, 20 Jun 2023 21:20:18 +0000 (UTC) X-FDA: 80924394516.23.56BE09D Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by imf16.hostedemail.com (Postfix) with ESMTP id 1CEEC180013 for ; Tue, 20 Jun 2023 21:20:15 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=ar+MECB6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687296016; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7nnGa0Mw9x6Xz49aSHKxHsVNXQfefWOXXLubTzp5Jjk=; b=kLfR8QDv+J3Tv+U/z+MXhW6fMkmufEiRyjEFt919Z1gGhwXH5g9gy49GuC3b3RsXXN4j93 2ROCcgOltncSSazJe0s9mJxsiNUP1gwERhyzNw70+agnZUBTyHIv2TP8/xoXVx/tIvry08 3ve6FX8+xeQm4xmxo48Qr0aUH1cQrJ8= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=ar+MECB6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687296016; a=rsa-sha256; cv=none; b=EvjNOBKG/rZoPrqoNJqHw6ne6icfex2Q9olrtSwSvOk0X4fxDKg+lE8gQKYX4UazMjV995 xmBiBIwz5WvAoJxxtST6DVO+IzRGVTtEw9/niJcfc8y2+3O7TsKo+lBkAqaP+BId/EX6hE t0HcyytguaP9Rjmvx6/It7JeRWszstc= Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-3113da5260dso2619940f8f.2 for ; Tue, 20 Jun 2023 14:20:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687296014; x=1689888014; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=7nnGa0Mw9x6Xz49aSHKxHsVNXQfefWOXXLubTzp5Jjk=; b=ar+MECB6+fTqWyr3Rddon6IDKfylEKg/41xiymUHxxsPgf4G8j2wPSUdVq2XPo1cH3 GWXXhLpvZ7MsjP6jd6ZMkrS8hBwzwitmpluWkg8E9umFB8empPEeuaQNzAHkoW9F517f TLrIWESDYM7eRa7QaqDHFwI7829+DdvkTsr2xfKRm+kpMAIUiYIVnW9PFbXw1mGwq6lY c37iqyLyLfFbcp3+yV+b/ZXCgvqXhi4LkRMHx3jL3C3TkNop4cMZlLivT2X6AVjD4PwF pdRckgb3ATwHMxiOUkN8Ye1sn3aW2NsSf18UudSr1GtaPts6GEDWYa2xdMPy3ROGozfD FSgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687296014; x=1689888014; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=7nnGa0Mw9x6Xz49aSHKxHsVNXQfefWOXXLubTzp5Jjk=; b=VNKobuR4pJi99THnuR3KJokBXQxePVZyZSkXCkqDI38l1BfloJ4w3LsxBCKWf9HKN7 r9gfigpzSgj3gtWBeY4X6DEcwzyEoIZAxz/1H5Fuwp8pyah6AL8s20AeH4KEPLEVsRXU ojaDtumQuzyA1/ehx8MWzGBqPCuCbSZ33NazJ+iSOKiuv7UtR1GJcsfcSeW4CsuxxaCn 9Ozbke9EFveI7YB258N8yduPPahpLUK0Pa7uQCXvM/uRVJuuzNAbjE99BeDmw+hTEnDJ /Zjq/vF9Daz6JT6mqxAW3fKyFN0TklNptArp4VF2DO+XIhpeClfYYqtYVB/xhYMzlEdB 6XEg== X-Gm-Message-State: AC+VfDxsuCcRhfMYWb1u5m+6LE1fbwLoKqrMsJkMo6O1ZfIjy38KMFVY 1YulrXiEYndt+GesMnLgDrs= X-Google-Smtp-Source: ACHHUZ7Pf3BUbXMUvyF+GSITrswRAGQRsaCUCvfp386WfwjW+a26PJ4PU9EN37OVPjt8zSVEDJ+1CA== X-Received: by 2002:a5d:6647:0:b0:30e:537b:2b7f with SMTP id f7-20020a5d6647000000b0030e537b2b7fmr8336852wrw.71.1687296014313; Tue, 20 Jun 2023 14:20:14 -0700 (PDT) Received: from localhost ([2a00:23c5:dc8c:8701:1663:9a35:5a7b:1d76]) by smtp.gmail.com with ESMTPSA id q10-20020a5d61ca000000b002fb60c7995esm2825365wrv.8.2023.06.20.14.20.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 14:20:13 -0700 (PDT) Date: Tue, 20 Jun 2023 22:20:12 +0100 From: Lorenzo Stoakes To: Jason Gunthorpe Cc: Andrew Morton , John Hubbard , linux-mm@kvack.org, syzbot+353c7be4964c6253f24a@syzkaller.appspotmail.com Subject: Re: [PATCH] mm/gup: Do not return 0 from pin_user_pages_fast() for bad args Message-ID: References: <0-v1-3d5ed1f20d50+104-gup_overflow_jgg@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0-v1-3d5ed1f20d50+104-gup_overflow_jgg@nvidia.com> X-Rspamd-Queue-Id: 1CEEC180013 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 6qthoqc93sdy4n7imk35cmxntbmtye7e X-HE-Tag: 1687296015-39003 X-HE-Meta: U2FsdGVkX19h15NzptgQ3rH6qO376YzcVSUjxwI7jyBV5fehuV6jwWaF9oA64nJhse9jvCvKqgGQdYuR/o7LO6TcteNx4ry5MzA4K0HFhIJcurYocIde99r/aPj6j6UlB7j+vVU/OelGbIbpX0fEGJfNqHjrSwvMsKAmCjdE0Xyppy7UVFOQ+Ws6uYbVNVm0dOXPjEZiQtNUvL/ldGBDSgQ4PsxWGkB5/dVyoO4rhbhuLNswkBV6MG+CzWp41EL/hkgxSZIO1ijEUCuy5VVuJc8hrRD1/hJR2tXVwhxYa5DAVyYp6WCpWCnQIHuiysZH64EDWCEDsZvipT25YDcWhmWXHfUCnA45hTU9lgP62GH+uSPcWlxfe18QGtkn5glyMo7r1udemo+2pimwhhTACoo82sQBeDhLFMX+hf5PUpU//U/0PDJqAAD8xjC6wJHvwS1iyAgp/ouAbm5DXN62Ti7rGBtNvRmuSQmLoRD37KOaLuDNHuqpXyGsYYb51pfaDM5a2IJ1FR+ul2OxtOM85BdaE9HYXP3CRj3AXl2h5k7Cxi9oq4p5lwJfSNpSQ3/9y7dBIaqAo3X+LHSSlUnLhBshXRSdJN7X1MS+xDwduQkFzcDEgRXTrljk97FKK3tImkJXpc78gV2UF/kt1/FvThKlHm92gpLz6r4hRAsl/q8fIgWi2H7OsKfAxIWEZHvhmtuZN0V7GArdL8ND8AnXQdnyWjxyyLerXwQhZxtlvesDX1nk61vXgksp4NZ1Z6z0rhucw0WdBg9AFycU3/aM99nmgOH6RMnYBUpcNGIEi6D4WN5SWJUQXGvqHT8v16zo8tZt2uiFfmVTJ5KELVwqyrHY//aH1mF6nBZOfYD/EJRmyO71VIq2ja837jt785qJMn9iWQm/vg/MwrDReBakAEua74WjSJ82kTGp6NC5SyeQfPAZz4fdcAZlvD/VqZKuBQg7p/Xs1xMDGFsmm2z 0e2W+stB DEg5BmGm9MJVoxLP/mvReA1am2/1K1t+54hIJVEDGTQH/HDJgLjGU7qDQEazSKuvAK5Njp6k3ipSRQeAEPPYh4IorXuRgEf6g2uYlKqCzdHE8W6OjvAe7c2rumlqAU90ssD07UzjGxVQtXNv6+Vtp9acA7j63HysZRVefCODA2U5g74HBFcpJGg8yZi3zY+0XyeH08ZDOiyToqHJPh9HYvuSYuhDdUkv0XENxt/q9hoBgqsVH0Au3fM2nSGZbRBdZXyULiMUJo5QpoB76UjYLonfwtuLaDzKQbPAjSa9PTvQiadnarvbZq4cNWFSsHLc/2IGKvUazNgbIKZqz3PZy63YNop5HBTaDjLY96SCL1YRr7cqVoakFPBhCh0mslP4bM1t9atLU+DuKCP6Z9e6YzeOeykpqOUDL44kK2kvR8VDKzczkFoorA0Nbav03XpBmw166/SMH+YWiikBSZe5fCyHhMqRVM90UgZlWztlgLIs0oAjxqYa4YSTlQBAxA2p3Q8rFZyaJeei3tt1XETdLyrqw9by50r7DmaO2Kj8/+3437h52NIWiIY3JMLpdS9/Rmhox6FT+h3CqwvQnBVg9bCaNpfq18xAOJxnksZsOPkJHnl18oGJWo2q24PIVvFIbPqYyG6ljuC6rbHaHKicTuKwa/FHfitpiIEJylQhH8jJKXqcE4P3uLIvR/nTPRN95CAzlTG54ZcHTcFkScltF59W+BxjwO44Q83B/DOVp0UB1XJgkwZfniNYTRVueGdFbjqwZc2E9MsZqQ8E3nnEygzWfV1b5RIAS/wV6 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jun 19, 2023 at 03:27:25PM -0300, Jason Gunthorpe wrote: > These routines are not intended to return zero, the callers cannot do > anything sane with a 0 return. They should return an error which means > future calls to GUP will not succeed, or they should return some non-zero > number of pinned pages which means GUP should be called again. > > If start + nr_pages overflows it should return -EOVERFLOW to signal the > arguments are invalid. It's crazy that it wasn't doing this before. > > Syzkaller keeps tripping on this when fuzzing GUP arguments. > > Reported-by: syzbot+353c7be4964c6253f24a@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/000000000000094fdd05faa4d3a4@google.com > Signed-off-by: Jason Gunthorpe > --- > mm/gup.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/gup.c b/mm/gup.c > index bbe4162365933e..36c587fec574fd 100644 > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -2969,7 +2969,7 @@ static int internal_get_user_pages_fast(unsigned long start, > start = untagged_addr(start) & PAGE_MASK; > len = nr_pages << PAGE_SHIFT; > if (check_add_overflow(start, len, &end)) > - return 0; > + return -EOVERFLOW; > if (end > TASK_SIZE_MAX) > return -EFAULT; > if (unlikely(!access_ok((void __user *)start, len))) > > base-commit: b3eacbbcd0dab69ed4c44cbd2d2d72b016762b17 > -- > 2.40.1 > > Reviewed-by: Lorenzo Stoakes