From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1BD55C77B7F
	for <linux-mm@archiver.kernel.org>; Tue, 16 May 2023 11:52:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 43304280002; Tue, 16 May 2023 07:52:11 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3E3A9900002; Tue, 16 May 2023 07:52:11 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 2AB47280002; Tue, 16 May 2023 07:52:11 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 1EF37900002
	for <linux-mm@kvack.org>; Tue, 16 May 2023 07:52:11 -0400 (EDT)
Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id E4280ADA25
	for <linux-mm@kvack.org>; Tue, 16 May 2023 11:52:10 +0000 (UTC)
X-FDA: 80795954820.11.72B3EE4
Received: from zg8tndyumtaxlji0oc4xnzya.icoremail.net (zg8tndyumtaxlji0oc4xnzya.icoremail.net [46.101.248.176])
	by imf10.hostedemail.com (Postfix) with ESMTP id 4AED3C0005
	for <linux-mm@kvack.org>; Tue, 16 May 2023 11:52:08 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=pku.edu.cn header.s=dkim header.b="YCK/QyFJ";
	spf=pass (imf10.hostedemail.com: domain of lrh2000@pku.edu.cn designates 46.101.248.176 as permitted sender) smtp.mailfrom=lrh2000@pku.edu.cn;
	dmarc=pass (policy=none) header.from=pku.edu.cn
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1684237929;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=VS+nfB/HDB6UiMWHB0tfrnL0IzjksWjCC8c/qPgjfM4=;
	b=Mw2YBWRoiI/R0ePWO8NuVDh97RetUtTE9wjYBpeXXoWeBWv0gke8vsIYBRyOwhj4ouBq6N
	oxnPZSXstRLTAwwn9RB7QU0lHvJevtVvxFdeu+efwAXDuGcz6SMQ/JjwjMYsmKoGd2EFRM
	uzj7sAT7jpDRJan+lU0KBwIGcsUvm80=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684237929; a=rsa-sha256;
	cv=none;
	b=mvMCVHtZt0Muo8mj588k2EXS+EBZxyTFmUNZoUw68KTFuehWgEHS/7kMi+eAhOmHY0qJQp
	ZliyFuqUOosmQbDh06IwJvHgEs1DTUe2ioQhIymsuGpctjasXcBKOVGQ70Bx1QIFwqE94G
	h/cjXcneJV1tkVhv4POO1AHDfyZ2KbI=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=pass header.d=pku.edu.cn header.s=dkim header.b="YCK/QyFJ";
	spf=pass (imf10.hostedemail.com: domain of lrh2000@pku.edu.cn designates 46.101.248.176 as permitted sender) smtp.mailfrom=lrh2000@pku.edu.cn;
	dmarc=pass (policy=none) header.from=pku.edu.cn
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=pku.edu.cn; s=dkim; h=Received:Date:From:To:Cc:Subject:
	Message-ID:References:MIME-Version:Content-Type:
	Content-Disposition:Content-Transfer-Encoding:In-Reply-To; bh=VS
	+nfB/HDB6UiMWHB0tfrnL0IzjksWjCC8c/qPgjfM4=; b=YCK/QyFJMV6H+G9ugE
	SEE3gVFxOfyVQLaOzVc8LR0n2JMo/osesjt9jeW2N3jLc+8rPhlpCR/cVF4GuiE8
	YO+q830PIIxaOLROE83jHcUu0uQscdxxuZ4XClq4hbZEcMQIAgWkcrbkVTKddX+/
	8pXiiXPFFe7efNBgL9qgZuKGo=
Received: from localhost (unknown [10.7.98.243])
	by front01 (Coremail) with SMTP id 5oFpogBnYrxdbmNk7jBtAw--.4402S2;
	Tue, 16 May 2023 19:52:02 +0800 (CST)
Date: Tue, 16 May 2023 19:51:57 +0800
From: Ruihan Li <lrh2000@pku.edu.cn>
To: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: linux-mm@kvack.org, linux-usb@vger.kernel.org, 
	linux-kernel@vger.kernel.org, David Hildenbrand <david@redhat.com>, 
	Matthew Wilcox <willy@infradead.org>, Andrew Morton <akpm@linux-foundation.org>, 
	Christoph Hellwig <hch@infradead.org>, Alan Stern <stern@rowland.harvard.edu>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.com, 
	stable@vger.kernel.org, Ruihan Li <lrh2000@pku.edu.cn>
Subject: Re: [PATCH v2 4/4] mm: page_table_check: Ensure user pages are not
 slab pages
Message-ID: <mgnjfbklr6ew7p4utamdidrvdtchaazovfuduaabplwtpq3se2@uamamaee3rlk>
References: <20230515130958.32471-1-lrh2000@pku.edu.cn>
 <20230515130958.32471-5-lrh2000@pku.edu.cn>
 <CA+CK2bBD_fdmz1fFjB8MXBGMHf4jzRWeBRirH3HdWRLqY7cmtw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CA+CK2bBD_fdmz1fFjB8MXBGMHf4jzRWeBRirH3HdWRLqY7cmtw@mail.gmail.com>
X-CM-TRANSID:5oFpogBnYrxdbmNk7jBtAw--.4402S2
X-Coremail-Antispam: 1UD129KBjvJXoW7WF1xur45Gr17XFyfCFyDZFb_yoW8Wr45p3
	ykC3Z2kFs5KF92k3ZFqwsI9w1FyayDAay5Zrn5tF1vv3ZIyryxCr1UZwsa9rnI9rZFk34j
	vF4Yqry0vayDZ37anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDU0xBIdaVrnRJUUUBY1xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AE
	w4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2
	IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UM28EF7xvwVC2
	z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2vYz4IE04k24V
	AvwVAKI4IrM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xf
	McIj6xIIjxv20xvE14v26r1Y6r17McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7
	v_Jr0_Gr1lF7xvr2IY64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4IIrI8v6xkF7I0E
	8cxan2IY04v7MxkIecxEwVCm-wCF04k20xvY0x0EwIxGrwCF04k20xvE74AGY7Cv6cx26w
	4UJr1UMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCj
	r7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUtVW8ZwCIc40Y0x0EwIxGrwCI42IY6x
	IIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8JVWxJwCI42IY6xAI
	w20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x
	0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUbZmitUUUUU==
X-CM-SenderInfo: yssqiiarrvmko6sn3hxhgxhubq/1tbiAgEMBVPy7743xAAWsf
X-Rspamd-Queue-Id: 4AED3C0005
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Stat-Signature: tb7dok19adzbx78dheijj6h3rzoownmu
X-HE-Tag: 1684237928-254551
X-HE-Meta: U2FsdGVkX1+TqLDQiDl26y62qQjuNq+zBBnmcXrgkHYxZQY+PnURVneNYdRzSOPoSbz1OCDACQafOXHOFh0jJU8RDsAB0SW3zFBmzhbVt3wcGHRUL9Vf3h23ZJwJyyk6KBr7CUuB2LP2/pvqkTFWMLqc/slZK8xB/kEiW87Fm01XgFWQ+9JITTIQoafIMbWTVYUCldRsXdWwr4R2XNY7URuJLBS2cjzdBN18EHB4AYnW82anAlR1jT+hUwUaKR/V0rRBDQXuI+BY7kEVmejZMhTmxQ0F3xIjZxCdq5f+/morzVaK193tKd40/OyQCeSr5IiOS8+FEgi2wzF/XsWrRS9Od2QzZJ1yoXUX0oxmSSHqDTC7nhl1dZkrsgPJfiIJNiXxUfPUEf2w5ByfYgxxYyC59f6CHM8NWHr/7UCMIFDOWjZl9lR/JEBRuWkRYQ22oxOJ91P2whjD3Z2riaitxmq+A14E0KcimB2orB5PcTw8+ZGJ6NQm2MelsT3bz3ACJKvDDApxDBy7Al+1w7ckzdXv/vdaV3Tf8KEUj8B0BRyDESNlXafols2oBeMj1Pp2fBfiJ0WI33hbrOmklIoqZmaZOx/GuZz6HIrGarSqK+CuIVkNL8K0xnCXIbv1FHWFrMxreGgmeY8d1qYAlEgMm1MqMFHlJeR67Jc0vzlaWhhV5nbA+IQkvc53xea398nStbMjimD639PjUOewGJYh+Kp/oeDmhDniE+1xlzklR1EbaZl1mSgBqEiCgiJFTThBYHETk3lGb0HEUxlgWHkin8QPErBUvK3L3HNMNChEb5CU5caPojZWTFn5/zfyB3QmfMR5nd/5kz0TrIWLVF3NRBnqsrHWInrFhKsXkZTjtGc1ixe8hp04xjzEUdDHQmTkr0rozhFOllyWNEhhv/S2VQrykCVcpF46DPrclu4fizr2oWhAV9k2XlWPRcSg7Lar7LTF9LmlpaOzeSvLlSu
 OPuAQEZl
 HNCE9KtFtqYDQcdLfNmaeUyymhd3gKWgy2PUmn7Wv3grQ0i0IKNxTbubFyDzHooR2xsC0EAwu0XRQp6nxLIlF6E0gWOgid9xpZRYO9OMx1nCjd6UjS5rBqlMcXGoHClhUOlsQ3B+QmjWqoSO333Zf8TkGNko5t5G6KqWNX9VmcuTapqON9IjKfym5CFnPgmoHz87zVmmNL7Q655k8oOsqipjzCxJu3H+uIi+z8+VV6lWVGlARAccsMB1GkhqrZOeTTyjJIlZuKhyGjGePOQEeqJ14RQ4laPkbUR+bTlLj8UVBEvHqIC1q02ufn/IFi5efeInNI2OvpvXwH+7r5+MRTY5kUQK28N7zKCuRyRilZ5RQI3xopksKs59AFK9vSZ4jIIBgbc7lhQoeyGxr+P4PXRoQfKvlSOYlAeOeWdSPjcpXKAUdH1IrT7KQCcWh6i15hIVKPkbKqt7qRmVJEbUEqHW/LhPsLjI/IyqD
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, May 15, 2023 at 12:28:54PM -0400, Pasha Tatashin wrote:
> 
> On Mon, May 15, 2023 at 9:10 AM Ruihan Li <lrh2000@pku.edu.cn> wrote:
> >
> > The current uses of PageAnon in page table check functions can lead to
> > type confusion bugs between struct page and slab [1], if slab pages are
> > accidentally mapped into the user space. This is because slab reuses the
> > bits in struct page to store its internal states, which renders PageAnon
> > ineffective on slab pages.
> >
> > Since slab pages are not expected to be mapped into the user space, this
> > patch adds BUG_ON(PageSlab(page)) checks to make sure that slab pages
> > are not inadvertently mapped. Otherwise, there must be some bugs in the
> > kernel.
> >
> > Reported-by: syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.com
> > Closes: https://lore.kernel.org/lkml/000000000000258e5e05fae79fc1@google.com/ [1]
> > Fixes: df4e817b7108 ("mm: page table check")
> > Cc: <stable@vger.kernel.org> # 5.17
> > Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
> 
> Acked-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> 
> I would also update order in mm/memory.c
> static int validate_page_before_insert(struct page *page)
> {
> if (PageAnon(page) || PageSlab(page) || page_has_type(page))
> 
> It is not strictly a bug there, as it works by accident, but
> PageSlab() should go before PageAnon(), because without checking if
> this is PageSlab() we should not be testing for PageAnon().

Right. Perhaps it would be better to send another patch for this
separately.

> 
> Thanks you,
> Pasha

Thanks,
Ruihan Li