From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCD2BC4332F for ; Thu, 2 Nov 2023 12:58:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 48A0080021; Thu, 2 Nov 2023 08:58:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 43A7B8D000F; Thu, 2 Nov 2023 08:58:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 32A2280021; Thu, 2 Nov 2023 08:58:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 241C68D000F for ; Thu, 2 Nov 2023 08:58:46 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id DF4FD120188 for ; Thu, 2 Nov 2023 12:58:45 +0000 (UTC) X-FDA: 81413018610.21.A471BBE Received: from out203-205-221-236.mail.qq.com (out203-205-221-236.mail.qq.com [203.205.221.236]) by imf07.hostedemail.com (Postfix) with ESMTP id A6DE940018 for ; Thu, 2 Nov 2023 12:58:41 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=qq.com header.s=s201512 header.b=dstMu+Vn; spf=pass (imf07.hostedemail.com: domain of eadavis@qq.com designates 203.205.221.236 as permitted sender) smtp.mailfrom=eadavis@qq.com; dmarc=pass (policy=quarantine) header.from=qq.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698929922; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iimX/kLhw22pUAk5YM3oconl2JgWnoW+ih0JCvrR5kg=; b=QQ9Y3zYCoGayNqi5x7pYMenY0hjtJM6LuhYYcsUDwsnq0ejTBVMyc0ws602JFkyvmvwuK8 svb1QJMgFgwlq35mIzt1rzfQlGBRozrPMgx6LO3CrBTBUZVVdFl5fa9t+cmcjVnOKuOZNZ PqopIHh5Op9d+b/rqB2JYTtw+/EgMZc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698929922; a=rsa-sha256; cv=none; b=WqunyNkN6MQiZ55+VppdCMQ/sgelQh/ibOyVOG4MZeEEYvkl93DYVaJvtvh9mL7wyWM/83 AyZaOAUudoxeMiiW9rG4Rv/wVdZNxH8m9yrQJIzjfou1Jwx+7/QONzq4fPtqgQP7iYr05p LIDQrt6gmRp/9ytLwB9Mo0xix0wyMeg= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=qq.com header.s=s201512 header.b=dstMu+Vn; spf=pass (imf07.hostedemail.com: domain of eadavis@qq.com designates 203.205.221.236 as permitted sender) smtp.mailfrom=eadavis@qq.com; dmarc=pass (policy=quarantine) header.from=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1698929911; bh=iimX/kLhw22pUAk5YM3oconl2JgWnoW+ih0JCvrR5kg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=dstMu+VntAf7Mp+ZE0ktgfagRBAppJPC5ko1GM1UPy4jAVf+WHD7Lm+j24dzAUHnj e8V/wjZxZky9k281Qbd0juuB3LdWBruYKM1cI6umj0Hc7ujMWEaBiUO77S97EAv9+T 8WWWGGEL/lEN+uSVBmA0CTLDMPq0qw+SmO8NoaSE= Received: from pek-lxu-l1.wrs.com ([111.198.228.56]) by newxmesmtplogicsvrszc2-0.qq.com (NewEsmtp) with SMTP id E9B3F2A7; Thu, 02 Nov 2023 20:58:27 +0800 X-QQ-mid: xmsmtpt1698929907twvne5no5 Message-ID: X-QQ-XMAILINFO: MZ4XH1L85f1rzSSYbTc6Jmj3pIeX/e0nh52tuTKTWijZUhCRZoyyuhrJPV3g0g PeDpwzmwCmdXceSCdNxouaqMr9wn1aQ/AvJia5q0hnMavia94qovowR7CiH+wRmA/YAGX+V60XAy ZlaBu0CgLjV6doxTIZ2lN0zRhZ87wI7D4kpM9XQW1okYfpzaOaLbY3/u9X77ol2Qj1hJFRWkK8O2 imefKs7QnvNq0wHe889TrhNTfmpM44UXhCoFNatq0b2+X8gZ/UdFlaKqOjCu425JoiiosHZ2/UKd weBHTl1+/sYEzrJ6y40PBStnMONk4PwKwY2Via2jCu9zAK86TSx/oGfVPOqqbxqq0tMii6SIYPL6 bYiJSVUiEuo7r10uXxhr/S13f+FR9o9Z8BtJolEP8IYjS1NsKhR4dK3PCEw384wZlDAwPHXixnUF tuJDtKJlM0JHpvFCr+tEFwH0bneGT8Heo12vDTpmxHh1VUJGvYIUs3it5Te1EHu0H4UF/peX2kIz Bzp49nwj7mYqpeYVegyJ87eKjlrVUzzqmlW9J6AitwMUXS8iWv4Ct9flzL3k0k9d2n2qoI9h7CMF J9DTAgorCb+ydAuzhmtjB7+I8Te4ZIQxeudEza38MSMFjhXtBt9Xqcg9RspEyQDq2pGyqUWZmVbI 8bE6EMnISE9swW0+Z0YB1rh6npGupJVKFe6FcJfxuHCqIe45N6Amb5WLKQNJTn4483AU6RhzXu7Y gzxAuQiVSUZ0fEMhtJfe8VMxdFb39OOQi7d4dYZZrYSxh5wJ0dc3Hrzm+ztBXRoEW5swKHBHJJ9p nAQ9FtKUQxzZ2nPFqpVICpmGDDiraDmg6x6s73k34a11/1zFLXfdwb8gtsYHtILqSCjuwqZ0PexN laPyscX+OiXKzNQRjw3wYoP58DloGiS0D9J1G6O8zaipZXCWkTjuHw/L0soJsiKjiY9HQiaXlVYY T5ZFECDPw5MN0h9zYQQw== X-QQ-XMRINFO: NS+P29fieYNw95Bth2bWPxk= From: Edward Adam Davis To: riel@surriel.com Cc: akpm@linux-foundation.org, eadavis@qq.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org, ndesaulniers@google.com, syzbot+6ada951e7c0f7bc8a71e@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, trix@redhat.com Subject: [PATCH] mm/hugetlb: fix null ptr defer in hugetlb_vma_lock_write Date: Thu, 2 Nov 2023 20:58:28 +0800 X-OQ-MSGID: <20231102125827.253432-2-eadavis@qq.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <3382634358afa9b95dc4f6db8a53a136d4b9e9cb.camel@surriel.com> References: <3382634358afa9b95dc4f6db8a53a136d4b9e9cb.camel@surriel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Stat-Signature: k43d6oyp5c4smj3zy81umiusyipcez9t X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: A6DE940018 X-Rspam-User: X-HE-Tag: 1698929921-787859 X-HE-Meta: U2FsdGVkX18aCKtVqKzJuWxPM74latR2ZGNQ2Cg/7HPjDRd25qtRoq35lAR0VS5iDQ3h54jb8UHtaLr56lnAsjOZajm5t1hM2lTaec+MGk9NddKyVRMb5oO/SFVdlt0//Sa9s2rPp4TD06kEjZeIhdhQu4J5H6bpQB20t0TXYszhkUbvoxYXgTFQYmcm2MuD45y6hYlkUv1hTkbl1OBm34xvssjvxZG7qaN+NeiLEGyKd2YrjCoZFj2W2Yiv8QqJ6xb2rPaTXrb0zNDU9hUcPFoN0TWMvFO+1Y/uoeIeTWK89939BGo9PDZAFrdvLfi+hgkllLqt9ah+noR3wnDteOPREplZCl4biUT+dG9wUThdDnQC7MHjLqaUGvaY8IVsTpTaRo+zPQW9UXnwLI2hnjPt1zh6UzZo9k7bTj3OJi2tGkA0VKJHF7pGslamFxY0kJTmlXbouPVWojh3jR5nrAev8ete8Lyyk4HTBLN9YS2jkLM5AWEUstxHHLWXaFvUUM5x93Gq1bwI5ujSo0l2VwIiNFsuRLHx+MIhWsITcrXKigQOuvHwQTMA+0M7gQVFBsLm+hxCL0EPYxz80aVU7H2k/38XKLTMoxEpM9+y6WvMzc0TK9QaxFN0nDgMs3w4sN80x7xdgE+fe2vboRTQxV68ea/DIJdyZLBRCxBpFf6hzZ4mbJbrJrifcKl33G7a7o6P5HxrPkGsPgd4nEef3TbRR1+5D3D6uQ8CYfM/VbAxM37uZT0JWLxa5dGJsaOEzqYdn2SVe8D0KvPzuEqrwe7KYZ2NDOcYcmjzvJxkl3ZQm9nrBRZumPiXAYCIEq4o0G4pEmPoH/gj/6jtJwX+irLc0oAz0fOLBoDiq+b0w1VBrjynf2xXz2KBzoyzCbmguQz+x9j7SxH5cvRx6rSoJiBRirwsROe2ESHMBrXU+YLBWqyprqzs7qjVrgbt/3WFi4MjRsandGZvko5p5j1 otZq59bp bGNEXIkd+mpouox9Y9rS28sMonCbtSbhlIFC6W4P6vWZZRpAr39QoDUZb/99KVHPhjVp3xBpakVJTHr1UFd1QIo5gov31wMe9k+hRjQudZhn6YU5qr0AI5vh/vz5tLZBrCspdGmp99SKYGeVXol4TjWP36dEI/vj+D1bRs/zz11OxLKorwG9p7Ir7bCv+kc5Dnhi2nP5MuftqQIk3++ngnRCDxxefFPp7Mj6FA0bgvN6ubDDSClXn6H6ByZEJ+yizzmBgGgpUhAJAbmtXeeeU+ULnvUf7sqrc9oEV1LXNWAT6ChPP1DAb2vceI3Il60VhcziCbShbKRtwH9fQlImH/iQyVhriPBYmzlHAM5jh+xcotG1d1sVkKU1m6g7xttUesTvHlecUjmCAu8nnStnWWAM6UQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000050, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When obtaining resv_map from vma, it is necessary to simultaneously determine the flag HPAGE_RESV_OWNER of vm_private_data. Only when they are met simultaneously, resv_map is valid. Reported-and-tested-by: syzbot+6ada951e7c0f7bc8a71e@syzkaller.appspotmail.com Fixes: bf4916922c60 ("hugetlbfs: extend hugetlb_vma_lock to private VMAs") Signed-off-by: Edward Adam Davis --- include/linux/hugetlb.h | 5 ++++- mm/hugetlb.c | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 47d25a5e1933..14babc602f14 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -179,6 +179,7 @@ struct address_space *hugetlb_page_mapping_lock_write(struct page *hpage); extern int sysctl_hugetlb_shm_group; extern struct list_head huge_boot_pages; +static int is_vma_resv_set(struct vm_area_struct *vma, unsigned long flag); /* arch callbacks */ @@ -1265,9 +1266,11 @@ static inline bool __vma_shareable_lock(struct vm_area_struct *vma) return (vma->vm_flags & VM_MAYSHARE) && vma->vm_private_data; } +#define HPAGE_RESV_OWNER (1UL << 0) static inline bool __vma_private_lock(struct vm_area_struct *vma) { - return (!(vma->vm_flags & VM_MAYSHARE)) && vma->vm_private_data; + return (!(vma->vm_flags & VM_MAYSHARE)) && vma->vm_private_data && + is_vma_resv_set(vma, HPAGE_RESV_OWNER); } /* diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 1301ba7b2c9a..97ea782dfba6 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1033,7 +1033,6 @@ __weak unsigned long vma_mmu_pagesize(struct vm_area_struct *vma) * bits of the reservation map pointer, which are always clear due to * alignment. */ -#define HPAGE_RESV_OWNER (1UL << 0) #define HPAGE_RESV_UNMAPPED (1UL << 1) #define HPAGE_RESV_MASK (HPAGE_RESV_OWNER | HPAGE_RESV_UNMAPPED) -- 2.25.1