| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Apr 2023 02:20:17 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: Christoph Hellwig <hch@....de>,
Pankaj Raghav <p.raghav@...sung.com>,
Daniel Gomez <da.gomez@...sung.com>,
Jens Axboe <axboe@...nel.dk>,
Miklos Szeredi <miklos@...redi.hu>,
"Darrick J. Wong" <djwong@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
ceph-devel@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net, cluster-devel@...hat.com,
linux-xfs@...r.kernel.org, linux-nfs@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 17/17] fs: add CONFIG_BUFFER_HEAD
On Fri, Apr 28, 2023 at 05:11:57PM -0700, Luis Chamberlain wrote:
> [ 11.245248] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [ 11.254581] #PF: supervisor read access in kernel mode
> [ 11.257387] #PF: error_code(0x0000) - not-present page
> [ 11.260921] PGD 0 P4D 0
> [ 11.262600] Oops: 0000 [#1] PREEMPT SMP PTI
> [ 11.264993] CPU: 7 PID: 198 Comm: (udev-worker) Not tainted 6.3.0-large-block-20230426 #2
> [ 11.269385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
> [ 11.275054] RIP: 0010:iomap_page_create.isra.0+0xc/0xd0
> [ 11.277924] Code: 41 5e 41 5f c3 cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 54 55 48 89 f5 53 <48> 8b 06 48 c1 e8 0d 89 c6 83 e6 01 0f 84 a1 00 00 00 4c 8b 65 28
> [ 11.287293] RSP: 0018:ffffb0f0805ef9d8 EFLAGS: 00010293
> [ 11.289964] RAX: ffff9de3c1fa8388 RBX: ffffb0f0805efa78 RCX: 000000037ffe0000
> [ 11.293212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d
> [ 11.296485] RBP: 0000000000000000 R08: 0000000000021000 R09: ffffffff9c733b20
> [ 11.299724] R10: 0000000000000001 R11: 000000000000c000 R12: 0000000000000000
> [ 11.302974] R13: ffffffff9be96260 R14: ffffb0f0805efa58 R15: 0000000000000000
RSI is argument 2, which is folio.
Code starting with the faulting instruction
===========================================
0: 48 8b 06 mov (%rsi),%rax
3: 48 c1 e8 0d shr $0xd,%rax
Looks to me like a NULL folio was passed into iomap_page_create().
> [ 11.306206] FS: 00007f03ea8368c0(0000) GS:ffff9de43bdc0000(0000) knlGS:0000000000000000
> [ 11.309949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 11.312464] CR2: 0000000000000000 CR3: 0000000117ec6006 CR4: 0000000000770ee0
> [ 11.315442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 11.318310] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 11.321010] PKRU: 55555554
> [ 11.322212] Call Trace:
> [ 11.323224] <TASK>
> [ 11.324146] iomap_readpage_iter+0x96/0x300
> [ 11.325694] iomap_readahead+0x174/0x2d0
> [ 11.327129] read_pages+0x69/0x1f0
> [ 11.329751] page_cache_ra_unbounded+0x187/0x1d0
... that shouldn't be possible. read_pages() allocates pages, puts them
in the page cache and tells the filesystem to fill them in.
In your patches, did you call mapping_set_large_folios() anywhere?
Powered by blists - more mailing lists