[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <874ktl1p7y.fsf@yhuang-dev.intel.com>
Date: Wed, 15 Apr 2020 10:01:53 +0800
From: "Huang\, Ying" <ying.huang@...el.com>
To: Qian Cai <cai@....pw>
Cc: Linux-MM <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org>,
Minchan Kim <minchan@...nel.org>,
Hugh Dickins <hughd@...gle.com>,
"Andrew Morton" <akpm@...ux-foundation.org>
Subject: Re: linux-next: not-present page at swap_vma_readahead()
Qian Cai <cai@....pw> writes:
>> On Apr 14, 2020, at 10:32 AM, Qian Cai <cai@....pw> wrote:
>>
>> Fuzzers are unhappy. Thoughts?
>
> This is rather to reproduce. All the traces so far are from copy_from_user() to trigger a page fault,
> and then it dereferences a bad pte in swap_vma_readahead(),
>
> for (i = 0, pte = ra_info.ptes; i < ra_info.nr_pte;
> i++, pte++) {
> pentry = *pte; <— crashed here.
> if (pte_none(pentry))
Is it possible to bisect this?
Because the crash point is identified, it may be helpful to collect and
analyze the status of the faulting page table and readahead ptes. But I
am not familiar with the ARM64 architecture. So I cannot help much
here.
Best Regards,
Huang, Ying
Powered by blists - more mailing lists