lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Sep 2020 16:52:43 +1000
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     Naresh Kamboju <naresh.kamboju@...aro.org>,
        open list <linux-kernel@...r.kernel.org>,
        X86 ML <x86@...nel.org>, linux-fsdevel@...r.kernel.org,
        linux-mm <linux-mm@...ck.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        lkft-triage@...ts.linaro.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Hugh Dickins <hughd@...gle.com>,
        William Kucharski <william.kucharski@...cle.com>,
        gandalf@...ds.org, Qian Cai <cai@....pw>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Michal Hocko <mhocko@...e.com>, Yang Shi <shy828301@...il.com>,
        Shakeel Butt <shakeelb@...gle.com>
Subject: Re: BUG: kernel NULL pointer dereference, address: RIP:
 0010:shmem_getpage_gfp.isra.0+0x470/0x750

Hi all,

On Mon, 14 Sep 2020 12:55:59 +0100 Matthew Wilcox <willy@...radead.org> wrote:
>
> On Mon, Sep 14, 2020 at 03:49:43PM +0530, Naresh Kamboju wrote:
> > While running LTP fs on qemu x86 and qemu_i386 these kernel BUGs noticed.  
> 
> I actually sent the fix for this a couple of days ago [1], but I think Andrew
> overlooked it while constructing the -mm tree.  Here's a fix you can
> apply to the -mm tree:
> 
> [1] https://lore.kernel.org/linux-mm/20200912032042.GA6583@casper.infradead.org/
> 
> diff --git a/mm/shmem.c b/mm/shmem.c
> index d2a46ef7df43..58bc9e326d0d 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1793,7 +1793,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  	struct mm_struct *charge_mm;
>  	struct page *page;
>  	enum sgp_type sgp_huge = sgp;
> -	pgoff_t hindex;
> +	pgoff_t hindex = index;
>  	int error;
>  	int once = 0;
>  	int alloced = 0;
> @@ -1822,6 +1822,8 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		return error;
>  	}
>  
> +	if (page)
> +		hindex = page->index;
>  	if (page && sgp == SGP_WRITE)
>  		mark_page_accessed(page);
>  
> @@ -1832,6 +1834,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		unlock_page(page);
>  		put_page(page);
>  		page = NULL;
> +		hindex = index;
>  	}
>  	if (page || sgp == SGP_READ)
>  		goto out;
> @@ -1982,7 +1985,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		goto unlock;
>  	}
>  out:
> -	*pagep = page + index - page->index;
> +	*pagep = page + index - hindex;
>  	return 0;
>  
>  	/*

I have applied that to linux-next today.

-- 
Cheers,
Stephen Rothwell

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ