| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201203122354.GI751215@kernel.org>
Date: Thu, 3 Dec 2020 14:23:54 +0200
From: Mike Rapoport <rppt@...nel.org>
To: syzbot <syzbot+86800a8349c0f3f9466e@...kaller.appspotmail.com>
Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, linux-next@...r.kernel.org,
sfr@...b.auug.org.au, syzkaller-bugs@...glegroups.com
Subject: Re: linux-next boot error: kernel BUG at
include/linux/page-flags.h:LINE!
On Thu, Dec 03, 2020 at 03:00:25AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: bfd521e1 Add linux-next specific files for 20201203
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=14d5d403500000
> kernel config: https://syzkaller.appspot.com/x/.config?x=76090eb4ba939f87
> dashboard link: https://syzkaller.appspot.com/bug?extid=86800a8349c0f3f9466e
> compiler: gcc (GCC) 10.1.0-syz 20200507
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+86800a8349c0f3f9466e@...kaller.appspotmail.com
...
> page:ffffea0000000000 is uninitialized and poisoned
> raw: ffffffffffffffff ffffea0000000008 ffffea0000000008 ffffffffffffffff
> raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
> page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page))
> ------------[ cut here ]------------
> kernel BUG at include/linux/page-flags.h:356!
Yeah, the change to initialization of "unavailable" memory missed pfn 0 :(
This should fix it:
>From 84a1c2531374706f3592a638523278aa29aaa448 Mon Sep 17 00:00:00 2001
From: Mike Rapoport <rppt@...ux.ibm.com>
Date: Thu, 3 Dec 2020 11:40:17 +0200
Subject: [PATCH] fixup for "mm: refactor initialization of stuct page for holes"
Signed-off-by: Mike Rapoport <rppt@...ux.ibm.com>
---
mm/page_alloc.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index ce2bdaabdf96..86fde4424e87 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -6227,7 +6227,8 @@ void __init __weak memmap_init(unsigned long size, int nid,
unsigned long zone,
unsigned long range_start_pfn)
{
- unsigned long start_pfn, end_pfn, next_pfn = 0;
+ static unsigned long hole_start_pfn;
+ unsigned long start_pfn, end_pfn;
unsigned long range_end_pfn = range_start_pfn + size;
u64 pgcnt = 0;
int i;
@@ -6235,7 +6236,6 @@ void __init __weak memmap_init(unsigned long size, int nid,
for_each_mem_pfn_range(i, nid, &start_pfn, &end_pfn, NULL) {
start_pfn = clamp(start_pfn, range_start_pfn, range_end_pfn);
end_pfn = clamp(end_pfn, range_start_pfn, range_end_pfn);
- next_pfn = clamp(next_pfn, range_start_pfn, range_end_pfn);
if (end_pfn > start_pfn) {
size = end_pfn - start_pfn;
@@ -6243,10 +6243,10 @@ void __init __weak memmap_init(unsigned long size, int nid,
MEMINIT_EARLY, NULL, MIGRATE_MOVABLE);
}
- if (next_pfn < start_pfn)
- pgcnt += init_unavailable_range(next_pfn, start_pfn,
- zone, nid);
- next_pfn = end_pfn;
+ if (hole_start_pfn < start_pfn)
+ pgcnt += init_unavailable_range(hole_start_pfn,
+ start_pfn, zone, nid);
+ hole_start_pfn = end_pfn;
}
/*
@@ -6256,8 +6256,8 @@ void __init __weak memmap_init(unsigned long size, int nid,
* considered initialized. Make sure that memmap has a well defined
* state.
*/
- if (next_pfn < range_end_pfn)
- pgcnt += init_unavailable_range(next_pfn, range_end_pfn,
+ if (hole_start_pfn < range_end_pfn)
+ pgcnt += init_unavailable_range(hole_start_pfn, range_end_pfn,
zone, nid);
if (pgcnt)
--
2.28.0
Powered by blists - more mailing lists