From patchwork Fri Aug 21 00:42:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 11727225 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C8482109B for ; Fri, 21 Aug 2020 00:42:21 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 95EA02177B for ; Fri, 21 Aug 2020 00:42:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="yST5V7MI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 95EA02177B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A067C8D0028; Thu, 20 Aug 2020 20:42:20 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9B65B8D001E; Thu, 20 Aug 2020 20:42:20 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F2418D0028; Thu, 20 Aug 2020 20:42:20 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0121.hostedemail.com [216.40.44.121]) by kanga.kvack.org (Postfix) with ESMTP id 77DD28D001E for ; Thu, 20 Aug 2020 20:42:20 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 30E4B180AD81A for ; Fri, 21 Aug 2020 00:42:20 +0000 (UTC) X-FDA: 77172724440.16.slave59_12139c727035 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id 02366100E6903 for ; Fri, 21 Aug 2020 00:42:19 +0000 (UTC) X-Spam-Summary: 1,0,0,b62a16456107888c,d41d8cd98f00b204,akpm@linux-foundation.org,,RULES_HIT:41:355:379:800:960:966:967:973:988:989:1260:1263:1345:1359:1381:1431:1437:1534:1541:1711:1730:1747:1777:1792:2196:2199:2393:2525:2559:2563:2682:2685:2693:2859:2902:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3352:3865:3866:3867:3868:3870:3872:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4321:4385:5007:6261:6653:6737:7576:8599:8957:9025:9545:10004:11026:11473:11658:11914:12043:12048:12296:12297:12438:12517:12519:12555:12679:12783:12895:12986:13069:13221:13229:13311:13357:14181:14384:14721:14849:21080:21433:21451:21627:21939:30054:30064:30070,0,RBL:198.145.29.99:@linux-foundation.org:.lbl8.mailshell.net-62.2.0.100 64.100.201.201;04ygxxsw1a5isosxf7cxmc7qc46ckocgsyfix5o4gzrumuxdkgwcxeusiwms1nz.xwnjkhx1qyjrzgbrdopnswhg6y5nph878wdapax5zop1sdfkgu83rtiuaycfegx.w-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0 ,MSF:not X-HE-Tag: slave59_12139c727035 X-Filterd-Recvd-Size: 3014 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf33.hostedemail.com (Postfix) with ESMTP for ; Fri, 21 Aug 2020 00:42:19 +0000 (UTC) Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5DC6822B3F; Fri, 21 Aug 2020 00:42:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597970538; bh=H0TlMLU7cAofjPmQz4xfJlF0ssVRdl3/ZmHYO3yDzvk=; h=Date:From:To:Subject:In-Reply-To:From; b=yST5V7MI6TNTixVOBVSzajv07c/mdva30cf8ICrAqeNy0vr7Y6pFAEH2d5z9Yk61p 9r2KpVxyew6Qtvb8IieCuynvzQauLE6/kuAyB+oE3OcWcbz5rflgcYdPYszIm4dtHH 9YrgrI7qbaXghDsM9HqRDrpAq0HPTvLdkWWcjRB4= Date: Thu, 20 Aug 2020 17:42:17 -0700 From: Andrew Morton To: akpm@linux-foundation.org, hughd@google.com, kirill.shutemov@linux.intel.com, linux-mm@kvack.org, mm-commits@vger.kernel.org, oleg@redhat.com, songliubraving@fb.com, srikar@linux.vnet.ibm.com, stable@vger.kernel.org, syzkaller@googlegroups.com, torvalds@linux-foundation.org Subject: [patch 08/11] uprobes: __replace_page() avoid BUG in munlock_vma_page() Message-ID: <20200821004217.UBGpf4I1N%akpm@linux-foundation.org> In-Reply-To: <20200820174132.67fd4a7a9359048f807a533b@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Rspamd-Queue-Id: 02366100E6903 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam03 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Hugh Dickins Subject: uprobes: __replace_page() avoid BUG in munlock_vma_page() syzbot crashed on the VM_BUG_ON_PAGE(PageTail) in munlock_vma_page(), when called from uprobes __replace_page(). Which of many ways to fix it? Settled on not calling when PageCompound (since Head and Tail are equals in this context, PageCompound the usual check in uprobes.c, and the prior use of FOLL_SPLIT_PMD will have cleared PageMlocked already). Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008161338360.20413@eggly.anvils Fixes: 5a52c9df62b4 ("uprobe: use FOLL_SPLIT_PMD instead of FOLL_SPLIT") Signed-off-by: Hugh Dickins Reported-by: syzbot Acked-by: Song Liu Acked-by: Oleg Nesterov Reviewed-by: Srikar Dronamraju Cc: "Kirill A. Shutemov" Cc: [5.4+] Signed-off-by: Andrew Morton --- kernel/events/uprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/events/uprobes.c~uprobes-__replace_page-avoid-bug-in-munlock_vma_page +++ a/kernel/events/uprobes.c @@ -205,7 +205,7 @@ static int __replace_page(struct vm_area try_to_free_swap(old_page); page_vma_mapped_walk_done(&pvmw); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageCompound(old_page)) munlock_vma_page(old_page); put_page(old_page);