From patchwork Tue Oct 3 14:48:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 13407714 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6659BE7AD57 for ; Tue, 3 Oct 2023 14:49:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EFEE96B0185; Tue, 3 Oct 2023 10:49:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EAEF96B018A; Tue, 3 Oct 2023 10:49:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D768F6B018C; Tue, 3 Oct 2023 10:49:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C83806B0185 for ; Tue, 3 Oct 2023 10:49:04 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A03898036C for ; Tue, 3 Oct 2023 14:49:04 +0000 (UTC) X-FDA: 81304432608.03.8FA3593 Received: from mail-oo1-f66.google.com (mail-oo1-f66.google.com [209.85.161.66]) by imf29.hostedemail.com (Postfix) with ESMTP id E149F12000E for ; Tue, 3 Oct 2023 14:49:02 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=C3GwBaws; spf=pass (imf29.hostedemail.com: domain of gourry.memverge@gmail.com designates 209.85.161.66 as permitted sender) smtp.mailfrom=gourry.memverge@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696344542; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=+b4EtjPouuLro3RPQ2u+6EnaEB6T6SR+sicsyHJKMSU=; b=TE3EZ/G44V4UPGagG9Q5vvj3ZczM8tSbHl1IKM7tr77yXUtlnMa59QbX+q9KLn+2baPwl+ vlrEqr8aqAn7xLD55g3SkDV0b0gyfmrr8emUatvXYe0/ZrsFIalN76s1PTQPy3AVG44ZGL ZaRwS4mhqUhQ974BJhPATXQXwwjfbfw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696344542; a=rsa-sha256; cv=none; b=2Jv27oSIwUw5nBGd5sIR0LuJnczQ8PVtHViQ/+DaA2XIMguS63Jivzd36JAKhktRHcgX0h y0Cs9Nl+7oeD5dc+DeaV41jIteYBg9hhBDimXZqImkiBCSVzekEXIXHRMUpeZY14QSucTm TYnEO0zm2VYeFx/rT7qKTI6aoxvNyAE= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=C3GwBaws; spf=pass (imf29.hostedemail.com: domain of gourry.memverge@gmail.com designates 209.85.161.66 as permitted sender) smtp.mailfrom=gourry.memverge@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-oo1-f66.google.com with SMTP id 006d021491bc7-57b68556d6dso553929eaf.1 for ; Tue, 03 Oct 2023 07:49:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696344542; x=1696949342; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=+b4EtjPouuLro3RPQ2u+6EnaEB6T6SR+sicsyHJKMSU=; b=C3GwBawsnMH7x+UW4kTqun+RlU18dZ907K066jcNk5poV2qh0pS/SESPxxvRvMoF1G 2dDg7Q15R+39talamN+ujkrej4o9FbIubkiaqcxqIfRzE1CahmgSN6wg5evtzmP18v7M 8KKT6hmqcJnPIJR2qPLWevDo+4gqfAqOSh5g5FPBEZtila91uFKEurLJS3tJJ3uLEr1t cHMDTTaVPntfjOTjE9UoZdeyJOZrr9f5DRFdSd6QbIGp24I1k5jSiAVRAeeZteLDJZ6u VqUB6FCVGW0I1BW/qtibJ/phoHhXMlVGCcoZUvVGJd5d/vyHGbGdx8dOLXxiFBcYBowe yEJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696344542; x=1696949342; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+b4EtjPouuLro3RPQ2u+6EnaEB6T6SR+sicsyHJKMSU=; b=Qm5GBK454PlR8NXbyvW5QIB4TjL5qb7x311IPr4MOGJGNRvJfvAdIZ6sNglTh0mfv+ QKQyZEPC3EdjBP1XJmkzbx/nftmOPrGvjepo8UjweAH9YACJ2rUZWXNo0czBZ8UHUB9X pdLXoBZ3IoJUeysKx8//bl8ycAhMKj4JqCjXAcnjKtkEzdX4ngRsQ8lRUDORMA1PHrfu 5v0om3btjpOyEVUvtXY6J2VG/Zhov9PXzhqItqyH9rztc+wY/obw4d5CpgB+C87wkbTZ XK5YLNRk6OTxS3RBmfpIJ9pG+sBAiN2FoleA877gYq8Kgl7f4zPn8mfXHvA3ixPtmIbZ MVkQ== X-Gm-Message-State: AOJu0YwSos1fl//J94OQV+C2Ay8n7GtlT/Tk/RzvljCMeanPaoTzD7uL hjQ9AyiI+5IVnEIWrYrZubW8GGU4qG8rabs= X-Google-Smtp-Source: AGHT+IHwXZ8gHdJJX/lcyMp5I8mG80fjmHLetl/aHXgjiax+vDvRmpwELVC+UPeAF0qyrj2dvvoYyg== X-Received: by 2002:a4a:d21d:0:b0:57b:469d:8af6 with SMTP id c29-20020a4ad21d000000b0057b469d8af6mr12475644oos.4.1696344541655; Tue, 03 Oct 2023 07:49:01 -0700 (PDT) Received: from fedora.mshome.net (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id d137-20020a4a528f000000b0057de3e449c8sm228889oob.8.2023.10.03.07.49.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 07:49:01 -0700 (PDT) From: Gregory Price X-Google-Original-From: Gregory Price To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, arnd@arndb.de, akpm@linux-foundation.org, Gregory Price Subject: [PATCH] mm/migrate: fix do_pages_move for compat pointers Date: Tue, 3 Oct 2023 10:48:56 -0400 Message-Id: <20231003144857.752952-1-gregory.price@memverge.com> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: E149F12000E X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: bzn3okpkhpoynu3ysmoarg93fh8dsubr X-HE-Tag: 1696344542-668536 X-HE-Meta: U2FsdGVkX19ybWJXWY+ayjLUKr3B4GPH+g4ajMi0/c+S3Mb5WvL+RFSpAyZViy+554jUGzuG7/j4Vsx7YTG/QR9fACqaRg48MhJivl6HTc/wpvRxrE5hZmdfJ7dN1p+25ynP9Kdxpwdczp3m10oU9RXK3bWsxz/8vdqbVJy17utukQCBcGOQxUhGTBnoFQASSVYI6CZa0Uey9Mt4ismnh22OKZ4qxSfLv96B9cev6SRyKtNft/W+xiIlMgXwCOsuqrODKijSWNGk/OggMOYJ+UFVY49+1zR/N9mBoBTyK7lNFc3TxDk/lI5oEVeH7kKn+MRCVi5lE9F/a7G5syBM0nNzo+gUyqzeWd68FdJFOesigeWCXxiGgjBPLBNH335KgL4vrIpQwfBitkVGfPWwByJzYvoeJ3M5bMjYnG02KklnO/smsG1LhiwSmJd5F3EwiufDZzk/NgSY3+9UHItfsF6ew39kXGp3j4l3rmLBJ7ZdXGdwNT6kGAyoQj9iP+TRET+xpo1oEM2gGCdmfOQ+VK3McH1epphp1ntvtVGEeH0C8CuFm7KJ3flN2W8W4EfAmAjuaRDRYdL84ESppQK0JBxrQbEtlrqTEMv9uvyTF5ARVBL9VmJdnvx2whxbd1255TvQW8JHS6zPhbA0Px1g3zD67IDPnjaggzstw2zHex/SyI4jQ3mQhDAjWAZs0/AWxv6KKGvcgc2Kb0H0C67rfuOG9EuyZesCbnahbW+yW0+PcZE4VI5ZeSfK4Nd4EceUoXgdeEjmL1MGVPe6kw3c6yv6cSyGKxZAdsJRCUqYqpG4RlQyt+ITgQuDmI4i4qT3VRtsSuU3PlNKf/Fn3USiEwFCBl9NUJwxS7XoftoAHjZV70EWTTwrN7JzFKRVAcew7VBH38cehzfLEoBVB43yexkBmKasY0vQQzB7baFNocDRzb+k4VCJfVKOR8/2+hPDMqVxloCUYEJpc9geyIc rgmyOVNZ MeYpYsSpuB2x/30aXOUYwGUaMNBU+aGpQAlq3bTb/5YOEdX+siQ0y2obq76Y+1RAjbqZ312AS4OWW3c/c7oS+ytxMZ8M4/c8R37TSFyiL/2N5MdRNuciJCOzyi1Q1817JebQKdCP5gDWtnbds8il4hGDm/RaCArwe2LnOGK8hcLTmKDoII9rDm1wGtGYY7LpRnB99fq3YTgF7Q4aDXUOMJ6kZzCOb/HxPZXVKyU5xuiPcfeYGUq7ZEFqUjcHVybo/6VXMEt7iGSAVguS8Vg64/j9C2Y0J/hc7A+GSJNBhhlgmuEqU6y9eBl+gC93J9YTwn1TOZSM9hDbB1dzPlq9yiSDBjSKsaZaw/x1hpOA1e0PsddcoloHBcmyrtPAX5UXEIYmj9vqpUALyZQ/63cAmlzWYVtKsX8CQA1vM9ghLFyQdSoyM31xTqIVAhiwcBfs4qN0k9fmv/h3qYBLJdpD6qEfBLVqN+EmpJU/M7K08I6DR/Ck4fXnP8Xuzqs6RN4qgVFjO3tc52I0OuRU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: do_pages_move does not handle compat pointers for the page list. correctly. Add in_compat_syscall check and appropriate get_user fetch when iterating the page list. Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages") Signed-off-by: Gregory Price Reported-by: Arnd Bergmann Co-developed-by: Arnd Bergmann --- mm/migrate.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index 2053b54556ca..06086dc9da28 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2162,6 +2162,7 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes, const int __user *nodes, int __user *status, int flags) { + compat_uptr_t __user *compat_pages = (void __user *)pages; int current_node = NUMA_NO_NODE; LIST_HEAD(pagelist); int start, i; @@ -2174,8 +2175,17 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes, int node; err = -EFAULT; - if (get_user(p, pages + i)) - goto out_flush; + if (in_compat_syscall()) { + compat_uptr_t cp; + + if (get_user(cp, compat_pages + i)) + goto out_flush; + + p = compat_ptr(cp); + } else { + if (get_user(p, pages + i)) + goto out_flush; + } if (get_user(node, nodes + i)) goto out_flush;