From patchwork Mon Sep 30 09:02:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gianfranco Trad X-Patchwork-Id: 13815662 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBC6BCF649D for ; Mon, 30 Sep 2024 09:06:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 245296B02B5; Mon, 30 Sep 2024 05:06:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1CE4A6B02B7; Mon, 30 Sep 2024 05:06:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 06E416B02B6; Mon, 30 Sep 2024 05:06:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id DCFB16B02B2 for ; Mon, 30 Sep 2024 05:06:39 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7F22C41D1B for ; Mon, 30 Sep 2024 09:06:39 +0000 (UTC) X-FDA: 82620824118.03.3F6419D Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by imf08.hostedemail.com (Postfix) with ESMTP id A4288160019 for ; Mon, 30 Sep 2024 09:06:37 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EcKSzmzk; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of gianf.trad@gmail.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=gianf.trad@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727687095; a=rsa-sha256; cv=none; b=DmqZF77mvDHTCNN6bv5Q9zlF40SJrBBfOhXSG/W5b9N7SZeQfXslUqmnaW6DOWUkCfjGyq 44SnyMpWNklrHTyiKm0y8H4HDDRSX/E8EvFVc9xXU71+nJVW1lbp/O4M0u2zvw6sSexeXS TP9HaUYmKnJTsVzQ4AVCyQPrHNI9Yzw= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EcKSzmzk; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of gianf.trad@gmail.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=gianf.trad@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727687095; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4T8AFr4bQcCZmnOMOOHwvGPz5biZtlw2dtZ+xRXq6po=; b=Pn8SzeV+oWI0l2rBesyfiQzAs3St8CdJt5AmZEE7HAgUefPSfueOuQ1riXtH3uOIaJ28lJ JnFXZ+7Tutd/rqDq+O5L0phwbxGOcJTBWa54DIHCfvDO9fRTX6Xa8pJw8vFFuXUWajYXTj 5rpsuy8oGgX3D96d5u9uyRBrHpF5+AQ= Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-42e82f7f36aso32654685e9.0 for ; Mon, 30 Sep 2024 02:06:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727687196; x=1728291996; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4T8AFr4bQcCZmnOMOOHwvGPz5biZtlw2dtZ+xRXq6po=; b=EcKSzmzkyq16pn+cKDvr0mYEpJ+Vx2W1s8BggFMYiDjgVnzRP7SFGV6XTnkn/bzjTi or9oqxU430ZL8tEoji+khjDw5vOjcdMH8G31H1HtmR7qRnJ8u2jBACQWiw/rqysVpH4O rU1fCSTr2J5GrMmrmXcAaJMPOEUyCjMGzER7oE2SZDI5zJvX4FDoTGOg1droeg2wx2pA VSNL1Y5qiuG2qvhxBbAt0p4eqniGzwr6yG6G+rlNq4HP10mhVuPJFfyEQenUPIWyGX5K dxTFnUNVTwaHbEaykapHknCl608mY6ZMxwfvdWtbwRAFv3VOqIdQv82CeIJkGe48NDfT 9U6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727687196; x=1728291996; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4T8AFr4bQcCZmnOMOOHwvGPz5biZtlw2dtZ+xRXq6po=; b=BKlem6AWiS+swefwV5VrXys8gmnH0d+kGDD15cEx2ZpurACN1uGJ33Ek2qY0gvBPZi GjOehQ3iHFxPwPOKHqWAxqZf5wptI29WRL3S7uTrytMPvT8q3Ez+o4edPmu1R3X8a2EI BJOBNg4dz7GK+lGmSJsW8APhJVb9KZAshdG9qAYATJ+Rinuq11M1GC0EPfQ/oxEnC3XL IbLdDPkJxoB/WzTlZzP0ooEUdYtrEKujg2KKr8yawwYgr4K4/Pe9IX4oaxeWdkmN6eIn I+bSlA4bF4hsfcCYIcO3IAbZcZo0pE16APQi1axvqXIbHkZiQa+xhzHAfo62BK3GQtSP Mgkg== X-Forwarded-Encrypted: i=1; AJvYcCU+037CmIJWzm41wV9XbfibedPiXYrMF1wF0B9Ft5PWED0Y7gRk+ymzELipwB9aZLKKGHMs7y3IBA==@kvack.org X-Gm-Message-State: AOJu0YxsLi6CGpYr40uej6Lm/+s4qO42i3Y8nJB213vlAtPY7NbTYGQY vRTWh0t2XdcC17Yrlpr3F3cURo4X9L1308tgNBFw19xWwHkibGXs X-Google-Smtp-Source: AGHT+IE6NnZTvb4qmbIWGzzx3TlbOvkKjzQPrdKGGkDQERZCO2n+QeWtsQr8b4562XtqBE03o3sTzA== X-Received: by 2002:a05:600c:1549:b0:42c:bf70:a303 with SMTP id 5b1f17b1804b1-42f58497ebemr81465295e9.29.1727687195666; Mon, 30 Sep 2024 02:06:35 -0700 (PDT) Received: from gi4n-KLVL-WXX9.. ([2a01:e11:5400:7400:d70c:eed6:c2c4:fae7]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42e96a56fddsm144297025e9.46.2024.09.30.02.06.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 02:06:35 -0700 (PDT) From: Gianfranco Trad To: gianf.trad@gmail.com Cc: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, skhan@linuxfoundation.org, syzbot+4089e577072948ac5531@syzkaller.appspotmail.com, willy@infradead.org Subject: [PATCH v2] Fix NULL pointer dereference in read_cache_folio Date: Mon, 30 Sep 2024 11:02:26 +0200 Message-ID: <20240930090225.28517-2-gianf.trad@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240929230548.370027-3-gianf.trad@gmail.com> References: <20240929230548.370027-3-gianf.trad@gmail.com> MIME-Version: 1.0 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A4288160019 X-Stat-Signature: pror1hsp7mmqc466knt3d37ctteqnz6a X-Rspam-User: X-HE-Tag: 1727687197-857277 X-HE-Meta: U2FsdGVkX18U/G6RwkYQHIxMuPNBS44pULUWB8obdLUxVoYDWfkLgkDCKo0/iBmvKh1qnQOd8x0YKhCnWRA7YhpfIJihPohx0yMDMZ+zbhV/HvzVJ9vB3N4e+Q/VRiXmEDnD0wLzyHOnYSxvJAeI+IPtakm1xifOnxDd02Qoh9h4ITAuW+qPeXz2BIu6Ofzi02O0kjemu49gn1geBUbIuAK0AF5s9qVliaKG/Yp2OnGlTstB2NwzziCbv5w4qtaAWeXgLq9byOnJFnCBZCNAXOPV4j1GRZ4jouDt+eRP6U6omnI8VnLVp0fHTgSOe5NnmFPQEUA7ptR5axEY6MDqZbm4h1eZ/CrfJql2bE/f3yG2Ikw4u7hXIlUXCfkk+l8/to7JllZ/62CfI+d+orlsobM1ygFcsl9Fb4JhA3H0/OXRqR7zembgxGW8gXh53NbBMAJMrw2ZV+i0hExTplu18MLzGIS5yOkc9uP3AILc2C1quZUHgXe3lX7NTJ1b6qWKhpSNHlvhFs6S2jN8znjUNLZan+c7UC9AfZJieLPVKl7LWyWyWAyN/WkPYxvDI46cOBVjzwTgukJ0dzTxU/Es9ewLCiNQFWbMmUzvPM8NUpGQmHioaeF4FHrZrqwSVGmcZ31g0VhftBCbzLKN4EW7YbS38LG2+tnEcKChemd+9CzpTJsKmPXh2xG23z/po1g8OzmrwsjkyM5d4E6zLlFtyj/sPg7YVkSPD55ew/ZhwotpcyXhRTLmMtXAN9s1uBY6FtzjGmkqsgzgBCaGNJPy+9kaGZUvSBwsNag6XvDR24lhrSDfcZuiWRGGbnoGRqrjtSVZhYbgdvCUlRoCU4ctaanZi8aSYXGCl/giEyKNR3DdNIIg6lqEDlmL5v8G9FHqCUyix74feONNzKjrllbnsTsGKVdx0X8x9drByZIwpFSeE2klpWVk7XPdhfy0OVUKWWauV3XHrsIFJaI95+6 bPYgea8y bxWyovcOLSj0QEEByjqp21jZAZtVREWxw1K2uzXPnU8C7MxqpyBsSrgJUdK3Rb7cbxL51L98izqzxvnSJ7bdZJfzeaQ+9Rse0VP8KJpBJdWMiIl1BouLaONVn5NSmHmKP4e8ly1xdJsVC5yQ0flzGkV/GIRYGOoKPy/J54XZ2AH0ujUDp+NmKbERUlaIlYK9doRMVIMiB8p4D0pD2/1KH4pD7wJGmVcUFX4UFiNUGEMjvrRwn2BovsR1YNGHoHQqOO6jmc1vOoIlMe56cNERCqxjyT7shIeUYUhEIuXZbXHPcPRuvftQdQD04Y33X56s6RT8lQxDXsqds8FsIwgPi7c1nFijbkDWyH/iFj6gN6KZNpWaMdSnxL0WXDHzibSMRyazTuZkwr0FWxaC3/MVh015vQa9Qs/XuH+ssGOdKnSjX4QsIZom4Kx5Hl6+og+iv0biZrdZN2Selak+F75g/NBg7isD1k/c5cfeKMM0wi17Wip5rkquzvbdoqvRhd7fvxYHhQtyA127VYLN1fuEdVgIjSrO/myVWLyLDKH+qcKbs71pEoiNY6EIX/R5Pn5t1pDJcMGuXWzITOYrLkxgCmWxz7ytWpjPonG/qhB1idp3nO42H0FZ0iTRiSUbga8Dd6xwzAVZdnvxlMzQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add check on filler to prevent NULL pointer dereference condition in read_cache_folio[1]. [1] https://syzkaller.appspot.com/bug?extid=4089e577072948ac5531 Reported-by: syzbot+4089e577072948ac5531@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4089e577072948ac5531 Tested-by: syzbot+4089e577072948ac5531@syzkaller.appspotmail.com Signed-off-by: Gianfranco Trad --- Notes: changes in v2: - refactored check on filler. mm/filemap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/filemap.c b/mm/filemap.c index 4f3753f0a158..88de8029133c 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2360,6 +2360,8 @@ static int filemap_read_folio(struct file *file, filler_t filler, /* Start the actual read. The read will unlock the page. */ if (unlikely(workingset)) psi_memstall_enter(&pflags); + if (!filler) + return -EIO; error = filler(file, folio); if (unlikely(workingset)) psi_memstall_leave(&pflags);