Re: [linux-next:master] [netfs] a05b682d49: BUG:KASAN:slab-use-after-free_in_copy_from_iter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi, Christian Brauner, hi, David Howells,

On Fri, Sep 13, 2024 at 10:11:25AM +0200, Christian Brauner wrote:
> On Fri, Sep 13, 2024 at 08:59:19AM GMT, David Howells wrote:
> > Can you try with the attached change?  It'll get folded into Christian's
> > vfs.netfs branch at some point.
> 
> The fix you pasted below is already applied and folded into vfs.netfs.
> But what the kernel test robot tested was an old version of that branch.
> 
> The commit hash that kernel test robot tested was:
> 
> commit: a05b682d498a81ca12f1dd964f06f3aec48af595 ("netfs: Use new folio_queue data type and iterator instead of xarray iter")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> 
> but in vfs.netfs we have:
> cd0277ed0c188dd40e7744e89299af7b78831ca4  ("netfs: Use new folio_queue data type and iterator instead of xarray iter")

thanks for information!

howerver, we noticed there is still similar issues upon cd0277ed0c which now
is in mainline. we reported in below link FYI.
https://lore.kernel.org/oe-lkp/202409180928.f20b5a08-oliver.sang@xxxxxxxxx/

the issue is still reproduced on mainline or linux-next/master tip when bot
finished the bisect.

[test failed on linus/master      a430d95c5efa2b545d26a094eb5f624e36732af0]
[test failed on linux-next/master 7083504315d64199a329de322fce989e1e10f4f7]

> 
> and the diff between the two is:
> 
> diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> index 84a517a0189d..97003155bfac 100644
> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -1026,7 +1026,7 @@ static ssize_t iter_folioq_get_pages(struct iov_iter *iter,
>                 iov_offset += part;
>                 extracted += part;
> 
> -               *pages = folio_page(folio, offset % PAGE_SIZE);
> +               *pages = folio_page(folio, offset / PAGE_SIZE);
>                 get_page(*pages);
>                 pages++;
>                 maxpages--;
> 
> So this is a bug report for an old version of vfs.netfs.
> 
> > 
> > David
> > ---
> > diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> > index 84a517a0189d..97003155bfac 100644
> > --- a/lib/iov_iter.c
> > +++ b/lib/iov_iter.c
> > @@ -1026,7 +1026,7 @@ static ssize_t iter_folioq_get_pages(struct iov_iter *iter,
> >  		iov_offset += part;
> >  		extracted += part;
> >  
> > -		*pages = folio_page(folio, offset % PAGE_SIZE);
> > +		*pages = folio_page(folio, offset / PAGE_SIZE);
> >  		get_page(*pages);
> >  		pages++;
> >  		maxpages--;
> > 
> 




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux