Qian Cai <cai@xxxxxx> writes:
>> On Apr 14, 2020, at 10:32 AM, Qian Cai <cai@xxxxxx> wrote:
>>
>> Fuzzers are unhappy. Thoughts?
>
> This is rather to reproduce. All the traces so far are from copy_from_user() to trigger a page fault,
> and then it dereferences a bad pte in swap_vma_readahead(),
>
> for (i = 0, pte = ra_info.ptes; i < ra_info.nr_pte;
> i++, pte++) {
> pentry = *pte; <— crashed here.
> if (pte_none(pentry))
Is it possible to bisect this?
Because the crash point is identified, it may be helpful to collect and
analyze the status of the faulting page table and readahead ptes. But I
am not familiar with the ARM64 architecture. So I cannot help much
here.
Best Regards,
Huang, Ying
