Hello,
On Fri, 13 Jan 2023 19:04:14 +0000 Lorenzo Stoakes <lstoakes@xxxxxxxxx> wrote:
> On Fri, Jan 13, 2023 at 02:08:36PM +0100, David Hildenbrand wrote:
> > On 13.01.23 14:01, Marek Szyprowski wrote:
> > > Hi
> > >
> > > On 12.01.2023 09:30, Kefeng Wang wrote:
> > > > The old_page/new_page are converted to old_folio/new_folio in
> > > > wp_page_copy(), then replaced related page functions to folio
> > > > functions.
> > > >
> > > > Signed-off-by: Kefeng Wang <wangkefeng.wang@xxxxxxxxxx>
> > >
> > > This patch, merged into today's linux-next as commit 9ebae00c8e30 ("mm:
> > > memory: convert wp_page_copy() to use folios"), causes serious stability
> > > issues on my ARM based test boards. Here is the example of such crash:
> >
> > syzbot is also not happy:
> >
> > https://lkml.kernel.org/r/000000000000807c7805f2205df1@xxxxxxxxxx
> >
> > --
> > Thanks,
> >
> > David / dhildenb
> >
>
> This also completely broke my qemu environment.
Same to me.
>
> In that thread Willy points out that the issue stems from blindly assigning
> page_folio(old_page) to old_folio without checking whether it is NULL first,
> therefore triggering a NULL pointer deref.
>
> A quick fix would be to put in a check (as shown below) which fixes the issue,
> but as Willy said, I think we should drop this until it can be fixed in a
> respin.
>
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3044,7 +3044,7 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
> struct vm_area_struct *vma = vmf->vma;
> struct mm_struct *mm = vma->vm_mm;
> struct page *old_page = vmf->page;
> - struct folio *old_folio = page_folio(old_page);
> + struct folio *old_folio = old_page ? page_folio(old_page) : NULL;
Tested-by: SeongJae Park <sj@xxxxxxxxxx>
Thanks,
SJ
