Re: [PATCH] mm/hugetlb: fix null ptr defer in hugetlb_vma_lock_write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2023-11-01 at 14:36 +0800, Edward Adam Davis wrote:
> When obtaining resv_map from vma, it is necessary to simultaneously
> determine
> the flag HPAGE_RESV_OWNER of vm_private_data.
> Only when they are met simultaneously, resv_map is valid.
> 
> Reported-and-tested-by:
> syzbot+6ada951e7c0f7bc8a71e@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: bf4916922c60 ("hugetlbfs: extend hugetlb_vma_lock to private
> VMAs")
> Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
> ---
>  include/linux/hugetlb.h | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
> index 47d25a5e1933..1a3ec1aee1a3 100644
> --- a/include/linux/hugetlb.h
> +++ b/include/linux/hugetlb.h
> @@ -1265,9 +1265,11 @@ static inline bool __vma_shareable_lock(struct
> vm_area_struct *vma)
>         return (vma->vm_flags & VM_MAYSHARE) && vma->vm_private_data;
>  }
>  
> +#define HPAGE_RESV_OWNER    (1UL << 0)
>  static inline bool __vma_private_lock(struct vm_area_struct *vma)
>  {
> -       return (!(vma->vm_flags & VM_MAYSHARE)) && vma-
> >vm_private_data;
> +       return (!(vma->vm_flags & VM_MAYSHARE)) && vma-
> >vm_private_data && 
> +               ((unsigned long)vma->vm_private_data &
> HPAGE_RESV_OWNER);
>  }

This could be cleaned up a bit by moving the HPAGE_RESV_OWNER
definition (and its friends) into hugetlb.h, as well as the
is_vma_resv_set() helper function.

Then __vma_private_lock() can just call is_vma_resv_set(),
and open coding a duplicate of the same code.

Not having duplicates of the code will make it much harder
to "miss a spot" with future changes.

I am still struggling to find a place where we might leave
HPAGE_RESV_OWNER behind on a pointer that is otherwise NULL,
but if your tests show this fixes the issue, I'm all for it :)

-- 
All Rights Reversed.





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux