On Sun, 2 Jul 2023 at 20:23, Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
>
> I can reproduce the problem in qemu. However, I do not see a warning
> after applying your patch.
Funky, funky.
I'm assuming it's the
page = get_arg_page(bprm, pos, 1);
if (!page) {
ret = -E2BIG;
goto out;
}
in copy_strings() that causes this. Or possibly, the version in
copy_string_kernel().
Does *this* get that "pr_warn()" printout (and a stack trace once,
just for good measure)?
Linus
mm/gup.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/mm/gup.c b/mm/gup.c
index ef29641671c7..66520194006b 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1168,11 +1168,15 @@ static long __get_user_pages(struct mm_struct *mm,
/* first iteration or cross vma bound */
if (!vma || start >= vma->vm_end) {
- vma = find_vma(mm, start);
+ struct vm_area_struct *prev = NULL;
+ vma = find_vma_prev(mm, start, &prev);
if (vma && (start < vma->vm_start)) {
WARN_ON_ONCE(vma->vm_flags & VM_GROWSDOWN);
vma = NULL;
}
+ if (!vma && prev && start >= prev->vm_end)
+ WARN_ON_ONCE(prev->vm_flags & VM_GROWSUP);
+
if (!vma && in_gate_area(mm, start)) {
ret = get_gate_page(mm, start & PAGE_MASK,
gup_flags, &vma,
