From: Wonhyuk Yang <vvghjk1234@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
Matthew Wilcox <willy@infradead.org>,
linux-fsdevel@vger.kernel.org,
Wonhyuk Yang <vvghjk1234@gmail.com>
Subject: [PATCH] fuse: fix panic in __readahead_batch()
Date: Tue, 3 Nov 2020 21:43:49 +0900
Message-ID: <20201103124349.16722-1-vvghjk1234@gmail.com> (raw)
According to xarray.h, xas_for_each's entry can be RETRY_ENTRY.
RETRY_ENTRY is defined as 0x402 and accessing that address
results in panic.
BUG: kernel NULL pointer dereference, address: 0000000000000402
kernel: RIP: 0010:fuse_readahead+0x152/0x470 [fuse]
CR2: 0000000000000402
Call Trace:
read_pages+0x83/0x270
page_cache_readahead_unbounded+0x197/0x230
generic_file_buffered_read+0x57a/0xa20
new_sync_read+0x112/0x1a0
vfs_read+0xf8/0x180
ksys_read+0x5f/0xe0
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Wonhyuk Yang <vvghjk1234@gmail.com>
---
include/linux/pagemap.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index c77b7c31b2e4..4c9f29bbdace 100644
--- a/include/linux/pagemap.h
+++ b/include/linux/pagemap.h
@@ -906,6 +906,12 @@ static inline unsigned int __readahead_batch(struct readahead_control *rac,
xas_set(&xas, rac->_index);
rcu_read_lock();
xas_for_each(&xas, page, rac->_index + rac->_nr_pages - 1) {
+ if (xas_retry(&xas, page))
+ continue;
+
+ if (!xa_is_value(page))
+ continue;
+
VM_BUG_ON_PAGE(!PageLocked(page), page);
VM_BUG_ON_PAGE(PageTail(page), page);
array[i++] = page;
--
2.25.1
next reply index
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 12:43 Wonhyuk Yang [this message]
2020-11-03 14:21 ` Matthew Wilcox
2020-11-03 14:38 ` Matthew Wilcox
2020-11-04 1:20 ` Wonhuyk Yang
2020-11-04 3:59 ` Amy Parker
2020-11-04 5:12 ` Wonhuyk Yang
2020-11-10 6:54 ` [fuse] 51ac7c8929: fio.read_iops -88.2% regression kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201103124349.16722-1-vvghjk1234@gmail.com \
--to=vvghjk1234@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Fsdevel Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-fsdevel/0 linux-fsdevel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-fsdevel linux-fsdevel/ https://lore.kernel.org/linux-fsdevel \
linux-fsdevel@vger.kernel.org
public-inbox-index linux-fsdevel
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fsdevel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git