linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: syzbot <syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com>,
	bp@alien8.de, dave.hansen@linux.intel.com,
	dmitry.torokhov@gmail.com, ebiederm@xmission.com, hpa@zytor.com,
	jeremy.linton@arm.com, linux-kernel@vger.kernel.org,
	linux-usb@vger.kernel.org, luto@kernel.org, mingo@redhat.com,
	peterz@infradead.org, stern@rowland.harvard.edu,
	syzkaller-bugs@googlegroups.com, x86@kernel.org
Subject: Re: WARNING in memtype_reserve
Date: Wed, 13 May 2020 14:44:45 +0200	[thread overview]
Message-ID: <20200513124445.GA1082735@kroah.com> (raw)
In-Reply-To: <87wo5l4ecm.fsf@nanos.tec.linutronix.de>

On Sat, May 09, 2020 at 12:00:57PM +0200, Thomas Gleixner wrote:
> Greg KH <gregkh@linuxfoundation.org> writes:
> > On Sat, May 09, 2020 at 12:20:14AM -0700, syzbot wrote:
> >> memtype_reserve failed: [mem 0xffffffffff000-0x00008fff], req write-back
> >> WARNING: CPU: 1 PID: 7025 at arch/x86/mm/pat/memtype.c:589 memtype_reserve+0x69f/0x820 arch/x86/mm/pat/memtype.c:589
> >
> > So should memtype_reserve() not do a WARN if given invalid parameters as
> > it can be triggered by userspace requests?
> >
> > A normal "invalid request" debug line is probably all that is needed,
> > right?
> 
> I disagree. The callsite espcially if user space triggerable should not
> attempt to ask for a reservation where start > end:
> 
>   >> memtype_reserve failed: [mem 0xffffffffff000-0x00008fff], req write-back
> 
> The real question is which part of the call chain is responsible for
> this. That needs to be fixed.

This is caused by 2bef9aed6f0e ("usb: usbfs: correct kernel->user page
attribute mismatch") which changed a call to remap_pfn_range() to
dma_mmap_coherent().  Looks like the error checking in remap_pfn_range()
handled the invalid options better than dma_mma_coherent() when odd
values are passed in.

We can add the check to dma_mmap_coherent(), again, but really, this
type of check should probably only be needed in one place to ensure we
always get it correct, right?

thanks,

greg k-h

  parent reply	other threads:[~2020-05-13 12:44 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-09  7:20 WARNING in memtype_reserve syzbot
2020-05-09  7:45 ` Greg KH
2020-05-09 10:00   ` Thomas Gleixner
2020-05-09 13:41     ` Alan Stern
2020-05-13 16:21       ` Thomas Gleixner
2020-05-13 12:44     ` Greg KH [this message]
2020-05-13 16:22       ` Thomas Gleixner
2020-05-13 16:55         ` Greg KH
     [not found]         ` <20200514035458.14760-1-hdanton@sina.com>
2020-05-14  6:14           ` Christoph Hellwig
2020-05-14  6:19             ` Dmitry Vyukov
2020-05-14  6:27             ` Validating dma_mmap_coherent() parameters before calling (was Re: WARNING in memtype_reserve) Greg KH
2020-05-14  6:31               ` Christoph Hellwig
2020-05-14  7:46                 ` Greg KH
2020-05-14 11:17                   ` Jeremy Linton
2020-05-14 11:22                     ` Greg KH
2020-05-14 11:10                 ` Jeremy Linton
2020-05-14 11:14                   ` Christoph Hellwig
2020-05-14 11:16                     ` Jeremy Linton
2020-05-14  9:08           ` WARNING in memtype_reserve syzbot
2020-05-09 17:42 ` Jeremy Linton
     [not found] ` <20200509154728.1548-1-hdanton@sina.com>
2020-05-13 12:41   ` Greg KH
2020-05-14  9:20 ` Greg KH
2020-05-14 10:44   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200513124445.GA1082735@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dmitry.torokhov@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=hpa@zytor.com \
    --cc=jeremy.linton@arm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=stern@rowland.harvard.edu \
    --cc=syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).