From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, "Jiri Slaby" <jirislaby@kernel.org>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Jakub Matěna" <matenajakub@gmail.com>,
"Kirill A . Shutemov" <kirill@shutemov.name>,
"Liam Howlett" <liam.howlett@oracle.com>,
"Matthew Wilcox" <willy@infradead.org>,
"Mel Gorman" <mgorman@techsingularity.net>,
"Michal Hocko" <mhocko@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>
Subject: [PATCH 6.1 44/71] mm, mremap: fix mremap() expanding vma with addr inside vma
Date: Mon, 2 Jan 2023 12:22:09 +0100 [thread overview]
Message-ID: <20230102110553.341522626@linuxfoundation.org> (raw)
In-Reply-To: <20230102110551.509937186@linuxfoundation.org>
From: Vlastimil Babka <vbabka@suse.cz>
commit 6f12be792fde994ed934168f93c2a0d2a0cf0bc5 upstream.
Since 6.1 we have noticed random rpm install failures that were tracked to
mremap() returning -ENOMEM and to commit ca3d76b0aa80 ("mm: add merging
after mremap resize").
The problem occurs when mremap() expands a VMA in place, but using an
starting address that's not vma->vm_start, but somewhere in the middle.
The extension_pgoff calculation introduced by the commit is wrong in that
case, so vma_merge() fails due to pgoffs not being compatible. Fix the
calculation.
By the way it seems that the situations, where rpm now expands a vma from
the middle, were made possible also due to that commit, thanks to the
improved vma merging. Yet it should work just fine, except for the buggy
calculation.
Link: https://lkml.kernel.org/r/20221216163227.24648-1-vbabka@suse.cz
Reported-by: Jiri Slaby <jirislaby@kernel.org>
Link: https://bugzilla.suse.com/show_bug.cgi?id=1206359
Fixes: ca3d76b0aa80 ("mm: add merging after mremap resize")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Jakub Matěna <matenajakub@gmail.com>
Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mremap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -1016,7 +1016,8 @@ SYSCALL_DEFINE5(mremap, unsigned long, a
long pages = (new_len - old_len) >> PAGE_SHIFT;
unsigned long extension_start = addr + old_len;
unsigned long extension_end = addr + new_len;
- pgoff_t extension_pgoff = vma->vm_pgoff + (old_len >> PAGE_SHIFT);
+ pgoff_t extension_pgoff = vma->vm_pgoff +
+ ((extension_start - vma->vm_start) >> PAGE_SHIFT);
if (vma->vm_flags & VM_ACCOUNT) {
if (security_vm_enough_memory_mm(mm, pages)) {
next prev parent reply other threads:[~2023-01-02 11:28 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-02 11:21 [PATCH 6.1 00/71] 6.1.3-rc1 review Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 01/71] eventpoll: add EPOLL_URING_WAKE poll wakeup flag Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 02/71] eventfd: provide a eventfd_signal_mask() helper Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 03/71] io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 04/71] nvme-pci: fix doorbell buffer value endianness Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 05/71] nvme-pci: fix mempool alloc size Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 06/71] nvme-pci: fix page size checks Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 07/71] ACPI: resource: do IRQ override on XMG Core 15 Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 08/71] ACPI: resource: do IRQ override on Lenovo 14ALC7 Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 09/71] ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 10/71] ACPI: video: Fix Apple GMUX backlight detection Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 11/71] block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 12/71] ata: ahci: Fix PCS quirk application for suspend Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 13/71] nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 14/71] nvmet: dont defer passthrough commands with trivial effects to the workqueue Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 15/71] fs/ntfs3: Validate BOOT record_size Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 16/71] fs/ntfs3: Add overflow check for attribute size Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 17/71] fs/ntfs3: Validate data run offset Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 18/71] fs/ntfs3: Add null pointer check to attr_load_runs_vcn Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 19/71] fs/ntfs3: Fix memory leak on ntfs_fill_super() error path Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 20/71] fs/ntfs3: Add null pointer check for inode operations Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 21/71] fs/ntfs3: Validate attribute name offset Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 22/71] fs/ntfs3: Validate buffer length while parsing index Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 23/71] fs/ntfs3: Validate resident attribute name Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 24/71] fs/ntfs3: Fix slab-out-of-bounds read in run_unpack Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 25/71] soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 26/71] phy: sun4i-usb: Introduce port2 SIDDQ quirk Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 27/71] phy: sun4i-usb: Add support for the H616 USB PHY Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 28/71] fs/ntfs3: Validate index root when initialize NTFS security Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 29/71] fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 30/71] fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 31/71] fs/ntfs3: Delete duplicate condition in ntfs_read_mft() Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 32/71] fs/ntfs3: Fix slab-out-of-bounds in r_page Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 33/71] objtool: Fix SEGFAULT Greg Kroah-Hartman
2023-01-02 11:21 ` [PATCH 6.1 34/71] iommu/mediatek: Fix crash on isr after kexec() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 35/71] powerpc/rtas: avoid device tree lookups in rtas_os_term() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 36/71] powerpc/rtas: avoid scheduling " Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 37/71] rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 38/71] NFSD: fix use-after-free in __nfs42_ssc_open() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 39/71] kprobes: kretprobe events missing on 2-core KVM guest Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 40/71] HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 41/71] HID: plantronics: Additional PIDs for double volume key presses quirk Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 42/71] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 43/71] rtmutex: Add acquire semantics for rtmutex lock acquisition slow path Greg Kroah-Hartman
2023-01-02 11:22 ` Greg Kroah-Hartman [this message]
2023-01-02 11:22 ` [PATCH 6.1 45/71] mm/mempolicy: fix memory leak in set_mempolicy_home_node system call Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 46/71] kmsan: export kmsan_handle_urb Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 47/71] kmsan: include linux/vmalloc.h Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 48/71] pstore: Properly assign mem_type property Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 49/71] pstore/zone: Use GFP_ATOMIC to allocate zone buffer Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 50/71] hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 51/71] ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 52/71] ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 53/71] binfmt: Fix error return code in load_elf_fdpic_binary() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 54/71] ovl: Use ovl mounters fsuid and fsgid in ovl_link() Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 55/71] ovl: update ->f_iocb_flags when ovl_change_flags() modifies ->f_flags Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 56/71] ALSA: line6: correct midi status byte when receiving data from podxt Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 57/71] ALSA: line6: fix stack overflow in line6_midi_transmit Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 58/71] ALSA: hda/hdmi: Static PCM mapping again with AMD HDMI codecs Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 59/71] pnode: terminate at peers of source Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 60/71] mfd: mt6360: Add bounds checking in Regmap read/write call-backs Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 61/71] md: fix a crash in mempool_free Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 62/71] mm, compaction: fix fast_isolate_around() to stay within boundaries Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 63/71] f2fs: should put a page when checking the summary info Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 64/71] f2fs: allow to read node block after shutdown Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 65/71] block: Do not reread partition table on exclusively open device Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 66/71] mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 67/71] tpm: acpi: Call acpi_put_table() to fix memory leak Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 68/71] tpm: tpm_crb: Add the missed " Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 69/71] tpm: tpm_tis: " Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 70/71] SUNRPC: Dont leak netobj memory when gss_read_proxy_verf() fails Greg Kroah-Hartman
2023-01-02 11:22 ` [PATCH 6.1 71/71] kcsan: Instrument memcpy/memset/memmove with newer Clang Greg Kroah-Hartman
2023-01-02 23:14 ` [PATCH 6.1 00/71] 6.1.3-rc1 review Rudi Heitbaum
2023-01-03 0:25 ` Shuah Khan
2023-01-03 1:13 ` Guenter Roeck
2023-01-03 7:24 ` Fenil Jain
2023-01-03 8:40 ` Naresh Kamboju
2023-01-03 8:45 ` Naresh Kamboju
2023-01-03 8:59 ` Ron Economos
2023-01-03 10:34 ` Sudip Mukherjee (Codethink)
2023-01-03 12:08 ` Bagas Sanjaya
2023-01-03 13:22 ` Allen Pais
2023-01-03 19:33 ` Florian Fainelli
2023-01-04 1:39 ` Justin Forbes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230102110553.341522626@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=jirislaby@kernel.org \
--cc=kirill@shutemov.name \
--cc=liam.howlett@oracle.com \
--cc=matenajakub@gmail.com \
--cc=mgorman@techsingularity.net \
--cc=mhocko@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).