stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
@ 2021-11-05 16:17 Zubin Mithra
  2021-11-08  7:01 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Zubin Mithra @ 2021-11-05 16:17 UTC (permalink / raw)
  To: stable; +Cc: gregkh, groeck, axboe, hch, ming.lei, osandov

Hello,

A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.

BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
Read of size 8 at addr 0000000000000008 by task poc2/3395

CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 dump_stack+0xe7/0x131
 kasan_report+0x22a/0x272
 get_page+0xf/0x65
 submit_page_section+0xf4/0x202
 do_blockdev_direct_IO+0xb90/0xfb9
 ? dio_set_defer_completion+0x57/0x57
 ? lock_is_held_type+0x78/0x86
 ? jbd2_journal_stop+0x6fa/0x742
 ? ext4_get_block_trans+0x188/0x188
 ? lock_downgrade+0x29a/0x29a
 ? __blockdev_direct_IO+0x52/0x93
 ? do_journal_get_write_access+0x7b/0x7b
 ext4_direct_IO+0x4eb/0x7ad
 ? ext4_get_block_trans+0x188/0x188
 generic_file_direct_write+0x132/0x1d8
 __generic_file_write_iter+0xa6/0x1c0
 ? generic_write_checks+0x173/0x19d
 ext4_file_write_iter+0x450/0x549
 ? ext4_unwritten_wait+0x153/0x153
 ? iter_file_splice_write+0x11a/0x4d7
 ? lock_acquire+0x1a7/0x1e7
 ? iter_file_splice_write+0x11a/0x4d7
 ? lock_acquire+0x1b7/0x1e7
 ? match_held_lock+0x2e/0x102
 ? __lock_is_held+0x2a/0x87
 do_iter_readv_writev+0x145/0x1b1
 ? file_start_write.isra.0+0x34/0x34
 ? avc_policy_seqno+0x1d/0x25
 ? selinux_file_permission+0xce/0x115
 do_iter_write+0xa6/0xe6
 iter_file_splice_write+0x337/0x4d7
 ? __do_compat_sys_vmsplice+0x16c/0x16c
 ? match_held_lock+0x2e/0x102
 ? lock_is_held_type+0x78/0x86
 __do_sys_splice+0x6cc/0x8f6
 ? ipipe_prep.part.0+0x99/0x99
 ? mark_held_locks+0x2d/0x84
 ? do_syscall_64+0x14/0x90
 do_syscall_64+0x74/0x90
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f579

Could the following patch be applied to linux-4.19.y and linux-4.14.y?
linux-5.4.y has this commit.
	3d75ca0adef4 ("block: introduce multi-page bvec helpers")

Tests run:
* Syzkaller reproducer
* Chrome OS tryjobs


Thanks,
- Zubin


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
  2021-11-05 16:17 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Zubin Mithra
@ 2021-11-08  7:01 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2021-11-08  7:01 UTC (permalink / raw)
  To: Zubin Mithra; +Cc: stable, groeck, axboe, hch, ming.lei, osandov

On Fri, Nov 05, 2021 at 09:17:10AM -0700, Zubin Mithra wrote:
> Hello,
> 
> A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.
> 
> BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
> Read of size 8 at addr 0000000000000008 by task poc2/3395
> 
> CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> Call Trace:
>  dump_stack+0xe7/0x131
>  kasan_report+0x22a/0x272
>  get_page+0xf/0x65
>  submit_page_section+0xf4/0x202
>  do_blockdev_direct_IO+0xb90/0xfb9
>  ? dio_set_defer_completion+0x57/0x57
>  ? lock_is_held_type+0x78/0x86
>  ? jbd2_journal_stop+0x6fa/0x742
>  ? ext4_get_block_trans+0x188/0x188
>  ? lock_downgrade+0x29a/0x29a
>  ? __blockdev_direct_IO+0x52/0x93
>  ? do_journal_get_write_access+0x7b/0x7b
>  ext4_direct_IO+0x4eb/0x7ad
>  ? ext4_get_block_trans+0x188/0x188
>  generic_file_direct_write+0x132/0x1d8
>  __generic_file_write_iter+0xa6/0x1c0
>  ? generic_write_checks+0x173/0x19d
>  ext4_file_write_iter+0x450/0x549
>  ? ext4_unwritten_wait+0x153/0x153
>  ? iter_file_splice_write+0x11a/0x4d7
>  ? lock_acquire+0x1a7/0x1e7
>  ? iter_file_splice_write+0x11a/0x4d7
>  ? lock_acquire+0x1b7/0x1e7
>  ? match_held_lock+0x2e/0x102
>  ? __lock_is_held+0x2a/0x87
>  do_iter_readv_writev+0x145/0x1b1
>  ? file_start_write.isra.0+0x34/0x34
>  ? avc_policy_seqno+0x1d/0x25
>  ? selinux_file_permission+0xce/0x115
>  do_iter_write+0xa6/0xe6
>  iter_file_splice_write+0x337/0x4d7
>  ? __do_compat_sys_vmsplice+0x16c/0x16c
>  ? match_held_lock+0x2e/0x102
>  ? lock_is_held_type+0x78/0x86
>  __do_sys_splice+0x6cc/0x8f6
>  ? ipipe_prep.part.0+0x99/0x99
>  ? mark_held_locks+0x2d/0x84
>  ? do_syscall_64+0x14/0x90
>  do_syscall_64+0x74/0x90
>  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x43f579
> 
> Could the following patch be applied to linux-4.19.y and linux-4.14.y?
> linux-5.4.y has this commit.
> 	3d75ca0adef4 ("block: introduce multi-page bvec helpers")
> 
> Tests run:
> * Syzkaller reproducer
> * Chrome OS tryjobs

Now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-08  7:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-05 16:17 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Zubin Mithra
2021-11-08  7:01 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).