From: Greg KH <gregkh@linuxfoundation.org>
To: Zubin Mithra <zsm@chromium.org>
Cc: stable@vger.kernel.org, groeck@chromium.org, axboe@kernel.dk,
hch@lst.de, ming.lei@redhat.com, osandov@fb.com
Subject: Re: 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
Date: Mon, 8 Nov 2021 08:01:35 +0100 [thread overview]
Message-ID: <YYjLT4wUIbK5T1ez@kroah.com> (raw)
In-Reply-To: <YYVZBuDaWBKT3vOS@google.com>
On Fri, Nov 05, 2021 at 09:17:10AM -0700, Zubin Mithra wrote:
> Hello,
>
> A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.
>
> BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
> Read of size 8 at addr 0000000000000008 by task poc2/3395
>
> CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> Call Trace:
> dump_stack+0xe7/0x131
> kasan_report+0x22a/0x272
> get_page+0xf/0x65
> submit_page_section+0xf4/0x202
> do_blockdev_direct_IO+0xb90/0xfb9
> ? dio_set_defer_completion+0x57/0x57
> ? lock_is_held_type+0x78/0x86
> ? jbd2_journal_stop+0x6fa/0x742
> ? ext4_get_block_trans+0x188/0x188
> ? lock_downgrade+0x29a/0x29a
> ? __blockdev_direct_IO+0x52/0x93
> ? do_journal_get_write_access+0x7b/0x7b
> ext4_direct_IO+0x4eb/0x7ad
> ? ext4_get_block_trans+0x188/0x188
> generic_file_direct_write+0x132/0x1d8
> __generic_file_write_iter+0xa6/0x1c0
> ? generic_write_checks+0x173/0x19d
> ext4_file_write_iter+0x450/0x549
> ? ext4_unwritten_wait+0x153/0x153
> ? iter_file_splice_write+0x11a/0x4d7
> ? lock_acquire+0x1a7/0x1e7
> ? iter_file_splice_write+0x11a/0x4d7
> ? lock_acquire+0x1b7/0x1e7
> ? match_held_lock+0x2e/0x102
> ? __lock_is_held+0x2a/0x87
> do_iter_readv_writev+0x145/0x1b1
> ? file_start_write.isra.0+0x34/0x34
> ? avc_policy_seqno+0x1d/0x25
> ? selinux_file_permission+0xce/0x115
> do_iter_write+0xa6/0xe6
> iter_file_splice_write+0x337/0x4d7
> ? __do_compat_sys_vmsplice+0x16c/0x16c
> ? match_held_lock+0x2e/0x102
> ? lock_is_held_type+0x78/0x86
> __do_sys_splice+0x6cc/0x8f6
> ? ipipe_prep.part.0+0x99/0x99
> ? mark_held_locks+0x2d/0x84
> ? do_syscall_64+0x14/0x90
> do_syscall_64+0x74/0x90
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x43f579
>
> Could the following patch be applied to linux-4.19.y and linux-4.14.y?
> linux-5.4.y has this commit.
> 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
>
> Tests run:
> * Syzkaller reproducer
> * Chrome OS tryjobs
Now queued up, thanks.
greg k-h
prev parent reply other threads:[~2021-11-08 7:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-05 16:17 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Zubin Mithra
2021-11-08 7:01 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYjLT4wUIbK5T1ez@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=groeck@chromium.org \
--cc=hch@lst.de \
--cc=ming.lei@redhat.com \
--cc=osandov@fb.com \
--cc=stable@vger.kernel.org \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).