RE: [syzbot] [fs?] [mm?] INFO: task hung in remove_inode_hugepages
From: Kasireddy, Vivek
Date: Tue Jul 09 2024 - 17:36:20 EST
Hi Andrew,
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any
> issue:
>
> Reported-and-tested-by:
> syzbot+f1d7fb4f94764243d23e@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> Tested on:
>
> commit: 581a87b1 fixup! mm/gup: introduce memfd_pin_folios() f..
> git tree: https://gitlab.freedesktop.org/Vivek/drm-tip.git
> syzbot_fix_remove_inode
How do you prefer to take the following short fix for this issue?
commit 581a87b19b3739da8c10750b499c55062ea54bf4
Author: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx>
Date: Mon Jul 8 23:04:48 2024 -0700
fixup! mm/gup: introduce memfd_pin_folios() for pinning memfd folios
Return -EINVAL if the end offset is greater than the size of memfd.
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx>
diff --git a/mm/gup.c b/mm/gup.c
index 43f6d2f689d2..54d0dc3831fb 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -3630,6 +3630,9 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end,
if (!shmem_file(memfd) && !is_file_hugepages(memfd))
return -EINVAL;
+ if (end >= i_size_read(file_inode(memfd)))
+ return -EINVAL;
+
if (is_file_hugepages(memfd)) {
h = hstate_file(memfd);
Thanks,
Vivek
> console output: https://syzkaller.appspot.com/x/log.txt?x=145a8535980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=409b5fcdf33b7555
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=f1d7fb4f94764243d23e
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
> 2.40
>
> Note: no patches were applied.
> Note: testing is done by a robot and is best-effort only.