Re: [syzbot] [mm?] [xfs?] KASAN: slab-use-after-free Read in filemap_map_pages
From: Hillf Danton
Date: Wed Jan 01 2025 - 01:52:40 EST
On Tue, 31 Dec 2024 20:06:28 -0800
> syzbot found the following issue on:
>
> HEAD commit: 8155b4ef3466 Add linux-next specific files for 20241220
> git tree: linux-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17ed90b0580000
#syz test
--- x/mm/filemap.c
+++ y/mm/filemap.c
@@ -3703,6 +3703,7 @@ vm_fault_t filemap_map_pages(struct vm_f
struct address_space *mapping = file->f_mapping;
pgoff_t file_end, last_pgoff = start_pgoff;
unsigned long addr;
+ unsigned long pmd_end;
XA_STATE(xas, &mapping->i_pages, start_pgoff);
struct folio *folio;
vm_fault_t ret = 0;
@@ -3731,6 +3732,11 @@ vm_fault_t filemap_map_pages(struct vm_f
if (end_pgoff > file_end)
end_pgoff = file_end;
+ pmd_end = ALIGN(addr, PMD_SIZE);
+ pmd_end = (pmd_end - addr) >> PAGE_SHIFT;
+ if (end_pgoff - start_pgoff > pmd_end)
+ end_pgoff = start_pgoff + pmd_end;
+
folio_type = mm_counter_file(folio);
do {
unsigned long end;
--