patches/old/mm-hugetlb-fix-refs-calculation-from-unaligned-vaddr.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: Joao Martins <joao.m.martins@oracle.com>
 Subject: mm/hugetlb: fix refs calculation from unaligned @vaddr

 commit 82e5d378b0e47 ("mm/hugetlb: refactor subpage recording") refactored
 the count of subpages but missed an edge case when @vaddr is not aligned
 to PAGE_SIZE e.g.  when close to vma->vm_end.  It would then errousnly set
 @refs to 0 and record_subpages_vmas() wouldn't set the @pages array
 element to its value, consequently causing the reported null-deref by
 syzbot.

 Fix it by aligning down @vaddr by PAGE_SIZE in @refs calculation.

 Link: https://lkml.kernel.org/r/20210713152440.28650-1-joao.m.martins@oracle.com
 Fixes: 82e5d378b0e47 ("mm/hugetlb: refactor subpage recording")
 Reported-by: syzbot+a3fcd59df1b372066f5a@syzkaller.appspotmail.com
 Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
 Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
 Cc: <stable@vger.kernel.org>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  mm/hugetlb.c |    5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)

 --- a/mm/hugetlb.c~mm-hugetlb-fix-refs-calculation-from-unaligned-vaddr
 +++ a/mm/hugetlb.c
 @@ -5440,8 +5440,9 @@ long follow_hugetlb_page(struct mm_struc
  			continue;
  		}

 -		refs = min3(pages_per_huge_page(h) - pfn_offset,
 -			    (vma->vm_end - vaddr) >> PAGE_SHIFT, remainder);
 +		/* vaddr may not be aligned to PAGE_SIZE */
 +		refs = min3(pages_per_huge_page(h) - pfn_offset, remainder,
 +		    (vma->vm_end - ALIGN_DOWN(vaddr, PAGE_SIZE)) >> PAGE_SHIFT);

  		if (pages || vmas)
  			record_subpages_vmas(mem_map_offset(page, pfn_offset),
 _
	From: Joao Martins <joao.m.martins@oracle.com>
	Subject: mm/hugetlb: fix refs calculation from unaligned @vaddr

	commit 82e5d378b0e47 ("mm/hugetlb: refactor subpage recording") refactored
	the count of subpages but missed an edge case when @vaddr is not aligned
	to PAGE_SIZE e.g. when close to vma->vm_end. It would then errousnly set
	@refs to 0 and record_subpages_vmas() wouldn't set the @pages array
	element to its value, consequently causing the reported null-deref by
	syzbot.

	Fix it by aligning down @vaddr by PAGE_SIZE in @refs calculation.

	Link: https://lkml.kernel.org/r/20210713152440.28650-1-joao.m.martins@oracle.com
	Fixes: 82e5d378b0e47 ("mm/hugetlb: refactor subpage recording")
	Reported-by: syzbot+a3fcd59df1b372066f5a@syzkaller.appspotmail.com
	Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
	Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
	Cc: <stable@vger.kernel.org>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	mm/hugetlb.c \| 5 +++--
	1 file changed, 3 insertions(+), 2 deletions(-)

	--- a/mm/hugetlb.c~mm-hugetlb-fix-refs-calculation-from-unaligned-vaddr
	+++ a/mm/hugetlb.c
	@@ -5440,8 +5440,9 @@ long follow_hugetlb_page(struct mm_struc
	continue;
	}

	- refs = min3(pages_per_huge_page(h) - pfn_offset,
	- (vma->vm_end - vaddr) >> PAGE_SHIFT, remainder);
	+ /* vaddr may not be aligned to PAGE_SIZE */
	+ refs = min3(pages_per_huge_page(h) - pfn_offset, remainder,
	+ (vma->vm_end - ALIGN_DOWN(vaddr, PAGE_SIZE)) >> PAGE_SHIFT);

	if (pages \|\| vmas)
	record_subpages_vmas(mem_map_offset(page, pfn_offset),
	_