Re: [PATCH -next 5/7] mm: memory: convert wp_page_copy() to use folios

[SeongJae Park <sj@kernel.org>]

Hello,

On Fri, 13 Jan 2023 19:04:14 +0000 Lorenzo Stoakes <lstoakes@gmail.com> wrote:

> On Fri, Jan 13, 2023 at 02:08:36PM +0100, David Hildenbrand wrote:
> > On 13.01.23 14:01, Marek Szyprowski wrote:
> > > Hi
> > >
> > > On 12.01.2023 09:30, Kefeng Wang wrote:
> > > > The old_page/new_page are converted to old_folio/new_folio in
> > > > wp_page_copy(), then replaced related page functions to folio
> > > > functions.
> > > >
> > > > Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> > >
> > > This patch, merged into today's linux-next as commit 9ebae00c8e30 ("mm:
> > > memory: convert wp_page_copy() to use folios"), causes serious stability
> > > issues on my ARM based test boards. Here is the example of such crash:
> >
> > syzbot is also not happy:
> >
> > https://lkml.kernel.org/r/000000000000807c7805f2205df1@google.com
> >
> > --
> > Thanks,
> >
> > David / dhildenb
> >
> 
> This also completely broke my qemu environment.

Same to me.

> 
> In that thread Willy points out that the issue stems from blindly assigning
> page_folio(old_page) to old_folio without checking whether it is NULL first,
> therefore triggering a NULL pointer deref.
> 
> A quick fix would be to put in a check (as shown below) which fixes the issue,
> but as Willy said, I think we should drop this until it can be fixed in a
> respin.
> 
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3044,7 +3044,7 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
>         struct vm_area_struct *vma = vmf->vma;
>         struct mm_struct *mm = vma->vm_mm;
>         struct page *old_page = vmf->page;
> -       struct folio *old_folio = page_folio(old_page);
> +       struct folio *old_folio = old_page ? page_folio(old_page) : NULL;

Tested-by: SeongJae Park <sj@kernel.org>


Thanks,
SJ