From: "David Hildenbrand (Red Hat)" <david@kernel.org>
To: Andrew Morton <akpm@linux-foundation.org>,
Jinchao Wang <wangjinchao600@gmail.com>
Cc: Song Liu <song@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
syzbot+e008db2ac01e282550ee@syzkaller.appspotmail.com,
Axel Rasmussen <axelrasmussen@google.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Michal Hocko <mhocko@kernel.org>,
Qi Zheng <zhengqi.arch@bytedance.com>,
Shakeel Butt <shakeel.butt@linux.dev>,
Wei Xu <weixugc@google.com>, Yuanchu Xie <yuanchu@google.com>,
Omar Sandoval <osandov@fb.com>,
Deepanshu Kartikey <kartikey406@gmail.com>
Subject: Re: [PATCH] buildid: validate page-backed file before parsing build ID
Date: Tue, 30 Dec 2025 23:11:31 +0100 [thread overview]
Message-ID: <86b3f8af-299a-4ae7-b2dc-0b068046fe92@kernel.org> (raw)
In-Reply-To: <20251223092932.0a804e046fc2e5de236ced69@linux-foundation.org>
On 12/23/25 18:29, Andrew Morton wrote:
> On Tue, 23 Dec 2025 18:32:07 +0800 Jinchao Wang <wangjinchao600@gmail.com> wrote:
>
>> __build_id_parse() only works on page-backed storage. Its helper paths
>> eventually call mapping->a_ops->read_folio(), so explicitly reject VMAs
>> that do not map a regular file or lack valid address_space operations.
>>
>> Reported-by: syzbot+e008db2ac01e282550ee@syzkaller.appspotmail.com
>> Signed-off-by: Jinchao Wang <wangjinchao600@gmail.com>
>>
>> ...
>>
>> --- a/lib/buildid.c
>> +++ b/lib/buildid.c
>> @@ -280,7 +280,10 @@ static int __build_id_parse(struct vm_area_struct *vma, unsigned char *build_id,
>> int ret;
>>
>> /* only works for page backed storage */
>> - if (!vma->vm_file)
>> + if (!vma->vm_file ||
>> + !S_ISREG(file_inode(vma->vm_file)->i_mode) ||
>> + !vma->vm_file->f_mapping->a_ops ||
>> + !vma->vm_file->f_mapping->a_ops->read_folio)
>> return -EINVAL;
Just wondering, we are fine with MAP_PRIVATE files, right? I guess it's
not about the actual content in the VMA (which might be different for a
MAP_PRIVATE VMA), but only about the content of the mapped file.
LGTM, although I wonder whether some of these these checks should be
exposed as part of the read_cache_folio()/do_read_cache_folio() API.
Like, having a helper function that tells us whether we can use
do_read_cache_folio() against a given mapping+file.
--
Cheers
David
next prev parent reply other threads:[~2025-12-30 22:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-23 10:32 [PATCH] buildid: validate page-backed file before parsing build ID Jinchao Wang
2025-12-23 17:29 ` Andrew Morton
2025-12-30 22:11 ` David Hildenbrand (Red Hat) [this message]
2026-01-05 22:52 ` Andrii Nakryiko
2026-01-06 19:16 ` David Hildenbrand (Red Hat)
2026-01-09 23:43 ` Andrii Nakryiko
2026-01-11 11:32 ` David Hildenbrand (Red Hat)
2025-12-23 19:05 ` Shakeel Butt
2025-12-24 3:29 ` Jinchao Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86b3f8af-299a-4ae7-b2dc-0b068046fe92@kernel.org \
--to=david@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=axelrasmussen@google.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=hannes@cmpxchg.org \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kartikey406@gmail.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=martin.lau@linux.dev \
--cc=mhocko@kernel.org \
--cc=osandov@fb.com \
--cc=sdf@fomichev.me \
--cc=shakeel.butt@linux.dev \
--cc=song@kernel.org \
--cc=syzbot+e008db2ac01e282550ee@syzkaller.appspotmail.com \
--cc=wangjinchao600@gmail.com \
--cc=weixugc@google.com \
--cc=yonghong.song@linux.dev \
--cc=yuanchu@google.com \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.