From: linmiaohe <linmiaohe@huawei.com>
To: Hillf Danton <hdanton@sina.com>
Cc: Souptick Joarder <jrdr.linux@gmail.com>,
syzbot <syzbot+c5d5a51dcbb558ca0cb5@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
"syzkaller-bugs@googlegroups.com"
<syzkaller-bugs@googlegroups.com>
Subject: Re: general protection fault in unlink_file_vma
Date: Thu, 10 Sep 2020 06:26:45 +0000 [thread overview]
Message-ID: <bc09fdb2ce24487b821bccc856c4c23b@huawei.com> (raw)
Hillf Danton wrote:
>> On Thu, 10 Sep 2020 07:43:41 +0530 Souptick Joarder wrote:
>> On Wed, Sep 9, 2020 at 9:45 AM Hillf Danton wrote:
>> > Tue, 08 Sep 2020 17:19:17 -0700
>> > > syzbot found the following issue on:
>> > >
>> > > HEAD commit: 59126901 Merge tag 'perf-tools-fixes-for-v5.9-2020-09-03' ..
>> >
>> > Looks like d70cec898324 ("mm: mmap: merge vma after call_mmap() if
>> > possible") added an extra fput.
>>
>> Can you please help me to understand how do you figure out this commit ?
>
>Feel free to correct Hillf if I missed any thing.
>Failing to reproduce the gpf without the commit may tell us more about it than I could.
>> >
>> > --- a/mm/mmap.c
>> > +++ b/mm/mmap.c
>> > @@ -1781,7 +1781,6 @@ unsigned long mmap_region(struct file *f
>> > merge = vma_merge(mm, prev, vma->vm_start, vma->vm_end, vma->vm_flags,
>> > NULL, vma->vm_file, vma->vm_pgoff, NULL, NULL_VM_UFFD_CTX);
>> > if (merge) {
>> > - fput(file);
>> > vm_area_free(vma);
>> > vma = merge;
>> > /* Update vm_flags and possible addr
>> > to pick up the change. We don't
Yes, It seems vma_merge() could fput the vm_file via remove_next case in __vma_adjust(). So the fput vm_file here do the
extra one.
But we may not remove the fput here directly as vma_merge() do not always fput the vm_file. I'am not really familiar with
the vma merge yet, but I would try my best to fix this as soon as possible.
Many thanks for point this out. And sorry for my careless.
next reply other threads:[~2020-09-10 6:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-10 6:26 linmiaohe [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-09-16 9:05 general protection fault in unlink_file_vma linmiaohe
2020-09-16 6:50 linmiaohe
2020-09-16 8:39 ` syzbot
2020-09-16 1:48 linmiaohe
2020-09-16 4:24 ` syzbot
2020-09-15 11:13 linmiaohe
2020-09-14 6:42 linmiaohe
2020-09-15 9:36 ` syzbot
2020-09-14 1:51 linmiaohe
2020-09-13 9:17 linmiaohe
2020-09-13 11:16 ` Hillf Danton
2020-09-09 0:19 syzbot
2020-09-09 4:15 ` Hillf Danton
2020-09-10 2:13 ` Souptick Joarder
2020-09-10 4:17 ` Hillf Danton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bc09fdb2ce24487b821bccc856c4c23b@huawei.com \
--to=linmiaohe@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=hdanton@sina.com \
--cc=jrdr.linux@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzbot+c5d5a51dcbb558ca0cb5@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.