回复: [PATCH v2] mm: Fix possible NULL pointer dereference in __swap_duplicate

All of lore.kernel.org
 help / color / mirror / Atom feed

From: gaoxu <gaoxu2@honor.com>
To: Yosry Ahmed <yosry.ahmed@linux.dev>,
	Andrew Morton <akpm@linux-foundation.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"Suren Baghdasaryan" <surenb@google.com>,
	Barry Song <21cnbao@gmail.com>,
	yipengxiang <yipengxiang@honor.com>
Subject: 回复: [PATCH v2] mm: Fix possible NULL pointer dereference in __swap_duplicate
Date: Sat, 15 Feb 2025 08:31:50 +0000	[thread overview]
Message-ID: <ca2a581c9601426abb3b29f2535956ab@honor.com> (raw)
In-Reply-To: <8bda689f466f7426df696ec52648592f262091bb@linux.dev>

> 
> February 14, 2025 at 10:52 PM, "gaoxu" <gaoxu2@honor.com> wrote:
> 
> 
> 
> >
> > Add a NULL check on the return value of swp_swap_info in __swap_duplicate
> >
> > to prevent crashes caused by NULL pointer dereference.
> >
> > The reason why swp_swap_info() returns NULL is unclear; it may be due to
> >
> > CPU cache issues or DDR bit flips. The probability of this issue is very
> >
> > small, and the stack info we encountered is as follows：
> >
> > Unable to handle kernel NULL pointer dereference at virtual address
> >
> > 0000000000000058
> >
> > [RB/E]rb_sreason_str_set: sreason_str set null_pointer
> >
> > Mem abort info:
> >
> >  ESR = 0x0000000096000005
> >
> >  EC = 0x25: DABT (current EL), IL = 32 bits
> >
> >  SET = 0, FnV = 0
> >
> >  EA = 0, S1PTW = 0
> >
> >  FSC = 0x05: level 1 translation fault
> >
> > Data abort info:
> >
> >  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
> >
> >  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
> >
> >  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> >
> > user pgtable: 4k pages, 39-bit VAs, pgdp=00000008a80e5000
> >
> > [0000000000000058] pgd=0000000000000000, p4d=0000000000000000,
> >
> > pud=0000000000000000
> >
> > Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
> >
> > Skip md ftrace buffer dump for: 0x1609e0
> >
> > ...
> >
> > pc : swap_duplicate+0x44/0x164
> >
> > lr : copy_page_range+0x508/0x1e78
> >
> > sp : ffffffc0f2a699e0
> >
> > x29: ffffffc0f2a699e0 x28: ffffff8a5b28d388 x27: ffffff8b06603388
> >
> > x26: ffffffdf7291fe70 x25: 0000000000000006 x24: 0000000000100073
> >
> > x23: 00000000002d2d2f x22: 0000000000000008 x21: 0000000000000000
> >
> > x20: 00000000002d2d2f x19: 18000000002d2d2f x18: ffffffdf726faec0
> >
> > x17: 0000000000000000 x16: 0010000000000001 x15: 0040000000000001
> >
> > x14: 0400000000000001 x13: ff7ffffffffffb7f x12: ffeffffffffffbff
> >
> > x11: ffffff8a5c7e1898 x10: 0000000000000018 x9 : 0000000000000006
> >
> > x8 : 1800000000000000 x7 : 0000000000000000 x6 : ffffff8057c01f10
> >
> > x5 : 000000000000a318 x4 : 0000000000000000 x3 : 0000000000000000
> >
> > x2 : 0000006daf200000 x1 : 0000000000000001 x0 : 18000000002d2d2f
> >
> > Call trace:
> >
> >  swap_duplicate+0x44/0x164
> >
> >  copy_page_range+0x508/0x1e78
> >
> >  copy_process+0x1278/0x21cc
> >
> >  kernel_clone+0x90/0x438
> >
> >  __arm64_sys_clone+0x5c/0x8c
> >
> >  invoke_syscall+0x58/0x110
> >
> >  do_el0_svc+0x8c/0xe0
> >
> >  el0_svc+0x38/0x9c
> >
> >  el0t_64_sync_handler+0x44/0xec
> >
> >  el0t_64_sync+0x1a8/0x1ac
> >
> > Code: 9139c35a 71006f3f 54000568 f8797b55 (f9402ea8)
> >
> > ---[ end trace 0000000000000000 ]---
> >
> > Kernel panic - not syncing: Oops: Fatal exception
> >
> > SMP: stopping secondary CPUs
> >
> > The patch seems to only provide a workaround, but there are no more
> >
> > effective software solutions to handle the bit flips problem. This path
> >
> > will change the issue from a system crash to a process exception, thereby
> >
> > reducing the impact on the entire machine.
> >
> > Signed-off-by: gaoxu <gaoxu2@honor.com>
> >
> > Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
> 
> 
> I did not review this patch, I only made a suggestion. Please only add Review
> tags when explicitly given.
sorry, I will resend a patch that removes the Review tags.

     prev parent reply	other threads:[~2025-02-15  8:32 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-15  6:52 [PATCH v2] mm: Fix possible NULL pointer dereference in __swap_duplicate gaoxu
2025-02-15  8:24 ` Yosry Ahmed
2025-02-15  8:31   ` gaoxu [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ca2a581c9601426abb3b29f2535956ab@honor.com \
    --to=gaoxu2@honor.com \
    --cc=21cnbao@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=surenb@google.com \
    --cc=yipengxiang@honor.com \
    --cc=yosry.ahmed@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.