From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 875D847798C for ; Thu, 11 Jun 2026 18:11:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.181 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781201476; cv=none; b=cLloF+DwhcpSQrDQETk7E2B+A8pOGyi9uLJycMzmFNy6Jl8bUvqXVZo82BqBfGn+u08Mo/ajSPp/pgzsP8jJUsS/QI4Pe8wVGOTihiSZQOTfKk2hYuSgglkTfit/4DFVbZJVPehI+/EzVEGuBwn0hL5mwjtqojaJWQb2YPEEWXs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781201476; c=relaxed/simple; bh=0IVCsjhkT3TaixRi76wQ69U8Pd4bBJADljWSdiXEsvM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=tET3hW+28NOGf51GRe/fvQAGwXVG3OolLijFhlMeV9jSfahmcKEsP5uiKwSCZUl0EcUMW8Wgwl7E3o3HKDfriX49aBjs3gb0e2yT3KshXRye/T0MBHLnj3Hpai6gxYewmTX+N1RFgtXYKp5XdNloYlGR2tF5J5YIjUAOPTHZU1Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=kdDaE2G0; arc=none smtp.client-ip=209.85.222.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="kdDaE2G0" Received: by mail-qk1-f181.google.com with SMTP id af79cd13be357-91578122305so24602585a.0 for ; Thu, 11 Jun 2026 11:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1781201474; x=1781806274; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Al+T4TqZrJR/gkQ535/4FcHdaEp07L/uvQinYQpHI+s=; b=kdDaE2G0RmP1acNMvWyTGfunuKjFi2exI8mep3i9cJ1b0zdA/L8r2hvOqCNC+Nk9L1 GT+bln0N/bR7C5bnTXkGI4xcYNU7rGh7Xmk3qkhO4lnSMSkLFvFTn411f+reS9U3evuN 0rkKgk58s8dvX9oWmPyCR8zEK7sh3XaDQ4pQHf0/n0tOXdYyysleJhtjtHPuPuzMVJVz a8uxLJu1bTz+fHhROEDWZHTFxvorsRCeNgAh7yKiYCS0YsniYtfova416JVB61QkYBKF XSmmXG0t3U9Ndc2EJQBofKvYS8Ik6C6oiOv4Y6s9UBoCpivB+MtMdBy+LynYFDfijKpL e5hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781201474; x=1781806274; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Al+T4TqZrJR/gkQ535/4FcHdaEp07L/uvQinYQpHI+s=; b=FjjzNAtTupqkrTzsuIZhKSRgbHxNYKivtWtgdDAFBVh80fV1i7SJ3cuJi/N2nSkBRX bK0jeLtbjGMnOhkcLdgv6nKQ2Gz3q0LY9HoSdNUVaA9zJwr3wIJl/UBD7MSfh3e8qANQ alBVMWfWnlcK+szhFjhz6QJNpKqQuV8fwSXhYF86laeed/Yfab6xb/XrO/YjF1zgpjFR WGPVx2HuHp/NFKWd7K/8jK/VObOjv7mL38jsPR0yk00juIRgbN8RR1Ks/SxViAq79A5O Uh32y0bDRyA2Ssl6VjQA1M6L60PqALwzszdmLTIRH0JPXGT39RvBQb/0I+buKDnBawsj 9u5w== X-Forwarded-Encrypted: i=1; AFNElJ+N6O6C0Fe62JfcJQhaQg/+g7dKjMKV0P+9gJgpVgvfutcOvSsAyeaaKQx4o7rY3Q71M3H7VlLadAkpt1c=@vger.kernel.org X-Gm-Message-State: AOJu0Yyv3iXsugG2bhbNI6qV1sc/h2TdC7Q9swuurkV6ijTJWIVZsFrC d/y9d6BuIqhtJwPc1N3rZK2BiXYwLFWD/Engsh5uUrNnXXFfIlqY4CurX2QBhkLB19g= X-Gm-Gg: Acq92OG+vNrQ9sYDHIHrYGHnDtMb/zSFVexdXMDLD3QcXvskG4SFnsdTY/sGarv7TIY 75rjqGmsiNrp4n/ulKTLKGDXsNk5FPxcaMmk9OaIAtgkUTNsUH/yZyDWr7oXGsRqr+CpUOS8R1/ Ro2dbcucubHnJSZ2kiR05iEzhsypxCXTcgbwWSWQtN/ki5h3yxlZ/9+83mZYXE2HQW/JYXBOLsf ncbEdfQtB4mQR7+9ewnT5/XtvYepy+i6pF4GYICvE+K1+0j0yQ29pmTbo7RJ/RyCQSlwRTmGBfa 8OhG2jzCo2shzaiK3BrAB3mYnUFnBUH+BAYHWyMNeDAb5eDP0sCMUxm5r9TNHN480seyz1lFduC ID0ECVjhrKnRCrQ7gdSTdtHvz0BGZvDx3fkNcQ63glj+5q+f/qd5JJdP2X+uSBYgvVuekS1GCgH ik2ReFg/pmW29AFYtRqVI+K5WQzXud7yyf8oKOOBaX1kPLVcgg1Xo= X-Received: by 2002:a05:620a:618b:b0:915:eec4:1ec5 with SMTP id af79cd13be357-9160b085ac2mr603129085a.51.1781201474374; Thu, 11 Jun 2026 11:11:14 -0700 (PDT) Received: from plex ([71.181.43.54]) by smtp.gmail.com with ESMTPSA id af79cd13be357-9160b038ee9sm248553485a.40.2026.06.11.11.11.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jun 2026 11:11:13 -0700 (PDT) Date: Thu, 11 Jun 2026 18:11:13 +0000 From: Pasha Tatashin To: Mike Rapoport Cc: Pratyush Yadav , Tarun Sahu , Pasha Tatashin , Andrew Morton , linux-kernel@vger.kernel.org, kexec@lists.infradead.org, linux-mm@kvack.org Subject: Re: [PATCH] mm/memfd_luo: validate serialized_data before conversion Message-ID: References: <2vxzmrx1qjuf.fsf@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On 06-11 17:28, Mike Rapoport wrote: > On Thu, Jun 11, 2026 at 03:37:12PM +0200, Pratyush Yadav wrote: > > On Thu, Jun 11 2026, Mike Rapoport wrote: > > > > > On Thu, Jun 11, 2026 at 10:30:03AM +0000, Tarun Sahu wrote: > > >> In memfd_luo_finish() and memfd_luo_retrieve(), phys_to_virt() was called > > >> on args->serialized_data before checking if the physical address is valid. > > >> Since physical address 0 does not map to virtual NULL (due to direct > > >> mapping offsets), the subsequent check 'if (!ser)' was ineffective at > > >> catching a missing serialized_data, leading to unsafe dereferences later. > > >> > > >> Validate that args->serialized_data is non-zero before calling > > >> phys_to_virt(). > > >> > > >> Fixes: b3749f174d68 ("mm: memfd_luo: allow preserving memfd") > > >> Signed-off-by: Tarun Sahu > > >> --- > > >> mm/memfd_luo.c | 10 ++++++---- > > >> 1 file changed, 6 insertions(+), 4 deletions(-) > > >> > > >> diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c > > >> index 59de210bee5f..10f3983b0060 100644 > > >> --- a/mm/memfd_luo.c > > >> +++ b/mm/memfd_luo.c > > >> @@ -397,10 +397,11 @@ static void memfd_luo_finish(struct liveupdate_file_op_args *args) > > >> if (args->retrieve_status) > > >> return; > > >> > > >> - ser = phys_to_virt(args->serialized_data); > > >> - if (!ser) > > >> + if (!args->serialized_data) > > > > > > We really should make args->serialized_data a KHOSER_PTR > > > > Hmm, that would also be a good idea. I suppose then it would be a better > > to directly convert to using KHOSER_PTR() instead of this patch? > > Makes sense. I think we should systematically cover all phys_to_virt conversions and add KOSHER_PTR() , instead of an ad-hoc approach of adding it as we go. So, let's take this patch and do a series where we properly convert everything and provide guidance for others to use going forward. Pasha > > > -- > > Regards, > > Pratyush Yadav > > -- > Sincerely yours, > Mike.