From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Matthew Wilcox <mawilcox@microsoft.com>,
Chris Fries <cfries@google.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@suse.com>, Jan Kara <jack@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.9 92/95] mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
Date: Sun, 22 Apr 2018 15:54:01 +0200 [thread overview]
Message-ID: <20180422135214.183266218@linuxfoundation.org> (raw)
In-Reply-To: <20180422135210.432103639@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox <mawilcox@microsoft.com>
commit abc1be13fd113ddef5e2d807a466286b864caed3 upstream.
f2fs specifies the __GFP_ZERO flag for allocating some of its pages.
Unfortunately, the page cache also uses the mapping's GFP flags for
allocating radix tree nodes. It always masked off the __GFP_HIGHMEM
flag, and masks off __GFP_ZERO in some paths, but not all. That causes
radix tree nodes to be allocated with a NULL list_head, which causes
backtraces like:
__list_del_entry+0x30/0xd0
list_lru_del+0xac/0x1ac
page_cache_tree_insert+0xd8/0x110
The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through
if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the
innermost location, and remove it from earlier in the callchain.
Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org
Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check")
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Reported-by: Chris Fries <cfries@google.com>
Debugged-by: Minchan Kim <minchan@kernel.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/filemap.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -616,7 +616,7 @@ int replace_page_cache_page(struct page
VM_BUG_ON_PAGE(!PageLocked(new), new);
VM_BUG_ON_PAGE(new->mapping, new);
- error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
+ error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK);
if (!error) {
struct address_space *mapping = old->mapping;
void (*freepage)(struct page *);
@@ -672,7 +672,7 @@ static int __add_to_page_cache_locked(st
return error;
}
- error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM);
+ error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK);
if (error) {
if (!huge)
mem_cgroup_cancel_charge(page, memcg, false);
@@ -1247,8 +1247,7 @@ no_page:
if (fgp_flags & FGP_ACCESSED)
__SetPageReferenced(page);
- err = add_to_page_cache_lru(page, mapping, offset,
- gfp_mask & GFP_RECLAIM_MASK);
+ err = add_to_page_cache_lru(page, mapping, offset, gfp_mask);
if (unlikely(err)) {
put_page(page);
page = NULL;
@@ -1996,7 +1995,7 @@ static int page_cache_read(struct file *
if (!page)
return -ENOMEM;
- ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask & GFP_KERNEL);
+ ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask);
if (ret == 0)
ret = mapping->a_ops->readpage(file, page);
else if (ret == -EEXIST)
next prev parent reply other threads:[~2018-04-22 14:14 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-22 13:52 [PATCH 4.9 00/95] 4.9.96-stable review Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 01/95] tty: make n_tty_read() always abort if hangup is in progress Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 02/95] ubifs: Check ubifs_wbuf_sync() return code Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 03/95] ubi: fastmap: Dont flush fastmap work on detach Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 04/95] ubi: Fix error for write access Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 05/95] ubi: Reject MLC NAND Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 06/95] fs/reiserfs/journal.c: add missing resierfs_warning() arg Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 07/95] resource: fix integer overflow at reallocation Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 08/95] ipc/shm: fix use-after-free of shm file via remap_file_pages() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 09/95] mm, slab: reschedule cache_reap() on the same CPU Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 10/95] usb: musb: gadget: misplaced out of bounds check Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 11/95] usb: gadget: udc: core: update usb_ep_queue() documentation Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 12/95] ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 13/95] ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 14/95] ARM: dts: at91: sama5d4: fix pinctrl compatible string Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 15/95] spi: Fix scatterlist elements size in spi_map_buf Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 16/95] xen-netfront: Fix hang on device removal Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 17/95] regmap: Fix reversed bounds check in regmap_raw_write() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 18/95] ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 19/95] ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 20/95] USB: gadget: f_midi: fixing a possible double-free in f_midi Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 22/95] usb: dwc3: pci: Properly cleanup resource Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 23/95] smb3: Fix root directory when server returns inode number of zero Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 24/95] HID: i2c-hid: fix size check and type usage Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 25/95] powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 26/95] powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 27/95] powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 28/95] HID: Fix hid_report_len usage Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 29/95] HID: core: Fix size as type u32 Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.9 30/95] ASoC: ssm2602: Replace reg_default_raw with reg_default Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 31/95] thunderbolt: Resume control channel after hibernation image is created Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 32/95] irqchip/gic: Take lock when updating irq type Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 33/95] random: use a tighter cap in credit_entropy_bits_safe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 34/95] jbd2: if the journal is aborted then dont allow update of the log tail Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 35/95] ext4: dont update checksum of new initialized bitmaps Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 36/95] ext4: protect i_disksize update by i_data_sem in direct write path Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 37/95] ext4: add validity checks for bitmap block numbers Greg Kroah-Hartman
2018-04-22 21:54 ` Ben Hutchings
2018-04-23 6:03 ` Theodore Y. Ts'o
2018-04-23 7:13 ` Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 38/95] ext4: fail ext4_iget for root directory if unallocated Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 39/95] RDMA/ucma: Dont allow setting RDMA_OPTION_IB_PATH without an RDMA device Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 40/95] RDMA/rxe: Fix an out-of-bounds read Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 41/95] ALSA: pcm: Fix UAF at PCM release via PCM timer access Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 42/95] IB/srp: Fix srp_abort() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 43/95] IB/srp: Fix completion vector assignment algorithm Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 44/95] dmaengine: at_xdmac: fix rare residue corruption Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 45/95] libnvdimm, namespace: use a safe lookup for dimm device name Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 46/95] nfit, address-range-scrub: fix scrub in-progress reporting Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 47/95] um: Compile with modern headers Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 48/95] um: Use POSIX ucontext_t instead of struct ucontext Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 49/95] iommu/vt-d: Fix a potential memory leak Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 50/95] mmc: jz4740: Fix race condition in IRQ mask update Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 51/95] clk: mvebu: armada-38x: add support for 1866MHz variants Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 52/95] clk: mvebu: armada-38x: add support for missing clocks Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 53/95] clk: fix false-positive Wmaybe-uninitialized warning Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 54/95] clk: bcm2835: De-assert/assert PLL reset signal when appropriate Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 55/95] pwm: rcar: Fix a condition to prevent mismatch value setting to duty Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 56/95] thermal: imx: Fix race condition in imx_thermal_probe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 57/95] dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 58/95] watchdog: f71808e_wdt: Fix WD_EN register read Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 59/95] vfio/pci: Virtualize Maximum Read Request Size Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 60/95] ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 61/95] ALSA: pcm: Avoid potential races between OSS ioctls and read/write Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 62/95] ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 63/95] ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 64/95] ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 65/95] ext4: dont allow r/w mounts if metadata blocks overlap the superblock Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 66/95] drm/amdgpu: Add an ATPX quirk for hybrid laptop Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 69/95] drm/rockchip: Clear all interrupts before requesting the IRQ Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 72/95] ALSA: rawmidi: Fix missing input substream checks in compat ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 73/95] ALSA: hda - New VIA controller suppor no-snoop path Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 74/95] random: fix crng_ready() test Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 75/95] random: set up the NUMA crng instances after the CRNG is fully initialized Greg Kroah-Hartman
2018-04-22 22:28 ` Ben Hutchings
2018-04-23 7:15 ` Greg Kroah-Hartman
2018-04-23 10:21 ` Tetsuo Handa
2018-04-23 15:56 ` Theodore Y. Ts'o
2018-04-23 18:01 ` Greg KH
2018-04-26 6:04 ` Ingo Molnar
2018-04-26 6:46 ` Tetsuo Handa
2018-04-26 6:53 ` Tetsuo Handa
2018-04-26 17:29 ` Theodore Y. Ts'o
2018-04-27 9:44 ` Ingo Molnar
2018-04-23 7:21 ` Salvatore Bonaccorso
2018-04-23 18:11 ` Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 76/95] random: crng_reseed() should lock the crng instance that it is modifying Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 77/95] random: add new ioctl RNDRESEEDCRNG Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 78/95] HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 79/95] MIPS: uaccess: Add micromips clobbers to bzero invocation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 80/95] MIPS: memset.S: EVA & fault support for small_memset Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 81/95] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 82/95] MIPS: memset.S: Fix clobber of v1 in last_fixup Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 83/95] powerpc/eeh: Fix enabling bridge MMIO windows Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 84/95] powerpc/lib: Fix off-by-one in alternate feature patching Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 85/95] udf: Fix leak of UTF-16 surrogates into encoded strings Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 86/95] jffs2_kill_sb(): deal with failed allocations Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 87/95] hypfs_kill_super(): " Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 88/95] orangefs_kill_sb(): deal with allocation failures Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 89/95] rpc_pipefs: fix double-dput() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.9 90/95] Dont leak MNT_INTERNAL away from internal mounts Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.9 91/95] autofs: mount point create should honour passed in mode Greg Kroah-Hartman
2018-04-22 13:54 ` Greg Kroah-Hartman [this message]
2018-04-22 13:54 ` [PATCH 4.9 93/95] fanotify: fix logic of events on child Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.9 94/95] writeback: safer lock nesting Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.9 95/95] block/mq: fix potential deadlock during cpu hotplug Greg Kroah-Hartman
2018-04-23 9:54 ` [PATCH 4.9 00/95] 4.9.96-stable review Naresh Kamboju
2018-04-23 16:53 ` Guenter Roeck
2018-04-23 16:53 ` Naresh Kamboju
2018-04-23 16:57 ` Greg Kroah-Hartman
2018-04-23 18:01 ` Greg Kroah-Hartman
2018-04-23 22:25 ` Dan Rue
2018-04-24 7:26 ` Greg Kroah-Hartman
2018-04-24 17:23 ` Dan Rue
2018-04-24 17:35 ` Mark Brown
2018-04-24 17:46 ` Guenter Roeck
2018-04-23 18:04 ` Greg Kroah-Hartman
2018-04-24 0:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180422135214.183266218@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=cfries@google.com \
--cc=hannes@cmpxchg.org \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mawilcox@microsoft.com \
--cc=mhocko@suse.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).