mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-01 00:58:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/arch/arm
History
Qi Zheng a564ccfe30 arm: pgtable: fix NULL pointer dereference issue 
When update_mmu_cache_range() is called by update_mmu_cache(), the vmf
parameter is NULL, which will cause a NULL pointer dereference issue in
adjust_pte():

Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read
Hardware name: Atmel AT91SAM9
PC is at update_mmu_cache_range+0x1e0/0x278
LR is at pte_offset_map_rw_nolock+0x18/0x2c
Call trace:
 update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec
 remove_migration_pte from rmap_walk_file+0xcc/0x130
 rmap_walk_file from remove_migration_ptes+0x90/0xa4
 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858
 migrate_pages_batch from migrate_pages+0x188/0x488
 migrate_pages from compact_zone+0x56c/0x954
 compact_zone from compact_node+0x90/0xf0
 compact_node from kcompactd+0x1d4/0x204
 kcompactd from kthread+0x120/0x12c
 kthread from ret_from_fork+0x14/0x38
Exception stack(0xc0d8bfb0 to 0xc0d8bff8)

To fix it, do not rely on whether 'ptl' is equal to decide whether to hold
the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is
enabled.  In addition, if two vmas map to the same PTE page, there is no
need to hold the pte lock again, otherwise a deadlock will occur.  Just
add the need_lock parameter to let adjust_pte() know this information.

Link: https://lkml.kernel.org/r/20250217024924.57996-1-zhengqi.arch@bytedance.com
Fixes: fc9c45b71f ("arm: adjust_pte() use pte_offset_map_rw_nolock()")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Reported-by: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0cLkHEQ@mail.gmail.com/
Acked-by: David Hildenbrand <david@redhat.com>
Tested-by: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: Qi Zheng <zhengqi.arch@bytedance.com>
Cc: Russel King <linux@armlinux.org.uk>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-03-05 21:36:12 -08:00
..
boot soc: devicetree changes for 6.14 2025-01-24 14:48:03 -08:00
common arm/bL_switcher: Use kthread_run_on_cpu() 2024-12-09 12:12:41 +01:00
configs soc: defconfig updates for 6.14 2025-01-24 15:03:53 -08:00
crypto arm/crc-t10dif: expose CRC-T10DIF function through lib 2024-12-01 17:23:13 -08:00
include Driver core and debugfs updates 2025-01-28 12:25:12 -08:00
kernel treewide: const qualify ctl_tables where applicable 2025-01-28 13:48:37 +01:00
lib arm/crc-t10dif: expose CRC-T10DIF function through lib 2024-12-01 17:23:13 -08:00
mach-actions
mach-alpine ARM: 9403/1: Alpine: Spelling s/initialiing/initializing/ 2024-06-10 12:01:32 +01:00
mach-artpec
mach-aspeed
mach-at91 ARM: at91: add new SoC sama7d65 2025-01-02 12:30:01 +02:00
mach-axxia
mach-bcm ARM: bcm: brcmstb: Drop custom init_irq callback 2024-10-08 15:02:31 -07:00
mach-berlin
mach-clps711x
mach-davinci ARM: davinci: remove unused cpuidle code 2024-08-19 09:38:54 +02:00
mach-digicolor
mach-dove ARM: dove: Drop a write-only variable 2024-09-02 16:11:28 +02:00
mach-ep93xx ARM: ep93xx: delete all boardfiles 2024-09-12 14:33:12 +00:00
mach-exynos
mach-footbridge
mach-gemini
mach-highbank
mach-hisi
mach-hpe
mach-imx Pin control fixes for the v6.13 series: 2025-01-03 10:57:57 -08:00
mach-ixp4xx
mach-keystone
mach-lpc18xx
mach-lpc32xx dmaengine: Add dma router for pl08x in LPC32XX SoC 2024-08-29 22:54:11 +05:30
mach-mediatek
mach-meson
mach-milbeaut
mach-mmp
mach-mstar
mach-mv78xx0
mach-mvebu ARM: mvebu: Warn about memory chunks too small for DDR training 2024-09-02 14:34:58 +02:00
mach-mxs
mach-nomadik
mach-npcm
mach-omap1 soc: omap: minor updates for v6.14 2025-01-16 16:54:54 +01:00
mach-omap2 ARM: OMAP2+: Fix a typo 2024-12-06 12:55:24 -08:00
mach-orion5x ARM: orion5x: Switch to new sys-off handler API 2024-09-02 14:42:52 +02:00
mach-pxa arm: pxa: convert timeouts to use secs_to_jiffies() 2025-01-12 20:21:01 -08:00
mach-qcom
mach-realtek
mach-rockchip
mach-rpc ARM: riscpc: make ecard_bus_type constant 2025-01-10 15:42:06 +01:00
mach-s3c ARM: s3c: remove unused s3c2410_cpu_suspend() declaration 2024-08-19 21:54:23 +02:00
mach-s5pv210
mach-sa1100 Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
mach-shmobile
mach-socfpga
mach-spear
mach-sti
mach-stm32 ARM: stm32: Allow build irq-stm32mp-exti driver as module 2024-06-24 00:16:43 +02:00
mach-sunxi
mach-tegra ARM: tegra: paz00: Use software nodes to describe GPIOs for WiFi rfkill 2024-06-28 17:52:16 +02:00
mach-ux500
mach-versatile soc: driver updates for 6.12 2024-09-17 10:48:09 +02:00
mach-vt8500
mach-zynq ARM: zynq: Remove unused zynq_slcr_init() declaration 2024-10-02 09:13:08 +02:00
mm arm: pgtable: fix NULL pointer dereference issue 2025-03-05 21:36:12 -08:00
net
nwfpe
plat-orion
probes asm-generic: introduce text-patching.h 2024-11-07 14:25:15 -08:00
tools fs/xattr: add *at family syscalls 2024-11-06 12:59:44 -05:00
vdso ARM: vdso: Remove assembly for datapage access 2024-11-02 12:37:33 +01:00
vfp ARM: 9438/1: assembler: Drop obsolete VFP accessor fallback 2025-01-14 12:29:25 +00:00
xen xen/arm: Convert comma to semicolon 2024-07-11 08:48:28 +02:00
Kbuild
Kconfig ARM updates for 6.14-rc1 2025-01-27 08:50:19 -08:00
Kconfig-nommu
Kconfig.debug ARM: bcm: Support BCMBCA debug UART 2024-10-08 15:02:31 -07:00
Kconfig.platforms
Makefile kbuild: add $(objtree)/ prefix to some in-kernel build artifacts 2024-11-27 09:38:27 +09:00