Re: [syzbot] [mm?] WARNING in try_grab_page

From: David Howells
Date: Tue Jul 25 2023 - 05:32:39 EST

Next message: Robert Lee: "[PATCH] ALSA: compress: add opus codec define"
Previous message: Takashi Iwai: "Re: [PATCH v4 31/32] sound: usb: card: Allow for rediscovery of connected USB SND devices"
In reply to: Sven Schnelle: "Re: [syzbot] [mm?] WARNING in try_grab_page"
Next in thread: David Howells: "Re: [syzbot] [mm?] WARNING in try_grab_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sven Schnelle <svens@xxxxxxxxxxxxx> wrote:

>
> I looked into this issue. What syzkaller is doing is opening an AF_ALG
> socket, and sending a large message which will eventually end in -EFAULT.
> Looking at the code in crypto/algif_hash.c i see that hash_sendmsg is
> calling extract_iter_to_sg() -> extract_user_to_sg(). In the -EFAULT
> case, this function is calling put_page(), which looks like a leftover
> from the old pinning interface. I think this should be a
> unpin_user_page() call now.
>
> However, hash_sendmsg() also unpins via af_alg_free_sg() in the error
> path. From an API perspective, i would prefer if extract_user_to_sg()
> does the unpinning on error. Any thoughts?

Good catch, thanks. I'll whip up a patch or two for it.

David

Next message: Robert Lee: "[PATCH] ALSA: compress: add opus codec define"
Previous message: Takashi Iwai: "Re: [PATCH v4 31/32] sound: usb: card: Allow for rediscovery of connected USB SND devices"
In reply to: Sven Schnelle: "Re: [syzbot] [mm?] WARNING in try_grab_page"
Next in thread: David Howells: "Re: [syzbot] [mm?] WARNING in try_grab_page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]