Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751735AbdLWHcB (ORCPT <rfc822;w@1wt.eu>);
        Sat, 23 Dec 2017 02:32:01 -0500
Received: from mail-pl0-f45.google.com ([209.85.160.45]:39642 "EHLO
        mail-pl0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750747AbdLWHb4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 23 Dec 2017 02:31:56 -0500
X-Google-Smtp-Source: ACJfBosacSgRWkXxNIvbZXX8NZBG9nrNpzh/YaXv9bPHmahUXncX3SWKZMjxIwUuK9A71kXEoHPUYz4yFvcYEvzTGRs=
MIME-Version: 1.0
In-Reply-To: <20171223002505.593-1-aarcange@redhat.com>
References: <20171222222346.GB28786@zzz.localdomain> <20171223002505.593-1-aarcange@redhat.com>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Sat, 23 Dec 2017 08:31:35 +0100
Message-ID: <CACT4Y+av2MyJHHpPQLQ2EGyyW5vAe3i-U0pfVXshFm96t-1tBQ@mail.gmail.com>
Subject: Re: [PATCH 0/1] Re: kernel BUG at fs/userfaultfd.c:LINE!
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
        Eric Biggers <ebiggers3@gmail.com>,
        Mike Rapoport <rppt@linux.vnet.ibm.com>,
        LKML <linux-kernel@vger.kernel.org>, linux-fsdevel@vger.kernel.org,
        Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
        syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1175
Lines: 39

On Sat, Dec 23, 2017 at 1:25 AM, Andrea Arcangeli <aarcange@redhat.com> wrote:
> Hello,
>
> Thanks for the CC, I'm temporarily very busy so if there's something
> urgent, safer to CC.

Hi,

syzbot uses get_maintainer.pl and for fs/userfaultfd.c you are not
there, so if you want to be CCed please add yourself to MAINTAINERS.


> This passed both testcases, the hard part was already done. I'm glad
> there was nothing wrong in the previous fix that had to be redone.
>
> Simply we forgot to undo the vma->vm_userfaultfd_ctx = NULL after
> aborting the new child uffd ctx, the original code of course didn't do
> that either.
>
> Having just seen this issue, this isn't very well tested.
>
> Thank you,
> Andrea
>
> Andrea Arcangeli (1):
>   userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK
>     fails
>
>  fs/userfaultfd.c | 20 ++++++++++++++++++--
>  1 file changed, 18 insertions(+), 2 deletions(-)

The original report footer was stripped, so:

Please credit me with: Reported-by: syzbot <syzkaller@googlegroups.com>

and we also need to tell syzbot about the fix with:

#syz fix:
userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails