Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp670831ybk; Wed, 13 May 2020 09:58:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzuvsxKytH3fChwFHA2jjehUcGKpj+78v6Cce1Pd96tQI71j3upERV/mJO+VyOrepNb2ZLV X-Received: by 2002:a17:906:278e:: with SMTP id j14mr7607515ejc.270.1589389095149; Wed, 13 May 2020 09:58:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589389095; cv=none; d=google.com; s=arc-20160816; b=vy4czGYKBElcH2Nqm+d1I4iOMHE/JfG2gYufrrYffz0kY3WrRniR3LeJUtJdTU1CEA 8zF3SuyonqFDqAsB8F4K9RgE2l1KYWnt9QdBaV70jAYuraqdCFfcmyW3g2Z5+wj5KlVp UBLfM5E96Mv+Uy9TARpJUmjLMu+AqPCX0jM38cHBK248ddR0cfEj5C4VxMGUoTbZ6KtK OsKVXWNouczPuT1/6fvzqdZ6jJY8oGYwVTXsOfCWI8lPPWMzwH9F03kVdEn4X5hEI2sM lfvOW6fNF8jb/7DlFcpzfVL1ydsrdU9iTkfXBVYrCWptECg3xq40H9VeUk6kSBr7Jti2 Bkvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=9JYYbgDYR/mpbcBqV5cdNMyQUjvKudTBnj//nm8TYYQ=; b=qqLSTcO/j3H1eubGlVqkGsmiW8m/ZT+3wnQV6B0DNzXQ7cEFlufXRXJ8x2kF5g/ob7 4X2ijlgygNWixT3mUsf7f8yYCSVW9NfH/EPCN6m0v+O+rlMyRvHwLM66Ei1QQdPpkaWR SEuBH7Y7Q9tJxO5rlKUlD7GBHMxOXy58o7TemtOHb8o8jBYGZQschN9SYqWMabgp6xZw /expOEbG89eNAno2SDbdrFJSvTO4xYPLZCGEtgbSR7iVw70VzdHKQKPu2bVWUm8GUwFd 7hp8Wycq+tIVMYyPCgsIEGWeUelFD0pTOMpZ6PRWPZadoTuS+dH8LJ1Du+O0iI7TepXp 8SXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="u23wU6O/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c22si79424eds.427.2020.05.13.09.57.50; Wed, 13 May 2020 09:58:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="u23wU6O/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389715AbgEMQzn (ORCPT + 99 others); Wed, 13 May 2020 12:55:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:57032 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727120AbgEMQzn (ORCPT ); Wed, 13 May 2020 12:55:43 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C22DB20671; Wed, 13 May 2020 16:55:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589388943; bh=gsslFp9rqxz7ytfQkPA8wdKTwKbLEePk9J96wly+SWk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=u23wU6O/t5VjgR1swjr7WLWTBzPMow6KnFETB1dL7r+xziGuStYskJssLLALqnwfu jwtPb9MNzzUs8jgS+/sOuVleshkeqqCHHVxPtsS5l3jriIiTHEFc/Un9gq4I/uJgZp 1TThkwzIt6ngumq8AbPDynG85032Y0LAMcA9cd0Y= Date: Wed, 13 May 2020 18:55:40 +0200 From: Greg KH To: Hillf Danton , Thomas Gleixner Cc: syzbot , bp@alien8.de, dave.hansen@linux.intel.com, dmitry.torokhov@gmail.com, ebiederm@xmission.com, hpa@zytor.com, jeremy.linton@arm.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, luto@kernel.org, mingo@redhat.com, peterz@infradead.org, stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com, x86@kernel.org Subject: Re: WARNING in memtype_reserve Message-ID: <20200513165540.GA1366700@kroah.com> References: <000000000000f0d8d205a531f1a3@google.com> <20200509074507.GC1831917@kroah.com> <87wo5l4ecm.fsf@nanos.tec.linutronix.de> <20200513124445.GA1082735@kroah.com> <87zhab249p.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87zhab249p.fsf@nanos.tec.linutronix.de> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 13, 2020 at 06:22:58PM +0200, Thomas Gleixner wrote: > Greg KH writes: > > On Sat, May 09, 2020 at 12:00:57PM +0200, Thomas Gleixner wrote: > >> Greg KH writes: > >> > On Sat, May 09, 2020 at 12:20:14AM -0700, syzbot wrote: > >> >> memtype_reserve failed: [mem 0xffffffffff000-0x00008fff], req write-back > >> >> WARNING: CPU: 1 PID: 7025 at arch/x86/mm/pat/memtype.c:589 memtype_reserve+0x69f/0x820 arch/x86/mm/pat/memtype.c:589 > >> > > >> > So should memtype_reserve() not do a WARN if given invalid parameters as > >> > it can be triggered by userspace requests? > >> > > >> > A normal "invalid request" debug line is probably all that is needed, > >> > right? > >> > >> I disagree. The callsite espcially if user space triggerable should not > >> attempt to ask for a reservation where start > end: > >> > >> >> memtype_reserve failed: [mem 0xffffffffff000-0x00008fff], req write-back > >> > >> The real question is which part of the call chain is responsible for > >> this. That needs to be fixed. > > > > This is caused by 2bef9aed6f0e ("usb: usbfs: correct kernel->user page > > attribute mismatch") which changed a call to remap_pfn_range() to > > dma_mmap_coherent(). Looks like the error checking in remap_pfn_range() > > handled the invalid options better than dma_mma_coherent() when odd > > values are passed in. > > > > We can add the check to dma_mmap_coherent(), again, but really, this > > type of check should probably only be needed in one place to ensure we > > always get it correct, right? > > That might be correct for this particular call chain, but this check > really is the last defense before stuff goes down the drain. None of the > last line functions should ever be reached with crappy arguments. Looking at the other callers of dma_mmap_coherent(), it looks like this needs to be done in that function, as other drivers are passing in "raw" data as well. So Hillf's patch is probably the best one. Hillf, can you resend it in a format we can apply it in and have syzbot test? thanks, greg k-h