hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IDBKGM -------------------------------- Add mm_read_lock to avoid conflict between attach and free. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000020300acd7000 [0000000000000000] pgd=0800203008421403, p4d=0800203008421403, pud=0800203008422403, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP CPU: 107 PID: 151805 Comm: ioctl_zcopy_too Kdump: loaded Not tainted 6.6.0-f3180605d2a8 #1 Hardware name: Huawei Taishan 2280 V2/BC82AMDD, BIOS 6.57 05/17/2023 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : attach_pte_range+0x190/0x9a0 [zcopy] lr : attach_pte_range+0xd4/0x9a0 [zcopy] sp : ffff8000be8abb20 x29: ffff8000be8abb80 x28: 0000ffff90e00000 x27: ffffa651cb444d08 x26: 0400000000000001 x25: 0000000000000000 x24: ffff203017961000 x23: 0000ffff87400000 x22: 0010000000000001 x21: fffffc80c05e5840 x20: ffff2020259111d0 x19: ffffa651cb443c40 x18: ffff8000be8ab9b0 x17: 0000000000000000 x16: ffffa651e40182b0 x15: ffffffffffffffbc x14: ffffa651e8b17c58 x13: ffff20301695a000 x12: ffffa651cb444a58 x11: 0000000000000154 x10: 0000ffff91000000 x9 : ffffa651cb43e574 x8 : 0000000000000000 x7 : ffff20300758a880 x6 : 0000000000200000 x5 : ffff203008b1b438 x4 : 0000000000000001 x3 : 00000000000001da x2 : fffffc0000000000 x1 : 0000000000000000 x0 : 00000000000001da Call trace: attach_pte_range+0x190/0x9a0 [zcopy] attach_page_range+0x22c/0x618 [zcopy] attach_pages+0x2b8/0x8b8 [zcopy] zcopy_ioctl+0xe8/0x168 [zcopy] vfs_ioctl+0x3c/0xa8 __se_sys_ioctl+0x12c/0x160 __arm64_sys_ioctl+0x40/0x68 invoke_syscall+0x8c/0x1d0 el0_svc_common.constprop.0+0x64/0x1d0 do_el0_svc+0x54/0xe0 el0_slow_syscall+0x44/0x1e8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Fixes: 8d543a8e74d5 ("zcopy: Introduce the pageattach interface") Signed-off-by: Liu Mingrui <liumingrui@huawei.com> --- drivers/misc/zcopy/zcopy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/misc/zcopy/zcopy.c b/drivers/misc/zcopy/zcopy.c index f4c56ce07e66..48c0702b96e5 100644 --- a/drivers/misc/zcopy/zcopy.c +++ b/drivers/misc/zcopy/zcopy.c @@ -709,7 +709,9 @@ static int attach_pages(unsigned long dst_addr, unsigned long src_addr, } trace_attach_page_range_start(dst_mm, src_mm, dst_addr, src_addr, size); + mmap_read_lock(src_mm); ret = attach_page_range(dst_mm, src_mm, dst_addr, src_addr, size); + mmap_read_unlock(src_mm); trace_attach_page_range_end(dst_mm, src_mm, dst_addr, src_addr, ret); unpin_user_pages_dirty_lock(process_pages, pinned_pages, 0); -- 2.25.1