From patchwork Mon Dec 16 04:27:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leo Stone X-Patchwork-Id: 13909243 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6C85E7717F for ; Mon, 16 Dec 2024 04:28:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6131B6B007B; Sun, 15 Dec 2024 23:28:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C2C46B0082; Sun, 15 Dec 2024 23:28:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48A206B0085; Sun, 15 Dec 2024 23:28:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 29EDA6B007B for ; Sun, 15 Dec 2024 23:28:12 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 97D151604FD for ; Mon, 16 Dec 2024 04:28:11 +0000 (UTC) X-FDA: 82899538638.08.37D2B8B Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by imf04.hostedemail.com (Postfix) with ESMTP id 61FFB40002 for ; Mon, 16 Dec 2024 04:27:39 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=d3sndiBW; spf=pass (imf04.hostedemail.com: domain of leocstone@gmail.com designates 209.85.210.174 as permitted sender) smtp.mailfrom=leocstone@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734323267; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=x8PAyjFcZGByeGgroFAmAlnKKULPV8OwTO0JUO/nkbU=; b=HJ93KX6Ne/Na04fsUpI2iS3b6YoWuHOujumP2tga6JZnCXk2jpxqo8gqVrAM5zbIlzV4NA 9Krh7QC6kKDfW6kKT85ZtUQ8d7vOSiEDQvDpq15nPW16xAAM61VQqiAKjKNRtGG+P0tn8K uRWJ53IXYoG7e/oRkRx0pij9M/eskD4= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=d3sndiBW; spf=pass (imf04.hostedemail.com: domain of leocstone@gmail.com designates 209.85.210.174 as permitted sender) smtp.mailfrom=leocstone@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734323267; a=rsa-sha256; cv=none; b=b+d0EuXdHcxksjmA22qyA8X6Xb53piGU96HLYktYWIjoNbyA0hbU2euFjemlqSInVlLpCL Q2Q2Vc9Szwjowm6pDVcbyG6lO9AM6du0XpplqQdINnVGVMuGiVhHj9V5XdAn1a+rGuX1eO K8qzU01+gTc/82wkCPPQVh6QtlVRJmA= Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-725e71a11f7so3403235b3a.1 for ; Sun, 15 Dec 2024 20:28:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734323288; x=1734928088; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x8PAyjFcZGByeGgroFAmAlnKKULPV8OwTO0JUO/nkbU=; b=d3sndiBWSdSH8b/hoS5c/8pjLPOPEYFCngueFJ/lzCHHtd71mp9txFMrDAdINsJbiX J2UqUDn0fFEqm6P0s4+dHuSaGj3eiolNrL0+XF3Nxb6PGouUJrTPaotdERt2ZPrjH9TN 2vVtMTajARnP/T3fejTvSqvyUMDKxh6L7KowTkUGo7GLM0Q68YQxfXJjGCTMgdRPSfSX hMlK395yw/JJoWKlBXdLmZMtITQB+pklhCEAwBCb+ub/j8iMgaFt/PNYEA4qrey6HvmX JDGoBUn5KHdwbCaz9qVnAWVAABYOX+3K+rPwbsfr4qyLX+gnFvP+iwT/PGd/NEOzCDu4 q9rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734323288; x=1734928088; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x8PAyjFcZGByeGgroFAmAlnKKULPV8OwTO0JUO/nkbU=; b=X9iMEG8VuKSLnDa7TmJop/JffL3K5oCwTACwcHlcEClz1eorDTpu/Ij8kF9IS5fRz+ TTgrd3zpItpiyOX4/aHLgF7K4ZIds2SkTA6qEXuEgQsrTsYDpRsMkWBpA6YzVw4bEcRg l9CMo86/TdIW8SCdAfIrG+OTbBhQ5qNQFZJXM0AhQwFi1g7as1WTifm4qr2LrhlDh8AT ic0p+cToelolPRrKVOzowooO8BSC/GuG5+0SxKUdc4kVyaXIEWpeIof7aJBc1UlvZD9c KeD+BHMKlqQCQKEWVGXzvMsRXSgB1jNn4PliTG4zHhtb9n9Uf5nMYqjVS+RqKTtcsOnV RKcA== X-Forwarded-Encrypted: i=1; AJvYcCWuMRffdG2IGyMd/9KRO67xxWwyc5J5/X1/Ue9IewDphrAf+tq3vFkAZB86leDKlKG4thtv4NSyQw==@kvack.org X-Gm-Message-State: AOJu0YzCCWEeP6z/mKpmdfvjNuVH97KaWPkH/wS76coQK10nXKhhZNUF qy4W6vKf6OYHFB5Z06JhCYoUYHEQ2va1rvx5hN+rGsJtdBWYWCogDMNQexRSgLM= X-Gm-Gg: ASbGnctoc9RspgnBW+BGLrwolymZF83nQgaSCPMuGOppjqCZ3zt6Fsn9x17dzxEcDy5 0UOSvULr/RZKrxX42iXOHIz3S2kwBs4gBHHyDMSiEIhNnhhiqt+RJw5PYzRetjB8PimK/YiZMS4 2TjkohwtZHEnGd6LCgYqvsAvV654FUFictJM1WIzsgbV88pPc/L7nLBnh8fxl1AlN9G/xQIs/ra p5X3mf1wbaJyCC3PMZUDvc94T7/Tk7xCKSB2dza7NdKT78At2otdGMf70U4de+mAKlNNpjN X-Google-Smtp-Source: AGHT+IGjPyHsxQ2p9c3zKUXvfwTUxeawyLtiZdMgNQsxxMtHwGqczElpqkW4otHVm3mrSHUR0YRM2w== X-Received: by 2002:a05:6a20:c99a:b0:1e0:cc01:43da with SMTP id adf61e73a8af0-1e1dfdcf315mr16186945637.0.1734323288372; Sun, 15 Dec 2024 20:28:08 -0800 (PST) Received: from tc.hsd1.or.comcast.net ([2601:1c2:c104:170:d782:c275:5ae5:7e7b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72918baf6c0sm3731852b3a.166.2024.12.15.20.28.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Dec 2024 20:28:08 -0800 (PST) From: Leo Stone To: syzbot+8a3da2f1bbf59227c289@syzkaller.appspotmail.com Cc: Leo Stone , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] mm: huge_memory: Handle strsep not finding delimiter Date: Sun, 15 Dec 2024 20:27:51 -0800 Message-ID: <20241216042752.257090-2-leocstone@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <675fa124.050a0220.37aaf.0113.GAE@google.com> References: <675fa124.050a0220.37aaf.0113.GAE@google.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 61FFB40002 X-Rspamd-Server: rspam12 X-Stat-Signature: g548n4s9fs43xib53h1c3bagn68mcb3o X-Rspam-User: X-HE-Tag: 1734323259-370149 X-HE-Meta: U2FsdGVkX1/S1NCP1IoH8EZp4yCd6kgJ7PNPe8jHHXw7NXz11QRfT4hZfRTmWNDxLUV5WTuatOx7/8E4Ev0upd1D/NEG8dLQADRi8VonlIMXvoy3uLmSsOGMtAUz6vN8qkLGvaCz2CXTUAMXdWobWx6COz+8DcPX9k+bzHmJRnNWePacT7Zak5DuVzGRuM+YFt1b/vrnqKpXQW6MM8sFETIc+Ir51GGYdFQi9y7Gr4nqihbv+MVdqver0GjUTUaSZZaaRraGGTB3c00qE0fiRioYqrckDa7ceuN6oqbudzSPfAhp89in0MvXm+/xMKM4A3f+lAoMAR0N9LP07abPDT7BaTMUMmpV1Pk0tun1EsZDjv/B4+n5AwSzlwOazV9UTSL5sxKkC4osQKQssdsG2X9xC87P7sp+I2iJxOIjUoqK0ziADoPx2sOcPZVDmz+LTlKhD2CiQpmIiza7Ubu0e0G9jTx9a6UFN5R3LqsAVPd4gW0+oY0m/jlqzeiiam7Y8MsssI4nd8EpakDBXdUAyiNxjgr36a5Fx6Gt4yRwZvw/XxqBeZCYwXy/hNg8SviF4SAc6+6rnsPssa+Mi0AbaMgUYG6EzrtIm0zZmsxGGezybQFPHk5l94HXi5n+KH8x54tuMCCLOFWHOXp9MagA7byNvTBPnzYiSlmKicCsT9m52nXSYg3whMNc5s8z1EYSaE/DTcCfA+zRspPNQ9Kbk+BfIgIjGfrI2VBucUcIMuTT3gZUzUdLHMC2yc8uS+O/pu13Ey69QUparP8gunLTTwCdkb1GQtM24K8ffmRyAyPj2dtngRm1In1IaHYiSJWk8BpHVD2jz34s496ctWdfnLTE/jrdi9E4qSWyXsdukvokIFRDr3KPS2UCO4HtxWEGBkUdg0JSdwC7sHl+OUZxOmqLmRlr7+4RS4++50HuT7iR0jtM/pySxqfoicgwqls7oBxtcUXOQtIrEREpDrQ Hns52nuX w45K7l6/KwJnm+vu3xo0089sju6o6tbSmN9K/nK3jgcUMh+kxesPoBpOc8RgkPZy0cT5EXLgNKXP0faDrizEd8hWBrL5P4f26BPd6vCN5+w2Jc37liOd0K+riT+P/9ZvQv5/jc0pGKy+fiQxvj0Jm9I1JgEokSX9hugnY+5wrBSBsscnPaTmd9VhZouryq1eLROGu8W3J2YspE/HtIGthPACUSQNxSfF1HdKZtYjIg3A9l7OVFo9YOqixPN5SY18zDIcJ68Ionj7Ew0hOg92J49+6k36ymI/v/GVDvnnnAP3O9SkVsEq+8xs5Ykp6zaVPF/6p/xz+0CvOqKckuyK5/t599SNbxSdWyX7rRmRSgOrDNz9DKARWMGsx1l62jXZIvwhntok72LXlR61RQOIt7rOHTxXlzAM3S+xuE7c2QN5aQF0AwhCpCsDZ8pn7pcbK/MbE+coP2SIKfRoT0ZkufrKKedVAFFMFE0JyyHP6H2WxpSddJn3Egp5bTjPbcBPqQKK9rQXxhIotJBLe/lWt9vTpeSSJaqFUCB67MUcMcgn43jkKoVY2QaNOPA5dr+Nv+d+wjax1xxBvPF3jHUY2FFITMwDb4oLFeWDZObzR9Eg0g1DZ5KSV1/q3YrE1QTBgjnCmed7iIVb7W4s= X-Bogosity: Ham, tests=bogofilter, spamicity=0.231761, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: split_huge_pages_write does not handle the case where strsep finds no delimiter in the given string and sets the input buffer to NULL, which allows this reproducer to trigger a protection fault. Reported-by: syzbot+8a3da2f1bbf59227c289@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=8a3da2f1bbf59227c289 Signed-off-by: Leo Stone Signed-off-by: Andrew Morton --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index ee335d96fc39..361319f749f0 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -4168,7 +4168,7 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, size_t input_len = strlen(input_buf); tok = strsep(&buf, ","); - if (tok) { + if (tok && buf) { strscpy(file_path, tok); } else { ret = -EINVAL;