mm/mempolicy: Allow lookup_node() to handle fatal signal

lookup_node() uses gup to pin the page and get node information. It checks against ret>=0 assuming the page will be filled in. However it's also possible that gup will return zero, for example, when the thread is quickly killed with a fatal signal. Teach lookup_node() to gracefully return an error -EFAULT if it happens. Reported-by: syzbot+693dc11fcb53120b5559@syzkaller.appspotmail.com Fixes: 4426e94 ("mm/gup: allow VM_FAULT_RETRY for multiple times") Signed-off-by: Peter Xu <peterx@redhat.com>
xzpeter · Apr 7, 2020 · 23800bf · 23800bf
1 parent 7e63420
commit 23800bf
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
@@ -902,7 +902,10 @@ static int lookup_node(struct mm_struct *mm, unsigned long addr)
 
 	int locked = 1;
 	err = get_user_pages_locked(addr & PAGE_MASK, 1, 0, &p, &locked);
-	if (err >= 0) {
+	if (err == 0) {
+		/* E.g. GUP interupted by fatal signal */
+		err = -EFAULT;
+	} else if (err > 0) {
 		err = page_to_nid(p);
 		put_page(p);
 	}