Skip to content

block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user()#773

Open
blktests-ci[bot] wants to merge 1 commit intolinus-master_basefrom
series/1085839=>linus-master
Open

block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user()#773
blktests-ci[bot] wants to merge 1 commit intolinus-master_basefrom
series/1085839=>linus-master

Conversation

@blktests-ci
Copy link
Copy Markdown

@blktests-ci blktests-ci Bot commented Apr 27, 2026

Pull request for series with
subject: block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user()
version: 4
url: https://patchwork.kernel.org/project/linux-block/list/?series=1085839

@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Apr 27, 2026

Upstream branch: dd6c438
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 857ada9 to 482ce5b Compare April 29, 2026 02:21
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Apr 29, 2026

Upstream branch: dca922e
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from 73f5584 to b0d87b0 Compare April 29, 2026 02:22
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 482ce5b to 5a9f7c7 Compare April 30, 2026 07:29
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Apr 30, 2026

Upstream branch: e75a43c
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from b0d87b0 to 6fd2b5b Compare April 30, 2026 07:31
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Apr 30, 2026

Upstream branch: e75a43c
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from 6fd2b5b to 359cdd4 Compare April 30, 2026 13:55
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 5a9f7c7 to 25a041f Compare May 3, 2026 02:07
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 3, 2026

Upstream branch: 66edb90
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from 359cdd4 to 4174caf Compare May 3, 2026 02:11
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 25a041f to 6f75bd1 Compare May 4, 2026 10:57
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 4, 2026

Upstream branch: 6d35786
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from 4174caf to b1e3935 Compare May 4, 2026 11:01
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 6f75bd1 to 1f0d33a Compare May 5, 2026 15:39
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 5, 2026

Upstream branch: 6d35786
series: https://patchwork.kernel.org/project/linux-block/list/?series=1085839
version: 4

@swkim101
block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user()
36d29e7 
pin_user_pages_fast() can partially succeed and return the number of
pages that were actually pinned. However, the bio_integrity_map_user()
does not handle this partial pinning. This leads to a general protection
fault since bvec_from_pages() dereferences an unpinned page address,
which is 0.

To fix this, add a check to verify that all requested memory is pinned.
If partial pinning occurs, unpin the memory and return -EFAULT.

Reproducer in blktest: linux-blktests/blktests#244

Kernel Oops:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 UID: 0 PID: 1061 Comm: nvme-passthroug Not tainted 7.0.0-11783-g90957f9314e8-dirty #16 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014
RIP: 0010:bio_integrity_map_user.cold+0x1b0/0x9d6

Fixes: 492c5d4 ("block: bio-integrity: directly map user buffers")
Acked-by: Chao Shi <cshi008@fiu.edu>
Acked-by: Weidong Zhu <weizhu@fiu.edu>
Acked-by: Dave Tian <daveti@purdue.edu>
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
@blktests-ci blktests-ci Bot force-pushed the series/1085839=>linus-master branch from b1e3935 to 36d29e7 Compare May 5, 2026 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

linus-master new V4-ci-fail V4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@swkim101