Re: [PATCH v6.13] fs/netfs/read_pgpriv2: skip folio queues without `marks3`

14 Feb 2025


      Max Kellermann max.kellermann@ionos.com wrote:
...
At the beginning of the function, folio queues with marks3==0 are
skipped, but after that, the `marks3` field is ignored.  If one such
queue is found, `slot` is set to 64 (because `__ffs(0)==64`), leading
to a buffer overflow in the folioq_folio() call.  The resulting crash
may look like this:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
Cc: stable@vger.kernel.org
Signed-off-by: Max Kellermann max.kellermann@ionos.com
Signed-off-by: David Howells dhowells@redhat.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH v6.13] fs/netfs/read_pgpriv2: skip folio queues without `marks3`