* [PATCH] mm: Fix potential NULL pointer dereference
@ 2013-07-24 3:48 Libin
2013-07-24 4:22 ` Wanpeng Li
` (5 more replies)
0 siblings, 6 replies; 13+ messages in thread
From: Libin @ 2013-07-24 3:48 UTC (permalink / raw)
To: linux-mm; +Cc: akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
find_vma may return NULL, thus check the return
value to avoid NULL pointer dereference.
Signed-off-by: Libin <huawei.libin@huawei.com>
---
mm/huge_memory.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 243e710..d4423f4 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
goto out;
vma = find_vma(mm, address);
+ if (!vma)
+ goto out;
hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
hend = vma->vm_end & HPAGE_PMD_MASK;
if (address < hstart || address + HPAGE_PMD_SIZE > hend)
--
1.8.2.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
2013-07-24 4:22 ` Wanpeng Li
@ 2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
2013-07-24 11:48 ` Kirill A. Shutemov
` (3 subsequent siblings)
5 siblings, 2 replies; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 4:22 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>find_vma may return NULL, thus check the return
>value to avoid NULL pointer dereference.
>
When can this happen since down_read(&mm->mmap_sem) is held?
>Signed-off-by: Libin <huawei.libin@huawei.com>
>---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>index 243e710..d4423f4 100644
>--- a/mm/huge_memory.c
>+++ b/mm/huge_memory.c
>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
>+ if (!vma)
>+ goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>--
>1.8.2.1
>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
@ 2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:22 ` Wanpeng Li
` (4 subsequent siblings)
5 siblings, 0 replies; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 4:22 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>find_vma may return NULL, thus check the return
>value to avoid NULL pointer dereference.
>
When can this happen since down_read(&mm->mmap_sem) is held?
>Signed-off-by: Libin <huawei.libin@huawei.com>
>---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>index 243e710..d4423f4 100644
>--- a/mm/huge_memory.c
>+++ b/mm/huge_memory.c
>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
>+ if (!vma)
>+ goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>--
>1.8.2.1
>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
@ 2013-07-24 4:35 ` Wanpeng Li
2013-07-26 1:16 ` Libin
1 sibling, 1 reply; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 4:35 UTC (permalink / raw)
To: Wanpeng Li
Cc: Libin, linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong,
wujianguo
On Wed, Jul 24, 2013 at 12:22:08PM +0800, Wanpeng Li wrote:
>On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>>find_vma may return NULL, thus check the return
>>value to avoid NULL pointer dereference.
>>
>
>When can this happen since down_read(&mm->mmap_sem) is held?
>
Between mmap_sem read lock released and write lock held I think.
>>Signed-off-by: Libin <huawei.libin@huawei.com>
>>---
>> mm/huge_memory.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>>index 243e710..d4423f4 100644
>>--- a/mm/huge_memory.c
>>+++ b/mm/huge_memory.c
>>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
>> goto out;
>>
>> vma = find_vma(mm, address);
>>+ if (!vma)
>>+ goto out;
>> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
>> hend = vma->vm_end & HPAGE_PMD_MASK;
>> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>>--
>>1.8.2.1
>>
>>
>>--
>>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>the body to majordomo@kvack.org. For more info on Linux MM,
>>see: http://www.linux-mm.org/ .
>>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 4:22 ` Wanpeng Li
@ 2013-07-24 4:35 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
1 sibling, 0 replies; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 4:35 UTC (permalink / raw)
To: Wanpeng Li
Cc: Libin, linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong,
wujianguo
On Wed, Jul 24, 2013 at 12:22:08PM +0800, Wanpeng Li wrote:
>On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>>find_vma may return NULL, thus check the return
>>value to avoid NULL pointer dereference.
>>
>
>When can this happen since down_read(&mm->mmap_sem) is held?
>
Between mmap_sem read lock released and write lock held I think.
>>Signed-off-by: Libin <huawei.libin@huawei.com>
>>---
>> mm/huge_memory.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>>index 243e710..d4423f4 100644
>>--- a/mm/huge_memory.c
>>+++ b/mm/huge_memory.c
>>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
>> goto out;
>>
>> vma = find_vma(mm, address);
>>+ if (!vma)
>>+ goto out;
>> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
>> hend = vma->vm_end & HPAGE_PMD_MASK;
>> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>>--
>>1.8.2.1
>>
>>
>>--
>>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>the body to majordomo@kvack.org. For more info on Linux MM,
>>see: http://www.linux-mm.org/ .
>>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:22 ` Wanpeng Li
@ 2013-07-24 11:48 ` Kirill A. Shutemov
2013-07-25 0:52 ` Libin
2013-07-24 23:32 ` Wanpeng Li
` (2 subsequent siblings)
5 siblings, 1 reply; 13+ messages in thread
From: Kirill A. Shutemov @ 2013-07-24 11:48 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
Libin wrote:
> find_vma may return NULL, thus check the return
> value to avoid NULL pointer dereference.
>
> Signed-off-by: Libin <huawei.libin@huawei.com>
Looks correct to me.
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Have you ever triggered the race or just found it by reading the code?
I wounder if it's subject for stable@.
> ---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 243e710..d4423f4 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
> + if (!vma)
> + goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
> --
> 1.8.2.1
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
` (3 preceding siblings ...)
2013-07-24 23:32 ` Wanpeng Li
@ 2013-07-24 23:32 ` Wanpeng Li
2013-07-25 14:01 ` Michal Hocko
5 siblings, 0 replies; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 23:32 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>find_vma may return NULL, thus check the return
>value to avoid NULL pointer dereference.
>
Reviewed-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
>Signed-off-by: Libin <huawei.libin@huawei.com>
>---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>index 243e710..d4423f4 100644
>--- a/mm/huge_memory.c
>+++ b/mm/huge_memory.c
>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
>+ if (!vma)
>+ goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>--
>1.8.2.1
>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
` (2 preceding siblings ...)
2013-07-24 11:48 ` Kirill A. Shutemov
@ 2013-07-24 23:32 ` Wanpeng Li
2013-07-24 23:32 ` Wanpeng Li
2013-07-25 14:01 ` Michal Hocko
5 siblings, 0 replies; 13+ messages in thread
From: Wanpeng Li @ 2013-07-24 23:32 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>find_vma may return NULL, thus check the return
>value to avoid NULL pointer dereference.
>
Reviewed-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
>Signed-off-by: Libin <huawei.libin@huawei.com>
>---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>index 243e710..d4423f4 100644
>--- a/mm/huge_memory.c
>+++ b/mm/huge_memory.c
>@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
>+ if (!vma)
>+ goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>--
>1.8.2.1
>
>
>--
>To unsubscribe, send a message with 'unsubscribe linux-mm' in
>the body to majordomo@kvack.org. For more info on Linux MM,
>see: http://www.linux-mm.org/ .
>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 11:48 ` Kirill A. Shutemov
@ 2013-07-25 0:52 ` Libin
0 siblings, 0 replies; 13+ messages in thread
From: Libin @ 2013-07-25 0:52 UTC (permalink / raw)
To: Kirill A. Shutemov; +Cc: linux-mm, akpm, mgorman, xiaoguangrong, wujianguo
On 2013/7/24 19:48, Kirill A. Shutemov wrote:
> Libin wrote:
>> find_vma may return NULL, thus check the return
>> value to avoid NULL pointer dereference.
>>
>> Signed-off-by: Libin <huawei.libin@huawei.com>
>
> Looks correct to me.
>
> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
>
> Have you ever triggered the race or just found it by reading the code?
> I wounder if it's subject for stable@.
>
I had not triggered the bug, although it is a small probability but it looks
likely to occur.
Thanks!
Libin.
>> ---
>> mm/huge_memory.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 243e710..d4423f4 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
>> goto out;
>>
>> vma = find_vma(mm, address);
>> + if (!vma)
>> + goto out;
>> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
>> hend = vma->vm_end & HPAGE_PMD_MASK;
>> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>> --
>> 1.8.2.1
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
` (4 preceding siblings ...)
2013-07-24 23:32 ` Wanpeng Li
@ 2013-07-25 14:01 ` Michal Hocko
2013-07-26 2:00 ` Libin
5 siblings, 1 reply; 13+ messages in thread
From: Michal Hocko @ 2013-07-25 14:01 UTC (permalink / raw)
To: Libin; +Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On Wed 24-07-13 11:48:19, Libin wrote:
> find_vma may return NULL, thus check the return
> value to avoid NULL pointer dereference.
Please add a note that the check matters only because
khugepaged_alloc_page drops mmap_sem.
> Signed-off-by: Libin <huawei.libin@huawei.com>
Other than that
Reviewed-by: Michal Hocko <mhocko@suse.cz>
+ I guess this is worth backporting to the stable trees. This goes back
to when khugepaged was introduced AFAICS.
> ---
> mm/huge_memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 243e710..d4423f4 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
> goto out;
>
> vma = find_vma(mm, address);
> + if (!vma)
> + goto out;
> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
> hend = vma->vm_end & HPAGE_PMD_MASK;
> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
> --
> 1.8.2.1
>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-24 4:35 ` Wanpeng Li
@ 2013-07-26 1:16 ` Libin
0 siblings, 0 replies; 13+ messages in thread
From: Libin @ 2013-07-26 1:16 UTC (permalink / raw)
To: Wanpeng Li
Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On 2013/7/24 12:35, Wanpeng Li wrote:
> On Wed, Jul 24, 2013 at 12:22:08PM +0800, Wanpeng Li wrote:
>> On Wed, Jul 24, 2013 at 11:48:19AM +0800, Libin wrote:
>>> find_vma may return NULL, thus check the return
>>> value to avoid NULL pointer dereference.
>>>
>>
>> When can this happen since down_read(&mm->mmap_sem) is held?
>>
>
> Between mmap_sem read lock released and write lock held I think.
>
Yes, In khugepaged_alloc_page mmap_sem read lock was released.
Thanks for your reply.
Libin.
>>> Signed-off-by: Libin <huawei.libin@huawei.com>
>>> ---
>>> mm/huge_memory.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>>> index 243e710..d4423f4 100644
>>> --- a/mm/huge_memory.c
>>> +++ b/mm/huge_memory.c
>>> @@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
>>> goto out;
>>>
>>> vma = find_vma(mm, address);
>>> + if (!vma)
>>> + goto out;
>>> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
>>> hend = vma->vm_end & HPAGE_PMD_MASK;
>>> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>>> --
>>> 1.8.2.1
>>>
>>>
>>> --
>>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>> the body to majordomo@kvack.org. For more info on Linux MM,
>>> see: http://www.linux-mm.org/ .
>>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@kvack.org. For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
>
> .
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] mm: Fix potential NULL pointer dereference
2013-07-25 14:01 ` Michal Hocko
@ 2013-07-26 2:00 ` Libin
0 siblings, 0 replies; 13+ messages in thread
From: Libin @ 2013-07-26 2:00 UTC (permalink / raw)
To: Michal Hocko
Cc: linux-mm, akpm, kirill.shutemov, mgorman, xiaoguangrong, wujianguo
On 2013/7/25 22:01, Michal Hocko wrote:
> On Wed 24-07-13 11:48:19, Libin wrote:
>> find_vma may return NULL, thus check the return
>> value to avoid NULL pointer dereference.
>
> Please add a note that the check matters only because
> khugepaged_alloc_page drops mmap_sem.
>
Thanks for your suggestion. I will add the information
and post the patch soon.
Regards,
Libin.
>> Signed-off-by: Libin <huawei.libin@huawei.com>
>
> Other than that
> Reviewed-by: Michal Hocko <mhocko@suse.cz>
>
> + I guess this is worth backporting to the stable trees. This goes back
> to when khugepaged was introduced AFAICS.
>
>> ---
>> mm/huge_memory.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 243e710..d4423f4 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
>> goto out;
>>
>> vma = find_vma(mm, address);
>> + if (!vma)
>> + goto out;
>> hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
>> hend = vma->vm_end & HPAGE_PMD_MASK;
>> if (address < hstart || address + HPAGE_PMD_SIZE > hend)
>> --
>> 1.8.2.1
>>
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@kvack.org. For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH] mm: Fix potential NULL pointer dereference
@ 2013-07-26 5:21 Libin
0 siblings, 0 replies; 13+ messages in thread
From: Libin @ 2013-07-26 5:21 UTC (permalink / raw)
To: linux-mm
Cc: akpm, kirill.shutemov, liwanp, mgorman, gregkh, xiaoguangrong,
guohanjun, wujianguo
v1->v2: Add description about the bug potential trigger condition.
Thanks for the review/suggestion of Michal Hocko &
Wanpeng Li.
In collapse_huge_page, there is a race window between release
the mmap_sem read lock and hold the mmap_sem write lock, so
find_vma() may return NULL, thus check the return value to
avoid NULL pointer dereference.
collapse_huge_page
khugepaged_alloc_page
up_read(&mm->mmap_sem)
down_write(&mm->mmap_sem)
vma = find_vma(mm, address)
Signed-off-by: Libin <huawei.libin@huawei.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: <stable@vger.kernel.org> # v3.0+
---
mm/huge_memory.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 243e710..d4423f4 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2294,6 +2294,8 @@ static void collapse_huge_page(struct mm_struct *mm,
goto out;
vma = find_vma(mm, address);
+ if (!vma)
+ goto out;
hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
hend = vma->vm_end & HPAGE_PMD_MASK;
if (address < hstart || address + HPAGE_PMD_SIZE > hend)
--
1.8.2.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2013-07-26 5:22 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-24 3:48 [PATCH] mm: Fix potential NULL pointer dereference Libin
2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:22 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
2013-07-24 4:35 ` Wanpeng Li
2013-07-26 1:16 ` Libin
2013-07-24 11:48 ` Kirill A. Shutemov
2013-07-25 0:52 ` Libin
2013-07-24 23:32 ` Wanpeng Li
2013-07-24 23:32 ` Wanpeng Li
2013-07-25 14:01 ` Michal Hocko
2013-07-26 2:00 ` Libin
2013-07-26 5:21 Libin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.