* FAILED: patch "[PATCH] arm64: hugetlb: avoid potential NULL dereference" failed to apply to 4.4-stable tree
@ 2020-05-12 11:26 gregkh
2020-05-12 15:04 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: gregkh @ 2020-05-12 11:26 UTC (permalink / raw)
To: mark.rutland, catalin.marinas, kyrylo.tkachov, stable, will; +Cc: stable
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 027d0c7101f50cf03aeea9eebf484afd4920c8d3 Mon Sep 17 00:00:00 2001
From: Mark Rutland <mark.rutland@arm.com>
Date: Tue, 5 May 2020 13:59:30 +0100
Subject: [PATCH] arm64: hugetlb: avoid potential NULL dereference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may
pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL:
| CC arch/arm64/mm/pageattr.o
| CC arch/arm64/mm/hugetlbpage.o
| from arch/arm64/mm/hugetlbpage.c:10:
| arch/arm64/mm/hugetlbpage.c: In function ‘huge_pte_alloc’:
| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL ‘pmdp’ [CWE-690] [-Wanalyzer-null-dereference]
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’
| |arch/arm64/mm/hugetlbpage.c:232:10:
| |./arch/arm64/include/asm/pgtable-types.h:28:24:
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’
This can only occur when the kernel cannot allocate a page, and so is
unlikely to happen in practice before other systems start failing.
We can avoid this by bailing out if pmd_alloc() fails, as we do earlier
in the function if pud_alloc() fails.
Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Kyrill Tkachov <kyrylo.tkachov@arm.com>
Cc: <stable@vger.kernel.org> # 4.5.x-
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index bbeb6a5a6ba6..0be3355e3499 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -230,6 +230,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm,
ptep = (pte_t *)pudp;
} else if (sz == (CONT_PTE_SIZE)) {
pmdp = pmd_alloc(mm, pudp, addr);
+ if (!pmdp)
+ return NULL;
WARN_ON(addr & (sz - 1));
/*
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: FAILED: patch "[PATCH] arm64: hugetlb: avoid potential NULL dereference" failed to apply to 4.4-stable tree
2020-05-12 11:26 FAILED: patch "[PATCH] arm64: hugetlb: avoid potential NULL dereference" failed to apply to 4.4-stable tree gregkh
@ 2020-05-12 15:04 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2020-05-12 15:04 UTC (permalink / raw)
To: gregkh; +Cc: mark.rutland, catalin.marinas, kyrylo.tkachov, stable, will
On Tue, May 12, 2020 at 01:26:43PM +0200, gregkh@linuxfoundation.org wrote:
>
>The patch below does not apply to the 4.4-stable tree.
>If someone wants it applied there, or to any other stable or longterm
>tree, then please email the backport, including the original git commit
>id to <stable@vger.kernel.org>.
>
>thanks,
>
>greg k-h
>
>------------------ original commit in Linus's tree ------------------
>
>From 027d0c7101f50cf03aeea9eebf484afd4920c8d3 Mon Sep 17 00:00:00 2001
>From: Mark Rutland <mark.rutland@arm.com>
>Date: Tue, 5 May 2020 13:59:30 +0100
>Subject: [PATCH] arm64: hugetlb: avoid potential NULL dereference
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may
>pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL:
>
>| CC arch/arm64/mm/pageattr.o
>| CC arch/arm64/mm/hugetlbpage.o
>| from arch/arm64/mm/hugetlbpage.c:10:
>| arch/arm64/mm/hugetlbpage.c: In function ‘huge_pte_alloc’:
>| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL ‘pmdp’ [CWE-690] [-Wanalyzer-null-dereference]
>| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’
>| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’
>| |arch/arm64/mm/hugetlbpage.c:232:10:
>| |./arch/arm64/include/asm/pgtable-types.h:28:24:
>| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’
>| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’
>
>This can only occur when the kernel cannot allocate a page, and so is
>unlikely to happen in practice before other systems start failing.
>
>We can avoid this by bailing out if pmd_alloc() fails, as we do earlier
>in the function if pud_alloc() fails.
>
>Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
>Signed-off-by: Mark Rutland <mark.rutland@arm.com>
>Reported-by: Kyrill Tkachov <kyrylo.tkachov@arm.com>
>Cc: <stable@vger.kernel.org> # 4.5.x-
>Cc: Will Deacon <will@kernel.org>
>Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
There was a context conflict with 441a62780687 ("arm64/hugetlb: Use
macros for contiguous huge page sizes"). I've fixed it and queued the
patch for 4.14 and 4.9.
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-12 15:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-12 11:26 FAILED: patch "[PATCH] arm64: hugetlb: avoid potential NULL dereference" failed to apply to 4.4-stable tree gregkh
2020-05-12 15:04 ` Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.