From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5295FC2BB1D for ; Wed, 15 Apr 2020 00:08:30 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1223A2076C for ; Wed, 15 Apr 2020 00:08:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="2mGwezel" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1223A2076C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 94F9E8E0003; Tue, 14 Apr 2020 20:08:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9000F8E0001; Tue, 14 Apr 2020 20:08:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 815BA8E0003; Tue, 14 Apr 2020 20:08:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0129.hostedemail.com [216.40.44.129]) by kanga.kvack.org (Postfix) with ESMTP id 67B458E0001 for ; Tue, 14 Apr 2020 20:08:29 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 22ACA4404 for ; Wed, 15 Apr 2020 00:08:29 +0000 (UTC) X-FDA: 76708152738.08.side71_2cef9dda2dd16 X-HE-Tag: side71_2cef9dda2dd16 X-Filterd-Recvd-Size: 2757 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf24.hostedemail.com (Postfix) with ESMTP for ; Wed, 15 Apr 2020 00:08:28 +0000 (UTC) Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 949782076B; Wed, 15 Apr 2020 00:08:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586909307; bh=cdX73dCi301I9IaDllfT9erksCJfp1wTJ5tC0x+WiuA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=2mGwezel0ZXkJr4sx2a0wDhInI7pjl5enz3UaaoGYhfXZ/wUoVmUbTrcMwRxXw1jv fPXjR/bmvr/56sm7nrV2qyYWd7Npe3LuzHY44neC3rTOdwDK4OxAcn95d5EC4SoJl7 /Nu4RdF2mi2gnU/YXKDoSs10B1MsP9DDHzpxvpbw= Date: Tue, 14 Apr 2020 17:08:27 -0700 From: Andrew Morton To: Miles Chen Cc: , , , , Peter Xu Subject: Re: [PATCH] mm/gup: fix null pointer dereference detected by coverity Message-Id: <20200414170827.d32fc1fc12a33b140b740b94@linux-foundation.org> In-Reply-To: <20200407095107.1988-1-miles.chen@mediatek.com> References: <20200407095107.1988-1-miles.chen@mediatek.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, 7 Apr 2020 17:51:07 +0800 Miles Chen wrote: > In fixup_user_fault(), it is possible that unlocked is NULL, > so we should test unlocked before using it. > > For example, in arch/arc/kernel/process.c, NULL is passed > to fixup_user_fault(). > > SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new) > { > ... > ret = fixup_user_fault(current, current->mm, (unsigned long) uaddr, > FAULT_FLAG_WRITE, NULL); > ... > } (cc Peter) > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -1230,7 +1230,8 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, > if (ret & VM_FAULT_RETRY) { > down_read(&mm->mmap_sem); > if (!(fault_flags & FAULT_FLAG_TRIED)) { > - *unlocked = true; > + if (unlocked) > + *unlocked = true; > fault_flags |= FAULT_FLAG_TRIED; > goto retry; > } Not sure. If the caller passes FAULT_FLAG_ALLOW_RETRY then they must also pass in a valid non-NULL `unlocked'. If the caller passed FAULT_FLAG_ALLOW_RETRY and unlocked==NULL then the resulting oops is an appropriate way of reporting this mistake. I think?