From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,UNPARSEABLE_RELAY,URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74527C38A29 for ; Wed, 15 Apr 2020 02:03:43 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 496B420787 for ; Wed, 15 Apr 2020 02:03:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="La78WKgq"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="pGa7f6AE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 496B420787 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Date:To:From:Subject:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=k/LHWrAoyOGAgyTsqy4FbRPoRq1f2giMtxhCM5xj8mk=; b=La78WKgqV6YDJ3 AVQHQpHuMXD6uqcEuO+cxL0nSVo3/ghpw2zDMe7KthOfGHyH3LAluuzHJTbD/LJ+quEbMcJJKIhfI P0nrL7POtKCxgrU+OXt5V+DhLuArFMuKrvMhpaeFxzp0hf3kyeIYV3SQgEmGD6rMUeemJoG3JCkN6 LaGBLBzp1iy4U8LKMOpSkoSVmtcRgqMqm0LtV5xoMVsvCL4/yD8YZ4vxpcBSSq66QeAkpHINm9S+n cY0eZQdLokaBXWNFoVkeeuZTR5pwAswsxpS0xPsLEeIX3J1r5xiLNYaOKMF+u5LWdCQY7VnXSy8Qp 1G4GP1dc43eEcPLMd1rQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOXOq-000760-Ga; Wed, 15 Apr 2020 02:03:36 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOXOo-00075J-3V for linux-mediatek@lists.infradead.org; Wed, 15 Apr 2020 02:03:35 +0000 X-UUID: 7f21ae7e1d704cc49e1eacebd7b2de37-20200414 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References:In-Reply-To:Date:CC:To:From:Subject:Message-ID; bh=bIUc1LatWTPrRy0d0hIMzrPytsvlDok1S2YutEMtvpY=; b=pGa7f6AEhu0gFbZjS5Z0LX1aSJhT3HT0Cja7zjbk0vTDLL//95+yFUEg8ffasW8J+1Ry83bWL3fX2eN4jba/jmWE6FIKKKHZjB5B3p0dLakeRiTvKzZbKE0Mk7kOj5LwhshWnKUYnrWhbs2NsOtddI8dFHlnrMHpTMqyKJkOTR8=; X-UUID: 7f21ae7e1d704cc49e1eacebd7b2de37-20200414 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLS) with ESMTP id 1847102625; Tue, 14 Apr 2020 18:03:20 -0800 Received: from mtkmbs05n1.mediatek.inc (172.21.101.15) by MTKMBS62DR.mediatek.inc (172.29.94.18) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 14 Apr 2020 18:53:24 -0700 Received: from mtkcas08.mediatek.inc (172.21.101.126) by mtkmbs05n1.mediatek.inc (172.21.101.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 15 Apr 2020 09:53:26 +0800 Received: from [172.21.77.33] (172.21.77.33) by mtkcas08.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 15 Apr 2020 09:53:25 +0800 Message-ID: <1586915606.5647.5.camel@mtkswgap22> Subject: Re: [PATCH] mm/gup: fix null pointer dereference detected by coverity From: Miles Chen To: Andrew Morton Date: Wed, 15 Apr 2020 09:53:26 +0800 In-Reply-To: <20200414170827.d32fc1fc12a33b140b740b94@linux-foundation.org> References: <20200407095107.1988-1-miles.chen@mediatek.com> <20200414170827.d32fc1fc12a33b140b740b94@linux-foundation.org> X-Mailer: Evolution 3.2.3-0ubuntu6 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200414_190334_153510_84B2FE27 X-CRM114-Status: GOOD ( 13.49 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-mm@kvack.org, Peter Xu , linux-mediatek@lists.infradead.org, linux-kernel@vger.kernel.org, wsd_upstream@mediatek.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org On Tue, 2020-04-14 at 17:08 -0700, Andrew Morton wrote: > On Tue, 7 Apr 2020 17:51:07 +0800 Miles Chen wrote: > > > In fixup_user_fault(), it is possible that unlocked is NULL, > > so we should test unlocked before using it. > > > > For example, in arch/arc/kernel/process.c, NULL is passed > > to fixup_user_fault(). > > > > SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new) > > { > > ... > > ret = fixup_user_fault(current, current->mm, (unsigned long) uaddr, > > FAULT_FLAG_WRITE, NULL); > > ... > > } > > (cc Peter) > > > --- a/mm/gup.c > > +++ b/mm/gup.c > > @@ -1230,7 +1230,8 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, > > if (ret & VM_FAULT_RETRY) { > > down_read(&mm->mmap_sem); > > if (!(fault_flags & FAULT_FLAG_TRIED)) { > > - *unlocked = true; > > + if (unlocked) > > + *unlocked = true; > > fault_flags |= FAULT_FLAG_TRIED; > > goto retry; > > } > > Not sure. If the caller passes FAULT_FLAG_ALLOW_RETRY then they must > also pass in a valid non-NULL `unlocked'. If the caller passed > FAULT_FLAG_ALLOW_RETRY and unlocked==NULL then the resulting oops is an > appropriate way of reporting this mistake. I think? > Agree. How about put "unlocked==NULL must not be used with FAULT_FLAG_ALLOW_RETRY." in the comment? Make it easier to understand the oops. e.g., --- a/mm/gup.c +++ b/mm/gup.c @@ -1176,7 +1176,8 @@ static bool vma_permits_fault(struct vm_area_struct *vma, * @address: user address * @fault_flags:flags to pass down to handle_mm_fault() * @unlocked: did we unlock the mmap_sem while retrying, maybe NULL if caller - * does not allow retry + * does not allow retry. If NULL, the caller must guarantee + * the fault_flags does not contain FAULT_FLAG_ALLOW_RETRY. _______________________________________________ Linux-mediatek mailing list Linux-mediatek@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-mediatek