* [PATCH] mm: Check NULL pointer Dereference in mm/filemap.c
@ 2010-07-26  8:25 wzt.wzt
  2010-07-27 23:10 ` Andrew Morton
  0 siblings, 1 reply; 2+ messages in thread
From: wzt.wzt @ 2010-07-26  8:25 UTC (permalink / raw)
  To: linux-kernel; +Cc: linux-mm, akpm
mapping->a_ops->direct_IO() is not checked, if it's a NULL pointer, 
that will casue an oops. pagecache_write_begin/end is exported to
other functions, so they need to check null pointer before use them. 
Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
---
 mm/filemap.c |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/mm/filemap.c b/mm/filemap.c
index 20e5642..e81e264 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1300,6 +1300,9 @@ generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov,
 			retval = filemap_write_and_wait_range(mapping, pos,
 					pos + iov_length(iov, nr_segs) - 1);
 			if (!retval) {
+				if (unlikely(!mapping->a_ops ||
+					!mapping->a_ops->direct_IO))
+					goto out;
 				retval = mapping->a_ops->direct_IO(READ, iocb,
 							iov, pos, nr_segs);
 			}
@@ -1581,6 +1584,8 @@ retry_find:
 	return ret | VM_FAULT_LOCKED;
 
 no_cached_page:
+	if (unlikely(!mapping->a_ops || !mapping->a_ops->readpage))
+		return VM_FAULT_SIGBUS;
 	/*
 	 * We're only likely to ever get here if MADV_RANDOM is in
 	 * effect.
@@ -2103,6 +2108,8 @@ int pagecache_write_begin(struct file *file, struct address_space *mapping,
 {
 	const struct address_space_operations *aops = mapping->a_ops;
 
+	if (unlikely(!aops || !aops->write_begin))
+		return -EINVAL;
 	return aops->write_begin(file, mapping, pos, len, flags,
 							pagep, fsdata);
 }
@@ -2114,6 +2121,9 @@ int pagecache_write_end(struct file *file, struct address_space *mapping,
 {
 	const struct address_space_operations *aops = mapping->a_ops;
 
+	if (unlikely(!aops || !aops->write_end))
+		return -EINVAL;
+
 	mark_page_accessed(page);
 	return aops->write_end(file, mapping, pos, len, copied, page, fsdata);
 }
@@ -2161,6 +2171,9 @@ generic_file_direct_write(struct kiocb *iocb, const struct iovec *iov,
 		}
 	}
 
+	if (unlikely(!mapping->a_ops || !mapping->a_ops->direct_IO))
+		goto out;
+
 	written = mapping->a_ops->direct_IO(WRITE, iocb, iov, pos, *nr_segs);
 
 	/*
-- 
1.6.5.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related	[flat|nested] 2+ messages in thread- * Re: [PATCH] mm: Check NULL pointer Dereference in mm/filemap.c
  2010-07-26  8:25 [PATCH] mm: Check NULL pointer Dereference in mm/filemap.c wzt.wzt
@ 2010-07-27 23:10 ` Andrew Morton
  0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2010-07-27 23:10 UTC (permalink / raw)
  To: wzt.wzt; +Cc: linux-kernel, linux-mm
On Mon, 26 Jul 2010 16:25:42 +0800
wzt.wzt@gmail.com wrote:
> mapping->a_ops->direct_IO() is not checked, if it's a NULL pointer, 
> that will casue an oops. pagecache_write_begin/end is exported to
> other functions, so they need to check null pointer before use them. 
> 
The patch checks a lot more things than ->directIO!
It would be best to not add this overhead if possible.  Did you
actually observe an oops?  If so, please fully describe it.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply	[flat|nested] 2+ messages in thread 
end of thread, other threads:[~2010-07-27 23:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-26  8:25 [PATCH] mm: Check NULL pointer Dereference in mm/filemap.c wzt.wzt
2010-07-27 23:10 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).