[PATCH] mm, swap: Potential NULL dereference in get_swap_page_of_type()

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: Andrew Morton <akpm@linux-foundation.org>, Shaohua Li <shli@kernel.org>
Cc: Huang Ying <ying.huang@intel.com>,
	Daniel Jordan <daniel.m.jordan@oracle.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	Omar Sandoval <osandov@fb.com>, Tejun Heo <tj@kernel.org>,
	Andi Kleen <ak@linux.intel.com>,
	linux-mm@kvack.org, kernel-janitors@vger.kernel.org
Subject: [PATCH] mm, swap: Potential NULL dereference in get_swap_page_of_type()
Date: Fri, 11 Jan 2019 12:59:19 +0300	[thread overview]
Message-ID: <20190111095919.GA1757@kadam> (raw)

Smatch complains that the NULL checks on "si" aren't consistent.  This
seems like a real bug because we have not ensured that the type is
valid and so "si" can be NULL.

Fixes: ec8acf20afb8 ("swap: add per-partition lock for swapfile")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 mm/swapfile.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/swapfile.c b/mm/swapfile.c
index f0edf7244256..21e92c757205 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1048,9 +1048,12 @@ swp_entry_t get_swap_page_of_type(int type)
 	struct swap_info_struct *si;
 	pgoff_t offset;
 
+	if (type >= nr_swapfiles)
+		goto fail;
+
 	si = swap_info[type];
 	spin_lock(&si->lock);
-	if (si && (si->flags & SWP_WRITEOK)) {
+	if (si->flags & SWP_WRITEOK) {
 		atomic_long_dec(&nr_swap_pages);
 		/* This is called for allocating swap entry, not cache */
 		offset = scan_swap_map(si, 1);
@@ -1061,6 +1064,7 @@ swp_entry_t get_swap_page_of_type(int type)
 		atomic_long_inc(&nr_swap_pages);
 	}
 	spin_unlock(&si->lock);
+fail:
 	return (swp_entry_t) {0};
 }
 
-- 
2.17.1

next             reply	other threads:[~2019-01-11  9:59 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-11  9:59 Dan Carpenter [this message]
2019-01-11 17:41 ` [PATCH] mm, swap: Potential NULL dereference in get_swap_page_of_type() Daniel Jordan
2019-01-11 23:20   ` Andrea Parri
2019-01-14 22:25     ` Daniel Jordan
2019-01-15  0:23       ` [PATCH] mm, swap: bounds check swap_info accesses to avoid NULL derefs Daniel Jordan
2019-01-15  1:17         ` Andrea Parri
2019-01-30  6:26         ` Andrew Morton
2019-01-31  1:52           ` Daniel Jordan
2019-01-31  2:44             ` [PATCH v2] mm, swap: bounds check swap_info array " Daniel Jordan
2019-01-31  2:48           ` About swapoff race patch (was Re: [PATCH] mm, swap: bounds check swap_info accesses to avoid NULL derefs) Huang, Ying
2019-01-31 20:46             ` Andrew Morton
2019-02-02  7:14               ` Huang, Ying
2019-02-04 21:37               ` Hugh Dickins
2019-02-04 22:26                 ` Matthew Wilcox
2019-02-06  0:14                 ` Huang, Ying
2019-02-06  0:36                   ` Hugh Dickins
2019-02-06  0:58                     ` Huang, Ying
2019-02-08  0:28                 ` Andrea Parri
2019-02-11  1:02                   ` Huang, Ying
2019-01-30  7:28         ` [PATCH] mm, swap: bounds check swap_info accesses to avoid NULL derefs Dan Carpenter
2019-01-31  1:55           ` Daniel Jordan
2019-01-30  9:13         ` Peter Zijlstra
2019-01-31  2:00           ` Daniel Jordan
2019-01-15  0:28       ` [PATCH] mm, swap: Potential NULL dereference in get_swap_page_of_type() Andrea Parri
2019-01-14  2:12   ` Huang, Ying
2019-01-14  2:12     ` Huang, Ying
2019-01-14  8:43   ` Dan Carpenter
2019-01-14 23:40     ` Daniel Jordan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f0edf724425 dfblob:21e92c75720 )
 OR (
bs:"[PATCH] mm, swap: Potential NULL dereference in get_swap_page_of_type()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190111095919.GA1757@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=daniel.m.jordan@oracle.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=osandov@fb.com \
    --cc=sfr@canb.auug.org.au \
    --cc=shli@kernel.org \
    --cc=tj@kernel.org \
    --cc=ying.huang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).